Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support combining --net=container: and --dns flags #25386

Open
0xF4CED opened this issue Feb 23, 2025 · 1 comment
Open

Support combining --net=container: and --dns flags #25386

0xF4CED opened this issue Feb 23, 2025 · 1 comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@0xF4CED
Copy link
Contributor

0xF4CED commented Feb 23, 2025
edited
Loading

Feature request description

Users should be allowed to decide if they wish to overwrite the DNS settings in the dependent container.

In a previous (now locked) issue it was decided to:

[...] make all of the --dns commands conflict with --net = container:* calls.

Originally posted by @rhatdan in #3553
(completed in #3579)

Current behavior:
podman run --rm --name testdns --dns 1.1.1.1 --net container:other alpine cat /etc/resolv.conf

Error: conflicting options: dns and the network mode: container

Suggest potential solution

Allow combining --net=container: and --dns flags.
This should not overwrite the DNS settings in the other container, but only update the DNS settings in the new (testdns) container. So, the resolv.conf would need to be overlaid, or similar, instead of the current 1:1 mount.

Desired behavior:
podman run --rm --name testdns --dns 1.1.1.1 --net container:other alpine cat /etc/resolv.conf

nameserver 1.1.1.1

Maybe with a warning.

Have you considered any alternatives?

Mounting a custom resolv.conf into the container:
podman run --rm --name testdns --net container:other -v $PWD/resolv.conf:/etc/resolv.conf:ro alpine cat /etc/resolv.conf

nameserver 1.1.1.1

This works fine, which made me realize that this should be possible with the --dns flag in the first place.

Additional context

No response
@0xF4CED 0xF4CED added the kind/feature Categorizes issue or PR as related to a new feature. label Feb 23, 2025
@Luap99
Copy link
Member

Luap99 commented Feb 24, 2025

The reason this is because we always bind mount the resolv.conf file of the dependency container so they are the same file. If you write one of them the other sees the same change.

Yes technically it is possible for us to create and bind mount another file for the container when dns options are set but that complicates the code a fair amount so I am not sure if that is worth it. What is your actual use case?

The main issue I see with this what defines given dns settings. Only on the cli, also from config file (containers.conf)? What happens if the dependency container has a specific dns and search domain set and the new container only set search? Would it pick up the dns from the dependency container as well? It is not clear how this would work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@0xF4CED @Luap99