Exposed ports are only included when not --net=host

Undoing some of my own work here from #24090 now that we have the
ExposedPorts field implemented in inspect. I considered a revert
of that patch, but it's still needed as without it we'd be
including exposed ports when --net=container which is not
correct.

Basically, exposed ports for a container should always go in the
new ExposedPorts field we added. They sometimes go in the Ports
field in NetworkSettings, but only when the container is not
net=host and not net=container. We were always including exposed
ports, which was not correct, but is an easy logical fix.

Also required is a test change to correct the expected behavior
as we were testing for incorrect behavior.

Fixes https://issues.redhat.com/browse/RHEL-60382

Signed-off-by: Matt Heon <mheon@redhat.com>

libpod/container_inspect.go

@@ -211,7 +211,11 @@ func (c *Container) getContainerInspectData(size bool, driverData *define.Driver
 		return nil, err
 	}
 	data.NetworkSettings = networkConfig
-	addInspectPortsExpose(c.config.ExposedPorts, data.NetworkSettings.Ports)
+	// Ports in NetworkSettings includes exposed ports for network modes that are not host,
+	// and not container.
+	if !(c.config.NetNsCtr != "" || c.NetworkMode() == "host") {
+		addInspectPortsExpose(c.config.ExposedPorts, data.NetworkSettings.Ports)
+	}
 
 	inspectConfig := c.generateInspectContainerConfig(ctrSpec)
 	data.Config = inspectConfig

test/e2e/run_networking_test.go

@@ -441,19 +441,22 @@ EXPOSE 2004-2005/tcp`, ALPINE)
 		Expect(inspectOut[0].HostConfig.PublishAllPorts).To(BeTrue())
 	})
 
-	It("podman run --net=host --expose includes port in inspect output", func() {
+	It("podman run --net=host --expose includes ports in inspect output", func() {
 		containerName := "testctr"
-		session := podmanTest.Podman([]string{"run", "--name", containerName, "-d", "--expose", "8080/tcp", NGINX_IMAGE, "sleep", "+inf"})
+		session := podmanTest.Podman([]string{"run", "--net=host", "--name", containerName, "-d", "--expose", "8080/tcp", NGINX_IMAGE, "sleep", "+inf"})
 		session.WaitWithDefaultTimeout()
 		Expect(session).Should(ExitCleanly())
 
 		inspectOut := podmanTest.InspectContainer(containerName)
 		Expect(inspectOut).To(HaveLen(1))
 
+		// Ports is empty. ExposedPorts is not.
+		Expect(inspectOut[0].NetworkSettings.Ports).To(BeEmpty())
+
 		// 80 from the image, 8080 from the expose
-		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(2))
+		Expect(inspectOut[0].Config.ExposedPorts).To(HaveLen(2))
-		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("80/tcp"))
+		Expect(inspectOut[0].Config.ExposedPorts).To(HaveKey("80/tcp"))
-		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("8080/tcp"))
+		Expect(inspectOut[0].Config.ExposedPorts).To(HaveKey("8080/tcp"))
 	})
 
 	It("podman run --net=container --expose exposed port from own container", func() {
@@ -469,8 +472,10 @@ EXPOSE 2004-2005/tcp`, ALPINE)
 
 		inspectOut := podmanTest.InspectContainer(ctr2)
 		Expect(inspectOut).To(HaveLen(1))
-		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveLen(1))
+		// Ports will not be populated. ExposedPorts will be.
-		Expect(inspectOut[0].NetworkSettings.Ports).To(HaveKey("8090/tcp"))
+		Expect(inspectOut[0].NetworkSettings.Ports).To(BeEmpty())
+		Expect(inspectOut[0].Config.ExposedPorts).To(HaveLen(1))
+		Expect(inspectOut[0].Config.ExposedPorts).To(HaveKey("8090/tcp"))
 	})
 
 	It("podman run -p 127.0.0.1::8980/udp", func() {