From 870eed9378c025f3684aa8baf3db6de969da3c5d Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Wed, 21 Nov 2018 09:30:03 -0500
Subject: Use host's resolv.conf if no network namespace enabled

My host system runs Fedora Silverblue 29 and I have NetworkManager's
`dns=dnsmasq` setting enabled, so my `/etc/resolv.conf` only has
`127.0.0.1`.

I also run my development podman containers with `--net=host`
for various reasons.

If we have a host network namespace, there's no reason not to just
use the host's nameserver configuration either.

This fixes e.g. accessing content on a VPN, and is also faster
since the container is using cached DNS.

I know this doesn't solve the bigger picture issue of localhost-DNS
conflicting with bridged networking, but that's far more involved,
probably requiring a DNS proxy in the container.  This patch
makes my workflow a lot nicer and was easy to write.

Signed-off-by: Colin Walters <walters@verbum.org>
---
 pkg/resolvconf/resolvconf.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'pkg/resolvconf')

diff --git a/pkg/resolvconf/resolvconf.go b/pkg/resolvconf/resolvconf.go
index fccd60093..e85bcb377 100644
--- a/pkg/resolvconf/resolvconf.go
+++ b/pkg/resolvconf/resolvconf.go
@@ -103,13 +103,21 @@ func GetLastModified() *File {
 }
 
 // FilterResolvDNS cleans up the config in resolvConf.  It has two main jobs:
-// 1. It looks for localhost (127.*|::1) entries in the provided
+// 1. If a netns is enabled, it looks for localhost (127.*|::1) entries in the provided
 //    resolv.conf, removing local nameserver entries, and, if the resulting
 //    cleaned config has no defined nameservers left, adds default DNS entries
 // 2. Given the caller provides the enable/disable state of IPv6, the filter
 //    code will remove all IPv6 nameservers if it is not enabled for containers
 //
-func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool) (*File, error) {
+func FilterResolvDNS(resolvConf []byte, ipv6Enabled bool, netnsEnabled bool) (*File, error) {
+	// If we're using the host netns, we have nothing to do besides hash the file.
+	if !netnsEnabled {
+		hash, err := ioutils.HashData(bytes.NewReader(resolvConf))
+		if err != nil {
+			return nil, err
+		}
+		return &File{Content: resolvConf, Hash: hash}, nil
+	}
 	cleanedResolvConf := localhostNSRegexp.ReplaceAll(resolvConf, []byte{})
 	// if IPv6 is not enabled, also clean out any IPv6 address nameserver
 	if !ipv6Enabled {
-- 
cgit v1.2.3-54-g00ecf