diff options
| author | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-10-09 10:13:15 +0200 |
|---|---|---|
| committer | Giuseppe Scrivano <gscrivan@redhat.com> | 2019-10-09 15:49:11 +0200 |
| commit | 78bf6d0c6ea7eede1f45254519ddb7f9a796e937 (patch) | |
| tree | 9d366cb1400f01363b1b57103a77109d38a92096 /libpod/boltdb_state.go | |
| parent | c3c40f970e6441b70ac62fb050a35f79fedb8896 (diff) | |
| download | podman-78bf6d0c6ea7eede1f45254519ddb7f9a796e937.tar.gz podman-78bf6d0c6ea7eede1f45254519ddb7f9a796e937.tar.bz2 podman-78bf6d0c6ea7eede1f45254519ddb7f9a796e937.zip | |
refresh: do not access network ns if not in the namespace
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Diffstat (limited to 'libpod/boltdb_state.go')
| -rw-r--r-- | libpod/boltdb_state.go | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/libpod/boltdb_state.go b/libpod/boltdb_state.go index e43d54eee..0bb1df7b8 100644 --- a/libpod/boltdb_state.go +++ b/libpod/boltdb_state.go @@ -2,6 +2,7 @@ package libpod import ( "bytes" + "os" "strings" "sync" @@ -658,9 +659,13 @@ func (s *BoltState) UpdateContainer(ctr *Container) error { return err } - // Handle network namespace - if err := replaceNetNS(netNSPath, ctr, newState); err != nil { - return err + // Handle network namespace. + if os.Geteuid() == 0 { + // Do it only when root, either on the host or as root in the + // user namespace. + if err := replaceNetNS(netNSPath, ctr, newState); err != nil { + return err + } } // New state compiled successfully, swap it into the current state |