mirror of
https://github.com/containers/podman.git
synced 2025-08-06 19:44:14 +08:00
Use host's resolv.conf if no network namespace enabled
My host system runs Fedora Silverblue 29 and I have NetworkManager's `dns=dnsmasq` setting enabled, so my `/etc/resolv.conf` only has `127.0.0.1`. I also run my development podman containers with `--net=host` for various reasons. If we have a host network namespace, there's no reason not to just use the host's nameserver configuration either. This fixes e.g. accessing content on a VPN, and is also faster since the container is using cached DNS. I know this doesn't solve the bigger picture issue of localhost-DNS conflicting with bridged networking, but that's far more involved, probably requiring a DNS proxy in the container. This patch makes my workflow a lot nicer and was easy to write. Signed-off-by: Colin Walters <walters@verbum.org>
This commit is contained in:
Colin Walters
@ -729,9 +729,10 @@ func (c *Container) generateResolvConf() (string, error) {
|
|||||||
return "", errors.Wrapf(err, "unable to read %s", resolvPath)
|
return "", errors.Wrapf(err, "unable to read %s", resolvPath)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Process the file to remove localhost nameservers
|
// Ensure that the container's /etc/resolv.conf is compatible with its
|
||||||
|
// network configuration.
|
||||||
// TODO: set ipv6 enable bool more sanely
|
// TODO: set ipv6 enable bool more sanely
|
||||||
resolv, err := resolvconf.FilterResolvDNS(contents, true)
|
resolv, err := resolvconf.FilterResolvDNS(contents, true, c.config.CreateNetNS)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", errors.Wrapf(err, "error parsing host resolv.conf")
|
return "", errors.Wrapf(err, "error parsing host resolv.conf")
|
||||||
}
|
}
|
||||||
|
|||||||
@ -103,13 +103,21 @@ func GetLastModified() *File {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// FilterResolvDNS cleans up the config in resolvConf. It has two main jobs:
|
// FilterResolvDNS cleans up the config in resolvConf. It has two main jobs:
|
||||||
// 1. It looks for localhost (127.*|::1) entries in the provided
|
// 1. If a netns is enabled, it looks for localhost (127.*|::1) entries in the provided
|
||||||
// resolv.conf, removing local nameserver entries, and, if the resulting
|
// resolv.conf, removing local nameserver entries, and, if the resulting
|
||||||
// cleaned config has no defined nameservers left, adds default DNS entries
|
// cleaned config has no defined nameservers left, adds default DNS entries
|
||||||
// 2. Given the caller provides the enable/disable state of IPv6, the filter
|
// 2. Given the caller provides the enable/disable state of IPv6, the filter
|
||||||
// code will remove all IPv6 nameservers if it is not enabled for containers
|
// code will remove all IPv6 nameservers if it is not enabled for containers
|
||||||
//
|
//
|
||||||
func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool) (*File, error) {
|
func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool, netnsEnabled bool) (*File, error) {
|
||||||
|
// If we're using the host netns, we have nothing to do besides hash the file.
|
||||||
|
if !netnsEnabled {
|
||||||
|
hash, err := ioutils.HashData(bytes.NewReader(resolvConf))
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return &File{Content: resolvConf, Hash: hash}, nil
|
||||||
|
}
|
||||||
cleanedResolvConf := localhostNSRegexp.ReplaceAll(resolvConf, []byte{})
|
cleanedResolvConf := localhostNSRegexp.ReplaceAll(resolvConf, []byte{})
|
||||||
// if IPv6 is not enabled, also clean out any IPv6 address nameserver
|
// if IPv6 is not enabled, also clean out any IPv6 address nameserver
|
||||||
if !ipv6Enabled {
|
if !ipv6Enabled {
|
||||||
|
|||||||
Reference in New Issue
Block a user