Skip to content

Commit

Permalink
add support for podman create/run --domainname
Browse files Browse the repository at this point in the history
domainname functions similarly to --hostname, it sets the value in /etc/hosts
to whatever you speficy in conjunction with --hostname. so if you pass
--hostname=foo --domainmame=baz.net, /etc/hosts will get the combined entry and /proc/sys/kernel/domainname will get
baz.net
resolves containers#15102

Signed-off-by: Charlie Doern <[email protected]>
  • Loading branch information
cdoern committed Dec 22, 2022
1 parent 9fbf918 commit 93f5b13
Show file tree
Hide file tree
Showing 69 changed files with 184 additions and 8,649 deletions.
8 changes: 8 additions & 0 deletions cmd/podman/common/create.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
"This is a Docker specific option and is a NOOP",
)

domainNameFlagName := "domainname"
createFlags.StringVar(
&cf.Domainname,
domainNameFlagName, "",
"Set container domain name",
)
_ = cmd.RegisterFlagCompletionFunc(domainNameFlagName, completion.AutocompleteNone)

envMergeFlagName := "env-merge"
createFlags.StringArrayVar(
&cf.EnvMerge,
Expand Down
9 changes: 9 additions & 0 deletions docs/source/markdown/options/domainname.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
####> This option file is used in:
####> podman create, run
####> If file is edited, make sure the changes
####> are applicable to all of those.
#### **--domainname**=*name*

Container domain name

Sets the container domain name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default).
2 changes: 2 additions & 0 deletions docs/source/markdown/podman-create.1.md.in
Original file line number Diff line number Diff line change
Expand Up @@ -141,6 +141,8 @@ This option cannot be combined with **--network** that is set to **none** or **c

@@option dns-search.container

@@option domainname

@@option entrypoint

@@option env
Expand Down
2 changes: 2 additions & 0 deletions docs/source/markdown/podman-run.1.md.in
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,8 @@ This option cannot be combined with **--network** that is set to **none** or **c

@@option dns-search.container

@@option domainname

@@option entrypoint

@@option env
Expand Down
5 changes: 1 addition & 4 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ require (
github.com/opencontainers/image-spec v1.1.0-rc2
github.com/opencontainers/runc v1.1.4
github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb
github.com/opencontainers/runtime-tools v0.9.1-0.20221014010322-58c91d646d86
github.com/opencontainers/runtime-tools v0.9.1-0.20221107153022-2802ff9ff545
github.com/opencontainers/selinux v1.10.2
github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df
github.com/rootless-containers/rootlesskit v1.1.0
Expand Down Expand Up @@ -127,9 +127,6 @@ require (
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/vbatts/tar-split v0.11.2 // indirect
github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
go.opencensus.io v0.24.0 // indirect
golang.org/x/crypto v0.4.0 // indirect
Expand Down
5 changes: 2 additions & 3 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -763,8 +763,8 @@ github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.m
github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb h1:1xSVPOd7/UA+39/hXEGnBJ13p6JFB0E1EvQFlrRDOXI=
github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
github.com/opencontainers/runtime-tools v0.9.1-0.20221014010322-58c91d646d86 h1:AaK4/fBxOmEFtb1bs/7KrJsQIgVPnhIrtgJ92RaqM60=
github.com/opencontainers/runtime-tools v0.9.1-0.20221014010322-58c91d646d86/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
github.com/opencontainers/runtime-tools v0.9.1-0.20221107153022-2802ff9ff545 h1:ftZiJi2Wy+U8Kvc6hdGMCcy+szWDjajN+idKlVHap+Y=
github.com/opencontainers/runtime-tools v0.9.1-0.20221107153022-2802ff9ff545/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
Expand Down Expand Up @@ -958,7 +958,6 @@ github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT
github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
Expand Down
16 changes: 16 additions & 0 deletions libpod/container.go
Original file line number Diff line number Diff line change
Expand Up @@ -688,6 +688,22 @@ func (c *Container) Hostname() string {
return c.ID()[:12]
}

// Domainname gets the container's domainname
func (c *Container) Domainname() string {
if c.config.UTSNsCtr != "" {
utsNsCtr, err := c.runtime.GetContainer(c.config.UTSNsCtr)
if err != nil {
logrus.Errorf("unable to look up uts namespace for container %s: %v", c.ID(), err)
return ""
}
return utsNsCtr.Domainname()
}
if c.config.Spec.Domainname != "" {
return c.config.Spec.Domainname
}
return ""
}

