Bug 1215853 - Cannot pull images with rootless docker on openSUSE Tumbleweed due to symlinked /etc/resolve.conf
Summary: Cannot pull images with rootless docker on openSUSE Tumbleweed due to symlink...
Status: NEW
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Containers (show other bugs)
Version: Current
Hardware: VMWare All
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Containers Team
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-10-01 19:25 UTC by Fischer
Modified: 2023-10-01 19:25 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Fischer 2023-10-01 19:25:41 UTC 
Dear all,

recently, I faced a strange issue with rootless docker on openSUSE Tumbleweed, which prevented any pulling of images. Basically, no traffic seems to be leaving the rootlesskit's namespace. Pulling an docker images always gives an i/o timeout:

```
someuser@somehost:~> docker pull hello-world
Using default tag: latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: read udp 10.0.2.100:48971->10.0.2.3:53: i/o timeout
```

After quiet some digging and and with the help of two users at the [docker forum](https://forums.docker.com/t/rootless-docker-i-o-timeout-with-docker-pull/137848/24) and [openSUSE forum](https://forums.opensuse.org/t/rootless-docker-i-o-timeout-with-docker-pull/169468/4), the issue seems to be connected to slirp4netns not reading /etc/resolve.conf , as this is symlinked to /var/run/netconfig/resolv.conf . 

Following the [slirp4netns documentation](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md):

```
Requires /etc/resolv.conf not to be a symlink to a file outside /etc and /run.
```

However, in openSUSE the resolve.conf is generated in /var/run/netconfig/ from what is given in /etc/sysconfig/network/config. Removing the simlinked /etc/resolve.conf and just copying over /var/run/netconfig/resolv.conf to /etc/ solved the issue, but that should not survive any restart of the sever:

```
someuser@somehost:~> docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
719385e32844: Pull complete 
Digest: sha256:4f53e2564790c8e7856ec08e384732aa38dc43c52f02952483e3f003afbf23db
Status: Downloaded newer image for hello-world:latest
docker.io/library/hello-world:latest
```

```
someuser@somehost:~> cat /etc/os-release
NAME="openSUSE Tumbleweed"
# VERSION="20230927"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20230927"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20230927"
BUG_REPORT_URL="https://bugzilla.opensuse.org"
SUPPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org"
DOCUMENTATION_URL="https://en.opensuse.org/Portal:Tumbleweed"
LOGO="distributor-logo-Tumbleweed"
```

Best