From 25b7198441a0ea4c38b6a2b65d22ddfbe0cb4851 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Tue, 29 Dec 2020 18:02:21 +0100 Subject: [PATCH] The slirp4netns sandbox requires pivot_root MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Disable the sandbox, when running on rootfs Signed-off-by: Anders F Björklund --- libpod/networking_linux.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libpod/networking_linux.go b/libpod/networking_linux.go index 863e82efd2..be6867399f 100644 --- a/libpod/networking_linux.go +++ b/libpod/networking_linux.go @@ -247,6 +247,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error { func (r *Runtime) setupSlirp4netns(ctr *Container) error { path := r.config.Engine.NetworkCmdPath slirpOptions := r.config.Engine.NetworkCmdOptions + noPivotRoot := r.config.Engine.NoPivotRoot if path == "" { var err error path, err = exec.LookPath("slirp4netns") @@ -351,7 +352,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error { if slirpFeatures.HasMTU { cmdArgs = append(cmdArgs, "--mtu", "65520") } - if slirpFeatures.HasEnableSandbox { + if !noPivotRoot && slirpFeatures.HasEnableSandbox { cmdArgs = append(cmdArgs, "--enable-sandbox") } if slirpFeatures.HasEnableSeccomp { @@ -424,7 +425,7 @@ func (r *Runtime) setupSlirp4netns(ctr *Container) error { } // workaround for https://github.com/rootless-containers/slirp4netns/pull/153 - if slirpFeatures.HasEnableSandbox { + if !noPivotRoot && slirpFeatures.HasEnableSandbox { cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNS cmd.SysProcAttr.Unshareflags = syscall.CLONE_NEWNS }