libpod: host netns keep same /etc/resolv.conf

When a container is run in the host network namespace we have to keep
the same resolv.conf content and not use the systemd-resolve detection
logic.

But also make sure we still allow --dns options.

Fixes #14055

Signed-off-by: Paul Holzinger <pholzing@redhat.com>

1 files changed, 4 insertions, 2 deletions

diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index 2eaf56c0a..4742b22ab 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -2289,9 +2289,11 @@ func (c *Container) generateResolvConf() error {
 		networkSearchDomains []string
 	)
 
+	hostns := true
 	resolvConf := "/etc/resolv.conf"
 	for _, namespace := range c.config.Spec.Linux.Namespaces {
 		if namespace.Type == spec.NetworkNamespace {
+			hostns = false
 			if namespace.Path != "" && !strings.HasPrefix(namespace.Path, "/proc/") {
 				definedPath := filepath.Join("/etc/netns", filepath.Base(namespace.Path), "resolv.conf")
 				_, err := os.Stat(definedPath)
@@ -2313,7 +2315,7 @@ func (c *Container) generateResolvConf() error {
 
 	ns := resolvconf.GetNameservers(contents)
 	// check if systemd-resolved is used, assume it is used when 127.0.0.53 is the only nameserver
-	if len(ns) == 1 && ns[0] == "127.0.0.53" {
+	if !hostns && len(ns) == 1 && ns[0] == "127.0.0.53" {
 		// read the actual resolv.conf file for systemd-resolved
 		resolvedContents, err := ioutil.ReadFile("/run/systemd/resolve/resolv.conf")
 		if err != nil {
@@ -2346,7 +2348,7 @@ func (c *Container) generateResolvConf() error {
 
 	// Ensure that the container's /etc/resolv.conf is compatible with its
 	// network configuration.
-	resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, c.config.CreateNetNS)
+	resolv, err := resolvconf.FilterResolvDNS(contents, ipv6, !hostns)
 	if err != nil {
 		return errors.Wrapf(err, "error parsing host resolv.conf")
 	}