Merge pull request #3509 from giuseppe/cgroup-namespace

libpod: support for cgroup namespace

1 files changed, 19 insertions, 0 deletions

diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go
index 0042ed401..1fb1f829b 100644
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@@ -63,6 +63,7 @@ type CreateConfig struct {
 	CapDrop            []string // cap-drop
 	CidFile            string
 	ConmonPidFile      string
+	Cgroupns           string
 	CgroupParent       string // cgroup-parent
 	Command            []string
 	Detach             bool              // detach
@@ -101,6 +102,7 @@ type CreateConfig struct {
 	NetworkAlias       []string               //network-alias
 	PidMode            namespaces.PidMode     //pid
 	Pod                string                 //pod
+	CgroupMode         namespaces.CgroupMode  //cgroup
 	PortBindings       nat.PortMap
 	Privileged         bool     //privileged
 	Publish            []string //publish
@@ -268,6 +270,23 @@ func (c *CreateConfig) getContainerCreateOptions(runtime *libpod.Runtime, pod *l
 		options = append(options, libpod.WithNetNS(portBindings, postConfigureNetNS, string(c.NetMode), networks))
 	}
 
+	if c.CgroupMode.IsNS() {
+		ns := c.CgroupMode.NS()
+		if ns == "" {
+			return nil, errors.Errorf("invalid empty user-defined network namespace")
+		}
+		_, err := os.Stat(ns)
+		if err != nil {
+			return nil, err
+		}
+	} else if c.CgroupMode.IsContainer() {
+		connectedCtr, err := runtime.LookupContainer(c.CgroupMode.Container())
+		if err != nil {
+			return nil, errors.Wrapf(err, "container %q not found", c.CgroupMode.Container())
+		}
+		options = append(options, libpod.WithCgroupNSFrom(connectedCtr))
+	}
+
 	if c.PidMode.IsContainer() {
 		connectedCtr, err := runtime.LookupContainer(c.PidMode.Container())
 		if err != nil {