From 56d7c5e737013d077e66be74b312475d5cc6ea70 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 11 Apr 2022 15:21:23 +0200 Subject: [PATCH] add base_hosts_file field to containers.conf base_hosts_file can be used to overwrite the default base host file /etc/hosts which is used to copy hosts entries from this file into the containers /etc/hosts file. As special value "image" can be used to copy the entries from the image hosts file or "none" to not use a base file at all. IF the value is empty we should use /etc/hosts as default. Ref https://github.com/containers/podman/issues/13277 Ref https://github.com/containers/podman/issues/13748 Signed-off-by: Paul Holzinger --- docs/containers.conf.5.md | 7 +++++++ libnetwork/etchosts/hosts.go | 6 +++--- pkg/config/config.go | 7 +++++++ pkg/config/config_test.go | 2 ++ pkg/config/containers.conf | 7 +++++++ pkg/config/default.go | 3 +++ pkg/config/testdata/containers_default.conf | 2 ++ 7 files changed, 31 insertions(+), 3 deletions(-) diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md index 427f9a889..e916fff66 100644 --- a/docs/containers.conf.5.md +++ b/docs/containers.conf.5.md @@ -59,6 +59,13 @@ Example: "run.oci.keep_original_groups=1" Used to change the name of the default AppArmor profile of container engines. The default profile name is "container-default". +**base_hosts_file**="" + +The hosts entries from the base hosts file are added to the containers hosts +file. This must be either an absolute path or as special values "image" which +uses the hosts file from the container image or "none" which means +no base hosts file is used. The default is "" which will use /etc/hosts. + **cgroups**="enabled" Determines whether the container will create CGroups. diff --git a/libnetwork/etchosts/hosts.go b/libnetwork/etchosts/hosts.go index d432a751b..9f90bb74e 100644 --- a/libnetwork/etchosts/hosts.go +++ b/libnetwork/etchosts/hosts.go @@ -7,11 +7,11 @@ import ( "io" "os" "strings" + + "github.com/containers/common/pkg/config" ) const ( - // DefaultHostsFile is the default path to the hosts file - DefaultHostsFile = "/etc/hosts" hostContainersInternal = "host.containers.internal" localhost = "localhost" ) @@ -127,7 +127,7 @@ func parseHostsFile(file string) (HostEntries, error) { if err != nil { // do not error when the default hosts file does not exists // https://github.com/containers/podman/issues/12667 - if errors.Is(err, os.ErrNotExist) && file == DefaultHostsFile { + if errors.Is(err, os.ErrNotExist) && file == config.DefaultHostsFile { return nil, nil } return nil, err diff --git a/pkg/config/config.go b/pkg/config/config.go index 2c556c1bb..35b2ac295 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -95,6 +95,13 @@ type ContainersConfig struct { // Annotation to add to all containers Annotations []string `toml:"annotations,omitempty"` + // BaseHostsFile is the path to a hosts file, the entries from this file + // are added to the containers hosts file. As special value "image" is + // allowed which uses the /etc/hosts file from within the image and "none" + // which uses no base file at all. If it is empty we should default + // to /etc/hosts. + BaseHostsFile string `toml:"base_hosts_file,omitempty"` + // Default way to create a cgroup namespace for the container CgroupNS string `toml:"cgroupns,omitempty"` diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index cdebfd36e..1ed61ee49 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -27,6 +27,7 @@ var _ = Describe("Config", func() { // Then gomega.Expect(err).To(gomega.BeNil()) gomega.Expect(defaultConfig.Containers.ApparmorProfile).To(gomega.Equal(apparmor.Profile)) + gomega.Expect(defaultConfig.Containers.BaseHostsFile).To(gomega.Equal("")) gomega.Expect(defaultConfig.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048)) gomega.Expect(defaultConfig.Engine.ServiceTimeout).To(gomega.BeEquivalentTo(5)) gomega.Expect(defaultConfig.NetNS()).To(gomega.BeEquivalentTo("private")) @@ -362,6 +363,7 @@ image_copy_tmp_dir="storage"` gomega.Expect(err).To(gomega.BeNil()) gomega.Expect(config.Containers.ApparmorProfile).To(gomega.Equal("container-default")) gomega.Expect(config.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048)) + gomega.Expect(config.Containers.BaseHostsFile).To(gomega.BeEquivalentTo("/etc/hosts2")) }) It("contents of passed-in file should override others", func() { diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf index 48ea8263b..dc35306c9 100644 --- a/pkg/config/containers.conf +++ b/pkg/config/containers.conf @@ -26,6 +26,13 @@ # #apparmor_profile = "container-default" +# The hosts entries from the base hosts file are added to the containers hosts +# file. This must be either an absolute path or as special values "image" which +# uses the hosts file from the container image or "none" which means +# no base hosts file is used. The default is "" which will use /etc/hosts. +# +#base_hosts_file = "" + # Default way to to create a cgroup namespace for the container # Options are: # `private` Create private Cgroup Namespace for the container. diff --git a/pkg/config/default.go b/pkg/config/default.go index 14858e967..c59e4a75f 100644 --- a/pkg/config/default.go +++ b/pkg/config/default.go @@ -122,6 +122,8 @@ const ( CgroupfsCgroupsManager = "cgroupfs" // DefaultApparmorProfile specifies the default apparmor profile for the container. DefaultApparmorProfile = apparmor.Profile + // DefaultHostsFile is the default path to the hosts file + DefaultHostsFile = "/etc/hosts" // SystemdCgroupsManager represents systemd native cgroup manager SystemdCgroupsManager = "systemd" // DefaultLogSizeMax is the default value for the maximum log size @@ -187,6 +189,7 @@ func DefaultConfig() (*Config, error) { Volumes: []string{}, Annotations: []string{}, ApparmorProfile: DefaultApparmorProfile, + BaseHostsFile: "", CgroupNS: cgroupNS, Cgroups: "enabled", DefaultCapabilities: DefaultCapabilities, diff --git a/pkg/config/testdata/containers_default.conf b/pkg/config/testdata/containers_default.conf index 25f8a1c54..e7eb9b6be 100644 --- a/pkg/config/testdata/containers_default.conf +++ b/pkg/config/testdata/containers_default.conf @@ -17,6 +17,8 @@ devices = [ # profile name is "container-default". apparmor_profile = "container-default" +base_hosts_file = "/etc/hosts2" + # List of default capabilities for containers. If it is empty or commented out, # only the capabilities defined in the containers json file by the user/kube # will be added.