From: Daniel Golle <daniel@makrotopia.org>
Date: Mon, 12 Jul 2021 23:59:32 +0000 (+0100)
Subject: jail: do not hack /etc/resolv.conf on container rootfs
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=b0a8ea1c3fa844d1006764fae3f0d8382351313b;p=project%2Fprocd.git

jail: do not hack /etc/resolv.conf on container rootfs

While useful for slim containers, this violates OCI spec and breaks
containers like pihole.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---

diff --git a/jail/jail.c b/jail/jail.c
index c350be2..cf3127a 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -689,7 +689,7 @@ static int build_jail_fs(void)
 		create_dev_console(jail_root);
 
 	/* make sure /etc/resolv.conf exists if in new network namespace */
-	if (opts.namespace & CLONE_NEWNET) {
+	if (!opts.extroot && opts.namespace & CLONE_NEWNET) {
 		char jailetc[PATH_MAX], jaillink[PATH_MAX];
 
 		snprintf(jailetc, PATH_MAX, "%s/etc", jail_root);