From 70f3b9f4ce67ee54ec226814cdd26db01f69378d Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Fri, 21 Mar 2014 00:23:34 +0000
Subject: [PATCH] Add ability to work with individual namespaces
 Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com>
 (github: crosbymichael)

---
 pkg/libcontainer/nsinit/command.go            |  4 +++-
 pkg/libcontainer/types.go                     | 11 ++++++++---
 runtime/execdriver/native/default_template.go | 16 ++++++++++++++--
 3 files changed, 25 insertions(+), 6 deletions(-)

diff --git a/pkg/libcontainer/nsinit/command.go b/pkg/libcontainer/nsinit/command.go
index 5546065b6d..153a48ab59 100644
--- a/pkg/libcontainer/nsinit/command.go
+++ b/pkg/libcontainer/nsinit/command.go
@@ -39,7 +39,9 @@ func (c *DefaultCommandFactory) Create(container *libcontainer.Container, consol
 // flags on clone, unshare, and setns
 func GetNamespaceFlags(namespaces libcontainer.Namespaces) (flag int) {
 	for _, ns := range namespaces {
-		flag |= ns.Value
+		if ns.Enabled {
+			flag |= ns.Value
+		}
 	}
 	return flag
 }
diff --git a/pkg/libcontainer/types.go b/pkg/libcontainer/types.go
index 7751e850b6..ffeb55a022 100644
--- a/pkg/libcontainer/types.go
+++ b/pkg/libcontainer/types.go
@@ -53,7 +53,8 @@ func (ns *Namespace) String() string {
 func GetNamespace(key string) *Namespace {
 	for _, ns := range namespaceList {
 		if ns.Key == key {
-			return ns
+			cpy := *ns
+			return &cpy
 		}
 	}
 	return nil
@@ -62,12 +63,16 @@ func GetNamespace(key string) *Namespace {
 // Contains returns true if the specified Namespace is
 // in the slice
 func (n Namespaces) Contains(ns string) bool {
+	return n.Get(ns) != nil
+}
+
+func (n Namespaces) Get(ns string) *Namespace {
 	for _, nsp := range n {
 		if nsp.Key == ns {
-			return true
+			return nsp
 		}
 	}
-	return false
+	return nil
 }
 
 type (
diff --git a/runtime/execdriver/native/default_template.go b/runtime/execdriver/native/default_template.go
index d47a5eb8cd..dbb7a45ae7 100644
--- a/runtime/execdriver/native/default_template.go
+++ b/runtime/execdriver/native/default_template.go
@@ -77,10 +77,12 @@ func createContainer(c *execdriver.Command) *libcontainer.Container {
 // i.e: cgroup devices.allow *:*
 func configureCustomOptions(container *libcontainer.Container, opts []string) {
 	for _, opt := range opts {
-		parts := strings.Split(strings.TrimSpace(opt), " ")
+		var (
+			parts = strings.Split(strings.TrimSpace(opt), " ")
+			value = strings.TrimSpace(parts[1])
+		)
 		switch parts[0] {
 		case "cap":
-			value := strings.TrimSpace(parts[1])
 			c := container.CapabilitiesMask.Get(value[1:])
 			if c == nil {
 				continue
@@ -93,6 +95,16 @@ func configureCustomOptions(container *libcontainer.Container, opts []string) {
 			default:
 				// do error here
 			}
+		case "ns":
+			ns := container.Namespaces.Get(value[1:])
+			switch value[0] {
+			case '-':
+				ns.Enabled = false
+			case '+':
+				ns.Enabled = true
+			default:
+				// error
+			}
 		}
 	}
 }