[CI:DOCS]rootless exec cannot join root namespace

add a quick note in the rootless.md about usage of --net=host as rootless and subsequent podman execs. Fixes: #4473 Signed-off-by: Brent Baude <bbaude@redhat.com>
author: Brent Baude <bbaude@redhat.com> 2020-01-27 15:42:51 -0600
committer: Brent Baude <bbaude@redhat.com> 2020-01-27 15:43:53 -0600
commit: 9de18a170484a1f9857dc2b6dbb35db3c570ace2 (patch)
tree: 73b54e7ea56523e85602dd7058f83ec9f654502b
parent: 094baa5366a3f41df2511ff2d749a773f2eed03f (diff)
download: podman-9de18a170484a1f9857dc2b6dbb35db3c570ace2.tar.gz
podman-9de18a170484a1f9857dc2b6dbb35db3c570ace2.tar.bz2
podman-9de18a170484a1f9857dc2b6dbb35db3c570ace2.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/rootless.md b/rootless.md
index d8997a261..93a2b140f 100644
--- a/rootless.md
+++ b/rootless.md
@@ -44,3 +44,4 @@ can easily fail
   * If a build is attempting to use a UID that is not mapped into the user namespace mapping for a container, then builds will not be able to put the UID in an image.
 * Making device nodes within a container fails, even when running --privileged.
   * The kernel does not allow non root user processes (processes without CAP_MKNOD) to create device nodes.  If a container needs to create device nodes, it must be run as root.
+* When using --net=host with rootless containers, subsequent podman execs to that container will not join the host network namespace because it is owned by root.
author	Brent Baude <bbaude@redhat.com>	2020-01-27 15:42:51 -0600
committer	Brent Baude <bbaude@redhat.com>	2020-01-27 15:43:53 -0600
commit	9de18a170484a1f9857dc2b6dbb35db3c570ace2 (patch)
tree	73b54e7ea56523e85602dd7058f83ec9f654502b
parent	094baa5366a3f41df2511ff2d749a773f2eed03f (diff)
download	podman-9de18a170484a1f9857dc2b6dbb35db3c570ace2.tar.gz podman-9de18a170484a1f9857dc2b6dbb35db3c570ace2.tar.bz2 podman-9de18a170484a1f9857dc2b6dbb35db3c570ace2.zip