From 12fd6ffc1fc94336c76c7f959ca0c1af42b7bab2 Mon Sep 17 00:00:00 2001
From: Peng Tao <bergwolf@hyper.sh>
Date: Wed, 11 Jan 2023 12:25:24 +0000
Subject: [PATCH] runtime: fix up disable_netns handling

With `disable_netns=true`, we should never scan the sandbox netns which
is the host netns in such case.

Fixes: #6021
Signed-off-by: Peng Tao <bergwolf@hyper.sh>
---
 src/runtime/virtcontainers/sandbox.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/runtime/virtcontainers/sandbox.go b/src/runtime/virtcontainers/sandbox.go
index 9f87cc2ffe..84271d6aa2 100644
--- a/src/runtime/virtcontainers/sandbox.go
+++ b/src/runtime/virtcontainers/sandbox.go
@@ -1250,11 +1250,11 @@ func (s *Sandbox) startVM(ctx context.Context, prestartHookFunc func(context.Con
 		}
 	}
 
-	// In case of vm factory, network interfaces are hotplugged
-	// after vm is started.
-	// In case of prestartHookFunc, network config might have been changed.
-	// We need to rescan and handle the change.
-	if s.factory != nil || prestartHookFunc != nil {
+	// 1. Do not scan the netns if we want no network for the vmm.
+	// 2. In case of vm factory, scan the netns to hotplug interfaces after vm is started.
+	// 3. In case of prestartHookFunc, network config might have been changed. We need to
+	//    rescan and handle the change.
+	if !s.config.NetworkConfig.DisableNewNetwork && (s.factory != nil || prestartHookFunc != nil) {
 		if _, err := s.network.AddEndpoints(ctx, s, nil, true); err != nil {
 			return err
 		}