summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--pkg/specgen/generate/namespaces.go3
-rw-r--r--test/e2e/run_networking_test.go18
2 files changed, 21 insertions, 0 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go
index 3cd5a3c9c..f66ad6101 100644
--- a/pkg/specgen/generate/namespaces.go
+++ b/pkg/specgen/generate/namespaces.go
@@ -236,6 +236,9 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod.
case specgen.Private:
fallthrough
case specgen.Bridge:
+ if postConfigureNetNS && rootless.IsRootless() {
+ return nil, errors.New("CNI networks not supported with user namespaces")
+ }
portMappings, err := createPortMappings(ctx, s, img)
if err != nil {
return nil, err
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index b8e14530c..e4c5a41c5 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -639,6 +639,24 @@ var _ = Describe("Podman run networking", func() {
Expect(create.ExitCode()).To(BeZero())
})
+ It("podman rootless fails custom CNI network with --uidmap", func() {
+ SkipIfNotRootless("The configuration works with rootless")
+
+ netName := stringid.GenerateNonCryptoID()
+ create := podmanTest.Podman([]string{"network", "create", netName})
+ create.WaitWithDefaultTimeout()
+ Expect(create.ExitCode()).To(BeZero())
+ defer podmanTest.removeCNINetwork(netName)
+
+ run := podmanTest.Podman([]string{"run", "--rm", "--net", netName, "--uidmap", "0:1:4096", ALPINE, "true"})
+ run.WaitWithDefaultTimeout()
+ Expect(run.ExitCode()).To(Equal(125))
+
+ remove := podmanTest.Podman([]string{"network", "rm", netName})
+ remove.WaitWithDefaultTimeout()
+ Expect(remove.ExitCode()).To(BeZero())
+ })
+
It("podman run with new:pod and static-ip", func() {
SkipIfRootless("Rootless does not support --ip")
netName := "podmantestnetwork2"