Skip to content

Commit

Permalink
[docker_image_ctl.j2] Share UTS namespace with host OS (sonic-net#4169)
Browse files Browse the repository at this point in the history 
Instead of updating hostname manualy on Config DB hostname change,
simply share containers UTS namespace with host OS.
Ideally, instead of setting `--uts=host` for every container in SONiC,
this setting can be set per container if feature requires.
One behaviour change is introduced in this commit, when `--privileged`
or `--cap-add=CAP_SYS_ADMIN` and `--uts=host` are combined, container
has privilege to change host OS and every other container hostname.
Such privilege should be fixed by limiting containers capabilities.

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
  • Loading branch information
@stepanblyschak @qiluo-msft
stepanblyschak authored and qiluo-msft committed Mar 4, 2020
1 parent aa73dbd commit 985866c
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions files/build_templates/docker_image_ctl.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -144,6 +144,7 @@ start() {
# TODO: Mellanox will remove the --tmpfs exception after SDK socket path changed in new SDK version
{%- endif %}
docker create {{docker_image_run_opt}} \
--uts=host \{# W/A: this should be set per-docker, for those dockers which really need host's UTS namespace #}
{%- if install_debug_image == "y" %}
-v /src:/src:ro -v /debug:/debug:rw \
{%- endif %}
Expand Down

0 comments on commit 985866c

Please sign in to comment.