From b034072d6aeac8097c39736fe79d093f8dcab042 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jacek=20J=2E=20=C5=81akis?= <jacek.lakis@intel.com>
Date: Mon, 16 Jan 2017 16:53:29 +0100
Subject: [PATCH] sandbox_run: Do not run net plugin in host namespace
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
---
 server/sandbox_run.go | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/server/sandbox_run.go b/server/sandbox_run.go
index 468e5526..581a5b86 100644
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@@ -256,8 +256,10 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 		sb.cgroupParent = cgroupParent
 	}
 
+	hostNetwork := req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork()
+
 	// set up namespaces
-	if req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() {
+	if hostNetwork {
 		err = g.RemoveLinuxNamespace("network")
 		if err != nil {
 			return nil, err
@@ -330,9 +332,11 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 	sb.infraContainer = container
 
 	// setup the network
-	podNamespace := ""
-	if err = s.netPlugin.SetUpPod(netNsPath, podNamespace, id, containerName); err != nil {
-		return nil, fmt.Errorf("failed to create network for container %s in sandbox %s: %v", containerName, id, err)
+	if !hostNetwork {
+		podNamespace := ""
+		if err = s.netPlugin.SetUpPod(netNsPath, podNamespace, id, containerName); err != nil {
+			return nil, fmt.Errorf("failed to create network for container %s in sandbox %s: %v", containerName, id, err)
+		}
 	}
 
 	if err = s.runContainer(container); err != nil {