Skip to content

Commit

Permalink
Merge pull request containers#8852 from afbjorklund/slirp_sandbox-no_…
Browse files Browse the repository at this point in the history
…pivot_root

The slirp4netns sandbox requires pivot_root
  • Loading branch information
openshift-merge-robot authored Dec 30, 2020
2 parents a843832 + 25b7198 commit c6c9b45
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions libpod/networking_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -247,6 +247,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
func (r *Runtime) setupSlirp4netns(ctr *Container) error {
path := r.config.Engine.NetworkCmdPath
slirpOptions := r.config.Engine.NetworkCmdOptions
noPivotRoot := r.config.Engine.NoPivotRoot
if path == "" {
var err error
path, err = exec.LookPath("slirp4netns")
Expand Down Expand Up @@ -351,7 +352,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
if slirpFeatures.HasMTU {
cmdArgs = append(cmdArgs, "--mtu", "65520")
}
if slirpFeatures.HasEnableSandbox {
if !noPivotRoot && slirpFeatures.HasEnableSandbox {
cmdArgs = append(cmdArgs, "--enable-sandbox")
}
if slirpFeatures.HasEnableSeccomp {
Expand Down Expand Up @@ -424,7 +425,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error {
}

// workaround for https://github.com/rootless-containers/slirp4netns/pull/153
if slirpFeatures.HasEnableSandbox {
if !noPivotRoot && slirpFeatures.HasEnableSandbox {
cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNS
cmd.SysProcAttr.Unshareflags = syscall.CLONE_NEWNS
}
Expand Down

0 comments on commit c6c9b45

Please sign in to comment.