From cf37995d30e0c5173d8ef34c53c64783d8ebfc58 Mon Sep 17 00:00:00 2001 From: Antonio Murdaca Date: Wed, 24 Jan 2018 13:29:28 +0100 Subject: [PATCH] container_create: only bind mount /etc/hosts if not provided by k8s k8s already mounts /etc/hosts from /var/lib/kubelet/pods//etc-hosts even for host network. We shouldn't play with it unless we're running from crictl for instance. Signed-off-by: Antonio Murdaca --- server/container_create.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/server/container_create.go b/server/container_create.go index a4652cf3..e0bb0d24 100644 --- a/server/container_create.go +++ b/server/container_create.go @@ -1079,8 +1079,17 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string, specgen.AddMount(mnt) } - // Bind mount /etc/hosts for host networking containers - if hostNetwork(containerConfig) { + isInCRIMounts := func(dst string, mounts []*pb.Mount) bool { + for _, m := range mounts { + if m.ContainerPath == dst { + return true + } + } + return false + } + + if !isInCRIMounts("/etc/hosts", containerConfig.GetMounts()) && hostNetwork(containerConfig) { + // Only bind mount for host netns and when CRI does not give us any hosts file mnt = rspec.Mount{ Type: "bind", Source: "/etc/hosts",