summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Heon <matthew.heon@pm.me>2019-03-22 14:39:09 -0400
committerMatthew Heon <matthew.heon@pm.me>2019-03-27 10:12:18 -0400
commit72f03f0c2587be4ff3ff9c83d28964cc7c1a135c (patch)
tree25e1824dff64b5069eb4b1fd4e16ebad6185b8b5
parentb20594ea51ba1fb21cb727a8b224415335e04ac7 (diff)
downloadpodman-72f03f0c2587be4ff3ff9c83d28964cc7c1a135c.tar.gz
podman-72f03f0c2587be4ff3ff9c83d28964cc7c1a135c.tar.bz2
podman-72f03f0c2587be4ff3ff9c83d28964cc7c1a135c.zip
Add support to disable creation of network config files
Specifically, we want to be able to specify whether resolv.conf and /etc/hosts will be create and bind-mounted into the container. Signed-off-by: Matthew Heon <matthew.heon@pm.me>
-rw-r--r--libpod/container.go8
-rw-r--r--libpod/container_internal_linux.go85
-rw-r--r--libpod/options.go52
3 files changed, 109 insertions, 36 deletions
diff --git a/libpod/container.go b/libpod/container.go
index ec4e31026..866cf5c58 100644
--- a/libpod/container.go
+++ b/libpod/container.go
@@ -293,6 +293,10 @@ type ContainerConfig struct {
// namespace
// These are not used unless CreateNetNS is true
PortMappings []ocicni.PortMapping `json:"portMappings,omitempty"`
+ // NoCreateResolvConf indicates that resolv.conf should not be
+ // bind-mounted inside the container.
+ // Conflicts with DNSServer, DNSSearch, DNSOption.
+ NoCreateResolvConf bool
// DNS servers to use in container resolv.conf
// Will override servers in host resolv if set
DNSServer []net.IP `json:"dnsServer,omitempty"`
@@ -302,6 +306,10 @@ type ContainerConfig struct {
// DNS options to be set in container resolv.conf
// With override options in host resolv if set
DNSOption []string `json:"dnsOption,omitempty"`
+ // NoCreateHosts indicates that /etc/hosts should not be
+ // bind-mounted inside the container.
+ // Conflicts with HostAdd.
+ NoCreateHosts bool
// Hosts to add in container
// Will be appended to host's host file
HostAdd []string `json:"hostsAdd,omitempty"`
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index c6c9ceb0c..3bb8b23ec 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -703,10 +703,11 @@ func (c *Container) makeBindMounts() error {
}
}
- if c.config.NetNsCtr != "" {
- // We share a net namespace
+ if c.config.NetNsCtr != "" && (!c.config.NoCreateHosts || !c.config.NoCreateResolvConf) {
+ // We share a net namespace.
// We want /etc/resolv.conf and /etc/hosts from the
- // other container
+ // other container. Unless we're not creating both of
+ // them.
depCtr, err := c.runtime.state.Container(c.config.NetNsCtr)
if err != nil {
return errors.Wrapf(err, "error fetching dependency %s of container %s", c.config.NetNsCtr, c.ID())
@@ -718,53 +719,65 @@ func (c *Container) makeBindMounts() error {
return errors.Wrapf(err, "error fetching bind mounts from dependency %s of container %s", depCtr.ID(), c.ID())
}
- // The other container may not have a resolv.conf or /etc/hosts
- // If it doesn't, don't copy them
- resolvPath, exists := bindMounts["/etc/resolv.conf"]
- if exists {
- c.state.BindMounts["/etc/resolv.conf"] = resolvPath
+ if !c.config.NoCreateResolvConf {
+ // The other container may not have a resolv.conf or /etc/hosts
+ // If it doesn't, don't copy them
+ resolvPath, exists := bindMounts["/etc/resolv.conf"]
+ if exists {
+ c.state.BindMounts["/etc/resolv.conf"] = resolvPath
+ }
}
- // check if dependency container has an /etc/hosts file
- hostsPath, exists := bindMounts["/etc/hosts"]
- if !exists {
- return errors.Errorf("error finding hosts file of dependency container %s for container %s", depCtr.ID(), c.ID())
- }
+ if !c.config.NoCreateHosts {
+ // check if dependency container has an /etc/hosts file
+ hostsPath, exists := bindMounts["/etc/hosts"]
+ if !exists {
+ return errors.Errorf("error finding hosts file of dependency container %s for container %s", depCtr.ID(), c.ID())
+ }
- depCtr.lock.Lock()
- // generate a hosts file for the dependency container,
- // based on either its old hosts file, or the default,
- // and add the relevant information from the new container (hosts and IP)
- hostsPath, err = depCtr.appendHosts(hostsPath, c)
+ depCtr.lock.Lock()
+ // generate a hosts file for the dependency container,
+ // based on either its old hosts file, or the default,
+ // and add the relevant information from the new container (hosts and IP)
+ hostsPath, err = depCtr.appendHosts(hostsPath, c)
- if err != nil {
+ if err != nil {
+ depCtr.lock.Unlock()
+ return errors.Wrapf(err, "error creating hosts file for container %s which depends on container %s", c.ID(), depCtr.ID())
