From 58638c594004adb8a093ca1c774c082a37011282 Mon Sep 17 00:00:00 2001
From: Debarshi Ray <rishi@fedoraproject.org>
Date: Wed, 4 Nov 2020 00:55:31 +0100
Subject: [PATCH] Deprecate the --monitor-host option of 'init-container'

The --monitor-host option was added to the 'init-container' command in
commit 8b84b5e4604921fa to accommodate Podman versions older than 1.2.0
that didn't have the '--dns none' and '--no-hosts' options for
'podman create'.  These options are necessary to keep the Toolbx
container's /etc/resolv.conf and /etc/hosts files synchronized with
those of the host.

Note that Podman 1.2.0 was already available a few months before
commit 8b84b5e4604921fa introduced the --monitor-host option.  The
chances of someone using an older Podman back then was already on the
decline, and it's very unlikely that a container created with such a
Podman has survived till this date.

Commit b6b484fa792b442a raised the minimum required Podman version to
1.4.0, and made the '--dns none' and '--no-hosts' options a hard
requirement.  The minimum required Podman version was again raised
recently in commit 8e80dd5db1e6f40b to 1.6.4.  Therefore, these days,
there's no need to separately use the --monitor-host option of
'init-container' for newly created containers to indicate that the
Podman version wasn't older than 1.2.0.

Given all this, it's time to stop using the --monitor-host option of
'init-container', and assume that it's always set.  The option is still
accepted to retain compatibility with existing Toolbx containers.

For containers that were created with the --monitor-host option, a
deprecation notice will be shown as:
  $ podman start --attach CONTAINER
  Flag --monitor-host has been deprecated, it does nothing
  ...

https://github.com/containers/toolbox/pull/617
---
 doc/toolbox-init-container.1.md | 30 ++---------
 src/cmd/create.go               |  1 -
 src/cmd/initContainer.go        | 94 ++++++++++++++++-----------------
 3 files changed, 52 insertions(+), 73 deletions(-)

diff --git a/doc/toolbox-init-container.1.md b/doc/toolbox-init-container.1.md
index 5f12394..63d5b54 100644
--- a/doc/toolbox-init-container.1.md
+++ b/doc/toolbox-init-container.1.md
@@ -9,7 +9,6 @@ toolbox\-init\-container - Initialize a running container
                        *--home-link*
                        *--media-link*
                        *--mnt-link*
-                       *--monitor-host*
                        *--shell SHELL*
                        *--uid UID*
                        *--user USER*
@@ -76,31 +75,12 @@ Make `/mnt` a symbolic link to `/var/mnt`.
 
 **--monitor-host**
 
-Ensures that certain configuration files inside the toolbox container are kept
-synchronized with their counterparts on the host, and bind mounts some paths
-from the host's file system into the container.
+Deprecated, does nothing.
 
-The synchronized files are:
-
-- `/etc/host.conf`
-- `/etc/hosts`
-- `/etc/localtime`
-- `/etc/resolv.conf`
-- `/etc/timezone`
-
-The bind mounted paths are:
-
-- `/etc/machine-id`
-- `/run/libvirt`
-- `/run/systemd/journal`
-- `/run/systemd/resolve`
-- `/run/udev/data`
-- `/tmp`
-- `/var/lib/flatpak`
-- `/var/lib/libvirt`
-- `/var/lib/systemd/coredump`
-- `/var/log/journal`
-- `/var/mnt`
+Crucial configuration files inside the toolbox container are always kept
+synchronized with their counterparts on the host, and various subsets of the
+host's file system hierarchy are always bind mounted to their corresponding
+locations inside the toolbox container.
 
