jail: do not hack /etc/resolv.conf on container rootfs

While useful for slim containers, this violates OCI spec and breaks containers like pihole. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
author: Daniel Golle 2021-07-12 23:59:32 +0000
committer: Daniel Golle 2021-07-15 17:07:51 +0000
commit: b0a8ea1c3fa844d1006764fae3f0d8382351313b (patch)
tree: ceb8f8010bb4a1573db10bd3bdf460c08536bcf2
parent: 0ee73b2c86a853ae3274c7080e2dcd36b81aa1fa (diff)
download: procd-b0a8ea1c3fa844d1006764fae3f0d8382351313b.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/jail/jail.c b/jail/jail.c
index c350be2..cf3127a 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -689,7 +689,7 @@ static int build_jail_fs(void)
 		create_dev_console(jail_root);
 
 	/* make sure /etc/resolv.conf exists if in new network namespace */
-	if (opts.namespace & CLONE_NEWNET) {
+	if (!opts.extroot && opts.namespace & CLONE_NEWNET) {
 		char jailetc[PATH_MAX], jaillink[PATH_MAX];
 
 		snprintf(jailetc, PATH_MAX, "%s/etc", jail_root);
author	Daniel Golle	2021-07-12 23:59:32 +0000
committer	Daniel Golle	2021-07-15 17:07:51 +0000
commit	b0a8ea1c3fa844d1006764fae3f0d8382351313b (patch)
tree	ceb8f8010bb4a1573db10bd3bdf460c08536bcf2
parent	0ee73b2c86a853ae3274c7080e2dcd36b81aa1fa (diff)
download	procd-b0a8ea1c3fa844d1006764fae3f0d8382351313b.tar.gz