opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10936 from AkihiroSuda/issue10929

Browse Source 
CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf
This commit is contained in:
OpenShift Merge Robot
2021-07-15 06:46:09 -04:00
committed by GitHub
parent 1568247ec8 e73d482990
commit 61245884ab
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
libpod/networking_linux.go
View File

@ -177,6 +177,21 @@ func (r *RootlessCNI) Do(toRun func() error) error {
if err != nil { if err != nil {
return err return err
} }
logrus.Debugf("The actual path of /etc/resolv.conf on the host is %q", resolvePath)
// When /etc/resolv.conf on the host is a symlink to /run/systemd/resolve/stub-resolv.conf,
// we have to mount an empty filesystem on /run/systemd/resolve in the child namespace,
// so as to isolate the directory from the host mount namespace.
//
// Otherwise our bind-mount for /run/systemd/resolve/stub-resolv.conf is unmounted
// when systemd-resolved unlinks and recreates /run/systemd/resolve/stub-resolv.conf on the host.
// see: https://github.com/containers/podman/issues/10929
if strings.HasPrefix(resolvePath, "/run/systemd/resolve/") {
rsr := r.getPath("/run/systemd/resolve")
err = unix.Mount("", rsr, "tmpfs", unix.MS_NOEXEC|unix.MS_NOSUID|unix.MS_NODEV, "")
if err != nil {
return errors.Wrapf(err, "failed to mount tmpfs on %q for rootless cni", rsr)
}
}
if strings.HasPrefix(resolvePath, "/run/") { if strings.HasPrefix(resolvePath, "/run/") {
resolvePath = r.getPath(resolvePath) resolvePath = r.getPath(resolvePath)
err = os.MkdirAll(filepath.Dir(resolvePath), 0700) err = os.MkdirAll(filepath.Dir(resolvePath), 0700)