-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Podman container image contains too many host namespaces #13714
Comments
The basic idea of podman and buildah inside of a container, is you already have separate namespaces from the parent container, so use them. Rather then add the complexity of multiple different namespaces. |
Uts should match up with what we decide for network though. |
Sure but then podman should be working with a host uts namespace. Also buildah ignores most containers.conf settings, see containers/buildah#3836 |
A friendly reminder that this issue had no activity for 30 days. |
@Luap99 any movement on this? |
No I think it is not a good idea to have many host namespaces in the container. This will result in vastly different behaviour between podman in a container and on the host. Anyway the current state is that podman pod create is broken when you have uts set to host (not relevant if container or not) so we should fix this. |
When you have utsns="host" set in containers.conf the podman pod create command currently fails because it always sets a hostname for the pod. This is wrong, we only want a hostname with a private uts namespace. Otherwise we should ignore it. The test currently cannot work rootless because containers#13763. Ref containers#13714 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
A friendly reminder that this issue had no activity for 30 days. |
@cdoern PTAL |
@Luap99 would this be satisfied by adding the |
add support for the --uts flag in pod create, allowing users to avoid issues with default values in containers.conf. uts follows the same format as other namespace flags: --uts=private (default), --uts=host, --uts=ns:PATH resolves containers#13714 Signed-off-by: Charlie Doern <cdoern@redhat.com>
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
IMO the podman container image should behave as much as possible like a normal podman on the actual host.
Currently most namespaces are set to host via container.conf in the image:
podman/contrib/podmanimage/stable/containers.conf
Lines 2 to 6 in ff8834f
I understand that some namespaces do not work as well when they are nested, for example the network namespace.
However I do not see reason why uts or ipc is set to host. The list does not specify pid namespace so this is already private.
The discussion come up when testing new images in the upgrade test: #13697
Steps ns to reproduce the issue:
Describe the results you received:
Podman pod create does not work out of the box. User have to change containers.conf manually since there is not --uts option for podman pod create.
Describe the results you expected:
It should work.
Additional information you deem important (e.g. issue happens only occasionally):
#11969
The text was updated successfully, but these errors were encountered: