From 903cd53ce41f0ab016d89e055e0f9ca21a109979 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Sat, 16 Jul 2022 22:29:27 +0900
Subject: [PATCH] vendor: libnetwork 0dde5c895075df6e3630e76f750a447cf63f4789

https://github.com/moby/libnetwork/compare/f6ccccb1c082a432c2a5814aaedaca56af33d9ea...0dde5c895075df6e3630e76f750a447cf63f4789

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
 hack/dockerfile/install/proxy.installer                  | 2 +-
 vendor.conf                                              | 2 +-
 vendor/github.com/docker/libnetwork/iptables/iptables.go | 7 +++++++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/hack/dockerfile/install/proxy.installer b/hack/dockerfile/install/proxy.installer
index 76e1cb05da..4d8e191a22 100755
--- a/hack/dockerfile/install/proxy.installer
+++ b/hack/dockerfile/install/proxy.installer
@@ -3,7 +3,7 @@
 # LIBNETWORK_COMMIT is used to build the docker-userland-proxy binary. When
 # updating the binary version, consider updating github.com/docker/libnetwork
 # in vendor.conf accordingly
-: "${LIBNETWORK_COMMIT:=f6ccccb1c082a432c2a5814aaedaca56af33d9ea}"
+: "${LIBNETWORK_COMMIT:=0dde5c895075df6e3630e76f750a447cf63f4789}"
 
 install_proxy() {
 	case "$1" in
diff --git a/vendor.conf b/vendor.conf
index f59ec3c2c9..ab00d90928 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -47,7 +47,7 @@ github.com/grpc-ecosystem/go-grpc-middleware        3c51f7f332123e8be5a157c0802a
 # libnetwork
 
 # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly
-github.com/docker/libnetwork                        f6ccccb1c082a432c2a5814aaedaca56af33d9ea
+github.com/docker/libnetwork                        0dde5c895075df6e3630e76f750a447cf63f4789
 github.com/docker/go-events                         e31b211e4f1cd09aa76fe4ac244571fab96ae47f
 github.com/armon/go-radix                           e39d623f12e8e41c7b5529e9a9dd67a1e2261f80
 github.com/armon/go-metrics                         eb0af217e5e9747e41dd5303755356b62d28e3ec
diff --git a/vendor/github.com/docker/libnetwork/iptables/iptables.go b/vendor/github.com/docker/libnetwork/iptables/iptables.go
index 9bd100f1e8..9e84b1242b 100644
--- a/vendor/github.com/docker/libnetwork/iptables/iptables.go
+++ b/vendor/github.com/docker/libnetwork/iptables/iptables.go
@@ -11,6 +11,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/docker/docker/rootless"
 	"github.com/sirupsen/logrus"
 )
 
@@ -102,6 +103,12 @@ func probe() {
 }
 
 func initFirewalld() {
+	// When running with RootlessKit, firewalld is running as the root outside our network namespace
+	// https://github.com/moby/moby/issues/43781
+	if rootless.RunningWithRootlessKit() {
+		logrus.Info("skipping firewalld management for rootless mode")
+		return
+	}
 	if err := FirewalldInit(); err != nil {
 		logrus.Debugf("Fail to initialize firewalld: %v, using raw iptables instead", err)
 	}