From 985866cbb32c42e76907f6fa8dbf4a499c359ea5 Mon Sep 17 00:00:00 2001
From: Stepan Blyshchak <38952541+stepanblyschak@users.noreply.github.com>
Date: Wed, 26 Feb 2020 10:56:54 +0200
Subject: [PATCH] [docker_image_ctl.j2] Share UTS namespace with host OS
 (#4169)

Instead of updating hostname manualy on Config DB hostname change,
simply share containers UTS namespace with host OS.
Ideally, instead of setting `--uts=host` for every container in SONiC,
this setting can be set per container if feature requires.
One behaviour change is introduced in this commit, when `--privileged`
or `--cap-add=CAP_SYS_ADMIN` and `--uts=host` are combined, container
has privilege to change host OS and every other container hostname.
Such privilege should be fixed by limiting containers capabilities.

Signed-off-by: Stepan Blyschak <stepanb@mellanox.com>
---
 files/build_templates/docker_image_ctl.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/files/build_templates/docker_image_ctl.j2 b/files/build_templates/docker_image_ctl.j2
index 1bf0552a29d..82aa4c92df5 100644
--- a/files/build_templates/docker_image_ctl.j2
+++ b/files/build_templates/docker_image_ctl.j2
@@ -144,6 +144,7 @@ start() {
     # TODO: Mellanox will remove the --tmpfs exception after SDK socket path changed in new SDK version
 {%- endif %}
     docker create {{docker_image_run_opt}} \
+        --uts=host \{# W/A: this should be set per-docker, for those dockers which really need host's UTS namespace #}
 {%- if install_debug_image == "y" %}
         -v /src:/src:ro -v /debug:/debug:rw \
 {%- endif %}