From 8f75b3e8c95ae21fab16e4564a7056def82df649 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Thu, 24 Oct 2019 10:42:49 +0200
Subject: rootless: raise an error with --network=

Closes: https://github.com/containers/libpod/issues/4332

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/options.go | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libpod/options.go b/libpod/options.go
index ddc5993af..8fc614e6b 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1014,6 +1014,13 @@ func WithNetNS(portMappings []ocicni.PortMapping, postConfigureNetNS bool, netmo
 		ctr.config.NetMode = namespaces.NetworkMode(netmode)
 		ctr.config.CreateNetNS = true
 		ctr.config.PortMappings = portMappings
+
+		if rootless.IsRootless() {
+			if len(networks) > 0 {
+				return errors.New("cannot use CNI networks with rootless containers")
+			}
+		}
+
 		ctr.config.Networks = networks
 
 		return nil
-- 
cgit v1.2.3-54-g00ecf