hosts file not populated when using user namespace

[st1971]

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description
when running a rooted container with either --uidmap or --subuidname /etc/hosts does not have an entry for the container.

Steps to reproduce the issue:

1. sudo podman run --rm -it --uidmap=0:100000:5000 --hostname=mycontainer fedora:32 /bin/bash -c "cat /etc/hosts"

Describe the results you received:
Output of the content of /etc/hosts without an entry for mycontainer

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Describe the results you expected:
Output of the content of /etc/hosts with an entry for mycontainer, as you get without the --uidmap or --subuidname flag

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.88.0.164	my-container

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      2.0.5
API Version:  1
Go Version:   go1.14.6
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.15.1
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.19-1.fc32.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.19, commit: 5dce9767526ed27f177a8fa3f281889ad509fea7'
  cpus: 8
  distribution:
    distribution: fedora
    version: "32"
  eventLogger: file
  hostname: xxxxxx.lan
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.7.17-200.fc32.x86_64
  linkmode: dynamic
  memFree: 27110072320
  memTotal: 33613930496
  ociRuntime:
    name: crun
    package: crun-0.14.1-3.fc32.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.14.1
      commit: 598ea5e192ca12d4f6378217d3ab1415efeddefa
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/podman/podman.sock
  rootless: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 16873680896
  swapTotal: 16873680896
  uptime: 6h 12m 59.46s (Approximately 0.25 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - registry.centos.org
  - docker.io
  xxxxxx.lan:5000:
    Blocked: false
    Insecure: true
    Location: xxxxxx.lan:5000
    MirrorByDigestOnly: false
    Mirrors: []
    Prefix: steve-linux.lan:5000
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 1
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /mnt/podman/lib/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "true"
  imageStore:
    number: 65
  runRoot: /mnt/podman/run/containers/storage
  volumePath: /mnt/podman/lib/containers/storage/volumes
version:
  APIVersion: 1
  Built: 0
  BuiltTime: Thu Jan  1 01:00:00 1970
  GitCommit: ""
  GoVersion: go1.14.6
  OsArch: linux/amd64
  Version: 2.0.5

Package info (e.g. output of rpm -q podman or apt list podman):

podman-2.0.5-1.fc32.x86_64

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

Yes
Have tested with 2.0.4 & 2.0.5

Additional environment details (AWS, VirtualBox, physical, etc.):
Physical server

[TomSweeneyRedHat]

@st1971 thanks for the issue report. A couple of questions.

If you run this same image as root, does it have an /etc/hosts file? Also, can you share how you created the container image initially? Depending on the build options, this might be expected.

[st1971]

@TomSweeneyRedHat Thank you for taking a look, much appreciated.

This is happening only as root and i am using a vanilla fedora:32 image pulled from registry.fedoraproject.org. Both of the below are run as root..

With --uidmap

podman run --rm -it --uidmap=0:100000:5000 registry.fedoraproject.org/fedora:32 /bin/bash -c "cat /etc/hosts"
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

Without --uidmap

podman run --rm -it registry.fedoraproject.org/fedora:32 /bin/bash -c "cat /etc/hosts"
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.88.0.168	dca9379e61d8

Also get the same with a stock alpine image from docker.io.

[mheon]

Suspicion: This is due to postConfigureNetNS.

Generally speaking, Podman configures the network namespace completely, then creates any files it needs to bind-mount in (/etc/hosts amount them), then goes ahead with container creation. However, with containers in a user namespace, we are forced to use a different flow - the network namespace is configured much later in the process, after /etc/hosts is created, so we don't know what the container's IP is - so the code treats it like a container that doesn't have one, and does not add an entry to /etc/hosts.

We can probably edit /etc/hosts once the IP is known in the user namespace case to resolve this.

[github-actions]

A friendly reminder that this issue had no activity for 30 days.