mirror of
https://github.com/containers/podman.git
synced 2025-05-29 22:46:25 +08:00
Add support to disable creation of network config files
Specifically, we want to be able to specify whether resolv.conf and /etc/hosts will be create and bind-mounted into the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
This commit is contained in:
Matthew Heon
@ -293,6 +293,10 @@ type ContainerConfig struct {
|
||||
// namespace
|
||||
// These are not used unless CreateNetNS is true
|
||||
PortMappings []ocicni.PortMapping `json:"portMappings,omitempty"`
|
||||
// NoCreateResolvConf indicates that resolv.conf should not be
|
||||
// bind-mounted inside the container.
|
||||
// Conflicts with DNSServer, DNSSearch, DNSOption.
|
||||
NoCreateResolvConf bool
|
||||
// DNS servers to use in container resolv.conf
|
||||
// Will override servers in host resolv if set
|
||||
DNSServer []net.IP `json:"dnsServer,omitempty"`
|
||||
@ -302,6 +306,10 @@ type ContainerConfig struct {
|
||||
// DNS options to be set in container resolv.conf
|
||||
// With override options in host resolv if set
|
||||
DNSOption []string `json:"dnsOption,omitempty"`
|
||||
// NoCreateHosts indicates that /etc/hosts should not be
|
||||
// bind-mounted inside the container.
|
||||
// Conflicts with HostAdd.
|
||||
NoCreateHosts bool
|
||||
// Hosts to add in container
|
||||
// Will be appended to host's host file
|
||||
HostAdd []string `json:"hostsAdd,omitempty"`
|
||||
|
||||
@ -703,10 +703,11 @@ func (c *Container) makeBindMounts() error {
|
||||
}
|
||||
}
|
||||
|
||||
if c.config.NetNsCtr != "" {
|
||||
// We share a net namespace
|
||||
if c.config.NetNsCtr != "" && (!c.config.NoCreateHosts || !c.config.NoCreateResolvConf) {
|
||||
// We share a net namespace.
|
||||
// We want /etc/resolv.conf and /etc/hosts from the
|
||||
// other container
|
||||
// other container. Unless we're not creating both of
|
||||
// them.
|
||||
depCtr, err := c.runtime.state.Container(c.config.NetNsCtr)
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "error fetching dependency %s of container %s", c.config.NetNsCtr, c.ID())
|
||||
@ -718,13 +719,16 @@ func (c *Container) makeBindMounts() error {
|
||||
return errors.Wrapf(err, "error fetching bind mounts from dependency %s of container %s", depCtr.ID(), c.ID())
|
||||
}
|
||||
|
||||
if !c.config.NoCreateResolvConf {
|
||||
// The other container may not have a resolv.conf or /etc/hosts
|
||||
// If it doesn't, don't copy them
|
||||
resolvPath, exists := bindMounts["/etc/resolv.conf"]
|
||||
if exists {
|
||||
c.state.BindMounts["/etc/resolv.conf"] = resolvPath
|
||||
}
|
||||
}
|
||||
|
||||
if !c.config.NoCreateHosts {
|
||||
// check if dependency container has an /etc/hosts file
|
||||
hostsPath, exists := bindMounts["/etc/hosts"]
|
||||
if !exists {
|
||||
@ -745,28 +749,37 @@ func (c *Container) makeBindMounts() error {
|
||||
|
||||
// finally, save it in the new container
|
||||
c.state.BindMounts["/etc/hosts"] = hostsPath
|
||||
}
|
||||
} else {
|
||||
if !c.config.NoCreateResolvConf {
|
||||
newResolv, err := c.generateResolvConf()
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "error creating resolv.conf for container %s", c.ID())
|
||||
}
|
||||
c.state.BindMounts["/etc/resolv.conf"] = newResolv
|
||||
}
|
||||
|
||||
if !c.config.NoCreateHosts {
|
||||
newHosts, err := c.generateHosts("/etc/hosts")
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "error creating hosts file for container %s", c.ID())
|
||||
}
|
||||
c.state.BindMounts["/etc/hosts"] = newHosts
|
||||
}
|
||||
}
|
||||
|
||||
