Merge pull request #1149 from weiwei04/share_pid_namespace

share pid namespace for Pod container
2017-11-17 08:12:49 -10:00 · 2017-11-17 08:12:49 -10:00 · d68da8929a
commit d68da8929a
parent 7b837b5a1e 702ab3ee3a
8 changed files with 96 additions and 2 deletions
--- a/cmd/crio/config.go
+++ b/cmd/crio/config.go
@ -115,6 +115,9 @@ default_mounts = [
 # pids_limit is the number of processes allowed in a container
 pids_limit = {{ .PidsLimit }}

+# disable using a shared PID namespace for containers in a pod
+disable_shared_pid_namespace = {{ .DisableSharedPIDNamespace }}
+
 # log_size_max is the max limit for the container log size in bytes.
 # Negative values indicate that no limit is imposed.
 log_size_max = {{ .LogSizeMax }}
--- a/cmd/crio/main.go
+++ b/cmd/crio/main.go
@ -132,6 +132,9 @@ func mergeConfig(config *server.Config, ctx *cli.Context) error {
 	if ctx.GlobalIsSet("pids-limit") {
 		config.PidsLimit = ctx.GlobalInt64("pids-limit")
 	}
+	if ctx.GlobalIsSet("disable-shared-pid-namespace") {
+		config.DisableSharedPIDNamespace = ctx.GlobalBool("disable-shared-pid-namespace")
+	}
 	if ctx.GlobalIsSet("log-size-max") {
 		config.LogSizeMax = ctx.GlobalInt64("log-size-max")
 	}
@ -297,6 +300,10 @@ func main() {
 			Value: libkpod.DefaultPidsLimit,
 			Usage: "maximum number of processes allowed in a container",
 		},
+		cli.BoolFlag{
+			Name:  "disable-shared-pid-namespace",
+			Usage: "disable using a shared PID namespace for containers in a pod",
+		},
 		cli.Int64Flag{
 			Name:  "log-size-max",
 			Value: libkpod.DefaultLogSizeMax,