use etchosts package from c/common

Use the new logic from c/common to create the hosts file. This will help to better allign the hosts files between buildah and podman. Also this fixes several bugs: - remove host entries when container is stopped and has a netNsCtr - add entries for containers in a pod - do not duplicate entries in the hosts file - use the correct slirp ip when an userns is used Features: - configure host.containers.internal entry in containers.conf - configure base hosts file in containers.conf Fixes containers#12003 Fixes containers#13224 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
gbraad-redhat · Jul 13, 2022 · 95ca781 · 95ca781
1 parent 00b8edf
commit 95ca781
Show file tree

Hide file tree

Showing 11 changed files with 597 additions and 241 deletions.
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -1,7 +1,6 @@
 package libpod
 
 import (
-	"bufio"
 	"bytes"
 	"context"
 	"fmt"
@@ -17,8 +16,10 @@ import (
 	"github.com/containers/buildah/copier"
 	"github.com/containers/buildah/pkg/overlay"
 	butil "github.com/containers/buildah/util"
+	"github.com/containers/common/libnetwork/etchosts"
 	"github.com/containers/common/pkg/cgroups"
 	"github.com/containers/common/pkg/chown"
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/libpod/events"
 	"github.com/containers/podman/v4/pkg/ctime"
@@ -31,6 +32,7 @@ import (
 	"github.com/containers/storage"
 	"github.com/containers/storage/pkg/archive"
 	"github.com/containers/storage/pkg/idtools"
+	"github.com/containers/storage/pkg/lockfile"
 	"github.com/containers/storage/pkg/mount"
 	"github.com/coreos/go-systemd/v22/daemon"
 	securejoin "github.com/cyphar/filepath-securejoin"
@@ -1006,17 +1008,14 @@ func (c *Container) completeNetworkSetup() error {
 		}
 	}
 	// check if we have a bindmount for /etc/hosts
-	if hostsBindMount, ok := state.BindMounts["/etc/hosts"]; ok && len(c.cniHosts()) > 0 {
-		ctrHostPath := filepath.Join(c.state.RunDir, "hosts")
-		if hostsBindMount == ctrHostPath {
-			// read the existing hosts
-			b, err := ioutil.ReadFile(hostsBindMount)
-			if err != nil {
-				return err
-			}
-			if err := ioutil.WriteFile(hostsBindMount, append(b, []byte(c.cniHosts())...), 0644); err != nil {
-				return err
-			}
+	if hostsBindMount, ok := state.BindMounts[config.DefaultHostsFile]; ok {
+		entries, err := c.getHostsEntries()
+		if err != nil {
+			return err
+		}
+		// add new container ips to the hosts file
+		if err := etchosts.Add(hostsBindMount, entries); err != nil {
+			return err
 		}
 	}
 
@@ -1041,18 +1040,6 @@ func (c *Container) completeNetworkSetup() error {
 	return ioutil.WriteFile(resolvBindMount, []byte(strings.Join(outResolvConf, "\n")), 0644)
 }
 
-func (c *Container) cniHosts() string {
-	var hosts string
-	for _, status := range c.getNetworkStatus() {
-		for _, netInt := range status.Interfaces {
-			for _, netAddress := range netInt.Subnets {
-				hosts += fmt.Sprintf("%s\t%s %s\n", netAddress.IPNet.IP.String(), c.Hostname(), c.config.Name)
-			}
-		}
-	}
-	return hosts
-}
-
 // Initialize a container, creating it in the runtime
 func (c *Container) init(ctx context.Context, retainRetries bool) error {
 	// Unconditionally remove conmon temporary files.
@@ -1894,6 +1881,24 @@ func (c *Container) cleanup(ctx context.Context) error {
 		lastError = errors.Wrapf(err, "error removing container %s network", c.ID())
 	}
 
+	// cleanup host entry if it is shared
+	if c.config.NetNsCtr != "" {
+		if hoststFile, ok := c.state.BindMounts[config.DefaultHostsFile]; ok {
+			if _, err := os.Stat(hoststFile); err == nil {
+				// we cannot use the dependency container lock due ABBA deadlocks
+				if lock, err := lockfile.GetLockfile(hoststFile); err == nil {
+					lock.Lock()
+					// make sure to ignore ENOENT error in case the netns container was cleanup before this one
+					if err := etchosts.Remove(hoststFile, getLocalhostHostEntry(c)); err != nil && !errors.Is(err, os.ErrNotExist) {
+						// this error is not fatal we still want to do proper cleanup
+						logrus.Errorf("failed to remove hosts entry from the netns containers /etc/hosts: %v", err)
+					}
+					lock.Unlock()
+				}
+			}
+		}
+	}
+
 	// Remove the container from the runtime, if necessary.
 	// Do this *before* unmounting storage - some runtimes (e.g. Kata)
 	// apparently object to having storage removed while the container still
@@ -2030,33 +2035,6 @@ func (c *Container) writeStringToStaticDir(filename, contents string) (string, e
 	return destFileName, nil
 }
 
-// appendStringToRunDir appends the provided string to the runtimedir file
-func (c *Container) appendStringToRunDir(destFile, output string) (string, error) {
-	destFileName := filepath.Join(c.state.RunDir, destFile)
-
-	f, err := os.OpenFile(destFileName, os.O_APPEND|os.O_RDWR, 0600)
-	if err != nil {
-		return "", err
-	}
-	defer f.Close()
-
-	compareStr := strings.TrimRight(output, "\n")
-	scanner := bufio.NewScanner(f)
-	scanner.Split(bufio.ScanLines)
-
-	for scanner.Scan() {
-		if strings.Compare(scanner.Text(), compareStr) == 0 {
-			return filepath.Join(c.state.RunDir, destFile), nil
-		}
-	}
-
-	if _, err := f.WriteString(output); err != nil {
-		return "", errors.Wrapf(err, "unable to write %s", destFileName)
-	}
-
-	return filepath.Join(c.state.RunDir, destFile), nil
-}
-
 // saveSpec saves the OCI spec to disk, replacing any existing specs for the container
 func (c *Container) saveSpec(spec *spec.Spec) error {
 	// If the OCI spec already exists, we need to replace it