From 4ddc4e79d73eea56929ed522f7d7fce6285a41d4 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Mon, 31 Jan 2022 09:58:15 -0500
Subject: Only change network fields if they were actually changed by the user

Fixes: https://github.com/containers/podman/issues/13065

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 cmd/podman/common/netflags.go | 110 +++++++++++++++++++++++-------------------
 1 file changed, 61 insertions(+), 49 deletions(-)

(limited to 'cmd/podman')

diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go
index 255996ac3..cfe4956b0 100644
--- a/cmd/podman/common/netflags.go
+++ b/cmd/podman/common/netflags.go
@@ -103,74 +103,86 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti
 		opts = &entities.NetOptions{}
 	}
 
-	opts.AddHosts, err = flags.GetStringSlice("add-host")
-	if err != nil {
-		return nil, err
-	}
-	// Verify the additional hosts are in correct format
-	for _, host := range opts.AddHosts {
-		if _, err := parse.ValidateExtraHost(host); err != nil {
+	if flags.Changed("add-hosts") {
+		opts.AddHosts, err = flags.GetStringSlice("add-host")
+		if err != nil {
 			return nil, err
 		}
+		// Verify the additional hosts are in correct format
+		for _, host := range opts.AddHosts {
+			if _, err := parse.ValidateExtraHost(host); err != nil {
+				return nil, err
+			}
+		}
 	}
 
-	servers, err := flags.GetStringSlice("dns")
-	if err != nil {
-		return nil, err
-	}
-	for _, d := range servers {
-		if d == "none" {
-			opts.UseImageResolvConf = true
-			if len(servers) > 1 {
-				return nil, errors.Errorf("%s is not allowed to be specified with other DNS ip addresses", d)
-			}
-			break
+	if flags.Changed("dns") {
+		servers, err := flags.GetStringSlice("dns")
+		if err != nil {
+			return nil, err
 		}
-		dns := net.ParseIP(d)
-		if dns == nil {
-			return nil, errors.Errorf("%s is not an ip address", d)
+		for _, d := range servers {
+			if d == "none" {
+				opts.UseImageResolvConf = true
+				if len(servers) > 1 {
+					return nil, errors.Errorf("%s is not allowed to be specified with other DNS ip addresses", d)
+				}
+				break
+			}
+			dns := net.ParseIP(d)
+			if dns == nil {
+				return nil, errors.Errorf("%s is not an ip address", d)
+			}
+			opts.DNSServers = append(opts.DNSServers, dns)
 		}
-		opts.DNSServers = append(opts.DNSServers, dns)
 	}
 
-	options, err := flags.GetStringSlice("dns-opt")
-	if err != nil {
-		return nil, err
+	if flags.Changed("dns-opt") {
+		options, err := flags.GetStringSlice("dns-opt")
+		if err != nil {
+			return nil, err
+		}
+		opts.DNSOptions = options
 	}
-	opts.DNSOptions = options
 
-	dnsSearches, err := flags.GetStringSlice("dns-search")
-	if err != nil {
-		return nil, err
-	}
-	// Validate domains are good
-	for _, dom := range dnsSearches {
-		if dom == "." {
-			if len(dnsSearches) > 1 {
-				return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'")
-			}
-			continue
-		}
-		if _, err := parse.ValidateDomain(dom); err != nil {
+	if flags.Changed("dns-search") {
+		dnsSearches, err := flags.GetStringSlice("dns-search")
+		if err != nil {
 			return nil, err
 		}
+		// Validate domains are good
+		for _, dom := range dnsSearches {
+			if dom == "." {
+				if len(dnsSearches) > 1 {
+					return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'")
+				}
+				continue
+			}
+			if _, err := parse.ValidateDomain(dom); err != nil {
+				return nil, err
+			}
+		}
+		opts.DNSSearch = dnsSearches
 	}
-	opts.DNSSearch = dnsSearches
 
-	inputPorts, err := flags.GetStringSlice("publish")
-	if err != nil {
-		return nil, err
-	}
-	if len(inputPorts) > 0 {
-		opts.PublishPorts, err = specgenutil.CreatePortBindings(inputPorts)
+	if flags.Changed("publish") {
+		inputPorts, err := flags.GetStringSlice("publish")
 		if err != nil {
 			return nil, err
 		}
+		if len(inputPorts) > 0 {
+			opts.PublishPorts, err = specgenutil.CreatePortBindings(inputPorts)
+			if err != nil {
+				return nil, err
+			}
+		}
 	}
 
