add support for podman create/run --domainname

cmd/podman/common/create.go

@@ -108,6 +108,14 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 			"This is a Docker specific option and is a NOOP",
 		)
 
+		domainNameFlagName := "domainname"
+		createFlags.StringVar(
+			&cf.Domainname,
+			domainNameFlagName, "",
+			"Set container domain name",
+		)
+		_ = cmd.RegisterFlagCompletionFunc(domainNameFlagName, completion.AutocompleteNone)
+
 		envMergeFlagName := "env-merge"
 		createFlags.StringArrayVar(
 			&cf.EnvMerge,

docs/source/markdown/options/domainname.md

@@ -0,0 +1,9 @@
+####> This option file is used in:
+####>   podman create, run
+####> If file is edited, make sure the changes
+####> are applicable to all of those.
+#### **--domainname**=*name*
+
+Container domain name
+
+Sets the container domain name that is available inside the container. Can only be used with a private UTS namespace `--uts=private` (default).

docs/source/markdown/podman-create.1.md.in

@@ -141,6 +141,8 @@ This option cannot be combined with **--network** that is set to **none** or **c
 
 @@option dns-search.container
 
+@@option domainname
+
 @@option entrypoint
 
 @@option env

docs/source/markdown/podman-run.1.md.in

@@ -174,6 +174,8 @@ This option cannot be combined with **--network** that is set to **none** or **c
 
 @@option dns-search.container
 
+@@option domainname
+
 @@option entrypoint
 
 @@option env

go.mod

@@ -46,7 +46,7 @@ require (
 	github.com/opencontainers/image-spec v1.1.0-rc2
 	github.com/opencontainers/runc v1.1.4
 	github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb
-	github.com/opencontainers/runtime-tools v0.9.1-0.20221014010322-58c91d646d86
+	github.com/opencontainers/runtime-tools v0.9.1-0.20221107153022-2802ff9ff545
 	github.com/opencontainers/selinux v1.10.2
 	github.com/openshift/imagebuilder v1.2.4-0.20220711175835-4151e43600df
 	github.com/rootless-containers/rootlesskit v1.1.0
@@ -127,9 +127,6 @@ require (
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	github.com/vbatts/tar-split v0.11.2 // indirect
 	github.com/vishvananda/netns v0.0.0-20210104183010-2eb08e3e575f // indirect
-	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
-	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
-	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	golang.org/x/crypto v0.4.0 // indirect

go.sum

@@ -763,8 +763,8 @@ github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.m
 github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb h1:1xSVPOd7/UA+39/hXEGnBJ13p6JFB0E1EvQFlrRDOXI=
 github.com/opencontainers/runtime-spec v1.0.3-0.20220825212826-86290f6a00fb/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mod h1:r3f7wjNzSs2extwzU3Y+6pKfobzPh+kKFJ3ofN+3nfs=
-github.com/opencontainers/runtime-tools v0.9.1-0.20221014010322-58c91d646d86 h1:AaK4/fBxOmEFtb1bs/7KrJsQIgVPnhIrtgJ92RaqM60=
-github.com/opencontainers/runtime-tools v0.9.1-0.20221014010322-58c91d646d86/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
+github.com/opencontainers/runtime-tools v0.9.1-0.20221107153022-2802ff9ff545 h1:ftZiJi2Wy+U8Kvc6hdGMCcy+szWDjajN+idKlVHap+Y=
+github.com/opencontainers/runtime-tools v0.9.1-0.20221107153022-2802ff9ff545/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
 github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE=
 github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo=
 github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8=
@@ -958,7 +958,6 @@ github.com/willf/bitset v1.1.11-0.20200630133818-d5bec3311243/go.mod h1:RjeCKbqT
 github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI=
 github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
-github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=

libpod/container.go

@@ -688,6 +688,22 @@ func (c *Container) Hostname() string {
 	return c.ID()[:12]
 }
 
+// Domainname gets the container's domainname
+func (c *Container) Domainname() string {
+	if c.config.UTSNsCtr != "" {
+		utsNsCtr, err := c.runtime.GetContainer(c.config.UTSNsCtr)
+		if err != nil {
+			logrus.Errorf("unable to look up uts namespace for container %s: %v", c.ID(), err)
+			return ""
+		}
+		return utsNsCtr.Domainname()
+	}
+	if c.config.Spec.Domainname != "" {
+		return c.config.Spec.Domainname
+	}
+	return ""
+}
+
 // WorkingDir returns the containers working dir
 func (c *Container) WorkingDir() string {
 	if c.config.Spec.Process != nil {

libpod/container_config.go

@@ -85,6 +85,9 @@ type ContainerConfig struct {
 	// This field should never be written to the db, the json tag ensures this.
 	rewrite bool `json:"-"`
 
