Merge pull request #17969 from TomSweeneyRedHat/dev/tsweeney/keepid

[v4.4.1-rhel] fix slirp4netns resolv.conf ip with a userns
containers · Mar 29, 2023 · 67f7e1e · 67f7e1e
2 parents 4461c9c + 62d3474
commit 67f7e1e
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 3 deletions.
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -1005,6 +1005,8 @@ func (c *Container) completeNetworkSetup() error {
 			nameservers = append(nameservers, server.String())
 		}
 	}
+	nameservers = c.addSlirp4netnsDNS(nameservers)
+
 	// check if we have a bindmount for /etc/hosts
 	if hostsBindMount, ok := state.BindMounts[config.DefaultHostsFile]; ok {
 		entries, err := c.getHostsEntries()

diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go
@@ -2015,8 +2015,13 @@ func (c *Container) generateResolvConf() error {
 		keepHostServers = true
 		// first add the nameservers from the networks status
 		nameservers = networkNameServers
+
 		// slirp4netns has a built in DNS forwarder.
-		nameservers = c.addSlirp4netnsDNS(nameservers)
+		// If in userns the network is not setup here, instead we need to do that in
+		// c.completeNetworkSetup() which knows the actual slirp dns ip only at that point
+		if !c.config.PostConfigureNetNS {
+			nameservers = c.addSlirp4netnsDNS(nameservers)
+		}
 	}
 
 	// Set DNS search domains

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
@@ -196,8 +196,18 @@ load helpers.network
 @test "podman run with slirp4ns adds correct dns address to resolv.conf" {
     CIDR="$(random_rfc1918_subnet)"
     run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \
-                $IMAGE grep "${CIDR}" /etc/resolv.conf
-    is "$output"   "nameserver ${CIDR}.3"   "resolv.conf should have slirp4netns cidr+3 as a nameserver"
+                $IMAGE cat /etc/resolv.conf
+    assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver"
+    no_userns_out="$output"
+
+    if is_rootless; then
+    # check the slirp ip also works correct with userns
+        run_podman run --rm --userns keep-id --network slirp4netns:cidr="${CIDR}.0/24" \
+                $IMAGE cat /etc/resolv.conf
+        assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver with userns"
+        assert "$output" == "$no_userns_out" "resolv.conf should look the same for userns"
+    fi
+
 }
 
 @test "podman run with slirp4ns assigns correct ip address container" {