Browse code
Only unshare the mount namespace for execin
Fixes #4728
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
Michael Crosby authored on 2014/03/18 09:42:16Showing 1 changed files
| ... | ... |
@@ -14,10 +14,12 @@ import ( |
| 14 | 14 |
|
| 15 | 15 |
// ExecIn uses an existing pid and joins the pid's namespaces with the new command. |
| 16 | 16 |
func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) {
|
| 17 |
- ns.logger.Println("unshare namespaces")
|
|
| 18 |
- for _, ns := range container.Namespaces {
|
|
| 19 |
- if err := system.Unshare(ns.Value); err != nil {
|
|
| 20 |
- return -1, err |
|
| 17 |
+ for _, nsv := range container.Namespaces {
|
|
| 18 |
+ // skip the PID namespace on unshare because it it not supported |
|
| 19 |
+ if nsv.Key != "NEWPID" {
|
|
| 20 |
+ if err := system.Unshare(nsv.Value); err != nil {
|
|
| 21 |
+ return -1, err |
|
| 22 |
+ } |
|
| 21 | 23 |
} |
| 22 | 24 |
} |
| 23 | 25 |
fds, err := ns.getNsFds(nspid, container) |