https://bugzilla.suse.com/show_bug.cgi?id=1215853 Bug ID: 1215853 Summary: Cannot pull images with rootless docker on openSUSE Tumbleweed due to symlinked /etc/resolve.conf Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: VMWare OS: All Status: NEW Severity: Normal Priority: P5 - None Component: Containers Assignee: containers-bugowner@suse.de Reporter: tillmann-fischer@gmx.de QA Contact: qa-bugs@suse.de Target Milestone: --- Found By: --- Blocker: --- Dear all, recently, I faced a strange issue with rootless docker on openSUSE Tumbleweed, which prevented any pulling of images. Basically, no traffic seems to be leaving the rootlesskit's namespace. Pulling an docker images always gives an i/o timeout: ``` someuser@somehost:~> docker pull hello-world Using default tag: latest Error response from daemon: Get "https://registry-1.docker.io/v2/": dial tcp: lookup registry-1.docker.io on 10.0.2.3:53: read udp 10.0.2.100:48971->10.0.2.3:53: i/o timeout ``` After quiet some digging and and with the help of two users at the [docker forum](https://forums.docker.com/t/rootless-docker-i-o-timeout-with-docker-pull/137...) and [openSUSE forum](https://forums.opensuse.org/t/rootless-docker-i-o-timeout-with-docker-pull/1...), the issue seems to be connected to slirp4netns not reading /etc/resolve.conf , as this is symlinked to /var/run/netconfig/resolv.conf . Following the [slirp4netns documentation](https://github.com/rootless-containers/slirp4netns/blob/master/slirp4netns.1...): ``` Requires /etc/resolv.conf not to be a symlink to a file outside /etc and /run. ``` However, in openSUSE the resolve.conf is generated in /var/run/netconfig/ from what is given in /etc/sysconfig/network/config. Removing the simlinked /etc/resolve.conf and just copying over /var/run/netconfig/resolv.conf to /etc/ solved the issue, but that should not survive any restart of the sever: ``` someuser@somehost:~> docker pull hello-world Using default tag: latest latest: Pulling from library/hello-world 719385e32844: Pull complete Digest: sha256:4f53e2564790c8e7856ec08e384732aa38dc43c52f02952483e3f003afbf23db Status: Downloaded newer image for hello-world:latest docker.io/library/hello-world:latest ``` ``` someuser@somehost:~> cat /etc/os-release NAME="openSUSE Tumbleweed" # VERSION="20230927" ID="opensuse-tumbleweed" ID_LIKE="opensuse suse" VERSION_ID="20230927" PRETTY_NAME="openSUSE Tumbleweed" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:tumbleweed:20230927" BUG_REPORT_URL="https://bugzilla.opensuse.org" SUPPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org" DOCUMENTATION_URL="https://en.opensuse.org/Portal:Tumbleweed" LOGO="distributor-logo-Tumbleweed" ``` Best -- You are receiving this mail because: You are on the CC list for the bug.