shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Code

nspawn: try to bind mount resolved's resolv.conf snippet into the container

Browse Source 
This has the benefit that the container can follow the host's DNS server
changes without us having to constantly update the container's resolv.conf
settings.
This commit is contained in:
Lennart Poettering 2016-07-27 14:50:45 +02:00
parent 5e0bb1a628
commit 3539724c26
1 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/nspawn/nspawn.c
View File

@ -1254,24 +1254,39 @@ static int setup_resolv_conf(const char *dest) {
/* Fix resolv.conf, if possible */ /* Fix resolv.conf, if possible */
where = prefix_roota(dest, "/etc/resolv.conf"); where = prefix_roota(dest, "/etc/resolv.conf");
if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0) {
/* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the
* container, so that the container can use the host's resolver. Given that network namespacing is
* disabled it's only natural of the container also uses the host's resolver. It also has the big
* advantage that the container will be able to follow the host's DNS server configuration changes
* transparently. */
if (mount("/usr/lib/systemd/resolv.conf", where, NULL, MS_BIND, NULL) < 0)
log_warning_errno(errno, "Failed to mount /etc/resolv.conf in the container, ignoring: %m");
else {
if (mount(NULL, where, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY|MS_NOSUID|MS_NODEV, NULL) < 0)
return log_error_errno(errno, "Failed to remount /etc/resolv.conf read-only: %m");
return 0;
}
}
/* If that didn't work, let's copy the file */
r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0); r = copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW, 0644, 0);
if (r < 0) { if (r < 0) {
/* If the file already exists as symlink, let's /* If the file already exists as symlink, let's suppress the warning, under the assumption that
* suppress the warning, under the assumption that * resolved or something similar runs inside and the symlink points there.
* resolved or something similar runs inside and the
* symlink points there.
* *
* If the disk image is read-only, there's also no * If the disk image is read-only, there's also no point in complaining.
* point in complaining.
*/ */
log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r, log_full_errno(IN_SET(r, -ELOOP, -EROFS) ? LOG_DEBUG : LOG_WARNING, r,
"Failed to copy /etc/resolv.conf to %s: %m", where); "Failed to copy /etc/resolv.conf to %s, ignoring: %m", where);
return 0; return 0;
} }
r = userns_lchown(where, 0, 0); r = userns_lchown(where, 0, 0);
if (r < 0) if (r < 0)
log_warning_errno(r, "Failed to chown /etc/resolv.conf: %m"); log_warning_errno(r, "Failed to chown /etc/resolv.conf, ignoring: %m");
return 0; return 0;
} }