From 45b368212765e82930cee25327a61086e91232fd Mon Sep 17 00:00:00 2001
From: Charlie Voiselle <464492+angrycub@users.noreply.github.com>
Date: Thu, 21 Jan 2021 14:05:46 -0500
Subject: [PATCH] Enable network namespaces for QEMU driver (#9861)

* Enable network namespaces for QEMU driver
* Add CHANGELOG entry
---
 CHANGELOG.md           |  1 +
 drivers/qemu/driver.go | 25 +++++++++++++++----------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e1805ff646f9..a972dc6a175b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@ BUG FIXES:
  * consul/connect: Fixed a bug where gateway proxy connection default timeout not set [[GH-9851](https://github.com/hashicorp/nomad/pull/9851)]
  * consul/connect: Fixed a bug preventing more than one connect gateway per Nomad client [[GH-9849](https://github.com/hashicorp/nomad/pull/9849)]
  * scheduler: Fixed a bug where shared ports were not persisted during inplace updates for service jobs. [[GH-9830](https://github.com/hashicorp/nomad/issues/9830)]
+ * driver/qemu: Fixed a bug where network namespaces were not supported for QEMU workloads [[GH-9861](https://github.com/hashicorp/nomad/pull/9861)]
 
 ## 1.0.2 (January 14, 2021)
 
diff --git a/drivers/qemu/driver.go b/drivers/qemu/driver.go
index 550dc2ca29e9..47028fd0803d 100644
--- a/drivers/qemu/driver.go
+++ b/drivers/qemu/driver.go
@@ -100,9 +100,13 @@ var (
 	// capabilities is returned by the Capabilities RPC and indicates what
 	// optional features this driver supports
 	capabilities = &drivers.Capabilities{
-		SendSignals:  false,
-		Exec:         false,
-		FSIsolation:  drivers.FSIsolationImage,
+		SendSignals: false,
+		Exec:        false,
+		FSIsolation: drivers.FSIsolationImage,
+		NetIsolationModes: []drivers.NetIsolationMode{
+			drivers.NetIsolationModeHost,
+			drivers.NetIsolationModeGroup,
+		},
 		MountConfigs: drivers.MountConfigSupportNone,
 	}
 
@@ -487,13 +491,14 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive
 	}
 
 	execCmd := &executor.ExecCommand{
-		Cmd:        args[0],
-		Args:       args[1:],
-		Env:        cfg.EnvList(),
-		User:       cfg.User,
-		TaskDir:    cfg.TaskDir().Dir,
-		StdoutPath: cfg.StdoutPath,
-		StderrPath: cfg.StderrPath,
+		Cmd:              args[0],
+		Args:             args[1:],
+		Env:              cfg.EnvList(),
+		User:             cfg.User,
+		TaskDir:          cfg.TaskDir().Dir,
+		StdoutPath:       cfg.StdoutPath,
+		StderrPath:       cfg.StderrPath,
+		NetworkIsolation: cfg.NetworkIsolation,
 	}
 	ps, err := execImpl.Launch(execCmd)
 	if err != nil {