From 52aa93b8f4e447b29864b4e4501aea7024839da5 Mon Sep 17 00:00:00 2001
From: Samuel Ortiz <sameo@linux.intel.com>
Date: Tue, 21 Feb 2017 18:27:38 +0100
Subject: [PATCH] server: Join PID namespace as well

And not only the network and IPC ones.
This is following a recent kubernetes change:
https://github.com/kubernetes/community/pull/207

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
---
 server/container_create.go | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/server/container_create.go b/server/container_create.go
index 8a98115d5bf0..05510f4bdc2f 100644
--- a/server/container_create.go
+++ b/server/container_create.go
@@ -14,6 +14,7 @@ import (
 	"github.com/kubernetes-incubator/cri-o/server/apparmor"
 	"github.com/kubernetes-incubator/cri-o/server/seccomp"
 	"github.com/opencontainers/runc/libcontainer/label"
+	rspec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
 	"golang.org/x/net/context"
 	pb "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
@@ -286,9 +287,14 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
 
 	logrus.Debugf("pod container state %+v", podInfraState)
 
-	ipcNsPath := fmt.Sprintf("/proc/%d/ns/ipc", podInfraState.Pid)
-	if err := specgen.AddOrReplaceLinuxNamespace("ipc", ipcNsPath); err != nil {
-		return nil, err
+	for nsType, nsFile := range map[rspec.NamespaceType]string{
+		rspec.PIDNamespace:    "pid",
+		rspec.IPCNamespace:    "ipc",
+	} {
+		nsPath := fmt.Sprintf("/proc/%d/ns/%s", podInfraState.Pid, nsFile)
+		if err := specgen.AddOrReplaceLinuxNamespace((string)(nsType), nsPath); err != nil {
+			return nil, err
+		}
 	}
 
 	netNsPath := sb.netNsPath()