[forwardport]populate resolv conf from right location for multipod (microsoft#2604)

helsaawy · Abhishek Singh (Manifold) · web-flow · commit 6eb7cd9c02a8 · 2026-02-18T15:48:05.000-05:00
populate resolv conf from right location(virtual pod dir) for virtualpod. issue: resolv.conf not getting populated with dns info incase of multi pod. cause: populating from wrong sandbox location fix: fix the read location (cherry picked from commit e819474) Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com> Co-authored-by: Abhishek Singh (Manifold) <Abhishek.Singh@microsoft.com>
diff --git a/internal/guest/spec/spec.go b/internal/guest/spec/spec.go
@@ -43,6 +43,18 @@ func networkingMountPaths() []string {
 func GenerateWorkloadContainerNetworkMounts(sandboxID string, spec *oci.Spec) []oci.Mount {
 	var nMounts []oci.Mount
 
+	// In multipod mode, the sandbox writes networking files (resolv.conf, hostname, hosts)
+	// under the virtual pod root directory. Use VirtualPodAwareSandboxRootDir to ensure
+	// workload containers mount from the correct path.
+	virtualSandboxID := spec.Annotations[annotations.VirtualPodID]
+	rootDir := VirtualPodAwareSandboxRootDir(sandboxID, virtualSandboxID)
+
+	logrus.WithFields(logrus.Fields{
+		"sandboxID":        sandboxID,
+		"virtualSandboxID": virtualSandboxID,
+		"rootDir":          rootDir,
+	}).Info("GenerateWorkloadContainerNetworkMounts: resolved mount source root directory")
+
 	for _, mountPath := range networkingMountPaths() {
 		// Don't override if the mount is present in the spec
 		if MountPresent(mountPath, spec.Mounts) {
@@ -56,7 +68,7 @@ func GenerateWorkloadContainerNetworkMounts(sandboxID string, spec *oci.Spec) []
 		mt := oci.Mount{
 			Destination: mountPath,
 			Type:        "bind",
-			Source:      filepath.Join(SandboxRootDir(sandboxID), trimmedMountPath),
+			Source:      filepath.Join(rootDir, trimmedMountPath),
 			Options:     options,
 		}
 		nMounts = append(nMounts, mt)
diff --git a/pkg/securitypolicy/securitypolicy_linux.go b/pkg/securitypolicy/securitypolicy_linux.go
@@ -20,7 +20,8 @@ const osType = "linux"
 
 func ExtendPolicyWithNetworkingMounts(sandboxID string, enforcer SecurityPolicyEnforcer, spec *oci.Spec) error {
 	roSpec := &oci.Spec{
-		Root: spec.Root,
+		Root:        spec.Root,
+		Annotations: spec.Annotations,
 	}
 	networkingMounts := specInternal.GenerateWorkloadContainerNetworkMounts(sandboxID, roSpec)
 	if err := enforcer.ExtendDefaultMounts(networkingMounts); err != nil {

Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,8 @@ const osType = "linux"`
`20`	`20`
`21`	`21`	`func ExtendPolicyWithNetworkingMounts(sandboxID string, enforcer SecurityPolicyEnforcer, spec *oci.Spec) error {`
`22`	`22`	`roSpec := &oci.Spec{`
`23`		`- Root: spec.Root,`
	`23`	`+ Root: spec.Root,`
	`24`	`+ Annotations: spec.Annotations,`
`24`	`25`	`}`
`25`	`26`	`networkingMounts := specInternal.GenerateWorkloadContainerNetworkMounts(sandboxID, roSpec)`
`26`	`27`	`if err := enforcer.ExtendDefaultMounts(networkingMounts); err != nil {`