summaryrefslogtreecommitdiff
path: root/pkg/specgen
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-01-13 14:28:20 -0500
committerGitHub <noreply@github.com>2021-01-13 14:28:20 -0500
commitbbff9c8710870bbadbaf2e69e827db30c109bbb9 (patch)
tree40b9825e3487b3a855278683103a5581e124e245 /pkg/specgen
parentb2b14235aa774b4bd4139a8ee97ced0117bbe628 (diff)
parentee684667a608d866d57c0dbf8d7734efa90bfb70 (diff)
downloadpodman-bbff9c8710870bbadbaf2e69e827db30c109bbb9.tar.gz
podman-bbff9c8710870bbadbaf2e69e827db30c109bbb9.tar.bz2
podman-bbff9c8710870bbadbaf2e69e827db30c109bbb9.zip
Merge pull request #8960 from giuseppe/bridge-no-post-config
network: disallow CNI networks with user namespaces
Diffstat (limited to 'pkg/specgen')
-rw-r--r--pkg/specgen/generate/namespaces.go3
1 files changed, 3 insertions, 0 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 3cd5a3c9c..f66ad6101 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -236,6 +236,9 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
case specgen.Private:
fallthrough
case specgen.Bridge:
+ if postConfigureNetNS && rootless.IsRootless() {
+ return nil, errors.New("CNI networks not supported with user namespaces")
+ }
portMappings, err := createPortMappings(ctx, s, img)
if err != nil {
return nil, err