Implement to set a domainname

opencontainers/runtime-spec#1156

Signed-off-by: utam0k <k0ma@utam0k.jp>

go.mod

@@ -12,7 +12,7 @@ require (
 	github.com/godbus/dbus/v5 v5.1.0
 	github.com/moby/sys/mountinfo v0.6.2
 	github.com/mrunalp/fileutils v0.5.0
-	github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b
+	github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78
 	github.com/opencontainers/selinux v1.10.2
 	github.com/seccomp/libseccomp-golang v0.10.0
 	github.com/sirupsen/logrus v1.9.0

go.sum

@@ -31,8 +31,8 @@ github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vyg
 github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/mrunalp/fileutils v0.5.0 h1:NKzVxiH7eSk+OQ4M+ZYW1K6h27RUV3MI6NUTsHhU6Z4=
 github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ=
-github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b h1:udwtfS44rxYE/ViMLchHQBjfE60GZSB1arY7BFbyxLs=
-github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78 h1:R5M2qXZiK/mWPMT4VldCOiSL9HIAMuxQZWdG0CSM5+4=
+github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
 github.com/opencontainers/selinux v1.10.2 h1:NFy2xCsjn7+WspbfZkUd5zyVeisV7VFbPSP96+8/ha4=
 github.com/opencontainers/selinux v1.10.2/go.mod h1:cARutUbaUrlRClyvxOICCgKixCs6L05aUsohzA3EkHQ=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

libcontainer/configs/config.go

@@ -119,6 +119,9 @@ type Config struct {
 	// Hostname optionally sets the container's hostname if provided
 	Hostname string `json:"hostname"`
 
+	// Domainname optionally sets the container's domainname if provided
+	Domainname string `json:"domainname"`
+
 	// Namespaces specifies the container's namespaces that it should setup when cloning the init process
 	// If a namespace is not provided that namespace is shared from the container's parent process
 	Namespaces Namespaces `json:"namespaces"`

libcontainer/configs/validate/validator.go

@@ -23,7 +23,7 @@ func Validate(config *configs.Config) error {
 		cgroupsCheck,
 		rootfs,
 		network,
-		hostname,
+		uts,
 		security,
 		namespaces,
 		sysctl,
@@ -75,10 +75,13 @@ func network(config *configs.Config) error {
 	return nil
 }
 
-func hostname(config *configs.Config) error {
+func uts(config *configs.Config) error {
 	if config.Hostname != "" && !config.Namespaces.Contains(configs.NEWUTS) {
 		return errors.New("unable to set hostname without a private UTS namespace")
 	}
+	if config.Domainname != "" && !config.Namespaces.Contains(configs.NEWUTS) {
+		return errors.New("unable to set domainname without a private UTS namespace")
+	}
 	return nil
 }
 

libcontainer/configs/validate/validator_test.go

@@ -82,7 +82,25 @@ func TestValidateHostname(t *testing.T) {
 	}
 }
 
-func TestValidateHostnameWithoutUTSNamespace(t *testing.T) {
+func TestValidateUTS(t *testing.T) {
+	config := &configs.Config{
+		Rootfs:     "/var",
+		Domainname: "runc",
+		Hostname:   "runc",
+		Namespaces: configs.Namespaces(
+			[]configs.Namespace{
+				{Type: configs.NEWUTS},
+			},
+		),
+	}
+
+	err := Validate(config)
+	if err != nil {
+		t.Errorf("Expected error to not occur: %+v", err)
+	}
+}
+
+func TestValidateUTSWithoutUTSNamespace(t *testing.T) {
 	config := &configs.Config{
 		Rootfs:   "/var",
 		Hostname: "runc",
@@ -92,6 +110,16 @@ func TestValidateHostnameWithoutUTSNamespace(t *testing.T) {
 	if err == nil {
 		t.Error("Expected error to occur but it was nil")
 	}
+
+	config = &configs.Config{
+		Rootfs:     "/var",
+		Domainname: "runc",
+	}
+
+	err = Validate(config)
+	if err == nil {
+		t.Error("Expected error to occur but it was nil")
+	}
 }
 
 func TestValidateSecurityWithMaskPaths(t *testing.T) {

libcontainer/integration/template_test.go

@@ -129,8 +129,9 @@ func newTemplateConfig(t *testing.T, p *tParam) *configs.Config {
 		ReadonlyPaths: []string{
 			"/proc/sys", "/proc/sysrq-trigger", "/proc/irq", "/proc/bus",
 		},
-		Devices:  specconv.AllowedDevices,
-		Hostname: "integration",
+		Devices:    specconv.AllowedDevices,
+		Hostname:   "integration",
+		Domainname: "integration",
 		Mounts: []*configs.Mount{
 			{
 				Source:      "proc",

libcontainer/specconv/spec_linux.go

@@ -354,6 +354,7 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 		NoPivotRoot:     opts.NoPivotRoot,
 		Readonlyfs:      spec.Root.Readonly,
 		Hostname:        spec.Hostname,
+		Domainname:      spec.Domainname,
 		Labels:          append(labels, "bundle="+cwd),
 		NoNewKeyring:    opts.NoNewKeyring,
 		RootlessEUID:    opts.RootlessEUID,

libcontainer/standard_init_linux.go

@@ -126,6 +126,11 @@ func (l *linuxStandardInit) Init() error {
 			return &os.SyscallError{Syscall: "sethostname", Err: err}
 		}
 	}
+	if domainname := l.config.Config.Domainname; domainname != "" {
+		if err := unix.Setdomainname([]byte(domainname)); err != nil {
+			return &os.SyscallError{Syscall: "setdomainname", Err: err}
+		}
+	}
 	if err := apparmor.ApplyProfile(l.config.AppArmorProfile); err != nil {
 		return fmt.Errorf("unable to apply apparmor profile: %w", err)
 	}

vendor/modules.txt

@@ -36,7 +36,7 @@ github.com/moby/sys/mountinfo
 # github.com/mrunalp/fileutils v0.5.0
 ## explicit; go 1.13
 github.com/mrunalp/fileutils
-# github.com/opencontainers/runtime-spec v1.0.3-0.20220718201635-a8106e99982b
+# github.com/opencontainers/runtime-spec v1.0.3-0.20220909204839-494a5a6aca78
 ## explicit
 github.com/opencontainers/runtime-spec/specs-go
 # github.com/opencontainers/selinux v1.10.2