From bc759ee601de3275b1c907e00c547bcd27246f42 Mon Sep 17 00:00:00 2001
From: fupan <lifupan@gmail.com>
Date: Thu, 12 Jul 2018 11:15:29 +0800
Subject: [PATCH] container: remove the unused ns from ocispec

Only keep the pidns and mntns for those containers
in sandbox/pod.

Signed-off-by: fupan <lifupan@gmail.com>
---
 daemon/pod/container.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/daemon/pod/container.go b/daemon/pod/container.go
index 44d9c28d..5bcbc7e7 100644
--- a/daemon/pod/container.go
+++ b/daemon/pod/container.go
@@ -648,6 +648,18 @@ func (c *Container) containerConfig(cjson *dockertypes.ContainerJSON) (*vc.Conta
 	}
 
 	ociSpec = c.ociSpec(cjson)
+
+	//remove those namespace types from ocispec
+	for _, ns := range []specs.LinuxNamespaceType{
+		specs.NetworkNamespace,
+		specs.UserNamespace,
+		specs.UTSNamespace,
+		specs.IPCNamespace,
+		specs.CgroupNamespace,
+	} {
+		oci.RemoveNamespace(ociSpec, ns)
+	}
+
 	ociSpecJson, err := json.Marshal(ociSpec)
 	if err != nil {
 		return &vc.ContainerConfig{}, nil