Add support for pid ns

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Closes: #54
Approved by: umohnani8

cmd/kpod/create.go

@@ -6,6 +6,7 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/docker/docker/api/types/container"
 	"github.com/docker/go-units"
 	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
@@ -61,6 +62,7 @@ type createResourceConfig struct {
 }
 
 type createConfig struct {
+	runtime            *libpod.Runtime
 	args               []string
 	capAdd             []string // cap-add
 	capDrop            []string // cap-drop
@@ -90,8 +92,8 @@ type createConfig struct {
 	network            string            //network
 	networkAlias       []string          //network-alias
 	nsIPC              string            // ipc
-	nsNet              string            //net
-	nsPID              string            //pid
+	nsNET              string            //net
+	pidMode            container.PidMode //pid
 	nsUser             string
 	pod                string   //pod
 	privileged         bool     //privileged
@@ -329,8 +331,13 @@ func parseCreateOpts(c *cli.Context, runtime *libpod.Runtime) (*createConfig, er
 	if !c.Bool("detach") && !tty {
 		tty = true
 	}
+	pidMode := container.PidMode(c.String("pid"))
+	if !pidMode.Valid() {
+		return nil, errors.Errorf("--pid %q is not valid", c.String("pid"))
+	}
 
 	config := &createConfig{
+		runtime:        runtime,
 		capAdd:         c.StringSlice("cap-add"),
 		capDrop:        c.StringSlice("cap-drop"),
 		cgroupParent:   c.String("cgroup-parent"),
@@ -357,8 +364,8 @@ func parseCreateOpts(c *cli.Context, runtime *libpod.Runtime) (*createConfig, er
 		network:        c.String("network"),
 		networkAlias:   c.StringSlice("network-alias"),
 		nsIPC:          c.String("ipc"),
-		nsNet:          c.String("net"),
-		nsPID:          c.String("pid"),
+		nsNET:          c.String("net"),
+		pidMode:        pidMode,
 		pod:            c.String("pod"),
 		privileged:     c.Bool("privileged"),
 		publish:        c.StringSlice("publish"),

cmd/kpod/spec.go

@@ -2,6 +2,7 @@ package main
 
 import (
 	"encoding/json"
+	"fmt"
 	"io/ioutil"
 	"strings"
 
@@ -44,6 +45,28 @@ func blockAccessToKernelFilesystems(config *createConfig, g *generate.Generator)
 	}
 }
 
+func addPidNS(config *createConfig, g *generate.Generator) error {
+	pidMode := config.pidMode
+	if pidMode.IsHost() {
+		return g.RemoveLinuxNamespace("pid")
+	}
+	if pidMode.IsContainer() {
+		ctr, err := config.runtime.LookupContainer(pidMode.Container())
+		if err != nil {
+			return errors.Wrapf(err, "container %q not found", pidMode.Container())
+		}
+		pid, err := ctr.PID()
+		if err != nil {
+			return errors.Wrapf(err, "Failed to get pid of container %q", pidMode.Container())
+		}
+		pidNsPath := fmt.Sprintf("/proc/%d/ns/pid", pid)
+		if err := g.AddOrReplaceLinuxNamespace(libpod.PIDNamespace, pidNsPath); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func addRlimits(config *createConfig, g *generate.Generator) error {
 	var (
 		ul  *units.Ulimit
@@ -182,6 +205,10 @@ func createConfigToOCISpec(config *createConfig) (*spec.Spec, error) {
 		return nil, err
 	}
 
+	if err := addPidNS(config, &g); err != nil {
+		return nil, err
+	}
+
 	configSpec := g.Spec()
 
 	if config.seccompProfilePath != "" && config.seccompProfilePath != "unconfined" {

test/kpod_run_ns.bats

@@ -0,0 +1,28 @@
+#!/usr/bin/env bats
+
+load helpers
+
+function setup() {
+    copy_images
+}
+
+@test "run pidns test" {
+
+    ${KPOD_BINARY} ${KPOD_OPTIONS} pull ${ALPINE}
+
+    run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run ${ALPINE}  sh -c 'echo \$\$'"
+    echo $output
+    [ "$status" -eq 0 ]
+    pid=$(echo $output | tr -d '\r')
+    [ $pid = "1" ]
+
+    run bash -c "${KPOD_BINARY} ${KPOD_OPTIONS} run --pid=host ${ALPINE}  sh -c 'echo \$\$'"
+    echo $output
+    pid=$(echo $output | tr -d '\r')
+    [ "$status" -eq 0 ]
+    [ $pid !=  "1" ]
+
+    run ${KPOD_BINARY} ${KPOD_OPTIONS} run --pid=badpid ${ALPINE} sh -c 'echo $$'
+    echo $output
+    [ "$status" -ne 0 ]
+}