1 files changed, 26 insertions, 13 deletions

diff --git a/libpod/runtime.go b/libpod/runtime.go
index c405eb773..8dc561cd8 100644
--- a/libpod/runtime.go
+++ b/libpod/runtime.go
@@ -13,6 +13,7 @@ import (
 	is "github.com/containers/image/storage"
 	"github.com/containers/image/types"
 	"github.com/containers/libpod/libpod/image"
+	"github.com/containers/libpod/pkg/firewall"
 	"github.com/containers/libpod/pkg/hooks"
 	sysreg "github.com/containers/libpod/pkg/registries"
 	"github.com/containers/libpod/pkg/rootless"
@@ -70,19 +71,20 @@ type RuntimeOption func(*Runtime) error
 
 // Runtime is the core libpod runtime
 type Runtime struct {
-	config         *RuntimeConfig
-	state          State
-	store          storage.Store
-	storageService *storageService
-	imageContext   *types.SystemContext
-	ociRuntime     *OCIRuntime
-	lockDir        string
-	netPlugin      ocicni.CNIPlugin
-	ociRuntimePath string
-	conmonPath     string
-	valid          bool
-	lock           sync.RWMutex
-	imageRuntime   *image.Runtime
+	config          *RuntimeConfig
+	state           State
+	store           storage.Store
+	storageService  *storageService
+	imageContext    *types.SystemContext
+	ociRuntime      *OCIRuntime
+	lockDir         string
+	netPlugin       ocicni.CNIPlugin
+	ociRuntimePath  string
+	conmonPath      string
+	valid           bool
+	lock            sync.RWMutex
+	imageRuntime    *image.Runtime
+	firewallBackend firewall.FirewallBackend
 }
 
 // RuntimeConfig contains configuration options used to set up the runtime
@@ -507,6 +509,17 @@ func makeRuntime(runtime *Runtime) (err error) {
 	}
 	runtime.netPlugin = netPlugin
 
+	// Set up a firewall backend
+	backendType := ""
+	if os.Geteuid() != 0 {
+		backendType = "none"
+	}
+	fwBackend, err := firewall.GetBackend(backendType)
+	if err != nil {
+		return err
+	}
+	runtime.firewallBackend = fwBackend
+
 	// Set up the state
 	switch runtime.config.StateType {
 	case InMemoryStateStore: