diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-04-17 14:13:09 -0400 | 
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2013-04-18 19:38:28 -0400 | 
| commit | f333fbb1efc2f32527f78cbdb003d59bae01aa07 (patch) | |
| tree | 72f6dc764114fbdc8a65f7fc3593daa5a96db581 | |
| parent | 7c04ad2da1cf08ebf53b9aa9671c8c1dc9577135 (diff) | |
nspawn: create empty /etc/resolv.conf if necessary
nspawn will overmount resolv.conf if it exists. Since e.g.
default install with yum doesn't create /etc/resolv.conf,
a container created with yum will not have network. This
seems undesirable, and since we overmount the file anyway,
let's create it too.
Also, mounting a read-write /etc/resolv.conf in the container
is treated as a failure, since it makes it possible to
modify hosts /etc/resolv.conf from inside the container.
| -rw-r--r-- | src/nspawn/nspawn.c | 17 | 
1 files changed, 12 insertions, 5 deletions
| diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index f57c75ffee..5a43d5ed12 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -492,7 +492,8 @@ static int setup_timezone(const char *dest) {  }  static int setup_resolv_conf(const char *dest) { -        char *where; +        char _cleanup_free_ *where = NULL; +        _cleanup_close_ int fd = -1;          assert(dest); @@ -504,12 +505,18 @@ static int setup_resolv_conf(const char *dest) {          if (!where)                  return log_oom(); +        fd = open(where, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644); +          /* We don't really care for the results of this really. If it           * fails, it fails, but meh... */ -        if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) >= 0) -                mount("/etc/resolv.conf", where, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL); - -        free(where); +        if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) < 0) +                log_warning("Failed to bind mount /etc/resolv.conf: %m"); +        else +                if (mount("/etc/resolv.conf", where, "bind", +                          MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { +                        log_error("Failed to remount /etc/resolv.conf readonly: %m"); +                        return -errno; +                }          return 0;  } | 
