summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Holzinger <pholzing@redhat.com>2022-04-21 12:29:31 +0200
committerPaul Holzinger <pholzing@redhat.com>2022-04-22 13:06:00 +0200
commite4ab8a5bedb48615402231a5aa3a62ca4364c45f (patch)
tree15392d384af7d761dc1ff9ed97f4a6dbc99c6bc3
parentcf1b0c1965c9cc7f3b6d870720ba78865c8602e4 (diff)
downloadpodman-e4ab8a5bedb48615402231a5aa3a62ca4364c45f.tar.gz
podman-e4ab8a5bedb48615402231a5aa3a62ca4364c45f.tar.bz2
podman-e4ab8a5bedb48615402231a5aa3a62ca4364c45f.zip
shared netns and --add-host should conflict
Because /etc/hosts is shared for all containers with a shared network namespace you should not be able to add hosts from a joined container. Only the primary netns container can set the hosts. Signed-off-by: Paul Holzinger <pholzing@redhat.com>
-rw-r--r--pkg/specgen/container_validate.go7
-rw-r--r--test/e2e/pod_infra_container_test.go16
-rw-r--r--test/e2e/run_networking_test.go12
3 files changed, 26 insertions, 9 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go
index 42b70e334..e06cd9a29 100644
--- a/pkg/specgen/container_validate.go
+++ b/pkg/specgen/container_validate.go
@@ -38,6 +38,13 @@ func (s *SpecGenerator) Validate() error {
if len(s.PortMappings) > 0 || s.PublishExposedPorts {
return errors.Wrap(define.ErrNetworkOnPodContainer, "published or exposed ports must be defined when the pod is created")
}
+ if len(s.HostAdd) > 0 {
+ return errors.Wrap(define.ErrNetworkOnPodContainer, "extra host entries must be specified on the pod")
+ }
+ }
+
+ if s.NetNS.IsContainer() && len(s.HostAdd) > 0 {
+ return errors.Wrap(ErrInvalidSpecConfig, "cannot set extra host entries when the container is joined to another containers network namespace")
}
//
diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go
index db366b612..6373b949a 100644
--- a/test/e2e/pod_infra_container_test.go
+++ b/test/e2e/pod_infra_container_test.go
@@ -377,21 +377,19 @@ var _ = Describe("Podman pod create", func() {
Expect(result.OutputToString()).To(ContainSubstring(infraID))
})
- It("podman run --add-host in pod", func() {
- session := podmanTest.Podman([]string{"pod", "create"})
+ It("podman run --add-host in pod should fail", func() {
+ session := podmanTest.Podman([]string{"pod", "create", "--add-host", "host1:127.0.0.1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
podID := session.OutputToString()
- // verify we can add a host to the infra's /etc/hosts
- // N/B: Using alpine for ping, since BB ping throws
- // permission denied error as of Fedora 33.
- session = podmanTest.Podman([]string{"run", "--pod", podID, "--add-host", "foobar:127.0.0.1", ALPINE, "ping", "-c", "1", "foobar"})
+ session = podmanTest.Podman([]string{"create", "--pod", podID, "--add-host", "foobar:127.0.0.1", ALPINE, "ping", "-c", "1", "foobar"})
session.WaitWithDefaultTimeout()
- Expect(session).Should(Exit(0))
+ Expect(session).Should(ExitWithError())
+ Expect(session.ErrorToString()).To(ContainSubstring("extra host entries must be specified on the pod: network cannot be configured when it is shared with a pod"))
- // verify we can see the other hosts of infra's /etc/hosts
- session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "ping", "-c", "1", "foobar"})
+ // verify we can see the pods hosts
+ session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "ping", "-c", "1", "host1"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
})
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 696668e52..49c387227 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -608,6 +608,18 @@ EXPOSE 2004-2005/tcp`, ALPINE)
Expect(ctr2).Should(Exit(0))
})
+ It("podman run --net container: and --add-host should fail", func() {
+ ctrName := "ctrToJoin"
+ ctr1 := podmanTest.RunTopContainer(ctrName)
+ ctr1.WaitWithDefaultTimeout()
+ Expect(ctr1).Should(Exit(0))
+
+ ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--add-host", "host1:127.0.0.1", ALPINE, "true"})
+ ctr2.WaitWithDefaultTimeout()
+ Expect(ctr2).Should(ExitWithError())
+ Expect(ctr2.ErrorToString()).Should(ContainSubstring("cannot set extra host entries when the container is joined to another containers network namespace: invalid configuration"))
+ })
+
It("podman run --net container: copies hosts and resolv", func() {
ctrName := "ctr1"
ctr1 := podmanTest.RunTopContainer(ctrName)