github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Disable pid namespace sharing

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu
2017-08-28 03:58:45 +00:00
parent 8fd54d2f2d
commit f46cd1a71a
3 changed files with 28 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/server/container_create.go
View File

@@ -499,5 +499,8 @@ func setOCINamespaces(g *generate.Generator, namespaces *runtime.NamespaceOption
g.AddOrReplaceLinuxNamespace(string(runtimespec.NetworkNamespace), getNetworkNamespace(sandboxPid)) // nolint: errcheck
g.AddOrReplaceLinuxNamespace(string(runtimespec.IPCNamespace), getIPCNamespace(sandboxPid)) // nolint: errcheck
g.AddOrReplaceLinuxNamespace(string(runtimespec.UTSNamespace), getUTSNamespace(sandboxPid)) // nolint: errcheck
g.AddOrReplaceLinuxNamespace(string(runtimespec.PIDNamespace), getPIDNamespace(sandboxPid)) // nolint: errcheck
// Do not share pid namespace for now.
if namespaces.GetHostPid() {
g.RemoveLinuxNamespace(string(runtimespec.PIDNamespace)) // nolint: errcheck
}
}