From 810cc07aab2bf1561cc79a07c31708f7632bb746 Mon Sep 17 00:00:00 2001
From: Kevin Krakauer <krakauer@google.com>
Date: Fri, 2 Aug 2019 16:25:34 -0700
Subject: Plumbing for iptables sockopts.

PiperOrigin-RevId: 261413396
---
 runsc/boot/loader.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'runsc/boot')

diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 434f1ca77..6f247e9e1 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -933,6 +933,8 @@ func newEmptyNetworkStack(conf *Config, clock tcpip.Clock) (inet.Stack, error) {
 			return nil, fmt.Errorf("SetTransportProtocolOption failed: %v", err)
 		}
 
+		s.FillDefaultIPTables()
+
 		return &s, nil
 
 	default:
-- 
cgit v1.2.3


From 960a5e5536d5d961028ef60123e3b00ff3c04a56 Mon Sep 17 00:00:00 2001
From: Fabricio Voznika <fvoznika@google.com>
Date: Fri, 2 Aug 2019 16:33:51 -0700
Subject: Remove stale TODO

This was done in commit 04cbb13ce9b151cf906f42e3f18ce3a875f01f63

PiperOrigin-RevId: 261414748
---
 runsc/boot/loader.go | 1 -
 1 file changed, 1 deletion(-)

(limited to 'runsc/boot')

diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go
index 6f247e9e1..f91158027 100644
--- a/runsc/boot/loader.go
+++ b/runsc/boot/loader.go
@@ -630,7 +630,6 @@ func (l *Loader) startContainer(spec *specs.Spec, conf *Config, cid string, file
 	// sentry currently supports only 1 mount namespace, which is tied to a
 	// single user namespace. Thus we must run in the same user namespace
 	// to access mounts.
-	// TODO(b/63601033): Create a new mount namespace for the container.
 	creds := auth.NewUserCredentials(
 		auth.KUID(spec.Process.User.UID),
 		auth.KGID(spec.Process.User.GID),
-- 
cgit v1.2.3