From cfa661436b495c43083ebeb915e301e4826d065e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9da=20Housni=20Alaoui?= <reda-alaoui@hey.com>
Date: Thu, 31 Mar 2022 11:14:35 +0200
Subject: [PATCH] containers.no_hosts is not considered by podman system
 service
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Réda Housni Alaoui <reda-alaoui@hey.com>
---
 libpod/container_config.go          |  2 +-
 libpod/container_internal_linux.go  |  8 +++----
 libpod/container_validate.go        |  2 +-
 libpod/options.go                   |  3 ++-
 libpod/pod_api.go                   |  4 ++--
 libpod/runtime_ctr.go               |  4 ++++
 test/apiv2/20-containers.at         | 37 +++++++++++++++++++++++++++++
 test/apiv2/containers.no_hosts.conf |  2 ++
 8 files changed, 53 insertions(+), 9 deletions(-)
 create mode 100644 test/apiv2/containers.no_hosts.conf

diff --git a/libpod/container_config.go b/libpod/container_config.go
index 0d9cd57236..a0ddc50586 100644
--- a/libpod/container_config.go
+++ b/libpod/container_config.go
@@ -275,7 +275,7 @@ type ContainerNetworkConfig struct {
 	// UseImageHosts indicates that /etc/hosts should not be
 	// bind-mounted inside the container.
 	// Conflicts with HostAdd.
-	UseImageHosts bool
+	UseImageHosts *bool
 	// Hosts to add in container
 	// Will be appended to host's host file
 	HostAdd []string `json:"hostsAdd,omitempty"`
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 11ca169ca3..ac72df75e8 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -1865,7 +1865,7 @@ func (c *Container) makeBindMounts() error {
 			}
 		}
 
-		if c.config.NetNsCtr != "" && (!c.config.UseImageResolvConf || !c.config.UseImageHosts) {
+		if c.config.NetNsCtr != "" && (!c.config.UseImageResolvConf || c.config.UseImageHosts == nil || !*c.config.UseImageHosts) {
 			// We share a net namespace.
 			// We want /etc/resolv.conf and /etc/hosts from the
 			// other container. Unless we're not creating both of
@@ -1895,7 +1895,7 @@ func (c *Container) makeBindMounts() error {
 			// check if dependency container has an /etc/hosts file.
 			// It may not have one, so only use it if it does.
 			hostsPath, exists := bindMounts["/etc/hosts"]
-			if !c.config.UseImageHosts && exists {
+			if (c.config.UseImageHosts == nil || !*c.config.UseImageHosts) && exists {
 				depCtr.lock.Lock()
 				// generate a hosts file for the dependency container,
 				// based on either its old hosts file, or the default,
@@ -1937,7 +1937,7 @@ func (c *Container) makeBindMounts() error {
 				}
 			}
 
-			if !c.config.UseImageHosts {
+			if c.config.UseImageHosts == nil || !*c.config.UseImageHosts {
 				if err := c.updateHosts("/etc/hosts"); err != nil {
 					return errors.Wrapf(err, "error creating hosts file for container %s", c.ID())
 				}
@@ -1956,7 +1956,7 @@ func (c *Container) makeBindMounts() error {
 			}
 		}
 	} else {
-		if !c.config.UseImageHosts && c.state.BindMounts["/etc/hosts"] == "" {
+		if (c.config.UseImageHosts == nil || !*c.config.UseImageHosts) && c.state.BindMounts["/etc/hosts"] == "" {
 			if err := c.updateHosts("/etc/hosts"); err != nil {
 				return errors.Wrapf(err, "error creating hosts file for container %s", c.ID())
 			}
diff --git a/libpod/container_validate.go b/libpod/container_validate.go
index c6c9a4c6d7..deef84f1ea 100644
--- a/libpod/container_validate.go
+++ b/libpod/container_validate.go
@@ -84,7 +84,7 @@ func (c *Container) validate() error {
 		return errors.Wrapf(define.ErrInvalidArg, "cannot configure DNS options if using image's resolv.conf")
 	}
 
