From c6852ee516abe3e1c4e5e31168d85d7cd446ce36 Mon Sep 17 00:00:00 2001
From: Brent Baude <bbaude@redhat.com>
Date: Tue, 14 Jul 2020 12:39:24 -0500
Subject: Error on rootless mac and ip addresses

When creating a pod or container where a static MAC or IP address is provided, we should return a proper error and exit as 125.

Fixes: #6972

Signed-off-by: Brent Baude <bbaude@redhat.com>

<MH: Fixed build after cherry-pick>

Signed-off-by: Matthew Heon <matthew.heon@pm.me>
---
 pkg/specgen/container_validate.go | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'pkg/specgen/container_validate.go')

diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 9b544367d..57dd2aba7 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -25,6 +25,15 @@ func exclusiveOptions(opt1, opt2 string) error {
 // input for creating a container.
 func (s *SpecGenerator) Validate() error {
 
+	if rootless.IsRootless() {
+		if s.StaticIP != nil || s.StaticIPv6 != nil {
+			return ErrNoStaticIPRootless
+		}
+		if s.StaticMAC != nil {
+			return ErrNoStaticMACRootless
+		}
+	}
+
 	//
 	// ContainerBasicConfig
 	//
-- 
cgit v1.2.3-54-g00ecf