3 changed files with 29 additions and 7 deletions
@@ -201,6 +201,7 @@ func (r *Runner) run(ctx context.Context, task *runnerv1.Task, reporter *report.
 		PlatformPicker:        r.labels.PickPlatform,
 		Vars:                  task.Vars,
 		ValidVolumes:          r.cfg.Container.ValidVolumes,
+		InheritDriverOpts:     r.cfg.Container.InheritDriverOpts,
 	}

 	rr, err := runner.New(runnerConfig)
@@ -51,6 +51,10 @@ container:
  # Could be host, bridge or the name of a custom network.
  # If it's empty, act_runner will create a network automatically.
  network: ""
+  # This configuration item only takes effect when container.network is empty.
+  # The network automatically created by act_runner will inherit the dirver options of the default bridge network.
+  # Valid value see: https://docs.docker.com/engine/reference/commandline/network_create/#bridge-driver-options, except "com.docker.network.bridge.name"
+  inherit_driver_opts: []
  # Whether to use privileged mode or not when launching task containers (privileged mode is required for Docker-in-Docker).
  privileged: false
  # And other options to be used when the container is started (eg, --add-host=my.gitea.url:host-gateway).
@@ -42,13 +42,14 @@ type Cache struct {

 // Container represents the configuration for the container.
 type Container struct {
-	Network       string   `yaml:"network"`        // Network specifies the network for the container.
-	NetworkMode   string   `yaml:"network_mode"`   // Deprecated: use Network instead. Could be removed after Gitea 1.20
-	Privileged    bool     `yaml:"privileged"`     // Privileged indicates whether the container runs in privileged mode.
-	Options       string   `yaml:"options"`        // Options specifies additional options for the container.
-	WorkdirParent string   `yaml:"workdir_parent"` // WorkdirParent specifies the parent directory for the container's working directory.
-	ValidVolumes  []string `yaml:"valid_volumes"`  // ValidVolumes specifies the volumes (including bind mounts) can be mounted to containers.
-	DockerHost    string   `yaml:"docker_host"`    // DockerHost specifies the Docker host. It overrides the value specified in environment variable DOCKER_HOST.
+	Network           string   `yaml:"network"`             // Network specifies the network for the container.
+	InheritDriverOpts []string `yaml:"inherit_driver_opts"` // InheritDiverOpts specifies which default bridge network driver options will be inherited by the network created by act_runner.
+	NetworkMode       string   `yaml:"network_mode"`        // Deprecated: use Network instead. Could be removed after Gitea 1.20
+	Privileged        bool     `yaml:"privileged"`          // Privileged indicates whether the container runs in privileged mode.
+	Options           string   `yaml:"options"`             // Options specifies additional options for the container.
+	WorkdirParent     string   `yaml:"workdir_parent"`      // WorkdirParent specifies the parent directory for the container's working directory.
+	ValidVolumes      []string `yaml:"valid_volumes"`       // ValidVolumes specifies the volumes (including bind mounts) can be mounted to containers.
+	DockerHost        string   `yaml:"docker_host"`         // DockerHost specifies the Docker host. It overrides the value specified in environment variable DOCKER_HOST.
 }

 // Host represents the configuration for the host.
@@ -141,5 +142,21 @@ func LoadDefault(file string) (*Config, error) {
 		}
 	}

+	var cleanDriverOptKeys []string
+	for _, key := range cfg.Container.InheritDriverOpts {
+		if _, ok := validDriverOptKeysMap[key]; ok {
+			cleanDriverOptKeys = append(cleanDriverOptKeys, key)
+		}
+	}
+	cfg.Container.InheritDriverOpts = cleanDriverOptKeys
+
 	return cfg, nil
 }
+
+var validDriverOptKeysMap = map[string]bool{
+	"com.docker.network.bridge.enable_ip_masquerade": true,
+	"com.docker.network.bridge.enable_icc":           true,
+	"com.docker.network.bridge.host_binding_ipv4":    true,
+	"com.docker.network.driver.mtu":                  true,
+	"com.docker.network.container_iface_prefix":      true,
+}