p4u1/docker-cli
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow using --pid=host and --net=host when --userns=host

Browse Source 
It is safe to set other namespaces to host when user ns is set to host

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Upstream-commit: 3c3d2bf85229f9ca4879a24072762477e96c4344
Component: engine
This commit is contained in:
Mrunal Patel
2016-08-16 14:16:14 -07:00
parent 376bb6885c
commit d2ee183037
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
components/engine/daemon/daemon_unix.go
View File

@ -487,10 +487,10 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.
if hostConfig.Privileged {
return warnings, fmt.Errorf("Privileged mode is incompatible with user namespaces")
}
if hostConfig.NetworkMode.IsHost() {
if hostConfig.NetworkMode.IsHost() && !hostConfig.UsernsMode.IsHost() {
return warnings, fmt.Errorf("Cannot share the host's network namespace when user namespaces are enabled")
}
if hostConfig.PidMode.IsHost() {
if hostConfig.PidMode.IsHost() && !hostConfig.UsernsMode.IsHost() {
return warnings, fmt.Errorf("Cannot share the host PID namespace when user namespaces are enabled")
}
if hostConfig.ReadonlyRootfs {