kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Only unshare the mount namespace for execin

Browse source 
Fixes #4728
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-03-17 17:42:16 -07:00
parent fb503da34e
commit 4b1513f9c3
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
pkg/libcontainer/nsinit/execin.go
View file

@ -14,10 +14,12 @@ import (
// ExecIn uses an existing pid and joins the pid's namespaces with the new command. // ExecIn uses an existing pid and joins the pid's namespaces with the new command.
func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) { func (ns *linuxNs) ExecIn(container *libcontainer.Container, nspid int, args []string) (int, error) {
ns.logger.Println("unshare namespaces") for _, nsv := range container.Namespaces {
for _, ns := range container.Namespaces { // skip the PID namespace on unshare because it it not supported
if err := system.Unshare(ns.Value); err != nil { if nsv.Key != "NEWPID" {
return -1, err if err := system.Unshare(nsv.Value); err != nil {
return -1, err
}
} }
} }
fds, err := ns.getNsFds(nspid, container) fds, err := ns.getNsFds(nspid, container)