]> git.ipfire.org Git - thirdparty/mkosi.git/commitdiff
projects / thirdparty / mkosi.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4eddd95)
Beef up DNS resolution a little 3321/head
authorDaan De Meyer <daan.j.demeyer@gmail.com>
Fri, 3 Jan 2025 23:22:55 +0000 (00:22 +0100)
committerDaan De Meyer <daan.j.demeyer@gmail.com>
Fri, 3 Jan 2025 23:45:11 +0000 (00:45 +0100)
Let's write a basic nsswitch.conf that makes use of libnss-resolve
and bind mount the systemd-resolved socket into the sandbox if
available.

mkosi/__init__.py patch | blob | blame | history
mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf patch | blob | blame | history
mkosi/run.py patch | blob | blame | history

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 2feaa39005efdcdbe3dc1e512aeeff51b93cbaf6..57eab634d06919777f81241228d4254ab1f1bafa 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -1077,6 +1077,29 @@ def install_sandbox_trees(config: Config, dst: Path) -> None:
     Path(dst / "etc/resolv.conf").unlink(missing_ok=True)
     Path(dst / "etc/resolv.conf").touch()
 
+    if not (dst / "etc/nsswitch.conf").exists():
+        (dst / "etc/nsswitch.conf").write_text(
+            textwrap.dedent(
+                """\
+                passwd:     files
+                shadow:     files
+                group:      files
+                hosts:      files myhostname resolve [!UNAVAIL=return] dns
+                services:   files
+                netgroup:   files
+                automount:  files
+
+                aliases:    files
+                ethers:     files
+                gshadow:    files
+                networks:   files dns
+                protocols:  files
+                publickey:  files
+                rpc:        files
+                """
+            )
+        )
+
     Path(dst / "etc/static").unlink(missing_ok=True)
     if (config.tools() / "etc/static").is_symlink():
         (dst / "etc/static").symlink_to((config.tools() / "etc/static").readlink())
diff --git a/mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf b/mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf
index d9acff4302775bb053d0d99140b1d4861a55b15b..20428588ecea5ae4b2b2669d351882ea2719de6d 100644 (file)
--- a/mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf
+++ b/mkosi/resources/mkosi-tools/mkosi.conf.d/10-debian-kali-ubuntu/mkosi.conf
@@ -27,6 +27,8 @@ Packages=
         libcryptsetup12
         libseccomp2
         libtss2-dev
+        libnss-resolve
+        libnss-myhostname
         makepkg
         openssh-client
         ovmf
diff --git a/mkosi/run.py b/mkosi/run.py
index afa21f35bc1b568027a2bbf41f99b337252513a8..f43d7f586ce6d2c5cf100f19b190e733df140dc7 100644 (file)
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -609,8 +609,10 @@ def sandbox_cmd(
         else:
             cmdline += ["--dev", "/dev"]
 
-        if network and Path("/etc/resolv.conf").exists():
-            cmdline += ["--ro-bind", "/etc/resolv.conf", "/etc/resolv.conf"]
+        if network:
+            for p in (Path("/etc/resolv.conf"), Path("/run/systemd/resolve")):
+                if p.exists():
+                    cmdline += ["--ro-bind", p, p]
 
         home = None
 
@@ -734,8 +736,10 @@ def chroot_cmd(
         *chroot_options(),
     ]  # fmt: skip
 
-    if network and Path("/etc/resolv.conf").exists():
-        cmdline += ["--ro-bind", "/etc/resolv.conf", "/etc/resolv.conf"]
+    if network:
+        for p in (Path("/etc/resolv.conf"), Path("/run/systemd/resolve")):
+            if p.exists():
+                cmdline += ["--ro-bind", p, p]
 
     with vartmpdir() as dir:
         yield [*cmdline, "--bind", dir, "/var/tmp", *options]
Mirror of https://github.com/systemd/mkosi.git