From: Motiejus Jakštys <motiejus@jakstys.lt>
Date: Mon, 11 Jan 2021 10:49:35 +0000 (+0200)
Subject: make lxc-net hermetic w.r.t. existing dnsmasq config
X-Git-Tag: lxc-5.0.0~323^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=60a43d5564e1b6f076c2234b538c5e5fead5f726;p=thirdparty%2Flxc.git

make lxc-net hermetic w.r.t. existing dnsmasq config

lxc's dnsmasq will try to read system's dnsmasq if `--conf-file` is not
specified. This is likely not desirable, as lxc's dnsmasq should be
self-contained.

On my system the conflicting options are `--bind-interfaces` and
`--bind-dynamic`, since the same host is doing other DNS-y things
unrelated to lxc.

This is an incompatible change, since lxc's dnsmasq will stop honoring
system's `/etc/dnsmasq.conf`, and some systems may be relying on it.
Given that, I believe it should not depend on it by default, since
dnsmasq is lxc's implementation detail. However, if the user desires,
the old behavior could be brought back by setting
`LXC_DHCP_CONFILE=/etc/dnsmasq.conf` in `/etc/default/lxc-net`.

Signed-off-by: Motiejus Jakštys <motiejus@jakstys.lt>
---

diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in
index a7dfa6f19..999f42cc5 100644
--- a/config/init/common/lxc-net.in
+++ b/config/init/common/lxc-net.in
@@ -115,10 +115,9 @@ start() {
         LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
     fi
 
-    LXC_DHCP_CONFILE_ARG=""
-    if [ -n "$LXC_DHCP_CONFILE" ]; then
-        LXC_DHCP_CONFILE_ARG="--conf-file=${LXC_DHCP_CONFILE}"
-    fi
+    # lxc's dnsmasq should be hermetic and not read `/etc/dnsmasq.conf` (which
+    # it does by default if `--conf-file` is not present
+    LXC_DHCP_CONFILE_ARG="--conf-file=${LXC_DHCP_CONFILE:-/dev/null}"
 
     # https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-October/010561.html
     for DNSMASQ_USER in lxc-dnsmasq dnsmasq nobody