Please support device cgroup rules in Docker executor
Description
I use gitlab runner with Docker to build system image files for Linux distributions.
This build uses the file-system support of the host kernel and loop devices to create them on.
Using privileged containers and a volume definition of /dev:/dev:ro
works fine to allow the container to work on it and see device changes done by udev.
I can restrict the containers further by using device cgroup rules and the SYS_ADMIN
capability.
Proposal
Add a new field to [runners.docker]
called device_cgroup_rules
retrieving a list of strings without further validation.
Set the content into HostConfig.DeviceCgroupRules
.