From 2b942524a2265ee0bdfd6720d7f980393eadbe6f Mon Sep 17 00:00:00 2001 From: Peng Tao Date: Wed, 20 Jun 2018 16:54:16 +0800 Subject: [PATCH] sandbox: expose share sandbox pidns setting So that we let callers decide if kata-agent should let all containers in a sandbox share the same pid namespace. This will be first used only by frakti. And kata cli can possibly use it as well when cri-o and containerd-cri stop creating pause containers and just pass the CreateSandbox CRI requests to kata. Fixes: #426 Signed-off-by: Peng Tao --- virtcontainers/kata_agent.go | 2 +- virtcontainers/sandbox.go | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/virtcontainers/kata_agent.go b/virtcontainers/kata_agent.go index c96c05273e..186f95de7e 100644 --- a/virtcontainers/kata_agent.go +++ b/virtcontainers/kata_agent.go @@ -528,7 +528,7 @@ func (k *kataAgent) startSandbox(sandbox *Sandbox) error { req := &grpc.CreateSandboxRequest{ Hostname: hostname, Storages: storages, - SandboxPidns: false, + SandboxPidns: sandbox.sharePidNs, } _, err = k.sendReq(req) diff --git a/virtcontainers/sandbox.go b/virtcontainers/sandbox.go index 2d0abbfff9..55e8249360 100644 --- a/virtcontainers/sandbox.go +++ b/virtcontainers/sandbox.go @@ -358,6 +358,9 @@ type SandboxConfig struct { Annotations map[string]string ShmSize uint64 + + // SharePidNs sets all containers to share the same sandbox level pid namespace. + SharePidNs bool } // valid checks that the sandbox configuration is valid. @@ -462,7 +465,8 @@ type Sandbox struct { wg *sync.WaitGroup - shmSize uint64 + shmSize uint64 + sharePidNs bool } // ID returns the sandbox identifier string. @@ -743,6 +747,7 @@ func newSandbox(sandboxConfig SandboxConfig) (*Sandbox, error) { annotationsLock: &sync.RWMutex{}, wg: &sync.WaitGroup{}, shmSize: sandboxConfig.ShmSize, + sharePidNs: sandboxConfig.SharePidNs, } if err = globalSandboxList.addSandbox(s); err != nil {