diff options
Diffstat (limited to 'runsc')
-rw-r--r-- | runsc/boot/loader.go | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index 434f1ca77..f91158027 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -630,7 +630,6 @@ func (l *Loader) startContainer(spec *specs.Spec, conf *Config, cid string, file // sentry currently supports only 1 mount namespace, which is tied to a // single user namespace. Thus we must run in the same user namespace // to access mounts. - // TODO(b/63601033): Create a new mount namespace for the container. creds := auth.NewUserCredentials( auth.KUID(spec.Process.User.UID), auth.KGID(spec.Process.User.GID), @@ -933,6 +932,8 @@ func newEmptyNetworkStack(conf *Config, clock tcpip.Clock) (inet.Stack, error) { return nil, fmt.Errorf("SetTransportProtocolOption failed: %v", err) } + s.FillDefaultIPTables() + return &s, nil default: |