sandbox_run: Do not run net plugin in host namespace

Signed-off-by: Jacek J. Łakis <jacek.lakis@intel.com>
This commit is contained in:
Jacek J. Łakis 2017-01-16 16:53:29 +01:00
parent 61e60bfe47
commit b034072d6a

View file

@ -256,8 +256,10 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
sb.cgroupParent = cgroupParent sb.cgroupParent = cgroupParent
} }
hostNetwork := req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork()
// set up namespaces // set up namespaces
if req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() { if hostNetwork {
err = g.RemoveLinuxNamespace("network") err = g.RemoveLinuxNamespace("network")
if err != nil { if err != nil {
return nil, err return nil, err
@ -330,10 +332,12 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
sb.infraContainer = container sb.infraContainer = container
// setup the network // setup the network
if !hostNetwork {
podNamespace := "" podNamespace := ""
if err = s.netPlugin.SetUpPod(netNsPath, podNamespace, id, containerName); err != nil { if err = s.netPlugin.SetUpPod(netNsPath, podNamespace, id, containerName); err != nil {
return nil, fmt.Errorf("failed to create network for container %s in sandbox %s: %v", containerName, id, err) return nil, fmt.Errorf("failed to create network for container %s in sandbox %s: %v", containerName, id, err)
} }
}
if err = s.runContainer(container); err != nil { if err = s.runContainer(container); err != nil {
return nil, err return nil, err