From d9bd6abc4b248f35790183370b7cef2a12f41f85 Mon Sep 17 00:00:00 2001 From: Ian Kelling Date: Fri, 28 Jun 2019 15:27:40 -0400 Subject: [PATCH] handle when resolvconf is not installed --- newns | 59 +++++++++++++++++++++++++++++++---------------------------- 1 file changed, 31 insertions(+), 28 deletions(-) diff --git a/newns b/newns index a2d896d..9c9ee67 100755 --- a/newns +++ b/newns @@ -48,7 +48,7 @@ Also creates a mount namespace with a cloned /run/resolvconf. From a normal shell: -If we do create the netns, to join it with a shell, we can do +If we do create the netns, to join it with a shell, we can do (as root) /usr/bin/nsenter --mount=/root/mount_namespaces/NAME --net=/var/run/netns/NAME bash If you dont care about the mount namespace, you can leave that option off. @@ -285,35 +285,38 @@ start() { ipnn route add default via $network.1 ###### begin setup resolvconf - resolv_copy=/root/resolvconf-$nn + if [[ -e /run/resolvconf ]]; then # resolvconf probably not installed + resolv_copy=/root/resolvconf-$nn - # this condition should never happen, just coding defensively - if mexec mountpoint /run/resolvconf &>/dev/null; then - mexec umount /run/resolvconf - fi - cp -aT /run/resolvconf $resolv_copy - if ! mexec mount -o bind $resolv_copy /run/resolvconf; then - echo "error: resolv-conf bindmount failed" - exit 1 - fi - # if running dnsmasq, we have 127.0.0.1 for dns, but it can't listen on the loopback - # in the network namespace, so adjust the address. - if mexec [ -s /run/resolvconf/interface/lo.dnsmasq ]; then - mexec sed --follow-symlinks -i "s/nameserver 127\..*/nameserver $network.1/" /run/resolvconf/interface/lo.dnsmasq - mexec resolvconf -u - fi - # and in debian based distros at least, it runs with --local-service, and needs a restart - # to know about the new local network - if [[ $(systemctl --no-pager show -p ActiveState dnsmasq ) == ActiveState=active ]]; then - systemctl restart dnsmasq - fi + # this condition should never happen, just coding defensively + if mexec mountpoint /run/resolvconf &>/dev/null; then + mexec umount /run/resolvconf + fi + cp -aT /run/resolvconf $resolv_copy + if ! mexec mount -o bind $resolv_copy /run/resolvconf; then + echo "error: resolv-conf bindmount failed" + exit 1 + fi + # if running dnsmasq, we have 127.0.0.1 for dns, but it can't listen on the loopback + # in the network namespace, so adjust the address. + if mexec [ -s /run/resolvconf/interface/lo.dnsmasq ]; then + mexec sed --follow-symlinks -i "s/nameserver 127\..*/nameserver $network.1/" /run/resolvconf/interface/lo.dnsmasq + mexec resolvconf -u + fi + # and in debian based distros at least, it runs with --local-service, and needs a restart + # to know about the new local network + if [[ $(systemctl --no-pager show -p ActiveState dnsmasq ) == ActiveState=active ]]; then + systemctl restart dnsmasq + fi + + # background: if we did this in openvpn's resolv-conf script, we could guard it in + # if capsh --print|grep '\bcap_sys_admin\b' &>/dev/null + # and we could get $nn by + # config_basename=${config%%.*} + # config_basename=${config_basename##*/} + # but dnsmasq forces us to do it earlier. - # background: if we did this in openvpn's resolv-conf script, we could guard it in - # if capsh --print|grep '\bcap_sys_admin\b' &>/dev/null - # and we could get $nn by - # config_basename=${config%%.*} - # config_basename=${config_basename##*/} - # but dnsmasq forces us to do it earlier. + fi # end if [[ -e /run/resolvconf ]] ###### end setup resolvconf -- 2.30.2