From d2ee1830370710cae3cd59e186e158598e055027 Mon Sep 17 00:00:00 2001
From: Mrunal Patel <mrunalp@gmail.com>
Date: Tue, 16 Aug 2016 14:16:14 -0700
Subject: [PATCH] Allow using --pid=host and --net=host when --userns=host

It is safe to set other namespaces to host when user ns is set to host

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Upstream-commit: 3c3d2bf85229f9ca4879a24072762477e96c4344
Component: engine
---
 components/engine/daemon/daemon_unix.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/engine/daemon/daemon_unix.go b/components/engine/daemon/daemon_unix.go
index 12e0019a9b..d1a9f2320b 100644
--- a/components/engine/daemon/daemon_unix.go
+++ b/components/engine/daemon/daemon_unix.go
@@ -487,10 +487,10 @@ func verifyPlatformContainerSettings(daemon *Daemon, hostConfig *containertypes.
 		if hostConfig.Privileged {
 			return warnings, fmt.Errorf("Privileged mode is incompatible with user namespaces")
 		}
-		if hostConfig.NetworkMode.IsHost() {
+		if hostConfig.NetworkMode.IsHost() && !hostConfig.UsernsMode.IsHost() {
 			return warnings, fmt.Errorf("Cannot share the host's network namespace when user namespaces are enabled")
 		}
-		if hostConfig.PidMode.IsHost() {
+		if hostConfig.PidMode.IsHost() && !hostConfig.UsernsMode.IsHost() {
 			return warnings, fmt.Errorf("Cannot share the host PID namespace when user namespaces are enabled")
 		}
 		if hostConfig.ReadonlyRootfs {