fix slirp4netns resolv.conf ip with a userns

When a userns is set we setup the network after the bind mounts, at the point where resolv.conf is generated we do not yet know the subnet. Just like the other dns servers for bridge networks we need to add the ip later in completeNetworkSetup() Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2182052 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2025-07-25 17:20:20 +08:00 · 2023-03-28 15:48:47 +02:00
parent 2cfb6e1c0e
commit 81e5bffc32
3 changed files with 20 additions and 3 deletions
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@ -1003,6 +1003,8 @@ func (c *Container) completeNetworkSetup() error {
 			nameservers = append(nameservers, server.String())
 		}
 	}
+	nameservers = c.addSlirp4netnsDNS(nameservers)
+
 	// check if we have a bindmount for /etc/hosts
 	if hostsBindMount, ok := state.BindMounts[config.DefaultHostsFile]; ok {
 		entries, err := c.getHostsEntries()
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@ -2037,8 +2037,13 @@ func (c *Container) generateResolvConf() error {
 		}
 		// first add the nameservers from the networks status
 		nameservers = networkNameServers
+
 		// slirp4netns has a built in DNS forwarder.
-		nameservers = c.addSlirp4netnsDNS(nameservers)
+		// If in userns the network is not setup here, instead we need to do that in
+		// c.completeNetworkSetup() which knows the actual slirp dns ip only at that point
+		if !c.config.PostConfigureNetNS {
+			nameservers = c.addSlirp4netnsDNS(nameservers)
+		}
 	}

 	// Set DNS search domains
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@ -196,8 +196,18 @@ load helpers.network
@test "podman run with slirp4ns adds correct dns address to resolv.conf" {
    CIDR="$(random_rfc1918_subnet)"
    run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \
-                $IMAGE grep "${CIDR}" /etc/resolv.conf
-    is "$output"   "nameserver ${CIDR}.3"   "resolv.conf should have slirp4netns cidr+3 as a nameserver"
+                $IMAGE cat /etc/resolv.conf
+    assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver"
+    no_userns_out="$output"
+
+    if is_rootless; then
+    # check the slirp ip also works correct with userns
+        run_podman run --rm --userns keep-id --network slirp4netns:cidr="${CIDR}.0/24" \
+                $IMAGE cat /etc/resolv.conf
+        assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver with userns"
+        assert "$output" == "$no_userns_out" "resolv.conf should look the same for userns"
+    fi
+
 }

@test "podman run with slirp4ns assigns correct ip address container" {