diff options
-rw-r--r-- | pkg/specgen/generate/namespaces.go | 3 | ||||
-rw-r--r-- | test/e2e/run_networking_test.go | 18 |
2 files changed, 21 insertions, 0 deletions
diff --git a/pkg/specgen/generate/namespaces.go b/pkg/specgen/generate/namespaces.go index 3cd5a3c9c..f66ad6101 100644 --- a/pkg/specgen/generate/namespaces.go +++ b/pkg/specgen/generate/namespaces.go @@ -236,6 +236,9 @@ func namespaceOptions(ctx context.Context, s *specgen.SpecGenerator, rt *libpod. case specgen.Private: fallthrough case specgen.Bridge: + if postConfigureNetNS && rootless.IsRootless() { + return nil, errors.New("CNI networks not supported with user namespaces") + } portMappings, err := createPortMappings(ctx, s, img) if err != nil { return nil, err diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index b8e14530c..e4c5a41c5 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -639,6 +639,24 @@ var _ = Describe("Podman run networking", func() { Expect(create.ExitCode()).To(BeZero()) }) + It("podman rootless fails custom CNI network with --uidmap", func() { + SkipIfNotRootless("The configuration works with rootless") + + netName := stringid.GenerateNonCryptoID() + create := podmanTest.Podman([]string{"network", "create", netName}) + create.WaitWithDefaultTimeout() + Expect(create.ExitCode()).To(BeZero()) + defer podmanTest.removeCNINetwork(netName) + + run := podmanTest.Podman([]string{"run", "--rm", "--net", netName, "--uidmap", "0:1:4096", ALPINE, "true"}) + run.WaitWithDefaultTimeout() + Expect(run.ExitCode()).To(Equal(125)) + + remove := podmanTest.Podman([]string{"network", "rm", netName}) + remove.WaitWithDefaultTimeout() + Expect(remove.ExitCode()).To(BeZero()) + }) + It("podman run with new:pod and static-ip", func() { SkipIfRootless("Rootless does not support --ip") netName := "podmantestnetwork2" |