From 45e53ed7b0e262e1ba0c2874265f812f1ece53b8 Mon Sep 17 00:00:00 2001 From: Doug Rabson Date: Fri, 1 Dec 2023 11:37:27 +0000 Subject: [PATCH] libpod: Detect whether we have a private UTS namespace on FreeBSD Right now, we always use a private UTS namespace on FreeBSD. This should be made optional but implementing that cleanly needs a FreeBSD extension to the OCI runtime config. The process for that is starting (https://github.com/opencontainers/tob/pull/133) but in the meantime, assume that the UTS namespace is private on FreeBSD. This moves the Linux-specific namespace logic to container_internal_linux.go and adds a FreeBSD stub. [NO NEW TESTS NEEDED] Signed-off-by: Doug Rabson --- libpod/container.go | 10 +--------- libpod/container_internal_freebsd.go | 7 +++++++ libpod/container_internal_linux.go | 13 +++++++++++++ 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/libpod/container.go b/libpod/container.go index bc904f0ba4..9bd8028367 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -688,15 +688,7 @@ func (c *Container) Hostname() string { // if the container is not running in a private UTS namespace, // return the host's hostname. - privateUTS := false - if c.config.Spec.Linux != nil { - for _, ns := range c.config.Spec.Linux.Namespaces { - if ns.Type == spec.UTSNamespace { - privateUTS = true - break - } - } - } + privateUTS := c.hasPrivateUTS() if !privateUTS { hostname, err := os.Hostname() if err == nil { diff --git a/libpod/container_internal_freebsd.go b/libpod/container_internal_freebsd.go index 6ad8dd853e..430e16d3fa 100644 --- a/libpod/container_internal_freebsd.go +++ b/libpod/container_internal_freebsd.go @@ -392,3 +392,10 @@ func (c *Container) getPlatformRunPath() (string, error) { func (c *Container) addMaskedPaths(g *generate.Generator) { // There are currently no FreeBSD-specific masked paths } + +func (c *Container) hasPrivateUTS() bool { + // Currently we always use a private UTS namespace on FreeBSD. This + // should be optional but needs a FreeBSD section in the OCI runtime + // specification. + return true +} diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 6a8774b265..7f6508d380 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -811,3 +811,16 @@ func (c *Container) addMaskedPaths(g *generate.Generator) { g.AddLinuxMaskedPaths("/sys/devices/virtual/powercap") } } + +func (c *Container) hasPrivateUTS() bool { + privateUTS := false + if c.config.Spec.Linux != nil { + for _, ns := range c.config.Spec.Linux.Namespaces { + if ns.Type == spec.UTSNamespace { + privateUTS = true + break + } + } + } + return privateUTS +}