network: add workaround for slirp4netns --enable-sandbox issue

add a workaround for https://github.com/rootless-containers/slirp4netns/pull/153 Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2019-10-01 14:48:42 +02:00 · 2019-10-01 14:48:42 +02:00 · dc71a9ebd0
parent 5d344db8d7
commit dc71a9ebd0
1 changed files with 6 additions and 0 deletions
--- a/libpod/networking_linux.go
+++ b/libpod/networking_linux.go
@ -201,6 +201,12 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) (err error) {
 		Setpgid: true,
 	}

+	// workaround for https://github.com/rootless-containers/slirp4netns/pull/153
+	if sandbox {
+		cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWNS
+		cmd.SysProcAttr.Unshareflags = syscall.CLONE_NEWNS
+	}
+
 	// Leak one end of the pipe in slirp4netns, the other will be sent to conmon
 	cmd.ExtraFiles = append(cmd.ExtraFiles, ctr.rootlessSlirpSyncR, syncW)