monadical/greywall
Archived
13
0
Fork 0
Code Issues Pull Requests 1 Actions 2 Packages Projects Releases Wiki Activity

fix: resolve /etc/resolv.conf symlinks for DNS in sandbox (#31)

Browse Source
This commit is contained in:
JY Tan
2026-02-08 13:15:16 -08:00
committed by GitHub
parent 9db1ae8b54
commit b8b12ebe31
1 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
internal/sandbox/linux.go
View File

@@ -411,6 +411,20 @@ func WrapCommandLinuxWithOptions(cfg *config.Config, command string, bridge *Lin
// /tmp needs to be writable for many programs // /tmp needs to be writable for many programs
bwrapArgs = append(bwrapArgs, "--tmpfs", "/tmp") bwrapArgs = append(bwrapArgs, "--tmpfs", "/tmp")
// Ensure /etc/resolv.conf is readable inside the sandbox.
// On some systems (e.g., WSL), /etc/resolv.conf is a symlink to a path
// on a separate mount point (e.g., /mnt/wsl/resolv.conf) that isn't
// reachable after --ro-bind / / (non-recursive bind). We resolve the
// symlink and bind the real file directly so DNS resolution works.
if target, err := filepath.EvalSymlinks("/etc/resolv.conf"); err == nil && target != "/etc/resolv.conf" {
if fileExists(target) {
bwrapArgs = append(bwrapArgs, "--ro-bind", target, "/etc/resolv.conf")
if opts.Debug {
fmt.Fprintf(os.Stderr, "[fence:linux] Resolved /etc/resolv.conf symlink -> %s\n", target)
}
}
}
writablePaths := make(map[string]bool) writablePaths := make(map[string]bool)
// Add default write paths (system paths needed for operation) // Add default write paths (system paths needed for operation)