Fix systemd-resolved detection.

[mgoltzsche]

Previously podman failed when run in an environment where 127.0.0.53 is
the only nameserver but systemd-resolved is not used directly.
In practice this happened when podman was run within an alpine container
that used the host's network and the host was running systemd-resolved.

This fix makes podman ignore a file not found error when reading /run/systemd/resolve/resolv.conf.

Closes #10733
Follow-up of #10598
Relates to mgoltzsche/podman-static#10

To verify that this change really fixes the problem I created a Dockerfile that uses this patch here.

[rhatdan]

You need to add a test to make this work, or add a [NO TESTS NEEDED] to your commit message.

What value gets into the conainers resolv.conf when this happens?

[mgoltzsche]

I've added the resolv.conf contents to the issue description as well now:

$ docker run --network=host --rm mgoltzsche/podman:3.2.1 cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search fritz.box

I am afraid the podman code responsible for the bug cannot be covered by a unit test nicely since it would need to be able to write /run/systemd/resolve/resolv.conf. Instead it should be covered by an e2e test ideally. However I don't think it is worth setting this up in this PR. Actually for my alpine-based podman image there are a couple of scripted tests which made me discover this bug (among others that weren't discovered by tests within this repo in the past) - would you like to maintain such an image and tests with the podman project as well?

[Luap99]

LGTM

[mheon]

Test failures look like flakes. LGTM

…

On Sun, Jun 20, 2021 at 11:43 openshift-ci[bot] ***@***.***> wrote: [APPROVALNOTIFIER] This PR is *APPROVED* This pull-request has been approved by: *Luap99 <#10734 (review)>*, *mgoltzsche <#10734#>* The full list of commands accepted by this bot can be found here <https://go.k8s.io/bot-commands?repo=containers%2Fpodman>. The pull request process is described here <https://git.k8s.io/community/contributors/guide/owners.md#the-code-review-process> Needs approval from an approver in each of these files: - OWNERS <https://github.com/containers/podman/blob/master/OWNERS> [Luap99] Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#10734 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AB3AOCAP7PI2N6NXCIPSQKLTTYECJANCNFSM467NYSXQ> .

[vrothberg]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, mgoltzsche, vrothberg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Luap99,vrothberg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment