network, slirp4netns: add option to allow host loopback

Closes: https://github.com/containers/podman/issues/6912

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>

libpod/networking_linux.go

@@ -224,6 +224,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
 	logPath := filepath.Join(ctr.runtime.config.Engine.TmpDir, fmt.Sprintf("slirp4netns-%s.log", ctr.config.ID))
 
 	isSlirpHostForward := false
+	disableHostLoopback := true
 	if ctr.config.NetworkOptions != nil {
 		slirpOptions := ctr.config.NetworkOptions["slirp4netns"]
 		for _, o := range slirpOptions {
@@ -232,6 +233,10 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
 				isSlirpHostForward = true
 			case "port_handler=rootlesskit":
 				isSlirpHostForward = false
+			case "allow_host_loopback=true":
+				disableHostLoopback = false
+			case "allow_host_loopback=false":
+				disableHostLoopback = true
 			default:
 				return errors.Errorf("unknown option for slirp4netns: %q", o)
 
@@ -244,7 +249,7 @@ func (r *Runtime) setupRootlessNetNS(ctr *Container) error {
 	if err != nil {
 		return errors.Wrapf(err, "error checking slirp4netns binary %s: %q", path, err)
 	}
-	if slirpFeatures.HasDisableHostLoopback {
+	if disableHostLoopback && slirpFeatures.HasDisableHostLoopback {
 		cmdArgs = append(cmdArgs, "--disable-host-loopback")
 	}
 	if slirpFeatures.HasMTU {

test/e2e/run_networking_test.go

@@ -244,6 +244,12 @@ var _ = Describe("Podman run networking", func() {
 		Expect(session.ExitCode()).To(Not(Equal(0)))
 	})
 
+	It("podman run slirp4netns network with host loopback", func() {
+		session := podmanTest.Podman([]string{"run", "--network", "slirp4netns:allow_host_loopback=true", ALPINE, "ping", "-c1", "10.0.2.2"})
+		session.Wait(30)
+		Expect(session.ExitCode()).To(Equal(0))
+	})
+
 	It("podman run network expose ports in image metadata", func() {
 		session := podmanTest.Podman([]string{"create", "-dt", "-P", nginx})
 		session.Wait(90)