4 files changed, 32 insertions, 24 deletions
diff --git a/runsc/boot/config.go b/runsc/boot/config.go
index 3fca16cce..24be82906 100644
--- a/runsc/boot/config.go
+++ b/runsc/boot/config.go
@@ -176,6 +176,10 @@ type Config struct {
 	// DisableSeccomp indicates whether seccomp syscall filters should be
 	// disabled. Pardon the double negation, but default to enabled is important.
 	DisableSeccomp bool
+
+	// MultiContainer enables multiple containers support inside one sandbox.
+	// TODO: Remove this when multiple container is fully supported.
+	MultiContainer bool
 }
 
 // ToFlags returns a slice of flags that correspond to the given Config.
@@ -188,6 +192,7 @@ func (c *Config) ToFlags() []string {
 		"--debug-log-dir=" + c.DebugLogDir,
 		"--file-access=" + c.FileAccess.String(),
 		"--overlay=" + strconv.FormatBool(c.Overlay),
+		"--multi-container=" + strconv.FormatBool(c.MultiContainer),
 		"--network=" + c.Network.String(),
 		"--log-packets=" + strconv.FormatBool(c.LogPackets),
 		"--platform=" + c.Platform.String(),
diff --git a/runsc/container/container.go b/runsc/container/container.go
index 9c0169ca8..428aa5c62 100644
--- a/runsc/container/container.go
+++ b/runsc/container/container.go
@@ -218,7 +218,7 @@ func Create(id string, spec *specs.Spec, conf *boot.Config, bundleDir, consoleSo
 	// started in an existing sandbox, we must do so. The metadata will
 	// indicate the ID of the sandbox, which is the same as the ID of the
 	// init container in the sandbox.
-	if specutils.ShouldCreateSandbox(spec) {
+	if specutils.ShouldCreateSandbox(spec) || !conf.MultiContainer {
 		log.Debugf("Creating new sandbox for container %q", id)
 		// Start a new sandbox for this container. Any errors after this point
 		// must destroy the container.
@@ -287,7 +287,7 @@ func (c *Container) Start(conf *boot.Config) error {
 		}
 	}
 
-	if specutils.ShouldCreateSandbox(c.Spec) {
+	if specutils.ShouldCreateSandbox(c.Spec) || !conf.MultiContainer {
 		if err := c.Sandbox.StartRoot(c.Spec, conf); err != nil {
 			c.Destroy()
 			return err
diff --git a/runsc/main.go b/runsc/main.go
index cd906e191..aa5796d42 100644
--- a/runsc/main.go
+++ b/runsc/main.go
@@ -55,10 +55,11 @@ var (
 	straceLogSize  = flag.Uint("strace-log-size", 1024, "default size (in bytes) to log data argument blobs")
 
 	// Flags that control sandbox runtime behavior.
-	platform   = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm")
-	network    = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.")
-	fileAccess = flag.String("file-access", "proxy", "specifies which filesystem to use: proxy (default), direct. Using a proxy is more secure because it disallows the sandbox from opennig files directly in the host.")
-	overlay    = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
+	platform       = flag.String("platform", "ptrace", "specifies which platform to use: ptrace (default), kvm")
+	network        = flag.String("network", "sandbox", "specifies which network to use: sandbox (default), host, none. Using network inside the sandbox is more secure because it's isolated from the host network.")
+	fileAccess     = flag.String("file-access", "proxy", "specifies which filesystem to use: proxy (default), direct. Using a proxy is more secure because it disallows the sandbox from opennig files directly in the host.")
+	overlay        = flag.Bool("overlay", false, "wrap filesystem mounts with writable overlay. All modifications are stored in memory inside the sandbox.")
+	multiContainer = flag.Bool("multi-container", false, "enable *experimental* multi-container support.")
 )
 
 var gitRevision = ""
@@ -111,18 +112,19 @@ func main() {
 
 	// Create a new Config from the flags.
 	conf := &boot.Config{
-		RootDir:       *rootDir,
-		Debug:         *debug,
-		LogFilename:   *logFilename,
-		LogFormat:     *logFormat,
-		DebugLogDir:   *debugLogDir,
-		FileAccess:    fsAccess,
-		Overlay:       *overlay,
-		Network:       netType,
-		LogPackets:    *logPackets,
-		Platform:      platformType,
-		Strace:        *strace,
-		StraceLogSize: *straceLogSize,
+		RootDir:        *rootDir,
+		Debug:          *debug,
+		LogFilename:    *logFilename,
+		LogFormat:      *logFormat,
+		DebugLogDir:    *debugLogDir,
+		FileAccess:     fsAccess,
+		Overlay:        *overlay,
+		Network:        netType,
+		LogPackets:     *logPackets,
+		Platform:       platformType,
+		Strace:         *strace,
+		StraceLogSize:  *straceLogSize,
+		MultiContainer: *multiContainer,
 	}
 	if len(*straceSyscalls) != 0 {
 		conf.StraceSyscalls = strings.Split(*straceSyscalls, ",")
diff --git a/runsc/test/testutil/testutil.go b/runsc/test/testutil/testutil.go
index 25535ea37..9d70d29f2 100644
--- a/runsc/test/testutil/testutil.go
+++ b/runsc/test/testutil/testutil.go
@@ -118,12 +118,13 @@ func SetupContainerInRoot(rootDir string, spec *specs.Spec) (bundleDir string, c
 	}
 
 	conf = &boot.Config{
-		Debug:      true,
-		LogFormat:  "text",
-		LogPackets: true,
-		Network:    boot.NetworkNone,
-		RootDir:    rootDir,
-		Strace:     true,
+		Debug:          true,
+		LogFormat:      "text",
+		LogPackets:     true,
+		Network:        boot.NetworkNone,
+		RootDir:        rootDir,
+		Strace:         true,
+		MultiContainer: true,
 	}
 
 	return bundleDir, conf, nil