add base_hosts_file field to containers.conf

base_hosts_file can be used to overwrite the default base host file /etc/hosts which is used to copy hosts entries from this file into the containers /etc/hosts file. As special value "image" can be used to copy the entries from the image hosts file or "none" to not use a base file at all. IF the value is empty we should use /etc/hosts as default. Ref containers/podman#13277 Ref containers/podman#13748 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Luap99 · Apr 21, 2022 · b5c27e2 · b5c27e2
1 parent 3b99bea
commit b5c27e2
Show file tree

Hide file tree

Showing 7 changed files with 30 additions and 3 deletions.
diff --git a/docs/containers.conf.5.md b/docs/containers.conf.5.md
@@ -59,6 +59,13 @@ Example: "run.oci.keep_original_groups=1"
 Used to change the name of the default AppArmor profile of container engines.
 The default profile name is "container-default".
 
+**base_hosts_file**=""
+
+The hosts entries from the base hosts file are added to the containers hosts
+file. This must be either an absolute path or as special values "image" which
+uses the hosts file from the container image or "none" which means
+no base hosts file is used. The default is "" which will use /etc/hosts.
+
 **cgroups**="enabled"
 
 Determines  whether  the  container will create CGroups.

diff --git a/libnetwork/etchosts/hosts.go b/libnetwork/etchosts/hosts.go
@@ -8,12 +8,11 @@ import (
 	"os"
 	"strings"
 
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/common/pkg/util"
 )
 
 const (
-	// DefaultHostsFile is the default path to the hosts file
-	DefaultHostsFile       = "/etc/hosts"
 	hostContainersInternal = "host.containers.internal"
 	localhost              = "localhost"
 )
@@ -265,7 +264,7 @@ func parseHostsFile(file string) (HostEntries, error) {
 	if err != nil {
 		// do not error when the default hosts file does not exists
 		// https://github.com/containers/podman/issues/12667
-		if errors.Is(err, os.ErrNotExist) && file == DefaultHostsFile {
+		if errors.Is(err, os.ErrNotExist) && file == config.DefaultHostsFile {
 			return nil, nil
 		}
 		return nil, err

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -95,6 +95,13 @@ type ContainersConfig struct {
 	// Annotation to add to all containers
 	Annotations []string `toml:"annotations,omitempty"`
 
+	// BaseHostsFile is the path to a hosts file, the entries from this file
+	// are added to the containers hosts file. As special value "image" is
+	// allowed which uses the /etc/hosts file from within the image and "none"
+	// which uses no base file at all. If it is empty we should default
+	// to /etc/hosts.
+	BaseHostsFile string `toml:"base_hosts_file,omitempty"`
+
 	// Default way to create a cgroup namespace for the container
 	CgroupNS string `toml:"cgroupns,omitempty"`
 

diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
@@ -27,6 +27,7 @@ var _ = Describe("Config", func() {
 			// Then
 			gomega.Expect(err).To(gomega.BeNil())
 			gomega.Expect(defaultConfig.Containers.ApparmorProfile).To(gomega.Equal(apparmor.Profile))
+			gomega.Expect(defaultConfig.Containers.BaseHostsFile).To(gomega.Equal(""))
 			gomega.Expect(defaultConfig.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048))
 			gomega.Expect(defaultConfig.Engine.ServiceTimeout).To(gomega.BeEquivalentTo(5))
 			gomega.Expect(defaultConfig.NetNS()).To(gomega.BeEquivalentTo("private"))
@@ -375,6 +376,7 @@ image_copy_tmp_dir="storage"`
 			gomega.Expect(err).To(gomega.BeNil())
 			gomega.Expect(config.Containers.ApparmorProfile).To(gomega.Equal("container-default"))
 			gomega.Expect(config.Containers.PidsLimit).To(gomega.BeEquivalentTo(2048))
+			gomega.Expect(config.Containers.BaseHostsFile).To(gomega.BeEquivalentTo("/etc/hosts2"))
 		})
 
 		It("contents of passed-in file should override others", func() {

diff --git a/pkg/config/containers.conf b/pkg/config/containers.conf
@@ -26,6 +26,13 @@
 #
 #apparmor_profile = "container-default"
 
+# The hosts entries from the base hosts file are added to the containers hosts
+# file. This must be either an absolute path or as special values "image" which
+# uses the hosts file from the container image or "none" which means
+# no base hosts file is used. The default is "" which will use /etc/hosts.
+#
+#base_hosts_file = ""
+
 # Default way to to create a cgroup namespace for the container
 # Options are:
 # `private` Create private Cgroup Namespace for the container.

diff --git a/pkg/config/default.go b/pkg/config/default.go
@@ -122,6 +122,8 @@ const (
 	CgroupfsCgroupsManager = "cgroupfs"
 	// DefaultApparmorProfile  specifies the default apparmor profile for the container.
 	DefaultApparmorProfile = apparmor.Profile
+	// DefaultHostsFile is the default path to the hosts file
+	DefaultHostsFile = "/etc/hosts"
 	// SystemdCgroupsManager represents systemd native cgroup manager
 	SystemdCgroupsManager = "systemd"
 	// DefaultLogSizeMax is the default value for the maximum log size
@@ -189,6 +191,7 @@ func DefaultConfig() (*Config, error) {
 			Volumes:             []string{},
 			Annotations:         []string{},
 			ApparmorProfile:     DefaultApparmorProfile,
+			BaseHostsFile:       "",
 			CgroupNS:            cgroupNS,
 			Cgroups:             "enabled",
 			DefaultCapabilities: DefaultCapabilities,

diff --git a/pkg/config/testdata/containers_default.conf b/pkg/config/testdata/containers_default.conf
@@ -17,6 +17,8 @@ devices = [
 # profile name is "container-default".
 apparmor_profile = "container-default"
 
+base_hosts_file = "/etc/hosts2"
+
 # List of default capabilities for containers. If it is empty or commented out,
 # only the capabilities defined in the containers json file by the user/kube
 # will be added.