summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-10-09 10:13:15 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-10-09 15:49:11 +0200
commit78bf6d0c6ea7eede1f45254519ddb7f9a796e937 (patch)
tree9d366cb1400f01363b1b57103a77109d38a92096
parentc3c40f970e6441b70ac62fb050a35f79fedb8896 (diff)
downloadpodman-78bf6d0c6ea7eede1f45254519ddb7f9a796e937.tar.gz
podman-78bf6d0c6ea7eede1f45254519ddb7f9a796e937.tar.bz2
podman-78bf6d0c6ea7eede1f45254519ddb7f9a796e937.zip
refresh: do not access network ns if not in the namespace
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
-rw-r--r--libpod/boltdb_state.go11
1 files changed, 8 insertions, 3 deletions
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go
index e43d54eee..0bb1df7b8 100644
--- a/libpod/boltdb_state.go
+++ b/libpod/boltdb_state.go
@@ -2,6 +2,7 @@ package libpod
import (
"bytes"
+ "os"
"strings"
"sync"
@@ -658,9 +659,13 @@ func (s *BoltState) UpdateContainer(ctr *Container) error {
return err
}
- // Handle network namespace
- if err := replaceNetNS(netNSPath, ctr, newState); err != nil {
- return err
+ // Handle network namespace.
+ if os.Geteuid() == 0 {
+ // Do it only when root, either on the host or as root in the
+ // user namespace.
+ if err := replaceNetNS(netNSPath, ctr, newState); err != nil {
+ return err
+ }
}
// New state compiled successfully, swap it into the current state