diff options
Diffstat (limited to 'pkg/spec')
| -rw-r--r-- | pkg/spec/createconfig.go | 4 | ||||
| -rw-r--r-- | pkg/spec/spec.go | 4 |
2 files changed, 4 insertions, 4 deletions
diff --git a/pkg/spec/createconfig.go b/pkg/spec/createconfig.go index 632d60b55..344f4afb9 100644 --- a/pkg/spec/createconfig.go +++ b/pkg/spec/createconfig.go @@ -422,11 +422,7 @@ func (c *CreateConfig) GetContainerCreateOptions(runtime *libpod.Runtime, pod *l } options = append(options, libpod.WithNetNSFrom(connectedCtr)) } else if !c.NetMode.IsHost() && !c.NetMode.IsNone() { - isRootless := rootless.IsRootless() postConfigureNetNS := c.NetMode.IsSlirp4netns() || (len(c.IDMappings.UIDMap) > 0 || len(c.IDMappings.GIDMap) > 0) && !c.UsernsMode.IsHost() - if isRootless && len(portBindings) > 0 { - return nil, errors.New("port bindings are not yet supported by rootless containers") - } options = append(options, libpod.WithNetNS(portBindings, postConfigureNetNS, string(c.NetMode), networks)) } diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go index 9ef0223f2..46105af4a 100644 --- a/pkg/spec/spec.go +++ b/pkg/spec/spec.go @@ -376,6 +376,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint } func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) { + if config.PidMode.IsHost() && rootless.IsRootless() { + return + } + if !config.Privileged { for _, mp := range []string{ "/proc/acpi", |