diff --git a/server/container_create.go b/server/container_create.go index a4652cf3..e0bb0d24 100644 --- a/server/container_create.go +++ b/server/container_create.go @@ -1079,8 +1079,17 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string, specgen.AddMount(mnt) } - // Bind mount /etc/hosts for host networking containers - if hostNetwork(containerConfig) { + isInCRIMounts := func(dst string, mounts []*pb.Mount) bool { + for _, m := range mounts { + if m.ContainerPath == dst { + return true + } + } + return false + } + + if !isInCRIMounts("/etc/hosts", containerConfig.GetMounts()) && hostNetwork(containerConfig) { + // Only bind mount for host netns and when CRI does not give us any hosts file mnt = rspec.Mount{ Type: "bind", Source: "/etc/hosts",