diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2018-07-24 17:46:47 +0200 |
|---|---|---|
| committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-07-24 21:50:49 +0000 |
| commit | 8223fbaac6d6031359e2370ff11ec4c8f91b37b8 (patch) | |
| tree | d4dd15ebb3d82e43cd8c68275fd2f02af71202b9 | |
| parent | 819c80712578cce1d5fd1915a351bc739c7fcb72 (diff) | |
| download | podman-8223fbaac6d6031359e2370ff11ec4c8f91b37b8.tar.gz podman-8223fbaac6d6031359e2370ff11ec4c8f91b37b8.tar.bz2 podman-8223fbaac6d6031359e2370ff11ec4c8f91b37b8.zip | |
podman: allow to specify the PID namespace to join
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Closes: #1145
Approved by: rhatdan
| -rw-r--r-- | cmd/podman/create.go | 2 | ||||
| -rw-r--r-- | docs/podman-create.1.md | 1 | ||||
| -rw-r--r-- | docs/podman-run.1.md | 1 | ||||
| -rw-r--r-- | pkg/spec/spec.go | 3 |
4 files changed, 6 insertions, 1 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 071c04ca5..d5390194c 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -369,7 +369,7 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim tty := c.Bool("tty") pidMode := container.PidMode(c.String("pid")) - if !pidMode.Valid() { + if !cc.IsNS(string(pidMode)) && !pidMode.Valid() { return nil, errors.Errorf("--pid %q is not valid", c.String("pid")) } diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index d9165d4cb..3e401e47b 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -411,6 +411,7 @@ Set the PID mode for the container Default is to create a private PID namespace for the container 'container:<name|id>': join another container's PID namespace 'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. + 'ns': join the specified PID namespace **--pids-limit**="" diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index 9af9640b0..c4fe25675 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -427,6 +427,7 @@ Default is to create a private PID namespace for the container - `container:<name|id>`: join another container's PID namespace - `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +- `ns`: join the specified PID namespace **--pids-limit**="" diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index dcf1c51dd..2300d268a 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -316,6 +316,9 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) func addPidNS(config *CreateConfig, g *generate.Generator) error { pidMode := config.PidMode + if IsNS(string(pidMode)) { + return g.AddOrReplaceLinuxNamespace(string(spec.PIDNamespace), NS(string(pidMode))) + } if pidMode.IsHost() { return g.RemoveLinuxNamespace(string(spec.PIDNamespace)) } |