diff options
| author | Paul Holzinger <paul.holzinger@web.de> | 2021-04-06 23:39:09 +0200 |
|---|---|---|
| committer | Paul Holzinger <paul.holzinger@web.de> | 2021-04-06 23:55:05 +0200 |
| commit | f230214db120793d68d95c5b1892ca5d7d128e79 (patch) | |
| tree | 1f92ed024c5f7905b3c205ddd7a7b216eb0699d8 /libpod | |
| parent | d83f49ef6b8a53535257bb56f5573ef3f65e3ba9 (diff) | |
| download | podman-f230214db120793d68d95c5b1892ca5d7d128e79.tar.gz podman-f230214db120793d68d95c5b1892ca5d7d128e79.tar.bz2 podman-f230214db120793d68d95c5b1892ca5d7d128e79.zip | |
rootless cni add /usr/sbin to PATH if not present
The CNI plugins need access to iptables in $PATH. On debian /usr/sbin
is not added to $PATH for rootless users. This will break rootless
cni completely. To prevent breaking existing users add /usr/sbin to
$PATH in podman if needed.
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Diffstat (limited to 'libpod')
| -rw-r--r-- | libpod/networking_linux.go | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 157c85431..3c4014c73 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -411,6 +411,16 @@ func (r *Runtime) getRootlessCNINetNs(new bool) (*rootlessCNI, error) { } } + // The CNI plugins need access to iptables in $PATH. As it turns out debian doesn't put + // /usr/sbin in $PATH for rootless users. This will break rootless cni completely. + // We might break existing users and we cannot expect everyone to change their $PATH so + // lets add /usr/sbin to $PATH ourselves. + path = os.Getenv("PATH") + if !strings.Contains(path, "/usr/sbin") { + path = path + ":/usr/sbin" + os.Setenv("PATH", path) + } + rootlessCNINS = &rootlessCNI{ ns: ns, dir: cniDir, |