1 files changed, 67 insertions, 30 deletions

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 6ebbfd1f3..0a663200a 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -369,13 +369,46 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 		if err != nil {
 			return nil, err
 		}
-		volMount := spec.Mount{
-			Type:        "bind",
-			Source:      mountPoint,
-			Destination: namedVol.Dest,
-			Options:     namedVol.Options,
+
+		overlayFlag := false
+		for _, o := range namedVol.Options {
+			if o == "O" {
+				overlayFlag = true
+			}
+		}
+
+		if overlayFlag {
+			contentDir, err := overlay.TempDir(c.config.StaticDir, c.RootUID(), c.RootGID())
+			if err != nil {
+				return nil, err
+			}
+			overlayMount, err := overlay.Mount(contentDir, mountPoint, namedVol.Dest, c.RootUID(), c.RootGID(), c.runtime.store.GraphOptions())
+			if err != nil {
+				return nil, errors.Wrapf(err, "mounting overlay failed %q", mountPoint)
+			}
+
+			for _, o := range namedVol.Options {
+				switch o {
+				case "U":
+					if err := chown.ChangeHostPathOwnership(mountPoint, true, int(hostUID), int(hostGID)); err != nil {
+						return nil, err
+					}
+
+					if err := chown.ChangeHostPathOwnership(contentDir, true, int(hostUID), int(hostGID)); err != nil {
+						return nil, err
+					}
+				}
+			}
+			g.AddMount(overlayMount)
+		} else {
+			volMount := spec.Mount{
+				Type:        "bind",
+				Source:      mountPoint,
+				Destination: namedVol.Dest,
+				Options:     namedVol.Options,
+			}
+			g.AddMount(volMount)
 		}
-		g.AddMount(volMount)
 	}
 
 	// Check if the spec file mounts contain the options z, Z or U.
@@ -2050,35 +2083,39 @@ func (c *Container) getHosts() string {
 		}
 	}
 
-	// Add gateway entry
-	var depCtr *Container
-	netStatus := c.getNetworkStatus()
-	if c.config.NetNsCtr != "" {
-		// ignoring the error because there isn't anything to do
-		depCtr, _ = c.getRootNetNsDepCtr()
-	} else if len(netStatus) != 0 {
-		depCtr = c
-	}
-
-	if depCtr != nil {
-		for _, status := range depCtr.getNetworkStatus() {
-			for _, netInt := range status.Interfaces {
-				for _, netAddress := range netInt.Networks {
-					if netAddress.Gateway != nil {
-						hosts += fmt.Sprintf("%s host.containers.internal\n", netAddress.Gateway.String())
+	// Add gateway entry if we are not in a machine. If we use podman machine
+	// the gvproxy dns server will take care of host.containers.internal.
+	// https://github.com/containers/gvisor-tap-vsock/commit/1108ea45162281046d239047a6db9bc187e64b08
+	if !c.runtime.config.Engine.MachineEnabled {
+		var depCtr *Container
+		netStatus := c.getNetworkStatus()
+		if c.config.NetNsCtr != "" {
+			// ignoring the error because there isn't anything to do
+			depCtr, _ = c.getRootNetNsDepCtr()
+		} else if len(netStatus) != 0 {
+			depCtr = c
+		}
+
+		if depCtr != nil {
+			for _, status := range depCtr.getNetworkStatus() {
+				for _, netInt := range status.Interfaces {
+					for _, netAddress := range netInt.Networks {
+						if netAddress.Gateway != nil {
+							hosts += fmt.Sprintf("%s host.containers.internal\n", netAddress.Gateway.String())
+						}
 					}
 				}
 			}
-		}
-	} else if c.config.NetMode.IsSlirp4netns() {
-		gatewayIP, err := GetSlirp4netnsGateway(c.slirp4netnsSubnet)
-		if err != nil {
-			logrus.Warn("failed to determine gatewayIP: ", err.Error())
+		} else if c.config.NetMode.IsSlirp4netns() {
+			gatewayIP, err := GetSlirp4netnsGateway(c.slirp4netnsSubnet)
+			if err != nil {
+				logrus.Warn("failed to determine gatewayIP: ", err.Error())
+			} else {
+				hosts += fmt.Sprintf("%s host.containers.internal\n", gatewayIP.String())
+			}
 		} else {
-			hosts += fmt.Sprintf("%s host.containers.internal\n", gatewayIP.String())
+			logrus.Debug("network configuration does not support host.containers.internal address")
 		}
-	} else {
-		logrus.Debug("network configuration does not support host.containers.internal address")
 	}
 
 	return hosts