Only mount over /etc/resolv.conf if network access is enabled

author Daan De Meyer <daan.j.demeyer@gmail.com>

Fri, 10 Nov 2023 10:28:00 +0000 (11:28 +0100)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Fri, 10 Nov 2023 12:24:37 +0000 (13:24 +0100)
author Daan De Meyer <daan.j.demeyer@gmail.com>
Fri, 10 Nov 2023 10:28:00 +0000 (11:28 +0100)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Fri, 10 Nov 2023 12:24:37 +0000 (13:24 +0100)
diff --git a/mkosi/__init__.py b/mkosi/__init__.py

index f941e63219fd0b958d52be5e0f063722f86352d5..6343595a07ddec90a125cb4d5e587b3905410c9e 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -420,6 +420,7 @@ def run_prepare_scripts(state: MkosiState, build: bool) -> None:
              helpers = {
                  "mkosi-chroot": chroot_cmd(
                      state.root,
+                    resolve=True,
                      options=[
                          "--bind", script, "/work/prepare",
                          "--bind", Path.cwd(), "/work/src",
@@ -482,6 +483,7 @@ def run_build_scripts(state: MkosiState) -> None:
              helpers = {
                  "mkosi-chroot": chroot_cmd(
                      state.root,
+                    resolve=state.config.with_network,
                      options=[
                          "--bind", script, "/work/build-script",
                          "--bind", state.install_dir, "/work/dest",
@@ -541,6 +543,7 @@ def run_postinst_scripts(state: MkosiState) -> None:
              helpers = {
                  "mkosi-chroot": chroot_cmd(
                      state.root,
+                    resolve=state.config.with_network,
                      options=[
                          "--bind", script, "/work/postinst",
                          "--bind", state.staging, "/work/out",
@@ -594,6 +597,7 @@ def run_finalize_scripts(state: MkosiState) -> None:
              helpers = {
                  "mkosi-chroot": chroot_cmd(
                      state.root,
+                    resolve=state.config.with_network,
                      options=[
                          "--bind", script, "/work/finalize",
                          "--bind", state.staging, "/work/out",
diff --git a/mkosi/run.py b/mkosi/run.py

index 51c067105a61dec7966a1166ce9a887df9aeaf71..a862c9e91be5ee353ef145bbaf8bbca10b3783bd 100644 (file)
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -425,7 +425,7 @@ def apivfs_cmd(root: Path) -> list[PathString]:
      return cmdline
  
  
-def chroot_cmd(root: Path, *, options: Sequence[PathString] = ()) -> list[PathString]:
+def chroot_cmd(root: Path, *, resolve: bool = False, options: Sequence[PathString] = ()) -> list[PathString]:
      cmdline: list[PathString] = [
          "sh", "-c",
          # No exec here because we need to clean up the /work directory afterwards.
@@ -437,19 +437,19 @@ def chroot_cmd(root: Path, *, options: Sequence[PathString] = ()) -> list[PathSt
          "--setenv", "PATH", "/work/scripts:/usr/bin:/usr/sbin",
      ]
  
-    resolve = Path("etc/resolv.conf")
-    if (root / resolve).is_symlink():
-        # For each component in the target path, bubblewrap will try to create it if it doesn't exist
-        # yet. If a component in the path is a dangling symlink, bubblewrap will end up calling
-        # mkdir(symlink) which obviously fails if multiple components of the dangling symlink path don't
-        # exist yet. As a workaround, we resolve the symlink ourselves so that bubblewrap will correctly
-        # create all missing components in the target path.
-        resolve = resolve.parent / (root / resolve).readlink()
+    if resolve:
+        p = Path("etc/resolv.conf")
+        if (root / p).is_symlink():
+            # For each component in the target path, bubblewrap will try to create it if it doesn't exist
+            # yet. If a component in the path is a dangling symlink, bubblewrap will end up calling
+            # mkdir(symlink) which obviously fails if multiple components of the dangling symlink path don't
+            # exist yet. As a workaround, we resolve the symlink ourselves so that bubblewrap will correctly
+            # create all missing components in the target path.
+            p = p.parent / (root / p).readlink()
  
-    cmdline += [
-        "--ro-bind", "/etc/resolv.conf", Path("/") / resolve,
-        *options,
-    ]
+        cmdline += ["--ro-bind", "/etc/resolv.conf", Path("/") / p]
+
+    cmdline += [*options]
  
      if setpgid := find_binary("setpgid", root):
          cmdline += [setpgid, "--foreground", "--"]
author	Daan De Meyer <daan.j.demeyer@gmail.com>
	Fri, 10 Nov 2023 10:28:00 +0000 (11:28 +0100)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Fri, 10 Nov 2023 12:24:37 +0000 (13:24 +0100)
mkosi/__init__.py		patch \| blob \| blame \| history
mkosi/run.py		patch \| blob \| blame \| history