diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-12-30 16:03:28 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-12-30 16:03:28 +0100 |
commit | c6c9b45985790af50a78da4c222e10672f92c629 (patch) | |
tree | 4ecfdc2d2fe96e1003ee225325117de39ed2a69d /libpod/networking_linux.go | |
parent | a84383297c470436169bbaac06a721e0faafbeb8 (diff) | |
parent | 25b7198441a0ea4c38b6a2b65d22ddfbe0cb4851 (diff) | |
download | podman-c6c9b45985790af50a78da4c222e10672f92c629.tar.gz podman-c6c9b45985790af50a78da4c222e10672f92c629.tar.bz2 podman-c6c9b45985790af50a78da4c222e10672f92c629.zip |
Merge pull request #8852 from afbjorklund/slirp_sandbox-no_pivot_root
The slirp4netns sandbox requires pivot_root
Diffstat (limited to 'libpod/networking_linux.go')
-rw-r--r-- | libpod/networking_linux.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 863e82efd..be6867399 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -247,6 +247,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { func (r *Runtime) setupSlirp4netns(ctr *Container) error { path := r.config.Engine.NetworkCmdPath slirpOptions := r.config.Engine.NetworkCmdOptions + noPivotRoot := r.config.Engine.NoPivotRoot if path == "" { var err error path, err = exec.LookPath("slirp4netns") @@ -351,7 +352,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error { if slirpFeatures.HasMTU { cmdArgs = append(cmdArgs, "--mtu", "65520") } - if slirpFeatures.HasEnableSandbox { + if !noPivotRoot && slirpFeatures.HasEnableSandbox { cmdArgs = append(cmdArgs, "--enable-sandbox") } if slirpFeatures.HasEnableSeccomp { @@ -424,7 +425,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error { } // workaround for https://github.com/rootless-containers/slirp4netns/pull/153 - if slirpFeatures.HasEnableSandbox { + if !noPivotRoot && slirpFeatures.HasEnableSandbox { cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNS cmd.SysProcAttr.Unshareflags = syscall.CLONE_NEWNS } |