Merge pull request #4996 from baude/rootlessnetns

[CI:DOCS]rootless exec cannot join root namespace
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2020-01-28 04:54:50 -0800
committer: GitHub <noreply@github.com> 2020-01-28 04:54:50 -0800
commit: b94f313fe6398786fb0b65e953e2c5708617b90c (patch)
tree: a5e5a220f7524ba303e7becd7950692670e25402
parent: 3b574dde6c350e3943f4b2926f8e3fa7ff74318b (diff)
parent: 9de18a170484a1f9857dc2b6dbb35db3c570ace2 (diff)
download: podman-b94f313fe6398786fb0b65e953e2c5708617b90c.tar.gz
podman-b94f313fe6398786fb0b65e953e2c5708617b90c.tar.bz2
podman-b94f313fe6398786fb0b65e953e2c5708617b90c.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/rootless.md b/rootless.md
index d8997a261..93a2b140f 100644
--- a/rootless.md
+++ b/rootless.md
@@ -44,3 +44,4 @@ can easily fail
   * If a build is attempting to use a UID that is not mapped into the user namespace mapping for a container, then builds will not be able to put the UID in an image.
 * Making device nodes within a container fails, even when running --privileged.
   * The kernel does not allow non root user processes (processes without CAP_MKNOD) to create device nodes.  If a container needs to create device nodes, it must be run as root.
+* When using --net=host with rootless containers, subsequent podman execs to that container will not join the host network namespace because it is owned by root.
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2020-01-28 04:54:50 -0800
committer	GitHub <noreply@github.com>	2020-01-28 04:54:50 -0800
commit	b94f313fe6398786fb0b65e953e2c5708617b90c (patch)
tree	a5e5a220f7524ba303e7becd7950692670e25402
parent	3b574dde6c350e3943f4b2926f8e3fa7ff74318b (diff)
parent	9de18a170484a1f9857dc2b6dbb35db3c570ace2 (diff)
download	podman-b94f313fe6398786fb0b65e953e2c5708617b90c.tar.gz podman-b94f313fe6398786fb0b65e953e2c5708617b90c.tar.bz2 podman-b94f313fe6398786fb0b65e953e2c5708617b90c.zip