chiark / gitweb /
nspawn: create empty /etc/resolv.conf if necessary
authorZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 17 Apr 2013 18:13:09 +0000 (14:13 -0400)
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Thu, 18 Apr 2013 23:38:28 +0000 (19:38 -0400)
nspawn will overmount resolv.conf if it exists. Since e.g.
default install with yum doesn't create /etc/resolv.conf,
a container created with yum will not have network. This
seems undesirable, and since we overmount the file anyway,
let's create it too.

Also, mounting a read-write /etc/resolv.conf in the container
is treated as a failure, since it makes it possible to
modify hosts /etc/resolv.conf from inside the container.

src/nspawn/nspawn.c

index f57c75f..5a43d5e 100644 (file)
@@ -492,7 +492,8 @@ static int setup_timezone(const char *dest) {
 }
 
 static int setup_resolv_conf(const char *dest) {
-        char *where;
+        char _cleanup_free_ *where = NULL;
+        _cleanup_close_ int fd = -1;
 
         assert(dest);
 
@@ -504,12 +505,18 @@ static int setup_resolv_conf(const char *dest) {
         if (!where)
                 return log_oom();
 
+        fd = open(where, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
+
         /* We don't really care for the results of this really. If it
          * fails, it fails, but meh... */
-        if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) >= 0)
-                mount("/etc/resolv.conf", where, "bind", MS_BIND|MS_REMOUNT|MS_RDONLY, NULL);
-
-        free(where);
+        if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) < 0)
+                log_warning("Failed to bind mount /etc/resolv.conf: %m");
+        else
+                if (mount("/etc/resolv.conf", where, "bind",
+                          MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
+                        log_error("Failed to remount /etc/resolv.conf readonly: %m");
+                        return -errno;
+                }
 
         return 0;
 }