diff options
| author | gVisor bot <gvisor-bot@google.com> | 2021-09-15 15:34:00 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-09-15 15:34:00 -0700 |
| commit | 4e99f17178ed39b55adfda3966d51a9860995211 (patch) | |
| tree | 422075b5c707c680dd19969d10245f61b0f77e05 | |
| parent | 8b56b6b83b86009191587c86e134d6c924834831 (diff) | |
| parent | 5ab2bdf332ccedbc3eedc6e5f7c96f6adb2b80d4 (diff) | |
Merge pull request #6581 from prattmic:runsc_rootless
PiperOrigin-RevId: 396938550
| -rw-r--r-- | runsc/cmd/run.go | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/runsc/cmd/run.go b/runsc/cmd/run.go index 722181aff..da11c9d06 100644 --- a/runsc/cmd/run.go +++ b/runsc/cmd/run.go @@ -68,7 +68,14 @@ func (r *Run) Execute(_ context.Context, f *flag.FlagSet, args ...interface{}) s waitStatus := args[1].(*unix.WaitStatus) if conf.Rootless { - return Errorf("Rootless mode not supported with %q", r.Name()) + if conf.Network == config.NetworkSandbox { + return Errorf("sandbox network isn't supported with --rootless, use --network=none or --network=host") + } + + if err := specutils.MaybeRunAsRoot(); err != nil { + return Errorf("Error executing inside namespace: %v", err) + } + // Execution will continue here if no more capabilities are needed... } bundleDir := r.bundleDir |