diff options
-rw-r--r-- | cmd/podman/create.go | 2 | ||||
-rw-r--r-- | docs/podman-create.1.md | 1 | ||||
-rw-r--r-- | docs/podman-run.1.md | 1 | ||||
-rw-r--r-- | pkg/spec/spec.go | 3 |
4 files changed, 6 insertions, 1 deletions
diff --git a/cmd/podman/create.go b/cmd/podman/create.go index 071c04ca5..d5390194c 100644 --- a/cmd/podman/create.go +++ b/cmd/podman/create.go @@ -369,7 +369,7 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim tty := c.Bool("tty") pidMode := container.PidMode(c.String("pid")) - if !pidMode.Valid() { + if !cc.IsNS(string(pidMode)) && !pidMode.Valid() { return nil, errors.Errorf("--pid %q is not valid", c.String("pid")) } diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md index d9165d4cb..3e401e47b 100644 --- a/docs/podman-create.1.md +++ b/docs/podman-create.1.md @@ -411,6 +411,7 @@ Set the PID mode for the container Default is to create a private PID namespace for the container 'container:<name|id>': join another container's PID namespace 'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. + 'ns': join the specified PID namespace **--pids-limit**="" diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md index 9af9640b0..c4fe25675 100644 --- a/docs/podman-run.1.md +++ b/docs/podman-run.1.md @@ -427,6 +427,7 @@ Default is to create a private PID namespace for the container - `container:<name|id>`: join another container's PID namespace - `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure. +- `ns`: join the specified PID namespace **--pids-limit**="" diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index dcf1c51dd..2300d268a 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -316,6 +316,9 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) func addPidNS(config *CreateConfig, g *generate.Generator) error { pidMode := config.PidMode + if IsNS(string(pidMode)) { + return g.AddOrReplaceLinuxNamespace(string(spec.PIDNamespace), NS(string(pidMode))) + } if pidMode.IsHost() { return g.RemoveLinuxNamespace(string(spec.PIDNamespace)) } |