Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

containers.no_hosts is not considered by podman system service #13719

Closed
reda-alaoui opened this issue Mar 30, 2022 · 2 comments · Fixed by #13787
Closed

containers.no_hosts is not considered by podman system service #13719

reda-alaoui opened this issue Mar 30, 2022 · 2 comments · Fixed by #13787
Assignees
@Luap99
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@reda-alaoui
Copy link

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

I use Jetbrains IntelliJ to connect to the Docker api. I don't have control on the way IntelliJ communicates with Docker.
All I can do is point IntelliJ to podman unix socket.

I want podman to behave like Docker regarding /etc/hosts entries management. Docker does not copy host /etc/hosts entries to the container /etc/hosts. I thought I would use https://docs.podman.io/en/latest/markdown/podman-run.1.html#no-hosts.

But containers.no_hosts=true is not considered when running containers via the REST api (works otherwise).

Steps to reproduce the issue:

  1. Add the following to ~/.config/containers/containers.conf :
[containers]
no_hosts=true
  1. Start a container via the REST api

Describe the results you received:

The container /etc/hosts contains entries coming from the host /etc/hosts.

Describe the results you expected:

I don't expect the host /etc/hosts entries to be copied to the container.

Additional information you deem important (e.g. issue happens only occasionally):

Since podman does not exhibit the same behaviour as Docker, maybe there is also an additional bug about a wrong default to consider here.

Output of podman version:

Version:      3.4.2
API Version:  3.4.2
Go Version:   go1.16.6
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: 'conmon: /usr/libexec/podman/conmon'
    path: /usr/libexec/podman/conmon
    version: 'conmon version 2.0.30, commit: '
  cpus: 16
  distribution:
    codename: focal
    distribution: ubuntu
    version: "20.04"
  eventLogger: journald
  hostname: rhousni
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.13.0-37-generic
  linkmode: dynamic
  logDriver: journald
  memFree: 39771643904
  memTotal: 67288952832
  ociRuntime:
    name: crun
    package: 'crun: /usr/bin/crun'
    path: /usr/bin/crun
    version: |-
      crun version UNKNOWN
      commit: ea1fe3938eefa14eb707f1d22adff4db670645d6
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: 'slirp4netns: /usr/bin/slirp4netns'
    version: |-
      slirp4netns version 1.1.8
      commit: unknown
      libslirp: 4.3.1-git
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.4.3
  swapFree: 1023406080
  swapTotal: 1023406080
  uptime: 3h 43m 1.36s (Approximately 0.12 days)
plugins:
  log:
  - k8s-file
  - none
  - journald
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
  - quay.io
store:
  configFile: /home/rhousni/.config/containers/storage.conf
  containerStore:
    number: 5
    paused: 0
    running: 0
    stopped: 5
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/rhousni/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 34
  runRoot: /run/user/1000/containers
  volumePath: /home/rhousni/.local/share/containers/storage/volumes
version:
  APIVersion: 3.4.2
  Built: 0
  BuiltTime: Thu Jan  1 01:00:00 1970
  GitCommit: ""
  GoVersion: go1.16.6
  OsArch: linux/amd64
  Version: 3.4.2

Package info (e.g. output of rpm -q podman or apt list podman):

Listing... Done
podman/unknown,now 100:3.4.2-1 amd64 [installed]
podman/unknown 100:3.4.2-1 arm64
podman/unknown 100:3.4.2-1 armhf
podman/unknown 100:3.4.2-1 s390

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes
@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Mar 30, 2022
This was referenced Mar 30, 2022
Closed
Closed
@Luap99 Luap99 mentioned this issue Apr 6, 2022
Merged
@white-gecko
Copy link

I can reproduce this issue with podman version 4.0.2.

MWE:

  1. Compare to the output of podman run/docker run
$ podman run --rm -it ubuntu /bin/bash -c "cat /etc/hosts"
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

… further content of my hosts /etc/hosts …

# used by slirp4netns
10.0.2.100	1e8e2a4e38fb adoring_napier
192.168.1.110	host.containers.internal
  1. configure in containers.conf
$ cat ~/.config/containers/containers.conf
[containers]
no_hosts=true
  1. Start socket
$ systemctl --user start podman.socket
  1. Create a docker-compose.yml:
version: "3"

services:
  ubuntu:
    image: "ubuntu"
    command: cat /etc/hosts
  1. Compare to the output of podman run/docker run
$ podman run --rm -it ubuntu /bin/bash -c "cat /etc/hosts"
$ docker run --rm -it ubuntu /bin/bash -c "cat /etc/hosts"

(The output is empty, as it should be)

  1. run docker-compose
$ export DOCKER_HOST=unix:///run/user/$UID/podman/podman.sock
$ docker-compose up                                          
Creating network "podman-hosts-mwe_default" with the default driver
Creating podman-hosts-mwe_ubuntu_1 ... done
Attaching to podman-hosts-mwe_ubuntu_1
ubuntu_1  | 127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
ubuntu_1  | ::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
ubuntu_1  | 
ubuntu_1  | … further content of my hosts /etc/hosts …
ubuntu_1  | 
ubuntu_1  | 10.89.1.2	b7d7626ce0af podman-hosts-mwe_ubuntu_1
ubuntu_1  | 10.89.1.1 host.containers.internal
podman-hosts-mwe_ubuntu_1 exited with code 0

The output still contains the hosts /etc/hosts, which it should not.

@rhatdan
Copy link
Member

rhatdan commented Apr 7, 2022

@Luap99 has been working on this.

Luap99 added a commit to Luap99/libpod that referenced this issue Apr 11, 2022
@Luap99
API: use no_hosts from containers.conf
d8a902a 
The API endpoints should properly honour the `no_hosts=true` setting in
containers.conf.

Fixes containers#13719

Signed-off-by: Paul Holzinger <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 20, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 20, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@Luap99 Luap99

Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
4 participants
@white-gecko @rhatdan @reda-alaoui @Luap99