+	// Domainname defines the containers domainname
+	Domainname string `json:"domainname,omitempty"`
+
 	// embedded sub-configs
 	ContainerRootFSConfig
 	ContainerSecurityConfig

libpod/container_inspect_linux.go

@@ -10,7 +10,7 @@ import (
 	"github.com/containers/podman/v4/pkg/util"
 	spec "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/runtime-tools/generate"
-	"github.com/opencontainers/runtime-tools/validate"
+	"github.com/opencontainers/runtime-tools/validate/capabilities"
 	"github.com/sirupsen/logrus"
 	"github.com/syndtr/gocapability/capability"
 )
@@ -150,7 +150,7 @@ func (c *Container) platformInspectContainerHostConfig(ctrSpec *spec.Spec, hostC
 			}
 			// If we are privileged, use all caps.
 			for _, cap := range capability.List() {
-				if g.HostSpecific && cap > validate.LastCap() {
+				if g.HostSpecific && cap > capabilities.LastCap() {
 					continue
 				}
 				boundingCaps[fmt.Sprintf("CAP_%s", strings.ToUpper(cap.String()))] = true

libpod/container_internal_common.go

@@ -164,7 +164,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
 
 	// NewFromSpec() is deprecated according to its comment
 	// however the recommended replace just causes a nil map panic
-	//nolint:staticcheck
 	g := generate.NewFromSpec(c.config.Spec)
 
 	// If the flag to mount all devices is set for a privileged container, add
@@ -1206,7 +1205,6 @@ func (c *Container) generateContainerSpec() error {
 
 	// NewFromSpec() is deprecated according to its comment
 	// however the recommended replace just causes a nil map panic
-	//nolint:staticcheck
 	g := generate.NewFromSpec(c.config.Spec)
 
 	if err := c.saveSpec(g.Config); err != nil {
@@ -2105,13 +2103,25 @@ func (c *Container) removeNameserver(ips []string) error {
 }
 
 func getLocalhostHostEntry(c *Container) etchosts.HostEntries {
-	return etchosts.HostEntries{{IP: "127.0.0.1", Names: []string{c.Hostname(), c.config.Name}}}
+	hostname := c.Hostname()
+	domainname := c.Domainname()
+	fullname := hostname
+	if len(domainname) > 0 {
+		fullname = fullname + "." + domainname
+	}
+	return etchosts.HostEntries{{IP: "127.0.0.1", Names: []string{fullname, c.config.Name}}}
 }
 
 // getHostsEntries returns the container ip host entries for the correct netmode
 func (c *Container) getHostsEntries() (etchosts.HostEntries, error) {
 	var entries etchosts.HostEntries
-	names := []string{c.Hostname(), c.config.Name}
+	hostname := c.Hostname()
+	domainname := c.Domainname()
+	fullname := hostname
+	if len(domainname) > 0 {
+		fullname = fullname + "." + domainname
+	}
+	names := []string{fullname, c.config.Name}
 	switch {
 	case c.config.NetMode.IsBridge():
 		entries = etchosts.GetNetworkHostEntries(c.state.NetworkStatus, names...)

libpod/options.go

@@ -980,7 +980,6 @@ func WithUserNSFrom(nsCtr *Container) CtrCreateOption {
 		}
 		// NewFromSpec() is deprecated according to its comment
 		// however the recommended replace just causes a nil map panic
-		//nolint:staticcheck
 		g := generate.NewFromSpec(ctr.config.Spec)
 
 		g.ClearLinuxUIDMappings()

libpod/runtime_ctr.go

@@ -413,7 +413,6 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 
 		// NewFromSpec() is deprecated according to its comment
 		// however the recommended replace just causes a nil map panic
-		//nolint:staticcheck
 		g := generate.NewFromSpec(ctr.config.Spec)
 		g.RemoveMount("/dev/shm")
 		ctr.config.ShmDir = ""

pkg/domain/entities/pods.go

@@ -200,6 +200,7 @@ type ContainerCreateOptions struct {
 	DeviceReadIOPs     []string
 	DeviceWriteBPs     []string
 	DeviceWriteIOPs    []string
+	Domainname         string
 	Entrypoint         *string `json:"container_command,omitempty"`
 	Env                []string
 	EnvHost            bool

