summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-04-17 14:13:09 -0400
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2013-04-18 19:38:28 -0400
commitf333fbb1efc2f32527f78cbdb003d59bae01aa07 (patch)
tree72f6dc764114fbdc8a65f7fc3593daa5a96db581 /src
parent7c04ad2da1cf08ebf53b9aa9671c8c1dc9577135 (diff)
nspawn: create empty /etc/resolv.conf if necessary
nspawn will overmount resolv.conf if it exists. Since e.g. default install with yum doesn't create /etc/resolv.conf, a container created with yum will not have network. This seems undesirable, and since we overmount the file anyway, let's create it too. Also, mounting a read-write /etc/resolv.conf in the container is treated as a failure, since it makes it possible to modify hosts /etc/resolv.conf from inside the container.
Diffstat (limited to 'src')
-rw-r--r--src/nspawn/nspawn.c17
1 files changed, 12 insertions, 5 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index f57c75ffee..5a43d5ed12 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -492,7 +492,8 @@ static int setup_timezone(const char *dest) {
}
static int setup_resolv_conf(const char *dest) {
- char *where;
+ char _cleanup_free_ *where = NULL;
+ _cleanup_close_ int fd = -1;
assert(dest);
@@ -504,12 +505,18 @@ static int setup_resolv_conf(const char *dest) {
if (!where)
return log_oom();
+ fd = open(where, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
+
/* We don't really care for the results of this really. If it
* fails, it fails, but meh... */
- if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) >= 0)
- mount("/etc/resolv.conf", where, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL);
-
- free(where);
+ if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) < 0)
+ log_warning("Failed to bind mount /etc/resolv.conf: %m");
+ else
+ if (mount("/etc/resolv.conf", where, "bind",
+ MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
+ log_error("Failed to remount /etc/resolv.conf readonly: %m");
+ return -errno;
+ }
return 0;
}