From 5e3ddf3d838ef0c105abfd2a2a57b1a612a76258 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 11 Apr 2022 15:21:23 +0200 Subject: [PATCH] add base_hosts_file field to containers.conf base_hosts_file can be used to overwrite the default base host file /etc/hosts which is used to copy hosts entries from this file into the containers /etc/hosts file. As special value "image" can be used to copy the entries from the image hosts file or an empty string "" to not use a base file at all. Ref https://github.com/containers/podman/issues/13277 Ref https://github.com/containers/podman/issues/13748 Signed-off-by: Paul Holzinger --- docs/containers.conf.5.md | 7 +++++++ libnetwork/etchosts/hosts.go | 6 +++--- pkg/config/config.go | 5 +++++ pkg/config/config_test.go | 2 ++ pkg/config/containers.conf | 7 +++++++ pkg/config/default.go | 3 +++ pkg/config/testdata/containers_default.conf | 2 ++ 7 files changed, 29 insertions(+), 3 deletions(-) diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md index 427f9a889..39aea67c0 100644 --- a/docs/containers.conf.5.md +++ b/docs/containers.conf.5.md @@ -59,6 +59,13 @@ Example: "run.oci.keep_original_groups=1" Used to change the name of the default AppArmor profile of container engines. The default profile name is "container-default". +**base_hosts_file**="/etc/hosts" + +The hosts entries from the base hosts file are added to the containers hosts +file. This must be either an absolute path or as special values "image" which +uses the hosts file from the container image or an empty string "" which means +no base hosts file is used. The default is "/etc/hosts". + **cgroups**="enabled" Determines whether the container will create CGroups. diff --git a/libnetwork/etchosts/hosts.go b/libnetwork/etchosts/hosts.go index 939f511e8..cc46be209 100644 --- a/libnetwork/etchosts/hosts.go +++ b/libnetwork/etchosts/hosts.go @@ -7,11 +7,11 @@ import ( "io" "os" "strings" + + "github.com/containers/common/pkg/config" ) const ( - // DefaultHostsFile is the default path to the hosts file - DefaultHostsFile = "/etc/hosts" hostContainersInternal = "host.containers.internal" localhost = "localhost" ) @@ -108,7 +108,7 @@ func parseHostsFile(file string) (HostEntries, error) { if err != nil { // do not error when the default hosts file does not exists // https://github.com/containers/podman/issues/12667 - if errors.Is(err, os.ErrNotExist) && file == DefaultHostsFile { + if errors.Is(err, os.ErrNotExist) && file == config.DefaultHostsFile { return nil, nil } return nil, err diff --git a/pkg/config/config.go b/pkg/config/config.go index 2c556c1bb..5c3ec8ffd 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -95,6 +95,11 @@ type ContainersConfig struct { // Annotation to add to all containers Annotations []string `toml:"annotations,omitempty"` + // BaseHostsFile is the path to a hosts file, the entries from this file + // are added to the containers hosts file. As special value "image" is + // allowed which used the /etc/hosts file from within the image. + BaseHostsFile string `toml:"base_hosts_file,omitempty"` + // Default way to create a cgroup namespace for the container CgroupNS string `toml:"cgroupns,omitempty"` diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index cdebfd36e..0c1004f2b 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -27,6 +27,7 @@ var _ = Describe("Config", func() { // Then gomega.Expect(err).To(gomega.BeNil()) gomega.Expect(defaultConfig.Containers.ApparmorProfile).To(gomega.Equal(apparmor.Profile)) + gomega.Expect(defaultConfig.Containers.BaseHostsFile).To(gomega.Equal("/etc/hosts")) gomega.Expect(defaultConfig.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048)) gomega.Expect(defaultConfig.Engine.ServiceTimeout).To(gomega.BeEquivalentTo(5)) gomega.Expect(defaultConfig.NetNS()).To(gomega.BeEquivalentTo("private")) @@ -362,6 +363,7 @@ image_copy_tmp_dir="storage"` gomega.Expect(err).To(gomega.BeNil()) gomega.Expect(config.Containers.ApparmorProfile).To(gomega.Equal("container-default")) gomega.Expect(config.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048)) + gomega.Expect(config.Containers.BaseHostsFile).To(gomega.BeEquivalentTo("/etc/hosts2")) }) It("contents of passed-in file should override others", func() { diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf index 48ea8263b..aeddca787 100644 --- a/pkg/config/containers.conf +++ b/pkg/config/containers.conf @@ -26,6 +26,13 @@ # #apparmor_profile = "container-default" +# The hosts entries from the base hosts file are added to the containers hosts +# file. This must be either an absolute path or as special values "image" which +# uses the hosts file from the container image or an empty string "" which means +# no base hosts file is used. The default is "/etc/hosts". +# +#base_hosts_file = "/etc/hosts" + # Default way to to create a cgroup namespace for the container # Options are: # `private` Create private Cgroup Namespace for the container. diff --git a/pkg/config/default.go b/pkg/config/default.go index 14858e967..8e79a111f 100644 --- a/pkg/config/default.go +++ b/pkg/config/default.go @@ -122,6 +122,8 @@ const ( CgroupfsCgroupsManager = "cgroupfs" // DefaultApparmorProfile specifies the default apparmor profile for the container. DefaultApparmorProfile = apparmor.Profile + // DefaultHostsFile is the default path to the hosts file + DefaultHostsFile = "/etc/hosts" // SystemdCgroupsManager represents systemd native cgroup manager SystemdCgroupsManager = "systemd" // DefaultLogSizeMax is the default value for the maximum log size @@ -187,6 +189,7 @@ func DefaultConfig() (*Config, error) { Volumes: []string{}, Annotations: []string{}, ApparmorProfile: DefaultApparmorProfile, + BaseHostsFile: DefaultHostsFile, CgroupNS: cgroupNS, Cgroups: "enabled", DefaultCapabilities: DefaultCapabilities, diff --git a/pkg/config/testdata/containers_default.conf b/pkg/config/testdata/containers_default.conf index 25f8a1c54..e7eb9b6be 100644 --- a/pkg/config/testdata/containers_default.conf +++ b/pkg/config/testdata/containers_default.conf @@ -17,6 +17,8 @@ devices = [ # profile name is "container-default". apparmor_profile = "container-default" +base_hosts_file = "/etc/hosts2" + # List of default capabilities for containers. If it is empty or commented out, # only the capabilities defined in the containers json file by the user/kube # will be added.