Merge pull request #273 from shishir-a412ed/pid_namespace

Add --pid to enable host pid namespace.
containerd · Jun 29, 2021 · ad836c2 · ad836c2
2 parents 72ac023 + 3d83ba5
commit ad836c2
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -255,6 +255,7 @@ Basic flags:
 - :whale: `--rm`: Automatically remove the container when it exits
 - :whale: `--pull=(always|missing|never)`: Pull image before running
   - Default: "missing"
+- :whale: `--pid=(host)`: PID namespace to use
 
 Network flags:
 - :whale: `--net, --network=(bridge|host|none|<CNI>)`: Connect a container to a network

diff --git a/cmd/nerdctl/run.go b/cmd/nerdctl/run.go
@@ -131,6 +131,11 @@ var runCommand = &cli.Command{
 			Aliases: []string{"m"},
 			Usage:   "Memory limit",
 		},
+		// Enable host pid namespace
+		&cli.StringFlag{
+			Name:  "pid",
+			Usage: "PID namespace to use",
+		},
 		&cli.IntFlag{
 			Name:  "pids-limit",
 			Usage: "Tune container pids limit (set -1 for unlimited)",
@@ -484,6 +489,15 @@ func runAction(clicontext *cli.Context) error {
 		opts = append(opts, oci.WithDevShmSize(shmBytes/1024))
 	}
 
+	pidNs := strings.ToLower(clicontext.String("pid"))
+	if pidNs != "" {
+		if pidNs != "host" {
+			return fmt.Errorf("Invalid pid namespace. Set --pid=host to enable host pid namespace.")
+		} else {
+			opts = append(opts, oci.WithHostNamespace(specs.PIDNamespace))
+		}
+	}
+
 	rtCOpts, err := generateRuntimeCOpts(clicontext)
 	if err != nil {
 		return err