 **--shell** SHELL
 
diff --git a/src/cmd/create.go b/src/cmd/create.go
index d341fa6..3fb4715 100644
--- a/src/cmd/create.go
+++ b/src/cmd/create.go
@@ -386,7 +386,6 @@ func createContainer(container, image, release, authFile string, showCommandToEn
 		"--shell", userShell,
 		"--uid", currentUser.Uid,
 		"--user", currentUser.Username,
-		"--monitor-host",
 	}
 
 	entryPoint = append(entryPoint, slashHomeLink...)
diff --git a/src/cmd/initContainer.go b/src/cmd/initContainer.go
index be01a1b..a457cf3 100644
--- a/src/cmd/initContainer.go
+++ b/src/cmd/initContainer.go
@@ -107,8 +107,12 @@ func init() {
 
 	flags.BoolVar(&initContainerFlags.monitorHost,
 		"monitor-host",
-		false,
-		"Ensure that certain configuration files inside the toolbox container are in sync with the host")
+		true,
+		"Deprecated, does nothing")
+	if err := flags.MarkDeprecated("monitor-host", "it does nothing"); err != nil {
+		panicMsg := fmt.Sprintf("cannot mark --monitor-host as deprecated: %s", err)
+		panic(panicMsg)
+	}
 
 	flags.StringVar(&initContainerFlags.shell,
 		"shell",
@@ -163,59 +167,55 @@ func initContainer(cmd *cobra.Command, args []string) error {
 
 	defer toolboxEnvFile.Close()
 
-	if initContainerFlags.monitorHost {
-		logrus.Debug("Monitoring host")
+	if utils.PathExists("/run/host/etc") {
+		logrus.Debug("Path /run/host/etc exists")
 
-		if utils.PathExists("/run/host/etc") {
-			logrus.Debug("Path /run/host/etc exists")
-
-			if _, err := os.Readlink("/etc/host.conf"); err != nil {
-				if err := redirectPath("/etc/host.conf",
-					"/run/host/etc/host.conf",
-					false); err != nil {
-					return err
-				}
-			}
-
-			if _, err := os.Readlink("/etc/hosts"); err != nil {
-				if err := redirectPath("/etc/hosts",
-					"/run/host/etc/hosts",
-					false); err != nil {
-					return err
-				}
-			}
-
-			if localtimeTarget, err := os.Readlink("/etc/localtime"); err != nil ||
-				localtimeTarget != "/run/host/etc/localtime" {
-				if err := redirectPath("/etc/localtime",
-					"/run/host/etc/localtime",
-					false); err != nil {
-					return err
-				}
-			}
-
-			if err := updateTimeZoneFromLocalTime(); err != nil {
+		if _, err := os.Readlink("/etc/host.conf"); err != nil {
+			if err := redirectPath("/etc/host.conf",
+				"/run/host/etc/host.conf",
+				false); err != nil {
 				return err
 			}
+		}
 
-			if _, err := os.Readlink("/etc/resolv.conf"); err != nil {
-				if err := redirectPath("/etc/resolv.conf",
-					"/run/host/etc/resolv.conf",
-					false); err != nil {
-					return err
-				}
+		if _, err := os.Readlink("/etc/hosts"); err != nil {
+			if err := redirectPath("/etc/hosts",
+				"/run/host/etc/hosts",
+				false); err != nil {
+				return err
 			}
+		}
 
-			for _, mount := range initContainerMounts {
-				if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil {
-					return err
-				}
+		if localtimeTarget, err := os.Readlink("/etc/localtime"); err != nil ||
+			localtimeTarget != "/run/host/etc/localtime" {
+			if err := redirectPath("/etc/localtime",
+				"/run/host/etc/localtime",
+				false); err != nil {
+				return err
 			}
+		}
 
-			if utils.PathExists("/sys/fs/selinux") {
-				if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil {
-					return err
-				}
+		if err := updateTimeZoneFromLocalTime(); err != nil {
+			return err
+		}
+
+		if _, err := os.Readlink("/etc/resolv.conf"); err != nil {
+			if err := redirectPath("/etc/resolv.conf",
+				"/run/host/etc/resolv.conf",
+				false); err != nil {
+				return err
+			}
+		}
+
+		for _, mount := range initContainerMounts {
+			if err := mountBind(mount.containerPath, mount.source, mount.flags); err != nil {
+				return err
+			}
+		}
+
+		if utils.PathExists("/sys/fs/selinux") {
+			if err := mountBind("/sys/fs/selinux", "/usr/share/empty", ""); err != nil {
+				return err
 			}
 		}
 	}