From 81e5bffc32ec1bed5f8dd1554d75e7ec5ddffaed Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Tue, 28 Mar 2023 15:48:47 +0200
Subject: [PATCH] fix slirp4netns resolv.conf ip with a userns

When a userns is set we setup the network after the bind mounts, at the
point where resolv.conf is generated we do not yet know the subnet.
Just like the other dns servers for bridge networks we need to add the
ip later in completeNetworkSetup()

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=2182052

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 libpod/container_internal.go        |  2 ++
 libpod/container_internal_common.go |  7 ++++++-
 test/system/500-networking.bats     | 14 ++++++++++++--
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/libpod/container_internal.go b/libpod/container_internal.go
index d81e2512ec..ab8b4daa21 100644
--- a/libpod/container_internal.go
+++ b/libpod/container_internal.go
@@ -1003,6 +1003,8 @@ func (c *Container) completeNetworkSetup() error {
 			nameservers = append(nameservers, server.String())
 		}
 	}
+	nameservers = c.addSlirp4netnsDNS(nameservers)
+
 	// check if we have a bindmount for /etc/hosts
 	if hostsBindMount, ok := state.BindMounts[config.DefaultHostsFile]; ok {
 		entries, err := c.getHostsEntries()
diff --git a/libpod/container_internal_common.go b/libpod/container_internal_common.go
index fbca60027c..f7911bb51e 100644
--- a/libpod/container_internal_common.go
+++ b/libpod/container_internal_common.go
@@ -2037,8 +2037,13 @@ func (c *Container) generateResolvConf() error {
 		}
 		// first add the nameservers from the networks status
 		nameservers = networkNameServers
+
 		// slirp4netns has a built in DNS forwarder.
-		nameservers = c.addSlirp4netnsDNS(nameservers)
+		// If in userns the network is not setup here, instead we need to do that in
+		// c.completeNetworkSetup() which knows the actual slirp dns ip only at that point
+		if !c.config.PostConfigureNetNS {
+			nameservers = c.addSlirp4netnsDNS(nameservers)
+		}
 	}
 
 	// Set DNS search domains
diff --git a/test/system/500-networking.bats b/test/system/500-networking.bats
index 6a5165fd9b..b6390f5f3d 100644
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@@ -196,8 +196,18 @@ load helpers.network
 @test "podman run with slirp4ns adds correct dns address to resolv.conf" {
     CIDR="$(random_rfc1918_subnet)"
     run_podman run --rm --network slirp4netns:cidr="${CIDR}.0/24" \
-                $IMAGE grep "${CIDR}" /etc/resolv.conf
-    is "$output"   "nameserver ${CIDR}.3"   "resolv.conf should have slirp4netns cidr+3 as a nameserver"
+                $IMAGE cat /etc/resolv.conf
+    assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver"
+    no_userns_out="$output"
+
+    if is_rootless; then
+    # check the slirp ip also works correct with userns
+        run_podman run --rm --userns keep-id --network slirp4netns:cidr="${CIDR}.0/24" \
+                $IMAGE cat /etc/resolv.conf
+        assert "$output" =~ "nameserver ${CIDR}.3" "resolv.conf should have slirp4netns cidr+3 as first nameserver with userns"
+        assert "$output" == "$no_userns_out" "resolv.conf should look the same for userns"
+    fi
+
 }
 
 @test "podman run with slirp4ns assigns correct ip address container" {