From 8223fbaac6d6031359e2370ff11ec4c8f91b37b8 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 24 Jul 2018 17:46:47 +0200
Subject: podman: allow to specify the PID namespace to join

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1145
Approved by: rhatdan
---
 cmd/podman/create.go    | 2 +-
 docs/podman-create.1.md | 1 +
 docs/podman-run.1.md    | 1 +
 pkg/spec/spec.go        | 3 +++
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/cmd/podman/create.go b/cmd/podman/create.go
index 071c04ca5..d5390194c 100644
--- a/cmd/podman/create.go
+++ b/cmd/podman/create.go
@@ -369,7 +369,7 @@ func parseCreateOpts(ctx context.Context, c *cli.Context, runtime *libpod.Runtim
 	tty := c.Bool("tty")
 
 	pidMode := container.PidMode(c.String("pid"))
-	if !pidMode.Valid() {
+	if !cc.IsNS(string(pidMode)) && !pidMode.Valid() {
 		return nil, errors.Errorf("--pid %q is not valid", c.String("pid"))
 	}
 
diff --git a/docs/podman-create.1.md b/docs/podman-create.1.md
index d9165d4cb..3e401e47b 100644
--- a/docs/podman-create.1.md
+++ b/docs/podman-create.1.md
@@ -411,6 +411,7 @@ Set the PID mode for the container
 Default is to create a private PID namespace for the container
                 'container:<name|id>': join another container's PID namespace
                 'host': use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
+                 'ns': join the specified PID namespace
 
 **--pids-limit**=""
 
diff --git a/docs/podman-run.1.md b/docs/podman-run.1.md
index 9af9640b0..c4fe25675 100644
--- a/docs/podman-run.1.md
+++ b/docs/podman-run.1.md
@@ -427,6 +427,7 @@ Default is to create a private PID namespace for the container
 
 - `container:<name|id>`: join another container's PID namespace
 - `host`: use the host's PID namespace for the container. Note: the host mode gives the container full access to local PID and is therefore considered insecure.
+- `ns`: join the specified PID namespace
 
 **--pids-limit**=""
 
diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index dcf1c51dd..2300d268a 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -316,6 +316,9 @@ func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator)
 
 func addPidNS(config *CreateConfig, g *generate.Generator) error {
 	pidMode := config.PidMode
+	if IsNS(string(pidMode)) {
+		return g.AddOrReplaceLinuxNamespace(string(spec.PIDNamespace), NS(string(pidMode)))
+	}
 	if pidMode.IsHost() {
 		return g.RemoveLinuxNamespace(string(spec.PIDNamespace))
 	}
-- 
cgit v1.2.3-54-g00ecf