opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-06-24 11:28:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11230 from Luap99/rootless-dns

Browse Source 
Fix rootless cni dns without systemd stub resolver
This commit is contained in:
openshift-ci[bot]
2021-08-16 12:47:13 +00:00
committed by GitHub
parent a38d7530db 2a8c414488
commit 9ee9d4a072
2 changed files with 23 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
libpod/networking_linux.go
View File

@ -173,11 +173,27 @@ func (r *RootlessCNI) Do(toRun func() error) error {
// the link target will be available in the mount ns. // the link target will be available in the mount ns.
// see: https://github.com/containers/podman/issues/10855 // see: https://github.com/containers/podman/issues/10855
resolvePath := "/etc/resolv.conf" resolvePath := "/etc/resolv.conf"
resolvePath, err = filepath.EvalSymlinks(resolvePath) for i := 0; i < 255; i++ {
// Do not use filepath.EvalSymlinks, we only want the first symlink under /run.
// If /etc/resolv.conf has more than one symlink under /run, e.g.
// -> /run/systemd/resolve/stub-resolv.conf -> /run/systemd/resolve/resolv.conf
// we would put the netns resolv.conf file to the last path. However this will
// break dns because the second link does not exists in the mount ns.
// see https://github.com/containers/podman/issues/11222
link, err := os.Readlink(resolvePath)
if err != nil { if err != nil {
return err // if there is no symlink exit
break
} }
logrus.Debugf("The actual path of /etc/resolv.conf on the host is %q", resolvePath) resolvePath = filepath.Join(filepath.Dir(resolvePath), link)
if strings.HasPrefix(resolvePath, "/run/") {
break
}
if i == 254 {
return errors.New("too many symlinks while resolving /etc/resolv.conf")
}
}
logrus.Debugf("The path of /etc/resolv.conf in the mount ns is %q", resolvePath)
// When /etc/resolv.conf on the host is a symlink to /run/systemd/resolve/stub-resolv.conf, // When /etc/resolv.conf on the host is a symlink to /run/systemd/resolve/stub-resolv.conf,
// we have to mount an empty filesystem on /run/systemd/resolve in the child namespace, // we have to mount an empty filesystem on /run/systemd/resolve in the child namespace,
// so as to isolate the directory from the host mount namespace. // so as to isolate the directory from the host mount namespace.

3
test/system/500-networking.bats
View File

@ -210,6 +210,9 @@ load helpers
$IMAGE nc -l -n -v -p $myport $IMAGE nc -l -n -v -p $myport
cid="$output" cid="$output"
# check that dns is working inside the container
run_podman exec $cid nslookup google.com
# emit random string, and check it # emit random string, and check it
teststring=$(random_string 30) teststring=$(random_string 30)
echo "$teststring" | nc 127.0.0.1 $myport echo "$teststring" | nc 127.0.0.1 $myport