diff options
author | gVisor bot <gvisor-bot@google.com> | 2019-08-02 23:43:40 +0000 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-08-02 23:43:40 +0000 |
commit | 6093b41e8aa508d6d5019bca7d2415dfb8653254 (patch) | |
tree | ac60dd02b34623546c19e51ddfa067d40fc3f35c /runsc/boot | |
parent | 7ddd7ef41709212d846dd6da1f8f718397ce36a1 (diff) | |
parent | 960a5e5536d5d961028ef60123e3b00ff3c04a56 (diff) |
Merge 960a5e55 (automated)
Diffstat (limited to 'runsc/boot')
-rw-r--r-- | runsc/boot/loader.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index 434f1ca77..f91158027 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -630,7 +630,6 @@ func (l *Loader) startContainer(spec *specs.Spec, conf *Config, cid string, file // sentry currently supports only 1 mount namespace, which is tied to a // single user namespace. Thus we must run in the same user namespace // to access mounts. - // TODO(b/63601033): Create a new mount namespace for the container. creds := auth.NewUserCredentials( auth.KUID(spec.Process.User.UID), auth.KGID(spec.Process.User.GID), @@ -933,6 +932,8 @@ func newEmptyNetworkStack(conf *Config, clock tcpip.Clock) (inet.Stack, error) { return nil, fmt.Errorf("SetTransportProtocolOption failed: %v", err) } + s.FillDefaultIPTables() + return &s, nil default: |