network: do not attempt to create a network in rootless mode

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com> Closes: #871 Approved by: mheon
2018-06-01 13:16:25 +02:00 · 2018-06-01 13:16:25 +02:00 · c976d49805
parent 3861098fb3
commit c976d49805
2 changed files with 8 additions and 1 deletions
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@ -512,6 +512,9 @@ func (c *Container) completeNetworkSetup() error {
 	if !c.config.PostConfigureNetNS {
 		return nil
 	}
+	if os.Getuid() != 0 {
+		return nil
+	}
 	if err := c.syncContainer(); err != nil {
 		return err
 	}
--- a/pkg/spec/createconfig.go
+++ b/pkg/spec/createconfig.go
@ -360,7 +360,11 @@ func (c *CreateConfig) GetContainerCreateOptions() ([]libpod.CtrCreateOption, er
 	// does not have one
 	options = append(options, libpod.WithEntrypoint(c.Entrypoint))

-	if c.NetMode.IsContainer() {
+	if os.Getuid() != 0 {
+		if !c.NetMode.IsHost() && !c.NetMode.IsNone() {
+			options = append(options, libpod.WithNetNS(portBindings, true))
+		}
+	} else if c.NetMode.IsContainer() {
 		connectedCtr, err := c.Runtime.LookupContainer(c.NetMode.ConnectedContainer())
 		if err != nil {
 			return nil, errors.Wrapf(err, "container %q not found", c.NetMode.ConnectedContainer())