Replacing nsenter with netns

This commit has changes to replace the usage of nsenter with
netns. This can relax the requirement of requiring nsenter
installation.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>

pkg/server/sandbox_portforward.go

@@ -20,14 +20,14 @@ import (
 	"bytes"
 	"errors"
 	"fmt"
-	"io"
-	"os/exec"
-	"strings"
-
 	"github.com/containerd/containerd"
 	"github.com/golang/glog"
+	"github.com/vishvananda/netns"
 	"golang.org/x/net/context"
+	"io"
 	"k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"
+	"os/exec"
+	goruntime "runtime"
 )
 
 // PortForward prepares a streaming endpoint to forward ports from a PodSandbox, and returns the address.
@@ -78,17 +78,21 @@ func (c *criContainerdService) portForward(id string, port int32, stream io.Read
 	// Check following links for meaning of the options:
 	// * socat: https://linux.die.net/man/1/socat
 	// * nsenter: http://man7.org/linux/man-pages/man1/nsenter.1.html
-	args := []string{"-t", fmt.Sprintf("%d", pid), "-n", socat,
-		"-", fmt.Sprintf("TCP4:localhost:%d", port)}
+	args := []string{"-", fmt.Sprintf("TCP4:localhost:%d", port)}
 
-	nsenter, err := exec.LookPath("nsenter")
-	if err != nil {
-		return fmt.Errorf("failed to find nsenter: %v", err)
-	}
+	goruntime.LockOSThread()
+	defer goruntime.UnlockOSThread()
 
-	glog.V(2).Infof("Executing port forwarding command: %s %s", nsenter, strings.Join(args, " "))
+	// Save the current namespace
+	origNS, err := netns.Get()
+	defer origNS.Close()
+	// Get the namespace from the pid
+	pidNS, err := netns.GetFromPid(int(pid))
+	// Set namespace of the pid
+	netns.Set(pidNS)
+	defer pidNS.Close()
 
-	cmd := exec.Command(nsenter, args...)
+	cmd := exec.Command(socat, args...)
 	cmd.Stdout = stream
 
 	stderr := new(bytes.Buffer)
@@ -119,6 +123,7 @@ func (c *criContainerdService) portForward(id string, port int32, stream io.Read
 		return fmt.Errorf("nsenter command returns error: %v, stderr: %q", err, stderr.String())
 	}
 
+	netns.Set(origNS)
 	glog.V(2).Infof("Finish port forwarding for %q port %d", id, port)
 
 	return nil

vendor.conf

@@ -3,7 +3,6 @@ github.com/boltdb/bolt v1.3.0-58-ge9cf4fa
 github.com/containerd/containerd 938810e706bbcdbcb937ce63ba3e7c9ca329af64 
 github.com/containerd/continuity 86cec1535a968310e7532819f699ff2830ed7463
 github.com/containerd/fifo fbfb6a11ec671efbe94ad1c12c2e98773f19e1e6
-github.com/containerd/errdefs 546f045128093f82e92beadd08fa7fb4aa6cc4e0
 github.com/containernetworking/cni v0.4.0
 github.com/davecgh/go-spew v1.1.0
 github.com/docker/distribution b38e5838b7b2f2ad48e06ec4b500011976080621
@@ -41,6 +40,7 @@ github.com/spf13/pflag 9ff6c6923cfffbcd502984b8e0c80539a94968b7
 github.com/stretchr/testify v1.1.4
 github.com/syndtr/gocapability e7cb7fa329f456b3855136a2642b197bad7366ba
 github.com/ugorji/go ded73eae5db7e7a0ef6f55aace87a2873c5d2b74
+github.com/vishvananda/netns 86bef332bfc3b59b7624a600bd53009ce91a9829
 golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6
 golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
 golang.org/x/sys 739734461d1c916b6c72a63d7efda2b27edb369f