summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot/fs.go
diff options
context:
space:
mode:
authorchris.zn <chris.zn@antfin.com>2019-04-30 23:35:36 +0800
committerchris.zn <chris.zn@antfin.com>2019-07-24 13:38:23 +0800
commit1c5b6d9bd26ba090610d05366df90d4fee91c677 (patch)
tree964de3a578b4100c5a445ba798cd24f20873c6de /runsc/boot/fs.go
parent7e38d643334647fb79c7cc8be35745699de264e6 (diff)
Use different pidns among different containers
The different containers in a sandbox used only one pid namespace before. This results in that a container can see the processes in another container in the same sandbox. This patch use different pid namespace for different containers. Signed-off-by: chris.zn <chris.zn@antfin.com>
Diffstat (limited to 'runsc/boot/fs.go')
-rw-r--r--runsc/boot/fs.go1
1 files changed, 1 insertions, 0 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go
index 55bfc27ff..4bff0d034 100644
--- a/runsc/boot/fs.go
+++ b/runsc/boot/fs.go
@@ -505,6 +505,7 @@ func (c *containerMounter) setupFS(ctx context.Context, conf *Config, procArgs *
Credentials: auth.NewRootCredentials(creds.UserNamespace),
Umask: 0022,
MaxSymlinkTraversals: linux.MaxSymlinkTraversals,
+ PIDNamespace: procArgs.PIDNamespace,
}
rootCtx := rootProcArgs.NewContext(c.k)