-	if c.config.UseImageHosts && len(c.config.HostAdd) > 0 {
+	if c.config.UseImageHosts != nil && *c.config.UseImageHosts && len(c.config.HostAdd) > 0 {
 		return errors.Wrapf(define.ErrInvalidArg, "cannot add to /etc/hosts if using image's /etc/hosts")
 	}
 
diff --git a/libpod/options.go b/libpod/options.go
index 2e54543935..07d4a54a96 100644
--- a/libpod/options.go
+++ b/libpod/options.go
@@ -1312,7 +1312,8 @@ func WithUseImageHosts() CtrCreateOption {
 			return define.ErrCtrFinalized
 		}
 
-		ctr.config.UseImageHosts = true
+		UseImageHosts := true
+		ctr.config.UseImageHosts = &UseImageHosts
 
 		return nil
 	}
diff --git a/libpod/pod_api.go b/libpod/pod_api.go
index be726d8d1e..e7c63393cb 100644
--- a/libpod/pod_api.go
+++ b/libpod/pod_api.go
@@ -593,10 +593,10 @@ func (p *Pod) Inspect() (*define.InspectPodData, error) {
 			return nil, err
 		}
 		infraConfig = new(define.InspectPodInfraConfig)
-		infraConfig.HostNetwork = !infra.config.ContainerNetworkConfig.UseImageHosts
+		infraConfig.HostNetwork = infra.config.ContainerNetworkConfig.UseImageHosts == nil || !*infra.config.ContainerNetworkConfig.UseImageHosts
 		infraConfig.StaticIP = infra.config.ContainerNetworkConfig.StaticIP
 		infraConfig.NoManageResolvConf = infra.config.UseImageResolvConf
-		infraConfig.NoManageHosts = infra.config.UseImageHosts
+		infraConfig.NoManageHosts = infra.config.ContainerNetworkConfig.UseImageHosts != nil && *infra.config.ContainerNetworkConfig.UseImageHosts
 		infraConfig.CPUPeriod = p.CPUPeriod()
 		infraConfig.CPUQuota = p.CPUQuota()
 		infraConfig.CPUSetCPUs = p.ResourceLim().CPU.Cpus
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 8c3d283a59..8d198d821c 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -392,6 +392,10 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 		ctr.config.Timezone = r.config.Containers.TZ
 	}
 
+	if ctr.config.UseImageHosts == nil {
+		ctr.config.UseImageHosts = &r.config.Containers.NoHosts
+	}
+
 	if ctr.restoreFromCheckpoint {
 		// Remove information about bind mount
 		// for new container from imported checkpoint
diff --git a/test/apiv2/20-containers.at b/test/apiv2/20-containers.at
index 94de2cf247..78c80ff431 100644
--- a/test/apiv2/20-containers.at
+++ b/test/apiv2/20-containers.at
@@ -447,3 +447,40 @@ t GET images/$iid/json 200 \
 
 t DELETE containers/$cid 204
 t DELETE images/docker.io/library/newrepo:v3?force=false 200
+
+# test create without default no_hosts
+t POST containers/create \
+  Image=$IMAGE \
+  201 \
+  .Id~[0-9a-f]\\{64\\}
+cid=$(jq -r '.Id' <<<"$output")
+
+t POST libpod/containers/$cid/init 204
+
+t GET libpod/containers/$cid/json 200
+
+cpid_file=$(jq -r '.ConmonPidFile' <<<"$output")
+userdata_path=$(dirname $cpid_file)
+
+t GET libpod/containers/$cid/json 200 \
+  .HostsPath=$userdata_path/hosts
+
+t DELETE containers/$cid 204
+
+# test create with default no_hosts=true
+stop_service
+CONTAINERS_CONF=$(pwd)/test/apiv2/containers.no_hosts.conf start_service
+t POST containers/create \
+  Image=$IMAGE \
+  201 \
+  .Id~[0-9a-f]\\{64\\}
+cid=$(jq -r '.Id' <<<"$output")
+
+t POST libpod/containers/$cid/init 204
+
+t GET libpod/containers/$cid/json 200 \
+  .HostsPath=""
+
+t DELETE containers/$cid 204
+stop_service
+start_service
diff --git a/test/apiv2/containers.no_hosts.conf b/test/apiv2/containers.no_hosts.conf
new file mode 100644
index 0000000000..b4c78bedbc
--- /dev/null
+++ b/test/apiv2/containers.no_hosts.conf
@@ -0,0 +1,2 @@
+[containers]
+no_hosts=true