Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

podman wrongly detects systemd-resolved and fails #10733

Closed
mgoltzsche opened this issue Jun 19, 2021 · 0 comments · Fixed by #10734
Closed

podman wrongly detects systemd-resolved and fails #10733

mgoltzsche opened this issue Jun 19, 2021 · 0 comments · Fixed by #10734
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@mgoltzsche
Copy link
Contributor

mgoltzsche commented Jun 19, 2021
edited
Loading

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

podman fails to run within an alpine container (without systemd-resolved) that uses the host network on a host that uses systemd-resolved. This is because podman detects systemd-resolved based on the nameservers and attempts to read /run/systemd/resolve/resolv.conf which however doesn't exist within the container which makes podman fail.

Apparently this is caused by #10598.

This came up in mgoltzsche/podman-static#10.

Steps to reproduce the issue:

Run podman within an alpine container on a host that uses systemd-resolved.

The following works fine:

$ docker run --rm --privileged -u podman:podman mgoltzsche/podman:3.2.1 podman run alpine:3.13 echo hello world
...
hello world

However if I do the same using the host network podman fails:

$ docker run --network=host --rm --privileged -u podman:podman mgoltzsche/podman:3.2.1 podman run alpine:3.13 echo hello world
...
Error: error creating resolv.conf for container 54ac262cd322f9e70ecfdd3ce2bb72ba97ed1a9f654e05c86a7b1710a02e1fb6: detected that systemd-resolved is in use, but could not locate real resolv.conf: open /run/systemd/resolve/resolv.conf: no such file or directory

The resolv.conf within the docker container looks as follows:

$ docker run --network=host --rm mgoltzsche/podman:3.2.1 cat /etc/resolv.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs must not access this file directly, but only through the
# symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way,
# replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.

nameserver 127.0.0.53
options edns0 trust-ad
search fritz.box

Describe the results you received:

podman fails because it cannot find the file /run/systemd/resolve/resolv.conf although in my environment it is not supposed to read the file or should ignore the error if the file doesn't exist.

Describe the results you expected:

podman should not fail If /run/systemd/resolve/resolv.conf is not present.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Version:      3.2.1
API Version:  3.2.1
Go Version:   go1.16.4
Built:        Thu Jan  1 00:00:00 1970
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.21.0
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: Unknown
    path: /usr/libexec/podman/conmon
    version: 'conmon version 2.0.29, commit: 7e6de6678f6ed8a18661e1d5721b81ccee293b9b'
  cpus: 6
  distribution:
    distribution: alpine
    version: 3.13.5
  eventLogger: file
  hostname: max-desktop
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.4.0-74-generic
  linkmode: dynamic
  memFree: 8348110848
  memTotal: 16790118400
  ociRuntime:
    name: runc
    package: Unknown
    path: /usr/local/bin/runc
    version: |-
      runc version 1.0.0-rc95
      commit: b9ee9c6314599f1b4a7f497e1f1f856fe433d3b7
      spec: 1.0.2-dev
      go: go1.16.4
      libseccomp: 2.5.1
  os: linux
  remoteSocket:
    path: /tmp/podman-run-1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_AUDIT_WRITE,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_MKNOD,CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: ""
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/local/bin/slirp4netns
    package: Unknown
    version: |-
      slirp4netns version 1.1.11
      commit: 368e69ccc074628d17a9bb9a35b8f4b9f74db4c6
      libslirp: 4.6.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 16249774080
  swapTotal: 16249774080
  uptime: 6h 4m 37.28s (Approximately 0.25 days)
registries:
  search:
  - docker.io
  - registry.fedoraproject.org
  - registry.access.redhat.com
store:
  configFile: /podman/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.ignore_chown_errors: "true"
    overlay.mount_program:
      Executable: /usr/local/bin/fuse-overlayfs
      Package: Unknown
      Version: |-
        fuse-overlayfs: version 1.5
        fusermount3 version: 3.10.4
        FUSE library version 3.10.4
        using FUSE kernel interface version 7.31
  graphRoot: /podman/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: overlayfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 0
  runRoot: /tmp/podman-run-1000/containers
  volumePath: /podman/.local/share/containers/storage/volumes
version:
  APIVersion: 3.2.1
  Built: 0
  BuiltTime: Thu Jan  1 00:00:00 1970
  GitCommit: ""
  GoVersion: go1.16.4
  OsArch: linux/amd64
  Version: 3.2.1

Package info (e.g. output of rpm -q podman or apt list podman):

https://github.com/mgoltzsche/podman-static

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

podman within alpine container created by docker on an Ubuntu 20.04 host that uses systemd-resolved.
@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Jun 19, 2021
@mgoltzsche mgoltzsche mentioned this issue Jun 19, 2021
Merged
mgoltzsche added a commit to mgoltzsche/libpod that referenced this issue Jun 20, 2021
@mgoltzsche
Fix systemd-resolved detection.
0fb165e 
Previously podman failed when run in an environment where 127.0.0.53 is
the only nameserver but systemd-resolved is not used directly.
In practice this happened when podman was run within an alpine container
that used the host's network and the host was running systemd-resolved.

This fix makes podman ignore a file not found error when reading /run/systemd/resolve/resolv.conf.

Closes containers#10733

[NO TESTS NEEDED]

Signed-off-by: Max Goltzsche <[email protected]>
mheon pushed a commit to mheon/libpod that referenced this issue Jun 24, 2021
@mgoltzsche @mheon
Fix systemd-resolved detection.
e5c9391 
Previously podman failed when run in an environment where 127.0.0.53 is
the only nameserver but systemd-resolved is not used directly.
In practice this happened when podman was run within an alpine container
that used the host's network and the host was running systemd-resolved.

This fix makes podman ignore a file not found error when reading /run/systemd/resolve/resolv.conf.

Closes containers#10733

[NO TESTS NEEDED]

Signed-off-by: Max Goltzsche <[email protected]>
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 21, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix systemd-resolved detection. mgoltzsche/libpod
1 participant
@mgoltzsche