netavark: only use aardvark ip as nameserver

Since commit 0624107 we use the aardvark per container dns functionality. This means we should only have the aardvark ip in resolv.conf otherwise the client resolver could skip aardvark, thus ignoring the special dns option for this container. Fixes containers#17499 Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Luap99 · Feb 20, 2023 · 9dc730d · 9dc730d
1 parent 37352a0
commit 9dc730d
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go
@@ -2048,7 +2048,11 @@ func (c *Container) generateResolvConf() error {
 	// If the user provided dns, it trumps all; then dns masq; then resolv.conf
 	keepHostServers := false
 	if len(nameservers) == 0 {
-		keepHostServers = true
+		// when no network name servers or not netavark use host servers
+		// for aardvark dns we only want our single server in there
+		if len(networkNameServers) == 0 || networkBackend != string(types.Netavark) {
+			keepHostServers = true
+		}
 		// first add the nameservers from the networks status
 		nameservers = networkNameServers
 		// slirp4netns has a built in DNS forwarder.

diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
@@ -663,7 +663,7 @@ EOF
     is "$output" "search example.com.*" "correct search domain"
     local store=$output
     if is_netavark; then
-        is "$store" ".*nameserver $subnet.1.*" "integrated dns nameserver is set"
+        assert "$store" == "search example.com${nl}nameserver $subnet.1" "only integrated dns nameserver is set"
     else
         is "$store" ".*nameserver 1.1.1.1${nl}nameserver $searchIP${nl}nameserver 1.0.0.1${nl}nameserver 8.8.8.8" "nameserver order is correct"
     fi