+ }
depCtr.lock.Unlock()
- return errors.Wrapf(err, "error creating hosts file for container %s which depends on container %s", c.ID(), depCtr.ID())
- }
- depCtr.lock.Unlock()
- // finally, save it in the new container
- c.state.BindMounts["/etc/hosts"] = hostsPath
+ // finally, save it in the new container
+ c.state.BindMounts["/etc/hosts"] = hostsPath
+ }
} else {
- newResolv, err := c.generateResolvConf()
- if err != nil {
- return errors.Wrapf(err, "error creating resolv.conf for container %s", c.ID())
+ if !c.config.NoCreateResolvConf {
+ newResolv, err := c.generateResolvConf()
+ if err != nil {
+ return errors.Wrapf(err, "error creating resolv.conf for container %s", c.ID())
+ }
+ c.state.BindMounts["/etc/resolv.conf"] = newResolv
}
- c.state.BindMounts["/etc/resolv.conf"] = newResolv
- newHosts, err := c.generateHosts("/etc/hosts")
- if err != nil {
- return errors.Wrapf(err, "error creating hosts file for container %s", c.ID())
+ if !c.config.NoCreateHosts {
+ newHosts, err := c.generateHosts("/etc/hosts")
+ if err != nil {
+ return errors.Wrapf(err, "error creating hosts file for container %s", c.ID())
+ }
+ c.state.BindMounts["/etc/hosts"] = newHosts
}
- c.state.BindMounts["/etc/hosts"] = newHosts
}
- if err := label.Relabel(c.state.BindMounts["/etc/hosts"], c.config.MountLabel, true); err != nil {
- return err
+ if c.state.BindMounts["/etc/hosts"] != "" {
+ if err := label.Relabel(c.state.BindMounts["/etc/hosts"], c.config.MountLabel, true); err != nil {
+ return err
+ }
}
- if err := label.Relabel(c.state.BindMounts["/etc/resolv.conf"], c.config.MountLabel, true); err != nil {
- return err
+ if c.state.BindMounts["/etc/resolv.conf"] != "" {
+ if err := label.Relabel(c.state.BindMounts["/etc/resolv.conf"], c.config.MountLabel, true); err != nil {
+ return err
+ }
}
}
diff --git a/libpod/options.go b/libpod/options.go
index 1bf3ff9e6..a36309ed7 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -997,6 +997,9 @@ func WithDNSSearch(searchDomains []string) CtrCreateOption {
if ctr.valid {
return ErrCtrFinalized
}
+ if ctr.config.NoCreateResolvConf {
+ return errors.Wrapf(ErrInvalidArg, "cannot add DNS search domains if container will not create /etc/resolv.conf")
+ }
ctr.config.DNSSearch = searchDomains
return nil
}
@@ -1008,6 +1011,9 @@ func WithDNS(dnsServers []string) CtrCreateOption {
if ctr.valid {
return ErrCtrFinalized
}
+ if ctr.config.NoCreateResolvConf {
+ return errors.Wrapf(ErrInvalidArg, "cannot add DNS servers if container will not create /etc/resolv.conf")
+ }
var dns []net.IP
for _, i := range dnsServers {
result := net.ParseIP(i)
@@ -1027,6 +1033,9 @@ func WithDNSOption(dnsOptions []string) CtrCreateOption {
if ctr.valid {
return ErrCtrFinalized
}
+ if ctr.config.NoCreateResolvConf {
+ return errors.Wrapf(ErrInvalidArg, "cannot add DNS options if container will not create /etc/resolv.conf")
+ }
ctr.config.DNSOption = dnsOptions
return nil
}
@@ -1038,6 +1047,11 @@ func WithHosts(hosts []string) CtrCreateOption {
if ctr.valid {
return ErrCtrFinalized
}
+
+ if ctr.config.NoCreateHosts {
+ return errors.Wrapf(ErrInvalidArg, "cannot add hosts if container will not create /etc/hosts")
+ }
+
ctr.config.HostAdd = hosts
return nil
}
@@ -1184,6 +1198,44 @@ func WithCtrNamespace(ns string) CtrCreateOption {
}
}
+// WithNoCreateResolvConf tells the container not to bind-mount resolv.conf in.
+// This conflicts with other DNS-related options.
+func WithNoCreateResolvConf() CtrCreateOption {
+ return func(ctr *Container) error {
+ if ctr.valid {
+ return ErrCtrFinalized
+ }
+
+ if len(ctr.config.DNSServer) != 0 ||
+ len(ctr.config.DNSSearch) != 0 ||
+ len(ctr.config.DNSOption) != 0 {
+ return errors.Wrapf(ErrInvalidArg, "not creating resolv.conf conflicts with DNS options")
+ }
+
+ ctr.config.NoCreateResolvConf = true
+
+ return nil
+ }
+}
+
+// WithNoCreateHosts tells the container not to bind-mount /etc/hosts in.
+// This conflicts with WithHosts().
+func WithNoCreateHosts() CtrCreateOption {
+ return func(ctr *Container) error {
+ if ctr.valid {
+ return ErrCtrFinalized
+ }
+
+ if len(ctr.config.HostAdd) != 0 {
+ return errors.Wrapf(ErrInvalidArg, "not creating /etc/hosts conflicts with adding to the hosts file")
+ }
+
+ ctr.config.NoCreateHosts = true
+
+ return nil
+ }
+}
+
// withIsInfra sets the container to be an infra container. This means the container will be sometimes hidden
// and expected to be the first container in the pod.
func withIsInfra() CtrCreateOption {