From 759a121ada3bf610f524e2f1a03a1842591c7326 Mon Sep 17 00:00:00 2001
From: Siarhei Rasiukevich <raskintech@gmail.com>
Date: Tue, 8 Jan 2019 19:04:09 +0300
Subject: [PATCH] Add checkLoopbackOpts. Fix #38512

Control param checkLoopback depending on sb.config.dnsList
* if dnsList contains 127.0.0.1 - HostLoopback will be set to false. Container net namespace will be used to access loopback dns .

Fix to https://github.com/moby/moby/issues/38512

Signed-off-by: Siarhei Rasiukevich <raskintech@gmail.com>
---
 sandbox_dns_unix.go | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/sandbox_dns_unix.go b/sandbox_dns_unix.go
index db1b66b190..e6be1c5709 100644
--- a/sandbox_dns_unix.go
+++ b/sandbox_dns_unix.go
@@ -180,6 +180,7 @@ func (sb *sandbox) setExternalResolvers(content []byte, addrType int, checkLoopb
 
 func (sb *sandbox) setupDNS() error {
 	var newRC *resolvconf.File
+	var useExtLoopback bool
 
 	if sb.config.resolvConfPath == "" {
 		sb.config.resolvConfPath = defaultPrefix + "/" + sb.id + "/resolv.conf"
@@ -227,6 +228,19 @@ func (sb *sandbox) setupDNS() error {
 		logrus.Infof("/etc/resolv.conf does not exist")
 	}
 
+	// If dnsList has loopback ip
+	// when we should use container loopback to handle DNS queries
+	CheckUseExtLoopback := func() bool {
+		for _, n := range sb.config.dnsList {
+			if n == "127.0.0.1" {
+				return false
+			}
+		}
+		return true
+	}
+
+	useExtLoopback = CheckUseExtLoopback()
+
 	if len(sb.config.dnsList) > 0 || len(sb.config.dnsSearchList) > 0 || len(sb.config.dnsOptionsList) > 0 {
 		var (
 			err            error
@@ -249,14 +263,16 @@ func (sb *sandbox) setupDNS() error {
 		}
 		// After building the resolv.conf from the user config save the
 		// external resolvers in the sandbox. Note that --dns 127.0.0.x
-		// config refers to the loopback in the container namespace
-		sb.setExternalResolvers(newRC.Content, types.IPv4, false)
+		// config refers to the loopback in the container namespace ONLY IF
+		// 127.0.0.1 exists in dnsList
+
+		sb.setExternalResolvers(newRC.Content, types.IPv4, useExtLoopback)
 	} else {
 		// If the host resolv.conf file has 127.0.0.x container should
 		// use the host resolver for queries. This is supported by the
 		// docker embedded DNS server. Hence save the external resolvers
 		// before filtering it out.
-		sb.setExternalResolvers(currRC.Content, types.IPv4, true)
+		sb.setExternalResolvers(currRC.Content, types.IPv4, useExtLoopback)
 
 		// Replace any localhost/127.* (at this point we have no info about ipv6, pass it as true)
 		if newRC, err = resolvconf.FilterResolvDNS(currRC.Content, true); err != nil {