container/podman
container/podman
1
0
Fork 0
mirror of https://github.com/containers/podman synced 2024-10-20 01:03:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

refresh: do not access network ns if not in the namespace

Browse source 
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
This commit is contained in:
Giuseppe Scrivano 2019-10-09 10:13:15 +02:00
parent c3c40f970e
commit 78bf6d0c6e
No known key found for this signature in database
GPG key ID: E4730F97F60286ED
1 changed files with 8 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
libpod/boltdb_state.go
View file

@ -2,6 +2,7 @@ package libpod
import (
"bytes"
"os"
"strings"
"sync"
@ -658,9 +659,13 @@ func (s *BoltState) UpdateContainer(ctr *Container) error {
return err
}
// Handle network namespace
if err := replaceNetNS(netNSPath, ctr, newState); err != nil {
return err
// Handle network namespace.
if os.Geteuid() == 0 {
// Do it only when root, either on the host or as root in the
// user namespace.
if err := replaceNetNS(netNSPath, ctr, newState); err != nil {
return err
}
}
// New state compiled successfully, swap it into the current state