diff options
author | Paul Holzinger <pholzing@redhat.com> | 2022-04-21 12:29:31 +0200 |
---|---|---|
committer | Paul Holzinger <pholzing@redhat.com> | 2022-04-22 13:06:00 +0200 |
commit | e4ab8a5bedb48615402231a5aa3a62ca4364c45f (patch) | |
tree | 15392d384af7d761dc1ff9ed97f4a6dbc99c6bc3 | |
parent | cf1b0c1965c9cc7f3b6d870720ba78865c8602e4 (diff) | |
download | podman-e4ab8a5bedb48615402231a5aa3a62ca4364c45f.tar.gz podman-e4ab8a5bedb48615402231a5aa3a62ca4364c45f.tar.bz2 podman-e4ab8a5bedb48615402231a5aa3a62ca4364c45f.zip |
shared netns and --add-host should conflict
Because /etc/hosts is shared for all containers with a shared network
namespace you should not be able to add hosts from a joined container.
Only the primary netns container can set the hosts.
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
-rw-r--r-- | pkg/specgen/container_validate.go | 7 | ||||
-rw-r--r-- | test/e2e/pod_infra_container_test.go | 16 | ||||
-rw-r--r-- | test/e2e/run_networking_test.go | 12 |
3 files changed, 26 insertions, 9 deletions
diff --git a/pkg/specgen/container_validate.go b/pkg/specgen/container_validate.go index 42b70e334..e06cd9a29 100644 --- a/pkg/specgen/container_validate.go +++ b/pkg/specgen/container_validate.go @@ -38,6 +38,13 @@ func (s *SpecGenerator) Validate() error { if len(s.PortMappings) > 0 || s.PublishExposedPorts { return errors.Wrap(define.ErrNetworkOnPodContainer, "published or exposed ports must be defined when the pod is created") } + if len(s.HostAdd) > 0 { + return errors.Wrap(define.ErrNetworkOnPodContainer, "extra host entries must be specified on the pod") + } + } + + if s.NetNS.IsContainer() && len(s.HostAdd) > 0 { + return errors.Wrap(ErrInvalidSpecConfig, "cannot set extra host entries when the container is joined to another containers network namespace") } // diff --git a/test/e2e/pod_infra_container_test.go b/test/e2e/pod_infra_container_test.go index db366b612..6373b949a 100644 --- a/test/e2e/pod_infra_container_test.go +++ b/test/e2e/pod_infra_container_test.go @@ -377,21 +377,19 @@ var _ = Describe("Podman pod create", func() { Expect(result.OutputToString()).To(ContainSubstring(infraID)) }) - It("podman run --add-host in pod", func() { - session := podmanTest.Podman([]string{"pod", "create"}) + It("podman run --add-host in pod should fail", func() { + session := podmanTest.Podman([]string{"pod", "create", "--add-host", "host1:127.0.0.1"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) podID := session.OutputToString() - // verify we can add a host to the infra's /etc/hosts - // N/B: Using alpine for ping, since BB ping throws - // permission denied error as of Fedora 33. - session = podmanTest.Podman([]string{"run", "--pod", podID, "--add-host", "foobar:127.0.0.1", ALPINE, "ping", "-c", "1", "foobar"}) + session = podmanTest.Podman([]string{"create", "--pod", podID, "--add-host", "foobar:127.0.0.1", ALPINE, "ping", "-c", "1", "foobar"}) session.WaitWithDefaultTimeout() - Expect(session).Should(Exit(0)) + Expect(session).Should(ExitWithError()) + Expect(session.ErrorToString()).To(ContainSubstring("extra host entries must be specified on the pod: network cannot be configured when it is shared with a pod")) - // verify we can see the other hosts of infra's /etc/hosts - session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "ping", "-c", "1", "foobar"}) + // verify we can see the pods hosts + session = podmanTest.Podman([]string{"run", "--pod", podID, ALPINE, "ping", "-c", "1", "host1"}) session.WaitWithDefaultTimeout() Expect(session).Should(Exit(0)) }) diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index 696668e52..49c387227 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -608,6 +608,18 @@ EXPOSE 2004-2005/tcp`, ALPINE) Expect(ctr2).Should(Exit(0)) }) + It("podman run --net container: and --add-host should fail", func() { + ctrName := "ctrToJoin" + ctr1 := podmanTest.RunTopContainer(ctrName) + ctr1.WaitWithDefaultTimeout() + Expect(ctr1).Should(Exit(0)) + + ctr2 := podmanTest.Podman([]string{"run", "-d", "--net=container:" + ctrName, "--add-host", "host1:127.0.0.1", ALPINE, "true"}) + ctr2.WaitWithDefaultTimeout() + Expect(ctr2).Should(ExitWithError()) + Expect(ctr2.ErrorToString()).Should(ContainSubstring("cannot set extra host entries when the container is joined to another containers network namespace: invalid configuration")) + }) + It("podman run --net container: copies hosts and resolv", func() { ctrName := "ctr1" ctr1 := podmanTest.RunTopContainer(ctrName) |