share pid namespace for Pod container

Signed-off-by: Wei Wei <weiwei.inf@gmail.com>
2017-11-10 11:24:34 +08:00 · 2017-11-10 11:24:34 +08:00 · 702ab3ee3a
commit 702ab3ee3a
parent e7471600f8
8 changed files with 96 additions and 2 deletions
--- a/server/container_create.go
+++ b/server/container_create.go
@ -921,9 +921,15 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
 		return nil, err
 	}

-	// Do not share pid ns for now
 	if containerConfig.GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostPid() {
+		// kubernetes PodSpec specify to use Host PID namespace
 		specgen.RemoveLinuxNamespace(string(rspec.PIDNamespace))
+	} else if !s.config.DisableSharedPIDNamespace {
+		// share Pod PID namespace
+		pidNsPath := fmt.Sprintf("/proc/%d/ns/pid", podInfraState.Pid)
+		if err := specgen.AddOrReplaceLinuxNamespace(string(rspec.PIDNamespace), pidNsPath); err != nil {
+			return nil, err
+		}
 	}

 	netNsPath := sb.NetNsPath()