Make pid namespace sharing optional and disabled by default
We reverse the logic so that pid ns sharing is disabled by default. Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
This commit is contained in:
Mrunal Patel
parent
e23723d62e
commit
946307e5c2
8 changed files with 17 additions and 17 deletions
|
|
@ -924,7 +924,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
if containerConfig.GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostPid() {
|
||||
// kubernetes PodSpec specify to use Host PID namespace
|
||||
specgen.RemoveLinuxNamespace(string(rspec.PIDNamespace))
|
||||
} else if !s.config.DisableSharedPIDNamespace {
|
||||
} else if s.config.EnableSharedPIDNamespace {
|
||||
// share Pod PID namespace
|
||||
pidNsPath := fmt.Sprintf("/proc/%d/ns/pid", podInfraState.Pid)
|
||||
if err := specgen.AddOrReplaceLinuxNamespace(string(rspec.PIDNamespace), pidNsPath); err != nil {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue