error when isolation chroot and network is set

Folluow up to commit 4c9fc47. This only check for the given flags, however users may have BUILDAH_ISOLATION set in which case this error path was not triggered and caused confusion. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
containers · Jun 15, 2023 · d6b43c3 · d6b43c3
1 parent c089488
commit d6b43c3
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 7 deletions.
diff --git a/cmd/buildah/run.go b/cmd/buildah/run.go
@@ -127,11 +127,11 @@ func runCmd(c *cobra.Command, args []string, iopts runInputOptions) error {
 	if err != nil {
 		return err
 	}
-	if c.Flag("network").Changed && c.Flag("isolation").Changed {
+	if c.Flag("network").Changed {
 		if isolation == buildah.IsolationChroot {
 			if ns := namespaceOptions.Find(string(specs.NetworkNamespace)); ns != nil {
 				if !ns.Host {
-					return fmt.Errorf("cannot set --network other than host with --isolation %s", c.Flag("isolation").Value.String())
+					return fmt.Errorf("cannot set --network other than host with isolation %s", isolation)
 				}
 			}
 		}

diff --git a/pkg/cli/build.go b/pkg/cli/build.go
@@ -339,11 +339,11 @@ func GenBuildOptions(c *cobra.Command, inputArgs []string, iopts BuildOptions) (
 	// Following log line is used in integration test.
 	logrus.Debugf("Setting MaxPullPushRetries to %d and PullPushRetryDelay to %v", iopts.Retry, pullPushRetryDelay)
 
-	if c.Flag("network").Changed && c.Flag("isolation").Changed {
+	if c.Flag("network").Changed {
 		if isolation == define.IsolationChroot {
 			if ns := namespaceOptions.Find(string(specs.NetworkNamespace)); ns != nil {
 				if !ns.Host {
-					return options, nil, nil, fmt.Errorf("cannot set --network other than host with --isolation %s", c.Flag("isolation").Value.String())
+					return options, nil, nil, fmt.Errorf("cannot set --network other than host with isolation %s", isolation)
 				}
 			}
 		}

diff --git a/tests/bud.bats b/tests/bud.bats
@@ -118,7 +118,10 @@ RUN ping -c 1 4.2.2.2
 _EOF
 
   run_buildah 125 build --network=none --isolation=chroot $WITH_POLICY_JSON ${TEST_SCRATCH_DIR}
-  expect_output --substring "cannot set --network other than host with --isolation chroot"
+  expect_output --substring "cannot set --network other than host with isolation chroot"
+
+  BUILDAH_ISOLATION=chroot run_buildah 125 build --network=none $WITH_POLICY_JSON ${TEST_SCRATCH_DIR}
+  expect_output --substring "cannot set --network other than host with isolation chroot"
 }
 
 @test "bud with .dockerignore #1" {

diff --git a/tests/run.bats b/tests/run.bats
@@ -758,7 +758,7 @@ $output"
 	run_buildah from --quiet --pull=false $WITH_POLICY_JSON alpine
 	cid=$output
 	run_buildah 125 run --isolation=chroot --network=none $cid sh -c 'echo "nameserver 110.110.0.110" >> /etc/resolv.conf; cat /etc/resolv.conf'
-        expect_output --substring "cannot set --network other than host with --isolation chroot"
+        expect_output --substring "cannot set --network other than host with isolation chroot"
 	run_buildah rm -a
 }
 
@@ -769,7 +769,7 @@ $output"
 	cid=$output
 	# should fail by default
 	run_buildah 125 run --isolation=chroot --network=none $cid wget google.com
-        expect_output --substring "cannot set --network other than host with --isolation chroot"
+        expect_output --substring "cannot set --network other than host with isolation chroot"
 }
 
 @test "run --network=private must mount a fresh /sys" {