feat: --hostname is allowed in container options #95

Merged
earl-warren merged 1 commit from earl-warren/act:wip-option-hostname into main 2025-01-22 18:22:29 +00:00
Contributor

It is useful to set an alternative hostname when running a service
such as:

services:
  minio:
    image: data.forgejo.org/oci/bitnami/minio:2024.8.17
    options: >-
      --hostname alternate.minio
It is useful to set an alternative hostname when running a service such as: ```yaml services: minio: image: data.forgejo.org/oci/bitnami/minio:2024.8.17 options: >- --hostname alternate.minio ```
Contributor

cascading-pr updated at forgejo/runner#445

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/445
Member

Could this be used to potentially shadow other domain names?

Could this be used to potentially shadow other domain names?
Author
Contributor

It could be abused to mess with /etc/host in various ways, but I can't think of any that would be a security concern. Do you have a specific idea in mind?

$ docker run -ti --hostname foo --rm ubuntu:noble bash
root@foo:/# cat /etc/hosts
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
172.17.0.2	foo
root@foo:/# 
exit
$ docker run -ti --hostname foo --rm ubuntu:noble cat /etc/hostname
foo
It could be abused to mess with `/etc/host` in various ways, but I can't think of any that would be a security concern. Do you have a specific idea in mind? ```sh $ docker run -ti --hostname foo --rm ubuntu:noble bash root@foo:/# cat /etc/hosts 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.2 foo root@foo:/# exit ``` ```sh $ docker run -ti --hostname foo --rm ubuntu:noble cat /etc/hostname foo ```
earl-warren force-pushed wip-option-hostname from d161b732ed
Some checks failed
checks / unit (pull_request) Failing after 16s
checks / integration (pull_request) Has been skipped
/ cascade (pull_request_target) Failing after 4m28s
to d4c4e8fb11
Some checks failed
checks / unit (pull_request) Successful in 2m26s
checks / integration (pull_request) Successful in 32s
/ cascade (pull_request_target) Failing after 20s
2025-01-22 17:48:51 +00:00
Compare
Contributor

cascading-pr updated at forgejo/runner#445

cascading-pr updated at https://code.forgejo.org/forgejo/runner/pulls/445
Member

if it's specified in the workflow file, and stays properly contained to only the host file of the containers started for that workflow it should be fine.

if it's specified in the workflow file, and stays properly contained to only the host file of the containers started for that workflow it should be fine.
Kwonunn approved these changes 2025-01-22 18:08:37 +00:00
earl-warren scheduled this pull request to auto merge when all checks succeed 2025-01-22 18:18:50 +00:00
earl-warren canceled auto merging this pull request when all checks succeed 2025-01-22 18:22:12 +00:00
earl-warren deleted branch wip-option-hostname 2025-01-22 18:22:30 +00:00
viceice approved these changes 2025-01-23 06:38:48 +00:00
Commenting is not possible because the repository is archived.
No reviewers
No milestone
No project
No assignees
4 participants
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo/act!95
No description provided.