-
Notifications
You must be signed in to change notification settings - Fork 18.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
allow /etc/hosts /etc/resolv.conf and /etc/hostname to be changed #5129
Conversation
So, this creates a "private" |
|
+1. Question (out of curiosity rather than anything else): if I change those files in my container, will that be committed to the image, or are they excluded anyway? |
No, the changes won't be commited. |
Looking forward to this. Thanks! |
rebased, @creack @crosbymichael @shykes @unclejack please review |
@alexlarsson do you have any input ? |
I think this is kind of weird. First of all, even if the file is rw bind-mounted you can't do a proper atomic replace operation on it (write to tmpfile, rename over target). Secondly, if we copy the file like that we will never update the resolve file if the host changes to a different network, so, e.g. on a roaming laptop containers will stop properly resolving hostnames. |
|
@vieux I understand that we're already broken wrt this with the current system, but I think we want to either the "read-only forward of host dns, with updates" model, or "get initial state but then let the container modify it" model. This patch doesn't do either, since the natural way to modify these files is with a write-to-tmp-rename-over-target atomic operation, which will fail with the rw bind mount. |
@shykes any input on this ? |
I am definitely in favor of making @vieux would you mind giving a high-level description of you implement it, expected behavior etc? Thanks |
@shykes I rebased so you can test it. It's quite simple, in It works because we already created a local copy of ping @unclejack @crosbymichael |
Because we always copy this into the container what do we do when ppl want to commit the changes in a build? Still not allow that like that PR does and require users apps to modify these files at runtime? Since then are runtime options and I don't think it makes sense to make these changes at build time. |
@crosbymichael @vieux yes both of those files need to be writable at any moment of the container lifecycle. |
rebased any news on this @crosbymichael @unclejack |
@vieux Could you add a cli integration test to ensure we don't commit these, please? |
can we modify the info at |
Docker-DCO-1.1-Signed-off-by: Victor Vieux <victor.vieux@docker.com> (github: vieux)
Signed-off-by: Victor Vieux <vieux@docker.com>
Doc LGTM |
allow /etc/hosts /etc/resolv.conf and /etc/hostname to be changed
Was all happy to use this feature, and I've already found an issue :-( Is there any reason it was not made such that |
ping @vieux @erikh |
We’re making them in a locked container that isn’t running yet atm (this will change with links rewrite). I’m not sure this is going to result in anything. That said, no objections otherwise. On Sep 3, 2014, at 1:16 PM, Alexandr Morozov notifications@github.com wrote:
|
Personally I'm +1 to do this atomically. Empty and missing |
@phemmer Is it make sense to make |
@LK4D4 As an alternative to It might help multiple apps trying to update the file at the same time. But I doubt many apps try to grab a lock before updating it. |
Well, you could update the file atomically by:
... But that makes me cringe a little bit. At that point it feels better to have a proper resolver, probably DNS-based. My 2c... |
a |
Oh right, silly me, on files, it should work just fine. To remove an entry, ... well we could just comment it out (by overwriting the first character of the line with a |
Fixes #2267
related: #11950
My attempt to fix #2267