summaryrefslogtreecommitdiffhomepage
path: root/runsc/boot/loader.go
diff options
context:
space:
mode:
authorgVisor bot <gvisor-bot@google.com>2019-08-02 23:43:40 +0000
committergVisor bot <gvisor-bot@google.com>2019-08-02 23:43:40 +0000
commit6093b41e8aa508d6d5019bca7d2415dfb8653254 (patch)
treeac60dd02b34623546c19e51ddfa067d40fc3f35c /runsc/boot/loader.go
parent7ddd7ef41709212d846dd6da1f8f718397ce36a1 (diff)
parent960a5e5536d5d961028ef60123e3b00ff3c04a56 (diff)
Merge 960a5e55 (automated)
Diffstat (limited to 'runsc/boot/loader.go')
-rw-r--r--runsc/boot/loader.go3
1 files changed, 2 insertions, 1 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 434f1ca77..f91158027 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -630,7 +630,6 @@ func (l *Loader) startContainer(spec *specs.Spec, conf *Config, cid string, file
// sentry currently supports only 1 mount namespace, which is tied to a
// single user namespace. Thus we must run in the same user namespace
// to access mounts.
- // TODO(b/63601033): Create a new mount namespace for the container.
creds := auth.NewUserCredentials(
auth.KUID(spec.Process.User.UID),
auth.KGID(spec.Process.User.GID),
@@ -933,6 +932,8 @@ func newEmptyNetworkStack(conf *Config, clock tcpip.Clock) (inet.Stack, error) {
return nil, fmt.Errorf("SetTransportProtocolOption failed: %v", err)
}
+ s.FillDefaultIPTables()
+
return &s, nil
default: