diff options
author | chris.zn <chris.zn@antfin.com> | 2019-04-30 23:35:36 +0800 |
---|---|---|
committer | chris.zn <chris.zn@antfin.com> | 2019-07-24 13:38:23 +0800 |
commit | 1c5b6d9bd26ba090610d05366df90d4fee91c677 (patch) | |
tree | 964de3a578b4100c5a445ba798cd24f20873c6de /runsc/boot/fs.go | |
parent | 7e38d643334647fb79c7cc8be35745699de264e6 (diff) |
Use different pidns among different containers
The different containers in a sandbox used only one pid
namespace before. This results in that a container can see
the processes in another container in the same sandbox.
This patch use different pid namespace for different containers.
Signed-off-by: chris.zn <chris.zn@antfin.com>
Diffstat (limited to 'runsc/boot/fs.go')
-rw-r--r-- | runsc/boot/fs.go | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/runsc/boot/fs.go b/runsc/boot/fs.go index 55bfc27ff..4bff0d034 100644 --- a/runsc/boot/fs.go +++ b/runsc/boot/fs.go @@ -505,6 +505,7 @@ func (c *containerMounter) setupFS(ctx context.Context, conf *Config, procArgs * Credentials: auth.NewRootCredentials(creds.UserNamespace), Umask: 0022, MaxSymlinkTraversals: linux.MaxSymlinkTraversals, + PIDNamespace: procArgs.PIDNamespace, } rootCtx := rootProcArgs.NewContext(c.k) |