From 86638ae2242238698374886296cc3cf472eb8310 Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Fri, 11 Nov 2022 05:02:52 +0000
Subject: [PATCH 1/2] backport of commit
 c3de67e11a0e43fb8586c62ddf25643cdbaf87e0

---
 client/allocrunner/network_manager_linux.go | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/client/allocrunner/network_manager_linux.go b/client/allocrunner/network_manager_linux.go
index a4a08ce29ce..b435b1c8b82 100644
--- a/client/allocrunner/network_manager_linux.go
+++ b/client/allocrunner/network_manager_linux.go
@@ -122,7 +122,18 @@ func (*defaultNetworkManager) CreateNetwork(allocID string, _ *drivers.NetworkCr
 			nsPath := path.Join(nsutil.NetNSRunDir, allocID)
 			_, err := os.Stat(nsPath)
 			if err == nil {
-				return nil, false, nil
+				// Let's return a spec that points to the tested nspath, but indicate
+				// that we didn't make the namespace. That will stop the network_hook
+				// from calling its networkConfigurator.Setup function in the reconnect
+				// case, but provide the spec value necessary for the network_hook's
+				// Postrun function to not fast exit.
+				spec := &drivers.NetworkIsolationSpec{
+					Mode:   drivers.NetIsolationModeGroup,
+					Path:   nsPath,
+					Labels: make(map[string]string),
+				}
+
+				return spec, false, nil
 			}
 		}
 		return nil, false, err

From f6c34a3d9ad7ae9456a5d949f482c14fd91008e1 Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Fri, 11 Nov 2022 05:12:42 +0000
Subject: [PATCH 2/2] backport of commit
 c5cecc1519f8d5ce9a23ef09c616dedeba5be037

---
 .changelog/15214.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 .changelog/15214.txt

diff --git a/.changelog/15214.txt b/.changelog/15214.txt
new file mode 100644
index 00000000000..222889a0151
--- /dev/null
+++ b/.changelog/15214.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+client: fixed a bug where non-`docker` tasks with network isolation would leak network namespaces and iptables rules if the client was restarted while they were running
+```