Only change network fields if they were actually changed by the user

Fixes: https://github.com/containers/podman/issues/13065 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2024-10-20 17:23:30 +00:00 · 2022-01-31 09:58:15 -05:00 · 2022-01-31 09:58:15 -05:00 · 4ddc4e79d7
parent dc0dc6a557
commit 4ddc4e79d7
2 changed files with 96 additions and 63 deletions
--- a/cmd/podman/common/netflags.go
+++ b/cmd/podman/common/netflags.go
@ -103,74 +103,86 @@ func NetFlagsToNetOptions(opts *entities.NetOptions, flags pflag.FlagSet) (*enti
 		opts = &entities.NetOptions{}
 	}

-	opts.AddHosts, err = flags.GetStringSlice("add-host")
-	if err != nil {
-		return nil, err
-	}
-	// Verify the additional hosts are in correct format
-	for _, host := range opts.AddHosts {
-		if _, err := parse.ValidateExtraHost(host); err != nil {
-			return nil, err
-		}
-	}
-
-	servers, err := flags.GetStringSlice("dns")
-	if err != nil {
-		return nil, err
-	}
-	for _, d := range servers {
-		if d == "none" {
-			opts.UseImageResolvConf = true
-			if len(servers) > 1 {
-				return nil, errors.Errorf("%s is not allowed to be specified with other DNS ip addresses", d)
-			}
-			break
-		}
-		dns := net.ParseIP(d)
-		if dns == nil {
-			return nil, errors.Errorf("%s is not an ip address", d)
-		}
-		opts.DNSServers = append(opts.DNSServers, dns)
-	}
-
-	options, err := flags.GetStringSlice("dns-opt")
-	if err != nil {
-		return nil, err
-	}
-	opts.DNSOptions = options
-
-	dnsSearches, err := flags.GetStringSlice("dns-search")
-	if err != nil {
-		return nil, err
-	}
-	// Validate domains are good
-	for _, dom := range dnsSearches {
-		if dom == "." {
-			if len(dnsSearches) > 1 {
-				return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'")
-			}
-			continue
-		}
-		if _, err := parse.ValidateDomain(dom); err != nil {
-			return nil, err
-		}
-	}
-	opts.DNSSearch = dnsSearches
-
-	inputPorts, err := flags.GetStringSlice("publish")
-	if err != nil {
-		return nil, err
-	}
-	if len(inputPorts) > 0 {
-		opts.PublishPorts, err = specgenutil.CreatePortBindings(inputPorts)
+	if flags.Changed("add-hosts") {
+		opts.AddHosts, err = flags.GetStringSlice("add-host")
 		if err != nil {
 			return nil, err
 		}
+		// Verify the additional hosts are in correct format
+		for _, host := range opts.AddHosts {
+			if _, err := parse.ValidateExtraHost(host); err != nil {
+				return nil, err
+			}
+		}
 	}

-	opts.NoHosts, err = flags.GetBool("no-hosts")
-	if err != nil {
-		return nil, err
+	if flags.Changed("dns") {
+		servers, err := flags.GetStringSlice("dns")
+		if err != nil {
+			return nil, err
+		}
+		for _, d := range servers {
+			if d == "none" {
+				opts.UseImageResolvConf = true
+				if len(servers) > 1 {
+					return nil, errors.Errorf("%s is not allowed to be specified with other DNS ip addresses", d)
+				}
+				break
+			}
+			dns := net.ParseIP(d)
+			if dns == nil {
+				return nil, errors.Errorf("%s is not an ip address", d)
+			}
+			opts.DNSServers = append(opts.DNSServers, dns)
+		}
+	}
+
+	if flags.Changed("dns-opt") {
+		options, err := flags.GetStringSlice("dns-opt")
+		if err != nil {
+			return nil, err
+		}
+		opts.DNSOptions = options
+	}
+
+	if flags.Changed("dns-search") {
+		dnsSearches, err := flags.GetStringSlice("dns-search")
+		if err != nil {
+			return nil, err
+		}
+		// Validate domains are good
+		for _, dom := range dnsSearches {
+			if dom == "." {
+				if len(dnsSearches) > 1 {
+					return nil, errors.Errorf("cannot pass additional search domains when also specifying '.'")
+				}
+				continue
+			}
+			if _, err := parse.ValidateDomain(dom); err != nil {
+				return nil, err
+			}
+		}
+		opts.DNSSearch = dnsSearches
+	}
+
+	if flags.Changed("publish") {
+		inputPorts, err := flags.GetStringSlice("publish")
+		if err != nil {
+			return nil, err
+		}
+		if len(inputPorts) > 0 {
+			opts.PublishPorts, err = specgenutil.CreatePortBindings(inputPorts)
+			if err != nil {
+				return nil, err
+			}
+		}
+	}
+
+	if flags.Changed("no-host") {
+		opts.NoHosts, err = flags.GetBool("no-hosts")
+		if err != nil {
+			return nil, err
+		}
 	}

 	// parse the network only when network was changed
--- a/test/system/500-networking.bats
+++ b/test/system/500-networking.bats
@ -589,4 +589,25 @@ load helpers
    run_podman network rm -t 0 -f $netname
 }

+@test "podman run CONTAINERS_CONF dns options" {
+    skip_if_remote "CONTAINERS_CONF redirect does not work on remote"
+    # Test on the CLI and via containers.conf
+    containersconf=$PODMAN_TMPDIR/containers.conf
+
+    searchIP="100.100.100.100"
+    cat >$containersconf <<EOF
+[containers]
+  dns_searches  = [ "example.com"]
+  dns_servers = [
+    "1.1.1.1",
+    "$searchIP",
+    "1.0.0.1",
+    "8.8.8.8",
+]
+EOF
+    CONTAINERS_CONF=$containersconf run_podman run --rm $IMAGE grep "example.com" /etc/resolv.conf
+    CONTAINERS_CONF=$containersconf run_podman run --rm $IMAGE grep $searchIP /etc/resolv.conf
+    is "$output" "nameserver $searchIP" "Should only be one $searchIP not multiple"
+}
+
 # vim: filetype=sh