From 8156f8c69473f8a7f970ca4f1b4a5f01a99d368a Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Fri, 18 Jan 2019 17:12:23 +0100
Subject: rootless: fix --pid=host without --privileged

When using --pid=host don't try to cover /proc paths, as they are
coming from the /proc bind mounted from the host.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 pkg/spec/spec.go | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'pkg/spec')

diff --git a/pkg/spec/spec.go b/pkg/spec/spec.go
index 9ef0223f2..46105af4a 100644
--- a/pkg/spec/spec.go
+++ b/pkg/spec/spec.go
@@ -376,6 +376,10 @@ func CreateConfigToOCISpec(config *CreateConfig) (*spec.Spec, error) { //nolint
 }
 
 func blockAccessToKernelFilesystems(config *CreateConfig, g *generate.Generator) {
+	if config.PidMode.IsHost() && rootless.IsRootless() {
+		return
+	}
+
 	if !config.Privileged {
 		for _, mp := range []string{
 			"/proc/acpi",
-- 
cgit v1.2.3-54-g00ecf