github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-28 08:17:37 +00:00
Code Issues Projects Releases Wiki Activity

rustjail: allow network sysctls

Browse Source 
The network ns is shared with the guest skip looking for it
in the spec

Fixes: #1228
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
This commit is contained in:
Snir Sheriber 2021-01-05 16:36:22 +02:00 committed by Peng Tao
parent 3306195f66
commit 26f176e2d9
1 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/agent/rustjail/src/validator.rs
View File

@ -214,18 +214,10 @@ fn sysctl(oci: &Spec) -> Result<()> {
} }
if key.starts_with("net.") { if key.starts_with("net.") {
if !contain_namespace(&linux.namespaces, "network") { // the network ns is shared with the guest, don't expect to find it in spec
return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
}
let net = get_namespace_path(&linux.namespaces, "network")?;
if net.is_empty() || net == "".to_string() {
continue; continue;
} }
check_host_ns(net.as_str())?;
}
if contain_namespace(&linux.namespaces, "uts") { if contain_namespace(&linux.namespaces, "uts") {
if key == "kernel.domainname" { if key == "kernel.domainname" {
continue; continue;