Merge pull request #485 from docker/pid_mode

Support for PID mode

5 files changed, 56 insertions, 10 deletions

diff --git a/docker/client.py b/docker/client.py
index 107fdff..64ce54e 100644
--- a/docker/client.py
+++ b/docker/client.py
@@ -550,8 +550,8 @@ class Client(requests.Session):
         config = self._container_config(
             image, command, hostname, user, detach, stdin_open, tty, mem_limit,
             ports, environment, dns, volumes, volumes_from, network_disabled,
-            entrypoint, cpu_shares, working_dir, domainname,
-            memswap_limit, cpuset, host_config, mac_address
+            entrypoint, cpu_shares, working_dir, domainname, memswap_limit,
+            cpuset, host_config, mac_address
         )
         return self.create_container_from_config(config, name)
 
@@ -957,7 +957,7 @@ class Client(requests.Session):
               publish_all_ports=False, links=None, privileged=False,
               dns=None, dns_search=None, volumes_from=None, network_mode=None,
               restart_policy=None, cap_add=None, cap_drop=None, devices=None,
-              extra_hosts=None, read_only=None):
+              extra_hosts=None, read_only=None, pid_mode=None):
 
         if utils.compare_version('1.10', self._version) < 0:
             if dns is not None:
@@ -969,11 +969,15 @@ class Client(requests.Session):
                     'volumes_from is only supported for API version >= 1.10'
                 )
 
-        if utils.compare_version('1.17', self._version) < 0 and \
-           read_only is not None:
-            raise errors.InvalidVersion(
-                'read_only is only supported for API version >= 1.17'
-            )
+        if utils.compare_version('1.17', self._version) < 0:
+            if read_only is not None:
+                raise errors.InvalidVersion(
+                    'read_only is only supported for API version >= 1.17'
+                )
+            if pid_mode is not None:
+                raise errors.InvalidVersion(
+                    'pid_mode is only supported for API version >= 1.17'
+                )
 
         start_config = utils.create_host_config(
             binds=binds, port_bindings=port_bindings, lxc_conf=lxc_conf,
@@ -981,7 +985,7 @@ class Client(requests.Session):
             privileged=privileged, dns_search=dns_search, cap_add=cap_add,
             cap_drop=cap_drop, volumes_from=volumes_from, devices=devices,
             network_mode=network_mode, restart_policy=restart_policy,
-            extra_hosts=extra_hosts, read_only=read_only
+            extra_hosts=extra_hosts, read_only=read_only, pid_mode=pid_mode
         )
 
         if isinstance(container, dict):
diff --git a/docker/utils/utils.py b/docker/utils/utils.py
index 3f51b31..36b3981 100644
--- a/docker/utils/utils.py
+++ b/docker/utils/utils.py
@@ -309,10 +309,17 @@ def create_host_config(
     publish_all_ports=False, links=None, privileged=False,
     dns=None, dns_search=None, volumes_from=None, network_mode=None,
     restart_policy=None, cap_add=None, cap_drop=None, devices=None,
-    extra_hosts=None, read_only=None
+    extra_hosts=None, read_only=None, pid_mode=None
 ):
     host_config = {}
 
+    if pid_mode not in (None, 'host'):
+        raise errors.DockerException(
+            'Invalid value for pid param: {0}'.format(pid_mode)
+        )
+    elif pid_mode:
+        host_config['PidMode'] = pid_mode
+
     if privileged:
         host_config['Privileged'] = privileged
 
diff --git a/docs/api.md b/docs/api.md
index d9eebc0..76f151e 100644
--- a/docs/api.md
+++ b/docs/api.md
@@ -674,6 +674,8 @@ from. Optionally a single string joining container id's with commas
 * cap_add (list of str): See note above
 * cap_drop (list of str): See note above
 * extra_hosts (dict): custom host-to-IP mappings (host:ip)
+* pid_mode (str): if set to "host", use the host PID namespace inside the
+  container
 
 ```python
 >>> from docker import Client
diff --git a/docs/hostconfig.md b/docs/hostconfig.md
index efd5c95..3c11031 100644
--- a/docs/hostconfig.md
+++ b/docs/hostconfig.md
@@ -83,6 +83,8 @@ for example:
 * cap_drop (list of str): Drop kernel capabilities
 * extra_hosts (dict): custom host-to-IP mappings (host:ip)
 * read_only (bool): mount the container's root filesystem as read only
+* pid_mode (str): if set to "host", use the host PID namespace inside the
+  container
 
 **Returns** (dict) HostConfig dictionary
 
diff --git a/tests/integration_test.py b/tests/integration_test.py
index edee039..b6ea674 100644
--- a/tests/integration_test.py
+++ b/tests/integration_test.py
@@ -1060,6 +1060,37 @@ class TestPauseUnpauseContainer(BaseTestCase):
         self.assertEqual(state['Paused'], False)
 
 
+class TestCreateContainerWithHostPidMode(BaseTestCase):
+    def runTest(self):
+        ctnr = self.client.create_container(
+            'busybox', 'true', host_config=create_host_config(
+                pid_mode='host'
+            )
+        )
+        self.assertIn('Id', ctnr)
+        self.tmp_containers.append(ctnr['Id'])
+        self.client.start(ctnr)
+        inspect = self.client.inspect_container(ctnr)
+        self.assertIn('HostConfig', inspect)
+        host_config = inspect['HostConfig']
+        self.assertIn('PidMode', host_config)
+        self.assertEqual(host_config['PidMode'], 'host')
+
+
+class TestStartContainerWithHostPidMode(BaseTestCase):
+    def runTest(self):
+        ctnr = self.client.create_container(
+            'busybox', 'true'
+        )
+        self.assertIn('Id', ctnr)
+        self.tmp_containers.append(ctnr['Id'])
+        self.client.start(ctnr, pid_mode='host')
+        inspect = self.client.inspect_container(ctnr)
+        self.assertIn('HostConfig', inspect)
+        host_config = inspect['HostConfig']
+        self.assertIn('PidMode', host_config)
+        self.assertEqual(host_config['PidMode'], 'host')
+
 #################
 #  LINKS TESTS  #
 #################