Do not add an entry to /etc/hosts with --net=host

To match Docker's behavior, in the `--net=host` case, we need to use the host's `/etc/hosts` file, unmodified (without adding an entry for the container). We will still respect hosts from `--add-host` but will not make any automatic changes. Fortuntely, this is strictly a matter of removal and refactoring as we already base our `/etc/hosts` on the host's version - just need to remove the code that added entries when net=host was set. Fixes #10319 Signed-off-by: Matthew Heon <matthew.heon@pm.me>
2025-05-20 16:47:39 +08:00 · 2021-08-03 14:07:28 -04:00
parent e93661f5e7
commit cfcd1e1863
2 changed files with 18 additions and 31 deletions
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@ -1912,6 +1912,7 @@ func (c *Container) appendHosts(path string, netCtr *Container) (string, error)
 // and returns a string in a format that can be written to the host file
 func (c *Container) getHosts() string {
 	var hosts string
+
 	if len(c.config.HostAdd) > 0 {
 		for _, host := range c.config.HostAdd {
 			// the host format has already been verified at this point
@ -1922,36 +1923,33 @@ func (c *Container) getHosts() string {

 	hosts += c.cniHosts()

-	// If not making a network namespace, add our own hostname.
+	// Add hostname for slirp4netns
 	if c.Hostname() != "" {
 		if c.config.NetMode.IsSlirp4netns() {
 			// When using slirp4netns, the interface gets a static IP
 			slirp4netnsIP, err := GetSlirp4netnsIP(c.slirp4netnsSubnet)
 			if err != nil {
-				logrus.Warn("failed to determine slirp4netnsIP: ", err.Error())
+				logrus.Warnf("failed to determine slirp4netnsIP: %v", err.Error())
 			} else {
 				hosts += fmt.Sprintf("# used by slirp4netns\n%s\t%s %s\n", slirp4netnsIP.String(), c.Hostname(), c.config.Name)
 			}
-		} else {
-			hasNetNS := false
-			netNone := false
-			for _, ns := range c.config.Spec.Linux.Namespaces {
-				if ns.Type == spec.NetworkNamespace {
-					hasNetNS = true
-					if ns.Path == "" && !c.config.CreateNetNS {
-						netNone = true
-					}
-					break
+		}
+
+		// Do we have a network namespace?
+		netNone := false
+		for _, ns := range c.config.Spec.Linux.Namespaces {
+			if ns.Type == spec.NetworkNamespace {
+				if ns.Path == "" && !c.config.CreateNetNS {
+					netNone = true
 				}
+				break
 			}
-			if !hasNetNS {
-				// 127.0.1.1 and host's hostname to match Docker
-				osHostname, _ := os.Hostname()
-				hosts += fmt.Sprintf("127.0.1.1 %s %s %s\n", osHostname, c.Hostname(), c.config.Name)
-			}
-			if netNone {
-				hosts += fmt.Sprintf("127.0.1.1 %s %s\n", c.Hostname(), c.config.Name)
-			}
+		}
+
+		// If we are net=none (have a network namespace, but not connected to
+		// anything) add the container's name and hostname to localhost.
+		if netNone {
+			hosts += fmt.Sprintf("127.0.0.1 %s %s\n", c.Hostname(), c.config.Name)
 		}
 	}

--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@ -685,13 +685,6 @@ var _ = Describe("Podman run networking", func() {
 		Expect(podrm).Should(Exit(0))
 	})

-	It("podman run net=host adds entry to /etc/hosts", func() {
-		run := podmanTest.Podman([]string{"run", "--net=host", ALPINE, "cat", "/etc/hosts"})
-		run.WaitWithDefaultTimeout()
-		Expect(run).Should(Exit(0))
-		Expect(strings.Contains(run.OutputToString(), "127.0.1.1")).To(BeTrue())
-	})
-
 	It("podman run with --net=host and --hostname sets correct hostname", func() {
 		hostname := "testctr"
 		run := podmanTest.Podman([]string{"run", "--net=host", "--hostname", hostname, ALPINE, "hostname"})
@ -731,10 +724,6 @@ var _ = Describe("Podman run networking", func() {
 		ping_test("--net=none")
 	})

-	It("podman attempt to ping container name and hostname --net=host", func() {
-		ping_test("--net=host")
-	})
-
 	It("podman attempt to ping container name and hostname --net=private", func() {
 		ping_test("--net=private")
 	})