Podman container image contains too many host namespaces #13714
Description
Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)
/kind bug
Description
IMO the podman container image should behave as much as possible like a normal podman on the actual host.
Currently most namespaces are set to host via container.conf in the image:
podman/contrib/podmanimage/stable/containers.conf
Lines 2 to 6 in ff8834f
I understand that some namespaces do not work as well when they are nested, for example the network namespace.
However I do not see reason why uts or ipc is set to host. The list does not specify pid namespace so this is already private.
The discussion come up when testing new images in the upgrade test: #13697
Steps ns to reproduce the issue:
$ sudo bin/podman run --rm --privileged --net=host quay.io/podman/stable:v3.4.0 podman pod create --name foo
Error: invalid config provided: cannot set hostname when running in the host UTS namespace: invalid configuration
Describe the results you received:
Podman pod create does not work out of the box. User have to change containers.conf manually since there is not --uts option for podman pod create.
Describe the results you expected:
It should work.
Additional information you deem important (e.g. issue happens only occasionally):