share pid namespace for Pod container

Signed-off-by: Wei Wei <weiwei.inf@gmail.com>
2017-11-10 11:24:34 +08:00 · 2017-11-10 11:24:34 +08:00 · 702ab3ee3a
commit 702ab3ee3a
parent e7471600f8
8 changed files with 96 additions and 2 deletions
--- a/cmd/crio/config.go
+++ b/cmd/crio/config.go
@ -115,6 +115,9 @@ default_mounts = [
 # pids_limit is the number of processes allowed in a container
 pids_limit = {{ .PidsLimit }}

+# disable using a shared PID namespace for containers in a pod
+disable_shared_pid_namespace = {{ .DisableSharedPIDNamespace }}
+
 # log_size_max is the max limit for the container log size in bytes.
 # Negative values indicate that no limit is imposed.
 log_size_max = {{ .LogSizeMax }}
--- a/cmd/crio/main.go
+++ b/cmd/crio/main.go
@ -131,6 +131,9 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
 	if ctx.GlobalIsSet("pids-limit") {
 		config.PidsLimit = ctx.GlobalInt64("pids-limit")
 	}
+	if ctx.GlobalIsSet("disable-shared-pid-namespace") {
+		config.DisableSharedPIDNamespace = ctx.GlobalBool("disable-shared-pid-namespace")
+	}
 	if ctx.GlobalIsSet("log-size-max") {
 		config.LogSizeMax = ctx.GlobalInt64("log-size-max")
 	}
@ -296,6 +299,10 @@ func main() {
 			Value: libkpod.DefaultPidsLimit,
 			Usage: "maximum number of processes allowed in a container",
 		},
+		cli.BoolFlag{
+			Name:  "disable-shared-pid-namespace",
+			Usage: "disable using a shared PID namespace for containers in a pod",
+		},
 		cli.Int64Flag{
 			Name:  "log-size-max",
 			Value: libkpod.DefaultLogSizeMax,