// WorkingDir returns the containers working dir
func (c *Container) WorkingDir() string {
if c.config.Spec.Process != nil {
Expand Down
3 changes: 3 additions & 0 deletions libpod/container_config.go
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,9 @@ type ContainerConfig struct {
// This field should never be written to the db, the json tag ensures this.
rewrite bool `json:"-"`

// Domainname defines the containers domainname
Domainname string `json:"domainname,omitempty"`

// embedded sub-configs
ContainerRootFSConfig
ContainerSecurityConfig
Expand Down
4 changes: 2 additions & 2 deletions libpod/container_inspect_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
"github.com/containers/podman/v4/pkg/util"
spec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/runtime-tools/validate"
"github.com/opencontainers/runtime-tools/validate/capabilities"
"github.com/sirupsen/logrus"
"github.com/syndtr/gocapability/capability"
)
Expand Down Expand Up @@ -150,7 +150,7 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC
}
// If we are privileged, use all caps.
for _, cap := range capability.List() {
if g.HostSpecific && cap > validate.LastCap() {
if g.HostSpecific && cap > capabilities.LastCap() {
continue
}
boundingCaps[fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))] = true
Expand Down
18 changes: 14 additions & 4 deletions libpod/container_internal_common.go
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {

// NewFromSpec() is deprecated according to its comment
// however the recommended replace just causes a nil map panic
//nolint:staticcheck
g := generate.NewFromSpec(c.config.Spec)

// If the flag to mount all devices is set for a privileged container, add
Expand Down Expand Up @@ -1206,7 +1205,6 @@ func (c *Container) generateContainerSpec() error {

// NewFromSpec() is deprecated according to its comment
// however the recommended replace just causes a nil map panic
//nolint:staticcheck
g := generate.NewFromSpec(c.config.Spec)

if err := c.saveSpec(g.Config); err != nil {
Expand Down Expand Up @@ -2105,13 +2103,25 @@ func (c *Container) removeNameserver(ips []string) error {
}

func getLocalhostHostEntry(c *Container) etchosts.HostEntries {
return etchosts.HostEntries{{IP: "127.0.0.1", Names: []string{c.Hostname(), c.config.Name}}}
hostname := c.Hostname()
domainname := c.Domainname()
fullname := hostname
if len(domainname) > 0 {
fullname = fullname + "." + domainname
}
return etchosts.HostEntries{{IP: "127.0.0.1", Names: []string{fullname, c.config.Name}}}
}

// getHostsEntries returns the container ip host entries for the correct netmode
func (c *Container) getHostsEntries() (etchosts.HostEntries, error) {
var entries etchosts.HostEntries
names := []string{c.Hostname(), c.config.Name}
hostname := c.Hostname()
domainname := c.Domainname()
fullname := hostname
if len(domainname) > 0 {
fullname = fullname + "." + domainname
}
names := []string{fullname, c.config.Name}
switch {
case c.config.NetMode.IsBridge():
entries = etchosts.GetNetworkHostEntries(c.state.NetworkStatus, names...)
Expand Down
1 change: 0 additions & 1 deletion libpod/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -980,7 +980,6 @@ func WithUserNSFrom(nsCtr *Container) CtrCreateOption {
}
// NewFromSpec() is deprecated according to its comment
// however the recommended replace just causes a nil map panic
//nolint:staticcheck
g := generate.NewFromSpec(ctr.config.Spec)

g.ClearLinuxUIDMappings()
Expand Down
1 change: 0 additions & 1 deletion libpod/runtime_ctr.go
Original file line number Diff line number Diff line change
Expand Up @@ -413,7 +413,6 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai

// NewFromSpec() is deprecated according to its comment
// however the recommended replace just causes a nil map panic
//nolint:staticcheck
g := generate.NewFromSpec(ctr.config.Spec)
g.RemoveMount("/dev/shm")
ctr.config.ShmDir = ""
Expand Down
1 change: 1 addition & 0 deletions pkg/domain/entities/pods.go
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,7 @@ type ContainerCreateOptions struct {
DeviceReadIOPs []string
DeviceWriteBPs []string
DeviceWriteIOPs []string
Domainname string
Entrypoint *string `json:"container_command,omitempty"`
Env []string
EnvHost bool
Expand Down
5 changes: 5 additions & 0 deletions pkg/specgen/generate/container_create.go
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,12 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
opts = ExtractCDIDevices(s)
options = append(options, opts...)
}

