diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-01-13 14:28:20 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-13 14:28:20 -0500 |
commit | bbff9c8710870bbadbaf2e69e827db30c109bbb9 (patch) | |
tree | 40b9825e3487b3a855278683103a5581e124e245 /pkg | |
parent | b2b14235aa774b4bd4139a8ee97ced0117bbe628 (diff) | |
parent | ee684667a608d866d57c0dbf8d7734efa90bfb70 (diff) | |
download | podman-bbff9c8710870bbadbaf2e69e827db30c109bbb9.tar.gz podman-bbff9c8710870bbadbaf2e69e827db30c109bbb9.tar.bz2 podman-bbff9c8710870bbadbaf2e69e827db30c109bbb9.zip |
Merge pull request #8960 from giuseppe/bridge-no-post-config
network: disallow CNI networks with user namespaces
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/specgen/generate/namespaces.go | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 3cd5a3c9c..f66ad6101 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -236,6 +236,9 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod. case specgen.Private: fallthrough case specgen.Bridge: + if postConfigureNetNS && rootless.IsRootless() { + return nil, errors.New("CNI networks not supported with user namespaces") + } portMappings, err := createPortMappings(ctx, s, img) if err != nil { return nil, err |