From 75dc508e98bdc2f1f23ea9bece3910e8bb25871e Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Wed, 28 May 2025 14:12:09 +0200 Subject: [PATCH] libpod: don't force only network search domains We like to append the host servers in that case so that we do not only force dns.podman. Fixes: #24713 Fixes: https://issues.redhat.com/browse/RHEL-83787 Signed-off-by: Paul Holzinger --- libpod/container_internal_common.go | 22 +++++++++++++--------- test/e2e/run_networking_test.go | 13 ++++++++----- 2 files changed, 21 insertions(+), 14 deletions(-) diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go index 88ff2d9b2f..b6196dba7e 100644 --- a/libpod/container_internal_common.go +++ b/libpod/container_internal_common.go @@ -2254,13 +2254,16 @@ func (c *Container) addResolvConf() error { } // Set DNS search domains - search := networkSearchDomains - + var search []string + keepHostSearches := false if len(c.config.DNSSearch) > 0 || len(c.runtime.config.Containers.DNSSearches.Get()) > 0 { customSearch := make([]string, 0, len(c.config.DNSSearch)+len(c.runtime.config.Containers.DNSSearches.Get())) customSearch = append(customSearch, c.runtime.config.Containers.DNSSearches.Get()...) customSearch = append(customSearch, c.config.DNSSearch...) search = customSearch + } else { + search = networkSearchDomains + keepHostSearches = true } options := make([]string, 0, len(c.config.DNSOption)+len(c.runtime.config.Containers.DNSOptions.Get())) @@ -2273,13 +2276,14 @@ func (c *Container) addResolvConf() error { } if err := resolvconf.New(&resolvconf.Params{ - IPv6Enabled: ipv6, - KeepHostServers: keepHostServers, - Nameservers: nameservers, - Namespaces: namespaces, - Options: options, - Path: destPath, - Searches: search, + IPv6Enabled: ipv6, + KeepHostServers: keepHostServers, + KeepHostSearches: keepHostSearches, + Nameservers: nameservers, + Namespaces: namespaces, + Options: options, + Path: destPath, + Searches: search, }); err != nil { return fmt.Errorf("building resolv.conf for container %s: %w", c.ID(), err) } diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go index a97ecd84e0..13e1fb81db 100644 --- a/test/e2e/run_networking_test.go +++ b/test/e2e/run_networking_test.go @@ -1152,24 +1152,27 @@ EXPOSE 2004-2005/tcp`, ALPINE) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - session = podmanTest.Podman([]string{"run", "--name", "con1", "--network", net, CITEST_IMAGE, "nslookup", "con1"}) + // Note apline nslookup tries to resolve all search domains always and returns an error if one does not resolve. + // Because we leak all host search domain into the container we have no control over if it resolves or not. + // Thus use "NAME." to indicate the name is full and no search domain should be tried. + session = podmanTest.Podman([]string{"run", "--name", "con1", "--network", net, CITEST_IMAGE, "nslookup", "con1."}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - session = podmanTest.Podman([]string{"run", "--name", "con2", "--pod", pod, "--network", net, CITEST_IMAGE, "nslookup", "con2"}) + session = podmanTest.Podman([]string{"run", "--name", "con2", "--pod", pod, "--network", net, CITEST_IMAGE, "nslookup", "con2."}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - session = podmanTest.Podman([]string{"run", "--name", "con3", "--pod", pod2, CITEST_IMAGE, "nslookup", "con1"}) + session = podmanTest.Podman([]string{"run", "--name", "con3", "--pod", pod2, CITEST_IMAGE, "nslookup", "con1."}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitWithError(1, "")) - Expect(session.OutputToString()).To(ContainSubstring("server can't find con1.dns.podman: NXDOMAIN")) + Expect(session.OutputToString()).To(ContainSubstring("NXDOMAIN")) session = podmanTest.Podman([]string{"run", "--name", "con4", "--network", net, CITEST_IMAGE, "nslookup", pod2 + ".dns.podman"}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) - session = podmanTest.Podman([]string{"run", "--network", net, CITEST_IMAGE, "nslookup", hostname}) + session = podmanTest.Podman([]string{"run", "--network", net, CITEST_IMAGE, "nslookup", hostname + "."}) session.WaitWithDefaultTimeout() Expect(session).Should(ExitCleanly()) })