Add support for pid ns

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #54
Approved by: umohnani8

1 files changed, 27 insertions, 0 deletions

diff --git a/cmd/kpod/spec.go b/cmd/kpod/spec.go
index 581be5241..752827669 100644
--- a/cmd/kpod/spec.go
+++ b/cmd/kpod/spec.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"strings"
 
@@ -44,6 +45,28 @@ func blockAccessToKernelFilesystems(config *createConfig, g *generate.Generator)
 	}
 }
 
+func addPidNS(config *createConfig, g *generate.Generator) error {
+	pidMode := config.pidMode
+	if pidMode.IsHost() {
+		return g.RemoveLinuxNamespace("pid")
+	}
+	if pidMode.IsContainer() {
+		ctr, err := config.runtime.LookupContainer(pidMode.Container())
+		if err != nil {
+			return errors.Wrapf(err, "container %q not found", pidMode.Container())
+		}
+		pid, err := ctr.PID()
+		if err != nil {
+			return errors.Wrapf(err, "Failed to get pid of container %q", pidMode.Container())
+		}
+		pidNsPath := fmt.Sprintf("/proc/%d/ns/pid", pid)
+		if err := g.AddOrReplaceLinuxNamespace(libpod.PIDNamespace, pidNsPath); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func addRlimits(config *createConfig, g *generate.Generator) error {
 	var (
 		ul  *units.Ulimit
@@ -182,6 +205,10 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
 		return nil, err
 	}
 
+	if err := addPidNS(config, &g); err != nil {
+		return nil, err
+	}
+
 	configSpec := g.Spec()
 
 	if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" {