summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-05-14 10:11:08 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-05-14 15:37:47 +0200
commit04aa0d65b018fc0a5bf1c7ddb0407ea01f7c34a6 (patch)
tree52fa8648b99f13bc25b9ed6ee80a86d84ac5463a
parent797060f98a34ff9f421f0150b426c62409eb647d (diff)
downloadpodman-04aa0d65b018fc0a5bf1c7ddb0407ea01f7c34a6.tar.gz
podman-04aa0d65b018fc0a5bf1c7ddb0407ea01f7c34a6.tar.bz2
podman-04aa0d65b018fc0a5bf1c7ddb0407ea01f7c34a6.zip
network: raise a clearer error when using CNI
print a clearer error message when an unprivileged user attempts to create a network using CNI. Closes: https://github.com/containers/libpod/issues/3118 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--libpod/networking_linux.go4
1 files changed, 4 insertions, 0 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 2450bd6b1..b8a916de3 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -19,6 +19,7 @@ import (
"github.com/containers/libpod/pkg/firewall"
"github.com/containers/libpod/pkg/inspect"
"github.com/containers/libpod/pkg/netns"
+ "github.com/containers/libpod/pkg/rootless"
"github.com/cri-o/ocicni/pkg/ocicni"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
@@ -100,6 +101,9 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS ns.NetNS) ([]*cnitypes.Re
// Create and configure a new network namespace for a container
func (r *Runtime) createNetNS(ctr *Container) (n ns.NetNS, q []*cnitypes.Result, err error) {
+ if rootless.IsRootless() {
+ return nil, nil, errors.New("cannot configure a new network namespace in rootless mode, only --network=slirp4netns is supported")
+ }
ctrNS, err := netns.NewNS()
if err != nil {
return nil, nil, errors.Wrapf(err, "error creating network namespace for container %s", ctr.ID())