summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGiuseppe Scrivano <gscrivan@redhat.com>2019-10-01 14:48:42 +0200
committerGiuseppe Scrivano <gscrivan@redhat.com>2019-10-01 14:49:24 +0200
commitdc71a9ebd03805dec993aa86eaa4ec3e95722c60 (patch)
treeba9a97ac19491d92152f1ca4c4c74da1cc663392
parent5d344db8d776190568df9c3b73fd22b632c9c135 (diff)
downloadpodman-dc71a9ebd03805dec993aa86eaa4ec3e95722c60.tar.gz
podman-dc71a9ebd03805dec993aa86eaa4ec3e95722c60.tar.bz2
podman-dc71a9ebd03805dec993aa86eaa4ec3e95722c60.zip
network: add workaround for slirp4netns --enable-sandbox issue
add a workaround for https://github.com/rootless-containers/slirp4netns/pull/153 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat
-rw-r--r--libpod/networking_linux.go6
1 files changed, 6 insertions, 0 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index d854a2de6..61ab57d65 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -201,6 +201,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) {
Setpgid: true,
}
+ // workaround for https://github.com/rootless-containers/slirp4netns/pull/153
+ if sandbox {
+ cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNS
+ cmd.SysProcAttr.Unshareflags = syscall.CLONE_NEWNS
+ }
+
// Leak one end of the pipe in slirp4netns, the other will be sent to conmon
cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncR, syncW)
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-06 21:33:51 +0000