github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #175 from Random-Liu/disable-pid-ns-sharing

Browse Source 
Disable pid namespace sharing
This commit is contained in:
Lantao Liu
2017-08-29 13:14:18 -07:00
committed by GitHub
parent c2fb61b5fe f46cd1a71a
commit 55ee423224
3 changed files with 28 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/server/container_create.go
View File

@@ -500,5 +500,8 @@ func setOCINamespaces(g *generate.Generator, namespaces *runtime.NamespaceOption
g.AddOrReplaceLinuxNamespace(string(runtimespec.NetworkNamespace), getNetworkNamespace(sandboxPid)) // nolint: errcheck
g.AddOrReplaceLinuxNamespace(string(runtimespec.IPCNamespace), getIPCNamespace(sandboxPid)) // nolint: errcheck
g.AddOrReplaceLinuxNamespace(string(runtimespec.UTSNamespace), getUTSNamespace(sandboxPid)) // nolint: errcheck
g.AddOrReplaceLinuxNamespace(string(runtimespec.PIDNamespace), getPIDNamespace(sandboxPid)) // nolint: errcheck
// Do not share pid namespace for now.
if namespaces.GetHostPid() {
g.RemoveLinuxNamespace(string(runtimespec.PIDNamespace)) // nolint: errcheck
}
}