opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 11:32:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

libpod: host netns keep same /etc/resolv.conf

Browse Source 
When a container is run in the host network namespace we have to keep
the same resolv.conf content and not use the systemd-resolve detection
logic.

But also make sure we still allow --dns options.

Fixes #14055

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
This commit is contained in:
Paul Holzinger
2022-04-29 15:01:56 +02:00
parent 5198209269
commit 01acc2565a
2 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
libpod/container_internal_linux.go
View File

@ -2279,9 +2279,11 @@ func (c *Container) generateResolvConf() error {
networkSearchDomains []string
)
hostns := true
resolvConf := "/etc/resolv.conf"
for _, namespace := range c.config.Spec.Linux.Namespaces {
if namespace.Type == spec.NetworkNamespace {
hostns = false
if namespace.Path != "" && !strings.HasPrefix(namespace.Path, "/proc/") {
definedPath := filepath.Join("/etc/netns", filepath.Base(namespace.Path), "resolv.conf")
_, err := os.Stat(definedPath)
@ -2303,7 +2305,7 @@ func (c *Container) generateResolvConf() error {
ns := resolvconf.GetNameservers(contents)
// check if systemd-resolved is used, assume it is used when 127.0.0.53 is the only nameserver
if len(ns) == 1 && ns[0] == "127.0.0.53" {
if !hostns && len(ns) == 1 && ns[0] == "127.0.0.53" {
// read the actual resolv.conf file for systemd-resolved
resolvedContents, err := ioutil.ReadFile("/run/systemd/resolve/resolv.conf")
if err != nil {
@ -2336,7 +2338,7 @@ func (c *Container) generateResolvConf() error {
// Ensure that the container's /etc/resolv.conf is compatible with its
// network configuration.
resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, c.config.CreateNetNS)
resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, !hostns)
if err != nil {
return errors.Wrapf(err, "error parsing host resolv.conf")
}

9
test/system/500-networking.bats
View File

@ -656,6 +656,15 @@ EOF
run_podman run --network $netname --rm $IMAGE cat /etc/resolv.conf
is "$output" "search dns.podman.*" "correct search domain"
is "$output" ".*nameserver $subnet.1.*" "integrated dns nameserver is set"
# host network should keep localhost nameservers
if grep 127.0.0. /etc/resolv.conf >/dev/null; then
run_podman run --network host --rm $IMAGE cat /etc/resolv.conf
is "$output" ".*nameserver 127\.0\.0.*" "resolv.conf contains localhost nameserver"
fi
# host net + dns still works
run_podman run --network host --dns 1.1.1.1 --rm $IMAGE cat /etc/resolv.conf
is "$output" ".*nameserver 1\.1\.1\.1.*" "resolv.conf contains 1.1.1.1 nameserver"
}
@test "podman run port forward range" {