From 4b1513f9c394fbfdf21998db4318251b4e8b6bc0 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 17 Mar 2014 17:42:16 -0700
Subject: [PATCH] Only unshare the mount namespace for execin

Fixes #4728
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 pkg/libcontainer/nsinit/execin.go | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/pkg/libcontainer/nsinit/execin.go b/pkg/libcontainer/nsinit/execin.go
index 39df4761a0..f8b8931390 100644
--- a/pkg/libcontainer/nsinit/execin.go
+++ b/pkg/libcontainer/nsinit/execin.go
@@ -14,10 +14,12 @@ import (
 
 // ExecIn uses an existing pid and joins the pid's namespaces with the new command.
 func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) {
-	ns.logger.Println("unshare namespaces")
-	for _, ns := range container.Namespaces {
-		if err := system.Unshare(ns.Value); err != nil {
-			return -1, err
+	for _, nsv := range container.Namespaces {
+		// skip the PID namespace on unshare because it it not supported
+		if nsv.Key != "NEWPID" {
+			if err := system.Unshare(nsv.Value); err != nil {
+				return -1, err
+			}
 		}
 	}
 	fds, err := ns.getNsFds(nspid, container)