podman pod create --pid flag

added support for --pid flag. User can specify ns:file, pod, private, or host.
container returns an error since you cannot point the ns of the pods infra container
to a container outside of the pod.

Signed-off-by: cdoern <cdoern@redhat.com>

2 files changed, 8 insertions, 0 deletions

diff --git a/pkg/specgen/generate/pod_create.go b/pkg/specgen/generate/pod_create.go
index 023ebb41e..4ffd8a37f 100644
--- a/pkg/specgen/generate/pod_create.go
+++ b/pkg/specgen/generate/pod_create.go
@@ -102,6 +102,10 @@ func createPodOptions(p *specgen.PodSpecGenerator, rt *libpod.Runtime) ([]libpod
 		options = append(options, libpod.WithInfraCommand(p.InfraCommand))
 	}
 
+	if !p.Pid.IsDefault() {
+		options = append(options, libpod.WithPodPidNS(p.Pid))
+	}
+
 	switch p.NetNS.NSMode {
 	case specgen.Default, "":
 		if p.NoInfra {
diff --git a/pkg/specgen/podspecgen.go b/pkg/specgen/podspecgen.go
index 000a787ea..319345c71 100644
--- a/pkg/specgen/podspecgen.go
+++ b/pkg/specgen/podspecgen.go
@@ -57,6 +57,10 @@ type PodBasicConfig struct {
 	// (e.g. `podman generate systemd --new`).
 	// Optional.
 	PodCreateCommand []string `json:"pod_create_command,omitempty"`
+	// Pid sets the process id namespace of the pod
+	// Optional (defaults to private if unset). This sets the PID namespace of the infra container
+	// This configuration will then be shared with the entire pod if PID namespace sharing is enabled via --share
+	Pid Namespace `json:"pid,omitempty:"`
 }
 
 // PodNetworkConfig contains networking configuration for a pod.