containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

refresh: do not access network ns if not in the namespace 

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2019-10-09 10:13:15 +02:00
parent c3c40f970e
commit 78bf6d0c6e
No known key found for this signature in database
GPG Key ID: E4730F97F60286ED
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
libpod/boltdb_state.go
View File

@ -2,6 +2,7 @@ package libpod
import ( import (
"bytes" "bytes"
"os"
"strings" "strings"
"sync" "sync"
@ -658,9 +659,13 @@ func (s *BoltState) UpdateContainer(ctr *Container) error {
return err return err
} }
// Handle network namespace // Handle network namespace.
if err := replaceNetNS(netNSPath, ctr, newState); err != nil { if os.Geteuid() == 0 {
return err // Do it only when root, either on the host or as root in the
// user namespace.
if err := replaceNetNS(netNSPath, ctr, newState); err != nil {
return err
}
} }
// New state compiled successfully, swap it into the current state // New state compiled successfully, swap it into the current state