1 files changed, 24 insertions, 9 deletions

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 1fc0501c2e..905dbc4c74 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -18,7 +18,7 @@
 ***/
 
 #ifdef HAVE_BLKID
-#include <blkid/blkid.h>
+#include <blkid.h>
 #endif
 #include <errno.h>
 #include <getopt.h>
@@ -1158,6 +1158,10 @@ static int parse_argv(int argc, char *argv[]) {
 
         arg_caps_retain = (arg_caps_retain | plus | (arg_private_network ? 1ULL << CAP_NET_ADMIN : 0)) & ~minus;
 
+        r = cg_unified_flush();
+        if (r < 0)
+                return log_error_errno(r, "Failed to determine whether the unified cgroups hierarchy is used: %m");
+
         e = getenv("SYSTEMD_NSPAWN_CONTAINER_SERVICE");
         if (e)
                 arg_container_service_name = e;
@@ -1321,17 +1325,32 @@ static int setup_timezone(const char *dest) {
         return 0;
 }
 
-static int resolved_running(void) {
+static int resolved_listening(void) {
         _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_free_ char *dns_stub_listener_mode = NULL;
         int r;
 
-        /* Check if resolved is running */
+        /* Check if resolved is listening */
 
         r = sd_bus_open_system(&bus);
         if (r < 0)
                 return r;
 
-        return bus_name_has_owner(bus, "org.freedesktop.resolve1", NULL);
+        r = bus_name_has_owner(bus, "org.freedesktop.resolve1", NULL);
+        if (r <= 0)
+                return r;
+
+        r = sd_bus_get_property_string(bus,
+                                       "org.freedesktop.resolve1",
+                                       "/org/freedesktop/resolve1",
+                                       "org.freedesktop.resolve1.Manager",
+                                       "DNSStubListener",
+                                       NULL,
+                                       &dns_stub_listener_mode);
+        if (r < 0)
+                return r;
+
+        return STR_IN_SET(dns_stub_listener_mode, "udp", "yes");
 }
 
 static int setup_resolv_conf(const char *dest) {
@@ -1358,7 +1377,7 @@ static int setup_resolv_conf(const char *dest) {
         }
 
         if (access("/usr/lib/systemd/resolv.conf", F_OK) >= 0 &&
-            resolved_running() > 0) {
+            resolved_listening() > 0) {
 
                 /* resolved is enabled on the host. In this, case bind mount its static resolv.conf file into the
                  * container, so that the container can use the host's resolver. Given that network namespacing is
@@ -3530,10 +3549,6 @@ int main(int argc, char *argv[]) {
         log_parse_environment();
         log_open();
 
-        r = cg_unified_flush();
-        if (r < 0)
-                return log_error_errno(r, "Failed to determine whether the unified cgroups hierarchy is used: %m");
-
         /* Make sure rename_process() in the stub init process can work */
         saved_argv = argv;
         saved_argc = argc;