aboutsummaryrefslogtreecommitdiff
path: root/cmd/kpod/spec.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2017-11-22 11:00:50 -0500
committerAtomic Bot <atomic-devel@projectatomic.io>2017-11-22 16:46:53 +0000
commitbd4e106de3d890bd2b0520083c9ad7d314b61487 (patch)
treeafe04f2de5f9571fe3712d62a33ae7da4317419b /cmd/kpod/spec.go
parent2a3934f1dae43589c50df8fa545d20405f64d7af (diff)
downloadpodman-bd4e106de3d890bd2b0520083c9ad7d314b61487.tar.gz
podman-bd4e106de3d890bd2b0520083c9ad7d314b61487.tar.bz2
podman-bd4e106de3d890bd2b0520083c9ad7d314b61487.zip
Add support for pid ns
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #54 Approved by: umohnani8
Diffstat (limited to 'cmd/kpod/spec.go')
-rw-r--r--cmd/kpod/spec.go27
1 files changed, 27 insertions, 0 deletions
diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go
index 581be5241..752827669 100644
--- a/cmd/kpod/spec.go
+++ b/cmd/kpod/spec.go
@@ -2,6 +2,7 @@ package main
import (
"encoding/json"
+ "fmt"
"io/ioutil"
"strings"
@@ -44,6 +45,28 @@ func blockAccessToKernelFilesystems(config *createConfig, g *generate.Generator)
}
}
+func addPidNS(config *createConfig, g *generate.Generator) error {
+ pidMode := config.pidMode
+ if pidMode.IsHost() {
+ return g.RemoveLinuxNamespace("pid")
+ }
+ if pidMode.IsContainer() {
+ ctr, err := config.runtime.LookupContainer(pidMode.Container())
+ if err != nil {
+ return errors.Wrapf(err, "container %q not found", pidMode.Container())
+ }
+ pid, err := ctr.PID()
+ if err != nil {
+ return errors.Wrapf(err, "Failed to get pid of container %q", pidMode.Container())
+ }
+ pidNsPath := fmt.Sprintf("/proc/%d/ns/pid", pid)
+ if err := g.AddOrReplaceLinuxNamespace(libpod.PIDNamespace, pidNsPath); err != nil {
+ return err
+ }
+ }
+ return nil
+}
+
func addRlimits(config *createConfig, g *generate.Generator) error {
var (
ul *units.Ulimit
@@ -182,6 +205,10 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
return nil, err
}
+ if err := addPidNS(config, &g); err != nil {
+ return nil, err
+ }
+
configSpec := g.Spec()
if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" {