containers
/
podman
mirror of https://github.com/containers/podman.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

In shared networkNS /etc/resolv.conf&/etc/hosts should be shared 

We should just bind mount the original containers /etc/resolv.conf and /etchosts
into the new container.  Changes in the resolv.conf and hosts should be seen
by all containers,  This matches Docker behaviour.

In order to make this work the labels on these files need to have a shared
SELinux label.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This commit is contained in:
Daniel J Walsh 2019-02-23 07:52:05 -05:00
parent 0969d725a3
commit c83e78277a
No known key found for this signature in database
GPG Key ID: A2DF901DABE2C028
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
libpod/container_internal_linux.go
View File

@ -26,7 +26,6 @@ import (
"github.com/containers/libpod/pkg/rootless" "github.com/containers/libpod/pkg/rootless"
"github.com/containers/libpod/pkg/secrets" "github.com/containers/libpod/pkg/secrets"
"github.com/containers/storage/pkg/idtools" "github.com/containers/storage/pkg/idtools"
"github.com/mrunalp/fileutils"
"github.com/opencontainers/runc/libcontainer/user" "github.com/opencontainers/runc/libcontainer/user"
spec "github.com/opencontainers/runtime-spec/specs-go" spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/runtime-tools/generate"
@ -677,20 +676,12 @@ func (c *Container) makeBindMounts() error {
// If it doesn't, don't copy them // If it doesn't, don't copy them
resolvPath, exists := bindMounts["/etc/resolv.conf"] resolvPath, exists := bindMounts["/etc/resolv.conf"]
if exists { if exists {
resolvDest := filepath.Join(c.state.RunDir, "resolv.conf")
if err := fileutils.CopyFile(resolvPath, resolvDest); err != nil {
return errors.Wrapf(err, "error copying resolv.conf from dependency container %s of container %s", depCtr.ID(), c.ID())
}
c.state.BindMounts["/etc/resolv.conf"] = resolvDest
}
c.state.BindMounts["/etc/resolv.conf"] = resolvPath
}
hostsPath, exists := bindMounts["/etc/hosts"] hostsPath, exists := bindMounts["/etc/hosts"]
if exists { if exists {
hostsDest := filepath.Join(c.state.RunDir, "hosts") c.state.BindMounts["/etc/hosts"] = hostsPath
if err := fileutils.CopyFile(hostsPath, hostsDest); err != nil {
return errors.Wrapf(err, "error copying hosts file from dependency container %s of container %s", depCtr.ID(), c.ID())
}
c.state.BindMounts["/etc/hosts"] = hostsDest
} }
} else { } else {
newResolv, err := c.generateResolvConf() newResolv, err := c.generateResolvConf()
@ -705,6 +696,14 @@ func (c *Container) makeBindMounts() error {
} }
c.state.BindMounts["/etc/hosts"] = newHosts c.state.BindMounts["/etc/hosts"] = newHosts
} }
if err := label.Relabel(c.state.BindMounts["/etc/hosts"], c.config.MountLabel, true); err != nil {
return err
}
if err := label.Relabel(c.state.BindMounts["/etc/resolv.conf"], c.config.MountLabel, true); err != nil {
return err
}
} }
// SHM is always added when we mount the container // SHM is always added when we mount the container
@ -809,7 +808,7 @@ func (c *Container) generateResolvConf() (string, error) {
} }
// Relabel resolv.conf for the container // Relabel resolv.conf for the container
if err := label.Relabel(destPath, c.config.MountLabel, false); err != nil { if err := label.Relabel(destPath, c.config.MountLabel, true); err != nil {
return "", err return "", err
} }