From a39a749ce3af82f4c4416e87df8d268b043f90f0 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Fri, 15 Nov 2024 13:33:10 +0100 Subject: [PATCH] libpod: addHosts() prevent nil deref In theory RootlessNetnsInfo() should never return nil here. However that was actually only true when the rootless netns was set up before and wrote the right cache file with the ip addresses. Given this cache file is a new feature just added in 5.3 if you updated from 5.2 or earlier the file will not exists thus cause failures for all following started containers. The fix for this is to stop all containers and make sure the rootless-netns was removed so the next start creates it new with the proper 5.3 cache file. However as there is no way to rely on users doing that and it is also not requirement so simply handle the nil deref here. The only way to test this would be to run the old version then the new version which we cannot really do in CI. We do have upgrade test for that but they are root only and likely need a lot more work to get them going rootless but certainly worth to explore to prevent such problems in the future. Fixes: a1e6603133 ("libpod: make use of new pasta option from c/common") Fixes: #24566 Signed-off-by: Paul Holzinger --- libpod/container_internal_common.go | 2 +- libpod/container_internal_linux.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index 3000aeafdf..13701b52b9 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -2323,7 +2323,7 @@ func (c *Container) addHosts() error { // not be routed to the host. // https://github.com/containers/podman/issues/22653 info, err := c.runtime.network.RootlessNetnsInfo() - if err == nil { + if err == nil && info != nil { exclude = info.IPAddresses if len(info.MapGuestIps) > 0 { // we used --map-guest-addr to setup pasta so prefer this address diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 38119a604c..5178b97f21 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -624,7 +624,7 @@ func (c *Container) addSpecialDNS(nameservers []string) []string { switch { case c.config.NetMode.IsBridge(): info, err := c.runtime.network.RootlessNetnsInfo() - if err == nil { + if err == nil && info != nil { nameservers = append(nameservers, info.DnsForwardIps...) } case c.pastaResult != nil: