runsc: create a new proc mount if the sandbox process is running in a new pidns

PiperOrigin-RevId: 229971902 Change-Id: Ief4fac731e839ef092175908de9375d725eaa3aa
author: Andrei Vagin <avagin@google.com> 2019-01-18 12:16:24 -0800
committer: Shentubot <shentubot@google.com> 2019-01-18 12:17:34 -0800
commit: c063a1350f4ac6249fb26e6125c9cc99db14263b (patch)
tree: b96361cb0b81c81e9af7f3f61ddc65e0469349ab /runsc/sandbox
parent: 8d7c10e90840cfecf53089e7cc3507cac2804fd1 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/runsc/sandbox/sandbox.go b/runsc/sandbox/sandbox.go
index 411200793..d28d93b0a 100644
--- a/runsc/sandbox/sandbox.go
+++ b/runsc/sandbox/sandbox.go
@@ -458,6 +458,7 @@ func (s *Sandbox) createSandboxProcess(spec *specs.Spec, conf *boot.Config, bund
 	} else {
 		log.Infof("Sandbox will be started in a new PID namespace")
 		nss = append(nss, specs.LinuxNamespace{Type: specs.PIDNamespace})
+		cmd.Args = append(cmd.Args, "--pidns=true")
 	}
 
 	// Joins the network namespace if network is enabled. the sandbox talks
author	Andrei Vagin <avagin@google.com>	2019-01-18 12:16:24 -0800
committer	Shentubot <shentubot@google.com>	2019-01-18 12:17:34 -0800
commit	c063a1350f4ac6249fb26e6125c9cc99db14263b (patch)
tree	b96361cb0b81c81e9af7f3f61ddc65e0469349ab /runsc/sandbox
parent	8d7c10e90840cfecf53089e7cc3507cac2804fd1 (diff)