From 9de18a170484a1f9857dc2b6dbb35db3c570ace2 Mon Sep 17 00:00:00 2001
From: Brent Baude <bbaude@redhat.com>
Date: Mon, 27 Jan 2020 15:42:51 -0600
Subject: [CI:DOCS]rootless exec cannot join root namespace

add a quick note in the rootless.md about usage of --net=host as rootless and subsequent podman execs.

Fixes: #4473

Signed-off-by: Brent Baude <bbaude@redhat.com>
---
 rootless.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/rootless.md b/rootless.md
index d8997a261..93a2b140f 100644
--- a/rootless.md
+++ b/rootless.md
@@ -44,3 +44,4 @@ can easily fail
   * If a build is attempting to use a UID that is not mapped into the user namespace mapping for a container, then builds will not be able to put the UID in an image.
 * Making device nodes within a container fails, even when running --privileged.
   * The kernel does not allow non root user processes (processes without CAP_MKNOD) to create device nodes.  If a container needs to create device nodes, it must be run as root.
+* When using --net=host with rootless containers, subsequent podman execs to that container will not join the host network namespace because it is owned by root.
-- 
cgit v1.2.3-54-g00ecf