github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-04-28 19:54:35 +00:00
Code Issues Projects Releases Wiki Activity

rustjail: remove the network ns validation against container

Browse Source 
Since kata containers shared the network ns with
the guest system, thus there's no need to do the
network ns check.

Fixes: #1047

Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
This commit is contained in:
fupan.lfp 2020-11-23 14:39:26 +08:00
parent a853e8eaca
commit 3b08376c4e
1 changed files with 0 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/agent/rustjail/src/validator.rs
View File

@ -188,19 +188,6 @@ fn sysctl(oci: &Spec) -> Result<()> {
}
}
if key.starts_with("net.") {
if !contain_namespace(&linux.namespaces, "network") {
return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
}
let net = get_namespace_path(&linux.namespaces, "network")?;
if net.is_empty() || net == "" {
continue;
}
check_host_ns(net.as_str())?;
}
if contain_namespace(&linux.namespaces, "uts") {
if key == "kernel.domainname" {
continue;