nspawn: always copy /etc/resolv.conf rather than bind mount

We were already creating the file if it was missing, and this way
containers can reconfigure the file without running into problems.

This also makes resolv.conf handling more alike to handling of
/etc/localtime, which is also not a bind mount.

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index eb9605c356afaba27d2cb2c6bb2627dd90d5be11..fc4a8a36c869b716a4ffff7b38cb46fcc5bb7d39 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -521,7 +521,6 @@ static int setup_timezone(const char *dest) {
 
 static int setup_resolv_conf(const char *dest) {
         char _cleanup_free_ *where = NULL;
-        _cleanup_close_ int fd = -1;
 
         assert(dest);
 
@@ -533,18 +532,9 @@ static int setup_resolv_conf(const char *dest) {
         if (!where)
                 return log_oom();
 
-        fd = open(where, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
-
         /* We don't really care for the results of this really. If it
          * fails, it fails, but meh... */
-        if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) < 0)
-                log_warning("Failed to bind mount /etc/resolv.conf: %m");
-        else
-                if (mount("/etc/resolv.conf", where, "bind",
-                          MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
-                        log_error("Failed to remount /etc/resolv.conf readonly: %m");
-                        return -errno;
-                }
+        copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW);
 
         return 0;
 }

diff --git a/src/shared/util.c b/src/shared/util.c
index 9be6acfc8f3b45f31be7ec0210cd272d0c053c78..82f4221f300f5ab6ba02d126a43f7d9b80e765e8 100644 (file)
--- a/src/shared/util.c
+++ b/src/shared/util.c
@@ -4056,8 +4056,9 @@ int vt_disallocate(const char *name) {
         return 0;
 }
 
-int copy_file(const char *from, const char *to) {
-        int r, fdf, fdt;
+int copy_file(const char *from, const char *to, int flags) {
+        _cleanup_close_ int fdf = -1;
+        int r, fdt;
 
         assert(from);
         assert(to);
@@ -4066,11 +4067,9 @@ int copy_file(const char *from, const char *to) {
         if (fdf < 0)
                 return -errno;
 
-        fdt = open(to, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY, 0644);
-        if (fdt < 0) {
-                close_nointr_nofail(fdf);
+        fdt = open(to, flags|O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, 0644);
+        if (fdt < 0)
                 return -errno;
-        }
 
         for (;;) {
                 char buf[PIPE_BUF];
@@ -4080,7 +4079,6 @@ int copy_file(const char *from, const char *to) {
                 if (n < 0) {
                         r = -errno;
 
-                        close_nointr_nofail(fdf);
                         close_nointr(fdt);
                         unlink(to);
 
@@ -4095,15 +4093,13 @@ int copy_file(const char *from, const char *to) {
                 if (n != k) {
                         r = k < 0 ? k : (errno ? -errno : -EIO);
 
-                        close_nointr_nofail(fdf);
                         close_nointr(fdt);
-
                         unlink(to);
+
                         return r;
                 }
         }
 
-        close_nointr_nofail(fdf);
         r = close_nointr(fdt);
 
         if (r < 0) {

diff --git a/src/shared/util.h b/src/shared/util.h
index 1b845b3803dc70a2f0eeb062b4de6f47fe63ac7d..c2e6a685c85193fba94ddac95cf3148645a954cd 100644 (file)
--- a/src/shared/util.h
+++ b/src/shared/util.h
@@ -448,7 +448,7 @@ int terminal_vhangup(const char *name);
 
 int vt_disallocate(const char *name);
 
-int copy_file(const char *from, const char *to);
+int copy_file(const char *from, const char *to, int flags);
 
 int symlink_atomic(const char *from, const char *to);