if c.state.BindMounts["/etc/hosts"] != "" {
|
||||
if err := label.Relabel(c.state.BindMounts["/etc/hosts"], c.config.MountLabel, true); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
if c.state.BindMounts["/etc/resolv.conf"] != "" {
|
||||
if err := label.Relabel(c.state.BindMounts["/etc/resolv.conf"], c.config.MountLabel, true); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// SHM is always added when we mount the container
|
||||
c.state.BindMounts["/dev/shm"] = c.config.ShmDir
|
||||
|
||||
@ -997,6 +997,9 @@ func WithDNSSearch(searchDomains []string) CtrCreateOption {
|
||||
if ctr.valid {
|
||||
return ErrCtrFinalized
|
||||
}
|
||||
if ctr.config.NoCreateResolvConf {
|
||||
return errors.Wrapf(ErrInvalidArg, "cannot add DNS search domains if container will not create /etc/resolv.conf")
|
||||
}
|
||||
ctr.config.DNSSearch = searchDomains
|
||||
return nil
|
||||
}
|
||||
@ -1008,6 +1011,9 @@ func WithDNS(dnsServers []string) CtrCreateOption {
|
||||
if ctr.valid {
|
||||
return ErrCtrFinalized
|
||||
}
|
||||
if ctr.config.NoCreateResolvConf {
|
||||
return errors.Wrapf(ErrInvalidArg, "cannot add DNS servers if container will not create /etc/resolv.conf")
|
||||
}
|
||||
var dns []net.IP
|
||||
for _, i := range dnsServers {
|
||||
result := net.ParseIP(i)
|
||||
@ -1027,6 +1033,9 @@ func WithDNSOption(dnsOptions []string) CtrCreateOption {
|
||||
if ctr.valid {
|
||||
return ErrCtrFinalized
|
||||
}
|
||||
if ctr.config.NoCreateResolvConf {
|
||||
return errors.Wrapf(ErrInvalidArg, "cannot add DNS options if container will not create /etc/resolv.conf")
|
||||
}
|
||||
ctr.config.DNSOption = dnsOptions
|
||||
return nil
|
||||
}
|
||||
@ -1038,6 +1047,11 @@ func WithHosts(hosts []string) CtrCreateOption {
|
||||
if ctr.valid {
|
||||
return ErrCtrFinalized
|
||||
}
|
||||
|
||||
if ctr.config.NoCreateHosts {
|
||||
return errors.Wrapf(ErrInvalidArg, "cannot add hosts if container will not create /etc/hosts")
|
||||
}
|
||||
|
||||
ctr.config.HostAdd = hosts
|
||||
return nil
|
||||
}
|
||||
@ -1184,6 +1198,44 @@ func WithCtrNamespace(ns string) CtrCreateOption {
|
||||
}
|
||||
}
|
||||
|
||||
// WithNoCreateResolvConf tells the container not to bind-mount resolv.conf in.
|
||||
// This conflicts with other DNS-related options.
|
||||
func WithNoCreateResolvConf() CtrCreateOption {
|
||||
return func(ctr *Container) error {
|
||||
if ctr.valid {
|
||||
return ErrCtrFinalized
|
||||
}
|
||||
|
||||
if len(ctr.config.DNSServer) != 0 ||
|
||||
len(ctr.config.DNSSearch) != 0 ||
|
||||
len(ctr.config.DNSOption) != 0 {
|
||||
return errors.Wrapf(ErrInvalidArg, "not creating resolv.conf conflicts with DNS options")
|
||||
}
|
||||
|
||||
ctr.config.NoCreateResolvConf = true
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
// WithNoCreateHosts tells the container not to bind-mount /etc/hosts in.
|
||||
// This conflicts with WithHosts().
|
||||
func WithNoCreateHosts() CtrCreateOption {
|
||||
return func(ctr *Container) error {
|
||||
if ctr.valid {
|
||||
return ErrCtrFinalized
|
||||
}
|
||||
|
||||
if len(ctr.config.HostAdd) != 0 {
|
||||
return errors.Wrapf(ErrInvalidArg, "not creating /etc/hosts conflicts with adding to the hosts file")
|
||||
}
|
||||
|
||||
ctr.config.NoCreateHosts = true
|
||||
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
// withIsInfra sets the container to be an infra container. This means the container will be sometimes hidden
|
||||
// and expected to be the first container in the pod.
|
||||
func withIsInfra() CtrCreateOption {
|
||||
|
||||
Reference in New Issue
Block a user