Bug ID 1215853
Summary Cannot pull images with rootless docker on openSUSE Tumbleweed due to symlinked /etc/resolve.conf
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware VMWare
OS All
Status NEW
Severity Normal
Priority P5 - None
Component Containers
Assignee containers-bugowner@suse.de
Reporter tillmann-fischer@gmx.de
QA Contact qa-bugs@suse.de
Target Milestone ---
Found By ---
Blocker --- 

Dear all,

recently, I faced a strange issue with rootless docker on openSUSE Tumbleweed,
which prevented any pulling of images. Basically, no traffic seems to be
leaving the rootlesskit's namespace. Pulling an docker images always gives an
i/o timeout:

```
someuser@somehost:~> docker pull hello-world
Using default tag: latest
Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp:
lookup registry-1.docker.io on 10.0.2.3:53: read udp
10.0.2.100:48971->10.0.2.3:53: i/o timeout
```

After quiet some digging and and with the help of two users at the [docker
forum](https://forums.docker.com/t/rootless-docker-i-o-timeout-with-docker-pull/137848/24)
and [openSUSE
forum](https://forums.opensuse.org/t/rootless-docker-i-o-timeout-with-docker-pull/169468/4),
the issue seems to be connected to slirp4netns not reading /etc/resolve.conf ,
as this is symlinked to /var/run/netconfig/resolv.conf . 

Following the [slirp4netns
documentation](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1.md):

```
Requires /etc/resolv.conf not to be a symlink to a file outside /etc and /run.
```

However, in openSUSE the resolve.conf is generated in /var/run/netconfig/ from
what is given in /etc/sysconfig/network/config. Removing the simlinked
/etc/resolve.conf and just copying over /var/run/netconfig/resolv.conf to /etc/
solved the issue, but that should not survive any restart of the sever:

```
someuser@somehost:~> docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
719385e32844: Pull complete 
Digest: sha256:4f53e2564790c8e7856ec08e384732aa38dc43c52f02952483e3f003afbf23db
Status: Downloaded newer image for hello-world:latest
docker.io/library/hello-world:latest
```

```
someuser@somehost:~> cat /etc/os-release
NAME="openSUSE Tumbleweed"
# VERSION="20230927"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20230927"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20230927"
BUG_REPORT_URL="https://bugzilla.opensuse.org"
SUPPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org"
DOCUMENTATION_URL="https://en.opensuse.org/Portal:Tumbleweed"
LOGO="distributor-logo-Tumbleweed"
```

Best

You are receiving this mail because: