From 04aa0d65b018fc0a5bf1c7ddb0407ea01f7c34a6 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 14 May 2019 10:11:08 +0200
Subject: network: raise a clearer error when using CNI

print a clearer error message when an unprivileged user attempts to
create a network using CNI.

Closes: https://github.com/containers/libpod/issues/3118

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/networking_linux.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index 2450bd6b1..b8a916de3 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -19,6 +19,7 @@ import (
 	"github.com/containers/libpod/pkg/firewall"
 	"github.com/containers/libpod/pkg/inspect"
 	"github.com/containers/libpod/pkg/netns"
+	"github.com/containers/libpod/pkg/rootless"
 	"github.com/cri-o/ocicni/pkg/ocicni"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -100,6 +101,9 @@ func (r *Runtime) configureNetNS(ctr *Container, ctrNS ns.NetNS) ([]*cnitypes.Re
 
 // Create and configure a new network namespace for a container
 func (r *Runtime) createNetNS(ctr *Container) (n ns.NetNS, q []*cnitypes.Result, err error) {
+	if rootless.IsRootless() {
+		return nil, nil, errors.New("cannot configure a new network namespace in rootless mode, only --network=slirp4netns is supported")
+	}
 	ctrNS, err := netns.NewNS()
 	if err != nil {
 		return nil, nil, errors.Wrapf(err, "error creating network namespace for container %s", ctr.ID())
-- 
cgit v1.2.3-54-g00ecf