Reflect host DNS resolver changes to the container #7
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fix #5.
If you run secbox for the first time while you are not yet connected to
the company VPN, you won't be able to reach out to the internal network
resources even after you connect your host system to the VPN. This
commit makes the container works with all the network resources
independently from when the container was created at the first instance.
/etc/resolv.conf is copied over the container from the host system by
podman during the container creation. If your host /etc/resolv.conf
changes after the container creation, let's say you connect to your
company's VPN, the newly added nameservers (provided by the company via
DHCP) won't be reflected within the container /etc/resolv.conf.
Bind mounting /etc/resolv.conf would be an option, but unfortunately
NetworkManager replace the host /etc/resolv.conf instead of updating its
content in place. This of course breaks the bind mount.
The solution I adopted here is to use a copy of /etc/resolv.conf
maintained by secbox, which takes care of syncing it at every run with
the host one, without delete or rename the file.
For more info check [0][1][2].
[0] containers/podman#11042
[1] containers/podman#10026
[2] #5