From 3b08376c4e096064c3dba7cbc9445540095d6fcf Mon Sep 17 00:00:00 2001
From: "fupan.lfp" <fupan.lfp@antfin.com>
Date: Mon, 23 Nov 2020 14:39:26 +0800
Subject: [PATCH] rustjail: remove the network ns validation against container

Since kata containers shared the network ns with
the guest system, thus there's no need to do the
network ns check.

Fixes: #1047

Signed-off-by: fupan.lfp <fupan.lfp@antfin.com>
---
 src/agent/rustjail/src/validator.rs | 13 -------------
 1 file changed, 13 deletions(-)

diff --git a/src/agent/rustjail/src/validator.rs b/src/agent/rustjail/src/validator.rs
index 1da4da2e1..9bdfc5c88 100644
--- a/src/agent/rustjail/src/validator.rs
+++ b/src/agent/rustjail/src/validator.rs
@@ -188,19 +188,6 @@ fn sysctl(oci: &Spec) -> Result<()> {
             }
         }
 
-        if key.starts_with("net.") {
-            if !contain_namespace(&linux.namespaces, "network") {
-                return Err(anyhow!(nix::Error::from_errno(Errno::EINVAL)));
-            }
-
-            let net = get_namespace_path(&linux.namespaces, "network")?;
-            if net.is_empty() || net == "" {
-                continue;
-            }
-
-            check_host_ns(net.as_str())?;
-        }
-
         if contain_namespace(&linux.namespaces, "uts") {
             if key == "kernel.domainname" {
                 continue;