Our Jenkins slave nodes use unprivileged docker containers. Adding --privileged access to these containers would open a large security hole as any employee has access to Jenkins would have access to use those privileged containers, which would allow anyone to compromise the host ECS instance.
Unfortunately, I have not been able to get habitat studio to run inside an unprivileged slave container running with a docker-by-docker setup. When I try, with hab running under sudo, I receive an error when attempting to start the studio:
★ Install of core/hab-studio/1.5.29/20200211163904 complete with 40 new packages installed.
hab-studio: Destroying Studio at /hab/studios/home--jenkins ()
hab-studio: Creating Studio at /hab/studios/home--jenkins (default)
mount: permission denied (are you root?)