Add docker exec run a command in privileged mode

Signed-off-by: Lei Jitang <leijitang@huawei.com>

integration-cli/docker_cli_exec_test.go

@@ -694,3 +694,31 @@ func TestExecWithUser(t *testing.T) {
 
 	logDone("exec - with user")
 }
+
+func TestExecWithPrivileged(t *testing.T) {
+	defer deleteAllContainers()
+
+	runCmd := exec.Command(dockerBinary, "run", "-d", "--name", "parent", "--cap-drop=ALL", "busybox", "top")
+	if out, _, err := runCommandWithOutput(runCmd); err != nil {
+		t.Fatal(out, err)
+	}
+
+	cmd := exec.Command(dockerBinary, "exec", "parent", "sh", "-c", "mknod /tmp/sda b 8 0")
+	out, _, err := runCommandWithOutput(cmd)
+	fmt.Printf("%s", out)
+	if err == nil || !strings.Contains(out, "Operation not permitted") {
+		t.Fatalf("exec mknod in --cap-drop=ALL container without --privileged should failed")
+	}
+
+	cmd = exec.Command(dockerBinary, "exec", "--privileged", "parent", "sh", "-c", "mknod /tmp/sda b 8 0 && echo ok")
+	out, _, err = runCommandWithOutput(cmd)
+	if err != nil {
+		t.Fatal(err, out)
+	}
+
+	if actual := strings.TrimSpace(out); actual != "ok" {
+		t.Fatalf("exec mknod in --cap-drop=ALL container with --privileged failed: %v, output: %q", err, out)
+	}
+
+	logDone("exec - exec command in a container with privileged")
+}