[v4.4.1-rhel] fix slirp4netns resolv.conf ip with a userns

When a userns is set we setup the network after the bind mounts, at the point where resolv.conf is generated we do not yet know the subnet. Just like the other dns servers for bridge networks we need to add the ip later in completeNetworkSetup() Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=2182492 and https://bugzilla.redhat.com/show_bug.cgi?id=2182491 This is targeted to RHEL 8.8 and 9.2 ZeroDay Signed-off-by: Paul Holzinger <[email protected]> Signed-off-by: tomsweeneyredhat <[email protected]>
containers · Mar 28, 2023 · 62d3474 · 62d3474
1 parent 4461c9c
commit 62d3474
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 3 deletions.
diff --git a/libpod/container_internal.go b/libpod/container_internal.go
@@ -1005,6 +1005,8 @@ func (c *Container) completeNetworkSetup() error {
 			nameservers = append(nameservers, server.String())
 		}
 	}
+	nameservers = c.addSlirp4netnsDNS(nameservers)
+
 	// check if we have a bindmount for /etc/hosts
 	if hostsBindMount, ok := state.BindMounts[config.DefaultHostsFile]; ok {
 		entries, err := c.getHostsEntries()

diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go
@@ -2015,8 +2015,13 @@ func (c *Container) generateResolvConf() error {
 		keepHostServers = true
 		// first add the nameservers from the networks status
 		nameservers = networkNameServers
+
 		// slirp4netns has a built in DNS forwarder.
-		nameservers = c.addSlirp4netnsDNS(nameservers)
+		// If in userns the network is not setup here, instead we need to do that in
+		// c.completeNetworkSetup() which knows the actual slirp dns ip only at that point
+		if !c.config.PostConfigureNetNS {
+			nameservers = c.addSlirp4netnsDNS(nameservers)
+		}
 	}
 
 	// Set DNS search domains

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
@@ -196,8 +196,18 @@ load helpers.network
 @test "podman run with slirp4ns adds correct dns address to resolv.conf" {
     CIDR="$(random_rfc1918_subnet)"
     run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \
-                $IMAGE grep "${CIDR}" /etc/resolv.conf
-    is "$output"   "nameserver ${CIDR}.3"   "resolv.conf should have slirp4netns cidr+3 as a nameserver"
+                $IMAGE cat /etc/resolv.conf
+    assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver"
+    no_userns_out="$output"
+
+    if is_rootless; then
+    # check the slirp ip also works correct with userns
+        run_podman run --rm --userns keep-id --network slirp4netns:cidr="${CIDR}.0/24" \
+                $IMAGE cat /etc/resolv.conf
+        assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver with userns"
+        assert "$output" == "$no_userns_out" "resolv.conf should look the same for userns"
+    fi
+
 }
 
 @test "podman run with slirp4ns assigns correct ip address container" {