Skip to content

Commit

Permalink
server: Join PID namespace as well
Browse files Browse the repository at this point in the history
And not only the network and IPC ones.
This is following a recent kubernetes change:
kubernetes/community#207

Signed-off-by: Samuel Ortiz <[email protected]>
  • Loading branch information
Samuel Ortiz committed Feb 22, 2017
1 parent 78fcca9 commit dea9a91
Showing 1 changed file with 9 additions and 3 deletions.
12 changes: 9 additions & 3 deletions server/container_create.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ import (
"github.com/kubernetes-incubator/cri-o/server/apparmor"
"github.com/kubernetes-incubator/cri-o/server/seccomp"
"github.com/opencontainers/runc/libcontainer/label"
rspec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"golang.org/x/net/context"
pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
Expand Down Expand Up @@ -286,9 +287,14 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,

logrus.Debugf("pod container state %+v", podInfraState)

ipcNsPath := fmt.Sprintf("/proc/%d/ns/ipc", podInfraState.Pid)
if err := specgen.AddOrReplaceLinuxNamespace("ipc", ipcNsPath); err != nil {
return nil, err
for nsType, nsFile := range map[rspec.NamespaceType]string{
rspec.PIDNamespace: "pid",
rspec.IPCNamespace: "ipc",
} {
nsPath := fmt.Sprintf("/proc/%d/ns/%s", podInfraState.Pid, nsFile)
if err := specgen.AddOrReplaceLinuxNamespace(string(nsType), nsPath); err != nil {
return nil, err
}
}

netNsPath := sb.netNsPath()
Expand Down

0 comments on commit dea9a91

Please sign in to comment.