From 5b9c07b34104b2e268faf1afbe7785835e579a26 Mon Sep 17 00:00:00 2001
From: Kai Takac <kai.takac@gmail.com>
Date: Wed, 7 Aug 2024 10:53:09 +0200
Subject: [PATCH] fix: check network mode when choosing resolv.conf

---
 executor/oci/resolvconf.go      | 14 +++++++++++---
 executor/oci/resolvconf_test.go |  2 +-
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/executor/oci/resolvconf.go b/executor/oci/resolvconf.go
index f58e179d0aacd..e6b26f5727b1e 100644
--- a/executor/oci/resolvconf.go
+++ b/executor/oci/resolvconf.go
@@ -17,7 +17,15 @@ var notFirstRun bool
 var lastNotEmpty bool
 
 // overridden by tests
-var resolvconfPath = resolvconf.Path
+var resolvconfPath = func(netMode pb.NetMode) string {
+	// The implementation of resolvconf.Path checks if systemd resolved is activated and chooses the internal resolv.conf (/run/systemd/resolve/resolv.conf) in such a case - see resolvconf_path.go of libnetwork.
+	// This, however, can be problematic, see https://github.com/moby/buildkit/issues/2404 and is not necessary in case the networking mode is set to host since the locally (127.0.0.53) running resolved daemon is accessible from inside a host networked container.
+	// For details of the implementation see https://github.com/moby/buildkit/pull/5207#discussion_r1705362230.
+	if netMode == pb.NetMode_HOST {
+		return "/etc/resolv.conf"
+	}
+	return resolvconf.Path()
+}
 
 type DNSConfig struct {
 	Nameservers   []string
@@ -44,7 +52,7 @@ func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.Identity
 				generate = true
 			}
 			if !generate {
-				fiMain, err := os.Stat(resolvconfPath())
+				fiMain, err := os.Stat(resolvconfPath(netMode))
 				if err != nil {
 					if !errors.Is(err, os.ErrNotExist) {
 						return struct{}{}, err
@@ -63,7 +71,7 @@ func GetResolvConf(ctx context.Context, stateDir string, idmap *idtools.Identity
 			return struct{}{}, nil
 		}
 
-		dt, err := os.ReadFile(resolvconfPath())
+		dt, err := os.ReadFile(resolvconfPath(netMode))
 		if err != nil && !errors.Is(err, os.ErrNotExist) {
 			return struct{}{}, err
 		}
diff --git a/executor/oci/resolvconf_test.go b/executor/oci/resolvconf_test.go
index 52ec3dc435ef1..f2d0059028122 100644
--- a/executor/oci/resolvconf_test.go
+++ b/executor/oci/resolvconf_test.go
@@ -111,7 +111,7 @@ func TestResolvConf(t *testing.T) {
 			t.Cleanup(func() {
 				resolvconfPath = oldResolvconfPath
 			})
-			resolvconfPath = func() string {
+			resolvconfPath = func(netMode pb.NetMode) string {
 				if tt.dt == nil {
 					return "no-such-file"
 				}