libpod: store network status when userns is used

When a container with a userns is created the network setup is special.
Normally the netns is setup before the oci runtime container is created,
however with a userns the container is created first and then the network
is setup. In the second case we never saved the container state
afterwards. Because of it, podman inspect would not show the network info
and network teardown will not happen.

This worked with local podman  because there was a save() call later in the
code path which then also saved the network status. But in the podman API
code path this save never happened thus all containers started via API had
this problem.

Fixes #14465

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

2 files changed, 7 insertions, 0 deletions

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index 5c6719bdf..4e10b20bd 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1000,6 +1000,9 @@ func (c *Container) completeNetworkSetup() error {
 	if err := c.runtime.setupNetNS(c); err != nil {
 		return err
 	}
+	if err := c.save(); err != nil {
+		return err
+	}
 	state := c.state
 	// collect any dns servers that cni tells us to use (dnsname)
 	for _, status := range c.getNetworkStatus() {
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 3db0804d1..92aabae32 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -111,6 +111,10 @@ load helpers
                    $IMAGE nc -l -n -v -p $myport
         cid="$output"
 
+        # check that podman stores the network info correctly when a userns is used (#14465)
+        run_podman container inspect --format "{{.NetworkSettings.SandboxKey}}" $cid
+        assert "$output" =~ ".*/netns/netns-.*" "Netns path should be set"
+
         wait_for_output "listening on .*:$myport .*" $cid
 
         # emit random string, and check it