podman --subuidname does not set resolv.conf

[ibotty]

I am running the latest podman from the projectatomic ppa repository

• podman 1.6.1-1~ubuntu18.04~ppa3,
• containernetworking-plugins 0.8.2-1~ubuntu18.04~ppa3 and
• dnsname f5af33d.

When running a podman container with --subuidname, it does not correctly modify resolv.conf but uses the host's resolv.conf instead:

$ # correct:
$ sudo podman run alpine cat /etc/resolv.conf
search my-hosts.search
nameserver 10.88.0.1
$ # incorrect
$ sudo podman run --subuidname alpine cat /etc/resolv.conf
search my-hosts.search
nameserver my-hosts-nameserver1
nameserver my-hosts-nameserver1

I don't know whether that's a ticket for podman or dnsname. Please delegate if I am wrong.

[mheon]

I'm not familiar with any Podman flag named setuidname - is this a separate program being used to run Podman?

[ibotty]

Argh. I forgot to copy paste correctly! I meant --subuidname. Sorry for the mistake.

[mheon]

Ah, a container in a user namespace. Hm.

[ibotty]

Right, but in the host's net namespace.

[rhatdan]

I see no difference?

sh-5.0# sudo podman run --subuidname dwalsh alpine cat /etc/resolv.conf
search redhat.com
nameserver 10.11.5.19
nameserver 10.5.30.160
nameserver 192.168.1.1
sh-5.0# sudo podman run alpine cat /etc/resolv.conf
search redhat.com
nameserver 10.11.5.19
nameserver 10.5.30.160
nameserver 192.168.1.1

[ibotty]

Are you using the dnsname plugin? Because AFAICT the dnsname plugin sets the nameserver to the bridge's gateway address (because that's where it instructs dnsmasq to listen).

[baude]

i dont follow what should happen. can anyone elaborate ?

[ibotty]

Dnsname configures a dnsmasq server to listen on the bridge gateway address (on the host). It correctly configures resolv.conf to point to that nameserver when used without using user namespaces. When using user namespaces it does not.

[baude]

@ibotty interesting, thanks for the clarification. Do we all feel that is in error?

[rhatdan]

Sounds like an error to me.