Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Reflect host DNS resolver changes to the container #7

Merged
merged 1 commit into from
Jul 27, 2021
Merged

Conversation

StayPirate
Copy link
Owner

Fix #5.

If you run secbox for the first time while you are not yet connected to
the company VPN, you won't be able to reach out to the internal network
resources even after you connect your host system to the VPN. This
commit makes the container works with all the network resources
independently from when the container was created at the first instance.

/etc/resolv.conf is copied over the container from the host system by
podman during the container creation. If your host /etc/resolv.conf
changes after the container creation, let's say you connect to your
company's VPN, the newly added nameservers (provided by the company via
DHCP) won't be reflected within the container /etc/resolv.conf.
Bind mounting /etc/resolv.conf would be an option, but unfortunately
NetworkManager replace the host /etc/resolv.conf instead of updating its
content in place. This of course breaks the bind mount.
The solution I adopted here is to use a copy of /etc/resolv.conf
maintained by secbox, which takes care of syncing it at every run with
the host one, without delete or rename the file.

For more info check [0][1][2].

[0] containers/podman#11042
[1] containers/podman#10026
[2] #5

Fix #5.

If you run secbox for the first time while you are not yet connected to
the company VPN, you won't be able to reach out to the internal network
resources even after you connect your host system to the VPN. This
commit makes the container works with all the network resources
independently from when the container was created at the first instance.

/etc/resolv.conf is copied over the container from the host system by
podman during the container creation. If your host /etc/resolv.conf
changes after the container creation, let's say you connect to your
company's VPN, the newly added nameservers (provided by the company via
DHCP) won't be reflected within the container /etc/resolv.conf.
Bind mounting /etc/resolv.conf would be an option, but unfortunately
NetworkManager replace the host /etc/resolv.conf instead of updating its
content in place. This of course breaks the bind mount.
The solution I adopted here is to use a copy of /etc/resolv.conf
maintained by secbox, which takes care of syncing it at every run with
the host one, without delete or rename the file.

For more info check [0][1][2].

[0] containers/podman#11042
[1] containers/podman#10026
[2] #5
@StayPirate StayPirate merged commit 2c65838 into master Jul 27, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Internal network resources not available if the container was created before the host was connected to the VPN
1 participant