pkg/specgen/generate/container_create.go

@@ -191,7 +191,12 @@ func MakeContainer(ctx context.Context, rt *libpod.Runtime, s *specgen.SpecGener
 		opts = ExtractCDIDevices(s)
 		options = append(options, opts...)
 	}
+
 	runtimeSpec, err := SpecGenToOCI(ctx, s, rt, rtc, newImage, finalMounts, pod, command, compatibleOptions)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
 	if clone { // the container fails to start if cloned due to missing Linux spec entries
 		if c == nil {
 			return nil, nil, nil, errors.New("the given container could not be retrieved")

pkg/specgen/generate/namespaces_linux.go

@@ -71,22 +71,26 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt
 	}
 
 	hostname := s.Hostname
+	domainname := s.Domainname
 	if hostname == "" {
 		switch {
 		case s.UtsNS.NSMode == specgen.FromPod:
 			hostname = pod.Hostname()
+			domainname = ""
 		case s.UtsNS.NSMode == specgen.FromContainer:
 			utsCtr, err := rt.LookupContainer(s.UtsNS.Value)
 			if err != nil {
 				return fmt.Errorf("looking up container to share uts namespace with: %w", err)
 			}
 			hostname = utsCtr.Hostname()
+			domainname = utsCtr.Domainname()
 		case (s.NetNS.NSMode == specgen.Host && hostname == "") || s.UtsNS.NSMode == specgen.Host:
 			tmpHostname, err := os.Hostname()
 			if err != nil {
 				return fmt.Errorf("unable to retrieve hostname of the host: %w", err)
 			}
 			hostname = tmpHostname
+			domainname = ""
 		default:
 			logrus.Debug("No hostname set; container's hostname will default to runtime default")
 		}
@@ -98,8 +102,13 @@ func specConfigureNamespaces(s *specgen.SpecGenerator, g *generate.Generator, rt
 		// the user or if we are creating a new UTS namespace.
 		// TODO: Should we be doing this for pod or container shared
 		// namespaces?
+		// we do not want to add domainname to the hostname, we need to keep track of it for later
 		g.SetHostname(hostname)
 	}
+
+	if s.Domainname != "" && s.UtsNS.NSMode != specgen.Host {
+		g.SetDomainName(domainname)
+	}
 	if _, ok := s.Env["HOSTNAME"]; !ok && s.Hostname != "" {
 		g.AddProcessEnv("HOSTNAME", hostname)
 	}

pkg/specgen/specgen.go

@@ -160,6 +160,8 @@ type ContainerBasicConfig struct {
 	// Conflicts with UtsNS if UtsNS is not set to private.
 	// Optional.
 	Hostname string `json:"hostname,omitempty"`
+	// Domainname is the container's domain name. Must be specified in conjunction with hostname
+	Domainname string `json:"domainname,omitempty"`
 	// HostUses is a list of host usernames or UIDs to add to the container
 	// /etc/passwd file
 	HostUsers []string `json:"hostusers,omitempty"`

pkg/specgenutil/specgen.go

@@ -561,6 +561,10 @@ func FillOutSpecGen(s *specgen.SpecGenerator, c *entities.ContainerCreateOptions
 	if len(s.Hostname) == 0 || len(c.Hostname) != 0 {
 		s.Hostname = c.Hostname
 	}
+
+	if len(s.Domainname) == 0 || len(c.Domainname) != 0 {
+		s.Domainname = c.Domainname
+	}
 	sysctl := map[string]string{}
 	if ctl := c.Sysctl; len(ctl) > 0 {
 		sysctl, err = util.ValidateSysctls(ctl)

test/e2e/run_dns_test.go

@@ -99,6 +99,22 @@ var _ = Describe("Podman run dns", func() {
 		Expect(session.OutputToString()).To(ContainSubstring("foobar"))
 	})
 
+	It("podman run domainname sets /etc/hosts is retrievable via commands", func() {
+		Skip("crun not updated in CI")
+		session := podmanTest.Podman([]string{"run", "--name", "testing", "--hostname", "foobar", "--domainname", "foobar.fake_domain", ALPINE, "cat", "/etc/hosts"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("foobar.foobar.fake_domain"))
+
+		session = podmanTest.Podman([]string{"run", "--name", "testing2", "-dt", "--hostname", "foobar", "--domainname", "fake_domain", "fedora"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		session = podmanTest.Podman([]string{"exec", "-it", "testing2", "cat", "/proc/sys/kernel/domainname"})
+		session.WaitWithDefaultTimeout()
+		Expect(session).Should(Exit(0))
+		Expect(session.OutputToString()).To(ContainSubstring("fake_domain"))
+	})
+
 	It("podman run mutually excludes --dns* and --network", func() {
 		session := podmanTest.Podman([]string{"run", "--dns=1.2.3.4", "--network", "container:ALPINE", ALPINE})
 		session.WaitWithDefaultTimeout()