From 5f0a1c1ff8e6b44566334567adeba0e8bba8c8d8 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 27 Aug 2018 12:32:43 +0200
Subject: rootless: fix --pid=host

Unfortunately this is not enough to get it working as runc doesn't
allow to bind mount /proc.

Depends on: https://github.com/opencontainers/runc/pull/1832

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

Closes: #1349
Approved by: rhatdan
---
 pkg/spec/spec.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'pkg')

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index ac894c00c..255b70045 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -79,6 +79,16 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 		}
 		g.AddMount(devMqueue)
 	}
+	if inUserNS && config.PidMode.IsHost() {
+		g.RemoveMount("/proc")
+		procMount := spec.Mount{
+			Destination: "/proc",
+			Type:        "bind",
+			Source:      "/proc",
+			Options:     []string{"rbind", "nosuid", "noexec", "nodev"},
+		}
+		g.AddMount(procMount)
+	}
 
 	if addCgroup {
 		cgroupMnt := spec.Mount{
-- 
cgit v1.2.3-54-g00ecf