[lxc-devel] [lxc/master] Add support share pid namespace

lifeng68 on Github lxc-bot at linuxcontainers.org
Fri Sep 29 03:51:30 UTC 2017 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 506 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170929/8c6ea5e6/attachment.bin>
-------------- next part --------------
From 03df7ab598b6c0e865534c20e9618e5aa73956a0 Mon Sep 17 00:00:00 2001
From: LiFeng <lifeng68 at huawei.com>
Date: Fri, 29 Sep 2017 19:53:43 +0800
Subject: [PATCH] Add support share pid namespace

Signed-off-by: LiFeng <lifeng68 at huawei.com>
---
 src/lxc/start.c           | 7 ++++++-
 src/lxc/tools/lxc_start.c | 5 ++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 33b30cb52..b838e579d 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1126,7 +1126,7 @@ static int lxc_recv_ttys_from_child(struct lxc_handler *handler)
 
 void resolve_clone_flags(struct lxc_handler *handler)
 {
-	handler->clone_flags = CLONE_NEWPID | CLONE_NEWNS;
+	handler->clone_flags = CLONE_NEWNS;
 
 	if (!lxc_list_empty(&handler->conf->id_map))
 		handler->clone_flags |= CLONE_NEWUSER;
@@ -1147,6 +1147,11 @@ void resolve_clone_flags(struct lxc_handler *handler)
 		handler->clone_flags |= CLONE_NEWUTS;
 	else
 		INFO("Inheriting a UTS namespace.");
+
+	if (handler->conf->inherit_ns_fd[LXC_NS_PID] == -1)
+		handler->clone_flags |= CLONE_NEWPID;
+	else
+		INFO("Inheriting a PID namespace.");
 }
 
 /* lxc_spawn() performs crucial setup tasks and clone()s the new process which
diff --git a/src/lxc/tools/lxc_start.c b/src/lxc/tools/lxc_start.c
index 20d5b0364..d46532745 100644
--- a/src/lxc/tools/lxc_start.c
+++ b/src/lxc/tools/lxc_start.c
@@ -53,6 +53,7 @@
 #define OPT_SHARE_NET OPT_USAGE + 1
 #define OPT_SHARE_IPC OPT_USAGE + 2
 #define OPT_SHARE_UTS OPT_USAGE + 3
+#define OPT_SHARE_PID OPT_USAGE + 4
 
 lxc_log_define(lxc_start_ui, lxc);
 
@@ -149,6 +150,7 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg)
 	case OPT_SHARE_NET: args->share_ns[LXC_NS_NET] = arg; break;
 	case OPT_SHARE_IPC: args->share_ns[LXC_NS_IPC] = arg; break;
 	case OPT_SHARE_UTS: args->share_ns[LXC_NS_UTS] = arg; break;
+	case OPT_SHARE_PID: args->share_ns[LXC_NS_PID] = arg; break;
 	}
 	return 0;
 }
@@ -165,6 +167,7 @@ static const struct option my_longopts[] = {
 	{"share-net", required_argument, 0, OPT_SHARE_NET},
 	{"share-ipc", required_argument, 0, OPT_SHARE_IPC},
 	{"share-uts", required_argument, 0, OPT_SHARE_UTS},
+	{"share-pid", required_argument, 0, OPT_SHARE_PID},
 	LXC_COMMON_OPTIONS
 };
 
@@ -187,7 +190,7 @@ Options :\n\
                          If not specified, exit with failure instead\n\
                          Note: --daemon implies --close-all-fds\n\
   -s, --define KEY=VAL   Assign VAL to configuration variable KEY\n\
-      --share-[net|ipc|uts]=NAME Share a namespace with another container or pid\n\
+      --share-[net|ipc|uts|pid]=NAME Share a namespace with another container or pid\n\
 ",
 	.options   = my_longopts,
 	.parser    = my_parser,

More information about the lxc-devel mailing list