-	opts.NoHosts, err = flags.GetBool("no-hosts")
-	if err != nil {
-		return nil, err
+	if flags.Changed("no-host") {
+		opts.NoHosts, err = flags.GetBool("no-hosts")
+		if err != nil {
+			return nil, err
+		}
 	}
 
 	// parse the network only when network was changed
-- 
cgit v1.2.3-54-g00ecf


From a1bc8cb52cefd49e8cc54ae14d1864b8a1ec216e Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 1 Feb 2022 15:58:27 -0500
Subject: Move each search dns to its own line

Alpine does not seem to use search correctly when there are multiple
search domains on the same line. It only uses the first with the advent.
When podman runs within a separate network we are appending on
dns.podman as a search, if you add a search domain, then this causes the
local search on network to fail.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 cmd/podman/common/netflags.go   | 10 ++++------
 pkg/resolvconf/resolvconf.go    |  8 +++-----
 test/system/500-networking.bats |  7 ++++++-
 3 files changed, 13 insertions(+), 12 deletions(-)

(limited to 'cmd/podman')

diff --git a/cmd/podman/common/netflags.go b/cmd/podman/common/netflags.go
index cfe4956b0..9dfe81d62 100644
--- a/cmd/podman/common/netflags.go
+++ b/cmd/podman/common/netflags.go
@@ -103,7 +103,7 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti
 		opts = &entities.NetOptions{}
 	}
 
-	if flags.Changed("add-hosts") {
+	if flags.Changed("add-host") {
 		opts.AddHosts, err = flags.GetStringSlice("add-host")
 		if err != nil {
 			return nil, err
@@ -178,11 +178,9 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti
 		}
 	}
 
-	if flags.Changed("no-host") {
-		opts.NoHosts, err = flags.GetBool("no-hosts")
-		if err != nil {
-			return nil, err
-		}
+	opts.NoHosts, err = flags.GetBool("no-hosts")
+	if err != nil {
+		return nil, err
 	}
 
 	// parse the network only when network was changed
diff --git a/pkg/resolvconf/resolvconf.go b/pkg/resolvconf/resolvconf.go
index f23cd61b0..d7505e049 100644
--- a/pkg/resolvconf/resolvconf.go
+++ b/pkg/resolvconf/resolvconf.go
@@ -221,11 +221,9 @@ func GetOptions(resolvConf []byte) []string {
 // dnsSearch, and an "options" entry for every element in dnsOptions.
 func Build(path string, dns, dnsSearch, dnsOptions []string) (*File, error) {
 	content := bytes.NewBuffer(nil)
-	if len(dnsSearch) > 0 {
-		if searchString := strings.Join(dnsSearch, " "); strings.Trim(searchString, " ") != "." {
-			if _, err := content.WriteString("search " + searchString + "\n"); err != nil {
-				return nil, err
-			}
+	for _, search := range dnsSearch {
+		if _, err := content.WriteString("search " + search + "\n"); err != nil {
+			return nil, err
 		}
 	}
 	for _, dns := range dns {
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 9f70c1c6c..e54b8d26a 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -597,7 +597,7 @@ load helpers
     searchIP="100.100.100.100"
     cat >$containersconf <<EOF
 [containers]
-  dns_searches  = [ "example.com"]
+  dns_searches  = [ "example.com", "test1.com"]
   dns_servers = [
     "1.1.1.1",
     "$searchIP",
@@ -605,9 +605,14 @@ load helpers
     "8.8.8.8",
 ]
 EOF
+export searchDNS="search example.com
+search test1.com
+search a.b"
     CONTAINERS_CONF=$containersconf run_podman run --rm $IMAGE grep "example.com" /etc/resolv.conf
     CONTAINERS_CONF=$containersconf run_podman run --rm $IMAGE grep $searchIP /etc/resolv.conf
     is "$output" "nameserver $searchIP" "Should only be one $searchIP not multiple"
+    CONTAINERS_CONF=$containersconf run_podman run --dns-search a.b --rm $IMAGE grep search /etc/resolv.conf
+    is "$output" "$searchDNS" "Searches should be on different lines"
 }
 
 # vim: filetype=sh
-- 
cgit v1.2.3-54-g00ecf