policy: extend default networking mounts for standalone containers (m…

…icrosoft#1826) Signed-off-by: Maksim An <[email protected]>
helsaawy · Jul 20, 2023 · 28cce9c · 28cce9c
1 parent d71606e
commit 28cce9c
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/internal/guest/runtime/hcsv2/uvm.go b/internal/guest/runtime/hcsv2/uvm.go
@@ -397,6 +397,10 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
 				_ = os.RemoveAll(settings.OCIBundlePath)
 			}
 		}()
+		if err := policy.ExtendPolicyWithNetworkingMounts(id, h.securityPolicyEnforcer,
+			settings.OCISpecification); err != nil {
+			return nil, err
+		}
 	}
 
 	user, groups, umask, err := h.securityPolicyEnforcer.GetUserInfo(id, settings.OCISpecification.Process)