From dc71a9ebd03805dec993aa86eaa4ec3e95722c60 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Tue, 1 Oct 2019 14:48:42 +0200
Subject: network: add workaround for slirp4netns --enable-sandbox issue

add a workaround for https://github.com/rootless-containers/slirp4netns/pull/153

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 libpod/networking_linux.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'libpod/networking_linux.go')

diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go
index d854a2de6..61ab57d65 100644
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@@ -201,6 +201,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) {
 		Setpgid: true,
 	}
 
+	// workaround for https://github.com/rootless-containers/slirp4netns/pull/153
+	if sandbox {
+		cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNS
+		cmd.SysProcAttr.Unshareflags = syscall.CLONE_NEWNS
+	}
+
 	// Leak one end of the pipe in slirp4netns, the other will be sent to conmon
 	cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncR, syncW)
 
-- 
cgit v1.2.3-54-g00ecf