1 files changed, 22 insertions, 22 deletions

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 8861d7728..f9b0592f9 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -136,7 +136,14 @@ func (c *Container) prepare() (err error) {
 
 // cleanupNetwork unmounts and cleans up the container's network
 func (c *Container) cleanupNetwork() error {
-	if c.NetworkDisabled() {
+	if c.config.NetNsCtr != "" {
+		return nil
+	}
+	netDisabled, err := c.NetworkDisabled()
+	if err != nil {
+		return err
+	}
+	if netDisabled {
 		return nil
 	}
 	if c.state.NetNS == nil {
@@ -180,7 +187,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	if err := c.makeBindMounts(); err != nil {
 		return nil, err
 	}
-
 	// Check if the spec file mounts contain the label Relabel flags z or Z.
 	// If they do, relabel the source directory and then remove the option.
 	for _, m := range g.Mounts() {
@@ -224,10 +230,8 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 		}
 	}
 
-	if !rootless.IsRootless() {
-		if c.state.ExtensionStageHooks, err = c.setupOCIHooks(ctx, g.Config); err != nil {
-			return nil, errors.Wrapf(err, "error setting up OCI Hooks")
-		}
+	if c.state.ExtensionStageHooks, err = c.setupOCIHooks(ctx, g.Config); err != nil {
+		return nil, errors.Wrapf(err, "error setting up OCI Hooks")
 	}
 
 	// Bind builtin image volumes
@@ -238,9 +242,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 	}
 
 	if c.config.User != "" {
-		if !c.state.Mounted {
-			return nil, errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to translate User field", c.ID())
-		}
 		// User and Group must go together
 		g.SetProcessUID(uint32(execUser.Uid))
 		g.SetProcessGID(uint32(execUser.Gid))
@@ -248,9 +249,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 
 	// Add addition groups if c.config.GroupAdd is not empty
 	if len(c.config.Groups) > 0 {
-		if !c.state.Mounted {
-			return nil, errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to add additional groups", c.ID())
-		}
 		gids, _ := lookup.GetContainerGroups(c.config.Groups, c.state.Mountpoint, nil)
 		for _, gid := range gids {
 			g.AddProcessAdditionalGid(gid)
@@ -641,8 +639,12 @@ func (c *Container) makeBindMounts() error {
 	if c.state.BindMounts == nil {
 		c.state.BindMounts = make(map[string]string)
 	}
+	netDisabled, err := c.NetworkDisabled()
+	if err != nil {
+		return err
+	}
 
-	if !c.NetworkDisabled() {
+	if !netDisabled {
 		// Make /etc/resolv.conf
 		if _, ok := c.state.BindMounts["/etc/resolv.conf"]; ok {
 			// If it already exists, delete so we can recreate
@@ -802,7 +804,6 @@ func (c *Container) generateHosts() (string, error) {
 func (c *Container) generatePasswd() (string, error) {
 	var (
 		groupspec string
-		group     *user.Group
 		gid       int
 	)
 	if c.config.User == "" {
@@ -827,17 +828,16 @@ func (c *Container) generatePasswd() (string, error) {
 		return "", nil
 	}
 	if groupspec != "" {
-		if !c.state.Mounted {
-			return "", errors.Wrapf(ErrCtrStateInvalid, "container %s must be mounted in order to translate group field for passwd record", c.ID())
-		}
-		group, err = lookup.GetGroup(c.state.Mountpoint, groupspec)
-		if err != nil {
-			if err == user.ErrNoGroupEntries {
+		ugid, err := strconv.ParseUint(groupspec, 10, 32)
+		if err == nil {
+			gid = int(ugid)
+		} else {
+			group, err := lookup.GetGroup(c.state.Mountpoint, groupspec)
+			if err != nil {
 				return "", errors.Wrapf(err, "unable to get gid %s from group file", groupspec)
 			}
-			return "", err
+			gid = group.Gid
 		}
-		gid = group.Gid
 	}
 	originPasswdFile := filepath.Join(c.state.Mountpoint, "/etc/passwd")
 	orig, err := ioutil.ReadFile(originPasswdFile)