From d9dfce14536aad0540c219fa37f7fa44ca6a9e20 Mon Sep 17 00:00:00 2001
From: Samuel Ortiz <s.ortiz@apple.com>
Date: Mon, 14 Feb 2022 09:50:36 +0100
Subject: [PATCH] katautils: Run the preStart hook in the host namespace

The OCI spec is very specific about it:

"The prestart hooks MUST be executed in the runtime namespace."

Signed-off-by: Samuel Ortiz <s.ortiz@apple.com>
---
 src/runtime/pkg/katautils/create.go | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/runtime/pkg/katautils/create.go b/src/runtime/pkg/katautils/create.go
index bf38acb052..541e481b4d 100644
--- a/src/runtime/pkg/katautils/create.go
+++ b/src/runtime/pkg/katautils/create.go
@@ -155,11 +155,8 @@ func CreateSandbox(ctx context.Context, vci vc.VC, ociSpec specs.Spec, runtimeCo
 		}
 	}()
 
-	// Run pre-start OCI hooks.
-	err = EnterNetNS(sandboxConfig.NetworkConfig.NetworkID, func() error {
-		return PreStartHooks(ctx, ociSpec, containerID, bundlePath)
-	})
-	if err != nil {
+	// Run pre-start OCI hooks, in the runtime namespace.
+	if err := PreStartHooks(ctx, ociSpec, containerID, bundlePath); err != nil {
 		return nil, vc.Process{}, err
 	}