picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

nspawn: always copy /etc/resolv.conf rather than bind mount

Browse source 
We were already creating the file if it was missing, and this way
containers can reconfigure the file without running into problems.

This also makes resolv.conf handling more alike to handling of
/etc/localtime, which is also not a bind mount.
This commit is contained in:
Lennart Poettering 2013-10-02 19:40:43 +02:00
parent 69c2b6be8f
commit 51045322c4
3 changed files with 8 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
src/nspawn/nspawn.c
View file

@ -521,7 +521,6 @@ static int setup_timezone(const char *dest) {
static int setup_resolv_conf(const char *dest) {
char _cleanup_free_ *where = NULL;
_cleanup_close_ int fd = -1;
assert(dest);
@ -533,18 +532,9 @@ static int setup_resolv_conf(const char *dest) {
if (!where)
return log_oom();
fd = open(where, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0644);
/* We don't really care for the results of this really. If it
* fails, it fails, but meh... */
if (mount("/etc/resolv.conf", where, "bind", MS_BIND, NULL) < 0)
log_warning("Failed to bind mount /etc/resolv.conf: %m");
else
if (mount("/etc/resolv.conf", where, "bind",
MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
log_error("Failed to remount /etc/resolv.conf readonly: %m");
return -errno;
}
copy_file("/etc/resolv.conf", where, O_TRUNC|O_NOFOLLOW);
return 0;
}

16
src/shared/util.c
View file

@ -4056,8 +4056,9 @@ int vt_disallocate(const char *name) {
return 0;
}
int copy_file(const char *from, const char *to) {
int r, fdf, fdt;
int copy_file(const char *from, const char *to, int flags) {
_cleanup_close_ int fdf = -1;
int r, fdt;
assert(from);
assert(to);
@ -4066,11 +4067,9 @@ int copy_file(const char *from, const char *to) {
if (fdf < 0)
return -errno;
fdt = open(to, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY, 0644);
if (fdt < 0) {
close_nointr_nofail(fdf);
fdt = open(to, flags|O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, 0644);
if (fdt < 0)
return -errno;
}
for (;;) {
char buf[PIPE_BUF];
@ -4080,7 +4079,6 @@ int copy_file(const char *from, const char *to) {
if (n < 0) {
r = -errno;
close_nointr_nofail(fdf);
close_nointr(fdt);
unlink(to);
@ -4095,15 +4093,13 @@ int copy_file(const char *from, const char *to) {
if (n != k) {
r = k < 0 ? k : (errno ? -errno : -EIO);
close_nointr_nofail(fdf);
close_nointr(fdt);
unlink(to);
return r;
}
}
close_nointr_nofail(fdf);
r = close_nointr(fdt);
if (r < 0) {

2
src/shared/util.h
View file

@ -448,7 +448,7 @@ int terminal_vhangup(const char *name);
int vt_disallocate(const char *name);
int copy_file(const char *from, const char *to);
int copy_file(const char *from, const char *to, int flags);
int symlink_atomic(const char *from, const char *to);