API: use no_hosts from containers.conf

The API endpoints should properly honour the `no_hosts=true` setting in
containers.conf.

Fixes #13719

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

5 files changed, 65 insertions, 2 deletions

diff --git a/cmd/podman/common/create_opts.go b/cmd/podman/common/create_opts.go
index ad6b3870a..39146f918 100644
--- a/cmd/podman/common/create_opts.go
+++ b/cmd/podman/common/create_opts.go
@@ -181,6 +181,7 @@ func ContainerCreateToContainerCLIOpts(cc handlers.CreateContainerConfig, rtc *c
 		Network:        nsmode,
 		PublishPorts:   specPorts,
 		NetworkOptions: netOpts,
+		NoHosts:        rtc.Containers.NoHosts,
 	}
 
 	// network names
diff --git a/pkg/api/handlers/libpod/containers_create.go b/pkg/api/handlers/libpod/containers_create.go
index 61f437faf..4f9dc008d 100644
--- a/pkg/api/handlers/libpod/containers_create.go
+++ b/pkg/api/handlers/libpod/containers_create.go
@@ -18,7 +18,18 @@ import (
 // the new container ID on success along with any warnings.
 func CreateContainer(w http.ResponseWriter, r *http.Request) {
 	runtime := r.Context().Value(api.RuntimeKey).(*libpod.Runtime)
-	var sg specgen.SpecGenerator
+	conf, err := runtime.GetConfigNoCopy()
+	if err != nil {
+		utils.InternalServerError(w, err)
+		return
+	}
+
+	// we have to set the default before we decode to make sure the correct default is set when the field is unset
+	sg := specgen.SpecGenerator{
+		ContainerNetworkConfig: specgen.ContainerNetworkConfig{
+			UseImageHosts: conf.Containers.NoHosts,
+		},
+	}
 
 	if err := json.NewDecoder(r.Body).Decode(&sg); err != nil {
 		utils.Error(w, http.StatusInternalServerError, errors.Wrap(err, "Decode()"))
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go
index 27d77af9f..dfac1d457 100644
--- a/pkg/specgen/specgen.go
+++ b/pkg/specgen/specgen.go
@@ -467,7 +467,13 @@ type ContainerNetworkConfig struct {
 	// UseImageHosts indicates that /etc/hosts should not be managed by
 	// Podman, and instead sourced from the image.
 	// Conflicts with HostAdd.
-	UseImageHosts bool `json:"use_image_hosts,omitempty"`
+	// Do not set omitempty here, if this is false it should be set to not get
+	// the server default.
+	// Ideally this would be a pointer so we could differentiate between an
+	// explicitly false/true and unset (containers.conf default). However
+	// specgen is stable so we can not change this right now.
+	// TODO (5.0): change to pointer
+	UseImageHosts bool `json:"use_image_hosts"`
 	// HostAdd is a set of hosts which will be added to the container's
 	// /etc/hosts file.
 	// Conflicts with UseImageHosts.
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index 94de2cf24..a3675d40a 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -447,3 +447,46 @@ t GET images/$iid/json 200 \
 
 t DELETE containers/$cid 204
 t DELETE images/docker.io/library/newrepo:v3?force=false 200
+
+# test create without default no_hosts
+t POST containers/create \
+  Image=$IMAGE \
+  201 \
+  .Id~[0-9a-f]\\{64\\}
+cid=$(jq -r '.Id' <<<"$output")
+
+t POST libpod/containers/$cid/init 204
+
+t GET libpod/containers/$cid/json 200
+
+cpid_file=$(jq -r '.ConmonPidFile' <<<"$output")
+userdata_path=$(dirname $cpid_file)
+
+t GET libpod/containers/$cid/json 200 \
+  .HostsPath=$userdata_path/hosts
+
+t DELETE containers/$cid 204
+
+# test create with default no_hosts=true
+stop_service
+
+CONTAINERS_CONF=$TESTS_DIR/containers.no_hosts.conf start_service
+
+# check docker and libpod endpoint
+for endpoint in containers/create libpod/containers/create; do
+  t POST $endpoint \
+    Image=$IMAGE \
+    201 \
+    .Id~[0-9a-f]\\{64\\}
+  cid=$(jq -r '.Id' <<<"$output")
+
+  t POST libpod/containers/$cid/init 204
+
+  t GET libpod/containers/$cid/json 200 \
+    .HostsPath=""
+
+  t DELETE containers/$cid 204
+done
+
+stop_service
+start_service
diff --git a/test/apiv2/containers.no_hosts.conf b/test/apiv2/containers.no_hosts.conf
new file mode 100644
index 000000000..b4c78bedb
--- /dev/null
+++ b/test/apiv2/containers.no_hosts.conf
@@ -0,0 +1,2 @@
+[containers]
+no_hosts=true