runtimeSpec, err := SpecGenToOCI(ctx, s, rt, rtc, newImage, finalMounts, pod, command, compatibleOptions)
if err != nil {
return nil, nil, nil, err
}

if clone { // the container fails to start if cloned due to missing Linux spec entries
if c == nil {
return nil, nil, nil, errors.New("the given container could not be retrieved")
Expand Down
9 changes: 9 additions & 0 deletions pkg/specgen/generate/namespaces_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,22 +71,26 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt
}

hostname := s.Hostname
domainname := s.Domainname
if hostname == "" {
switch {
case s.UtsNS.NSMode == specgen.FromPod:
hostname = pod.Hostname()
domainname = ""
case s.UtsNS.NSMode == specgen.FromContainer:
utsCtr, err := rt.LookupContainer(s.UtsNS.Value)
if err != nil {
return fmt.Errorf("looking up container to share uts namespace with: %w", err)
}
hostname = utsCtr.Hostname()
domainname = utsCtr.Domainname()
case (s.NetNS.NSMode == specgen.Host && hostname == "") || s.UtsNS.NSMode == specgen.Host:
tmpHostname, err := os.Hostname()
if err != nil {
return fmt.Errorf("unable to retrieve hostname of the host: %w", err)
}
hostname = tmpHostname
domainname = ""
default:
logrus.Debug("No hostname set; container's hostname will default to runtime default")
}
Expand All @@ -98,8 +102,13 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt
// the user or if we are creating a new UTS namespace.
// TODO: Should we be doing this for pod or container shared
// namespaces?
// we do not want to add domainname to the hostname, we need to keep track of it for later
g.SetHostname(hostname)
}

if s.Domainname != "" && s.UtsNS.NSMode != specgen.Host {
g.SetDomainName(domainname)
}
if _, ok := s.Env["HOSTNAME"]; !ok && s.Hostname != "" {
g.AddProcessEnv("HOSTNAME", hostname)
}
Expand Down
2 changes: 2 additions & 0 deletions pkg/specgen/specgen.go
Original file line number Diff line number Diff line change
Expand Up @@ -160,6 +160,8 @@ type ContainerBasicConfig struct {
// Conflicts with UtsNS if UtsNS is not set to private.
// Optional.
Hostname string `json:"hostname,omitempty"`
// Domainname is the container's domain name. Must be specified in conjunction with hostname
Domainname string `json:"domainname,omitempty"`
// HostUses is a list of host usernames or UIDs to add to the container
// /etc/passwd file
HostUsers []string `json:"hostusers,omitempty"`
Expand Down
4 changes: 4 additions & 0 deletions pkg/specgenutil/specgen.go
Original file line number Diff line number Diff line change
Expand Up @@ -561,6 +561,10 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
if len(s.Hostname) == 0 || len(c.Hostname) != 0 {
s.Hostname = c.Hostname
}

if len(s.Domainname) == 0 || len(c.Domainname) != 0 {
s.Domainname = c.Domainname
}
sysctl := map[string]string{}
if ctl := c.Sysctl; len(ctl) > 0 {
sysctl, err = util.ValidateSysctls(ctl)
Expand Down
16 changes: 16 additions & 0 deletions test/e2e/run_dns_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,22 @@ var _ = Describe("Podman run dns", func() {
Expect(session.OutputToString()).To(ContainSubstring("foobar"))
})

It("podman run domainname sets /etc/hosts is retrievable via commands", func() {
Skip("crun not updated in CI")
session := podmanTest.Podman([]string{"run", "--name", "testing", "--hostname", "foobar", "--domainname", "foobar.fake_domain", ALPINE, "cat", "/etc/hosts"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("foobar.foobar.fake_domain"))

session = podmanTest.Podman([]string{"run", "--name", "testing2", "-dt", "--hostname", "foobar", "--domainname", "fake_domain", "fedora"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
session = podmanTest.Podman([]string{"exec", "-it", "testing2", "cat", "/proc/sys/kernel/domainname"})
session.WaitWithDefaultTimeout()
Expect(session).Should(Exit(0))
Expect(session.OutputToString()).To(ContainSubstring("fake_domain"))
})

It("podman run mutually excludes --dns* and --network", func() {
session := podmanTest.Podman([]string{"run", "--dns=1.2.3.4", "--network", "container:ALPINE", ALPINE})
session.WaitWithDefaultTimeout()
Expand Down
Loading

0 comments on commit 93f5b13

Please sign in to comment.