-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert /etc/resolv.conf
on app exit
#3817
Comments
It would be nice if there was some way to simply mask |
The closest I can think of is using a mount like https://github.com/xetdata/nfsserve to overlay it, assuming Linux has an option to auto-unmount an NFS share if the server quits responding. This would also revert it on reboot. We could even do a bind mount without NFS and that would at least revert it on reboot and simplify the manual revert command from I did some searches and asked ChatGPT but nothing obvious came up. Everyone says basically, trap this signal in your Bash script. If we have to run a Bash sidecar we may as well do something else entirely |
Makes progress towards #3817 --------- Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
…3828) Part of a small yak shave for #3817 The `atomicwrites` lib uses the atomic rename trick and does correct fsyncs for us, so if we lose power while rewriting or reverting `/etc/resolv.conf`, it should always be in a recoverable state. (Unless the hard drive lies about fsync, but then it's beyond our control.) --------- Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
We could instead modify the file in-place by adding our configuration to a sentinel stanza:
|
I think we'd have to prefix all other lines with |
We insert our stanza in the top, beginning line 1. Order matters here. |
Okay. But that means if we take too long, network clients will move on to other DNS servers below us, right? |
Correct, which might actually be a feature not a bug? |
…ontrol DNS (#4148) This isn't really user-facing, so I marked it down from `feat` to `chore`. Closes #3817 - If we exit gracefully, `/etc/resolv.conf` is reverted - We always keep the `.before-firezone` backup in case we lose power and the revert transaction is corrupted or rolled back - We use a magic header to detect whether the last run was a crash or not. If Firezone crashes and the user wants to modify their default DNS, they need to delete that header so that Firezone won't accidentally revert its backup and trash their change. - All error variants for this module replaced with `anyhow::Error` since they were never matched by callers. I ran `cargo mutants` locally and it helped me validate the unit tests and it picked up a `match` branch that I forgot to delete. ```[tasklist] - [x] (Failed: Integration tests didn't like it) ~~Add the system default resolvers below Firezone's sentinels~~ - [x] `tracing::info` "Last run crashed" if we have to revert the file at startup ``` --------- Signed-off-by: Reactor Scram <ReactorScram@users.noreply.github.com>
This will handle the happy path case in the headless linux client where a user has rebooted, restarted the client, or
restarted the Docker containerrestarted via systemd.The text was updated successfully, but these errors were encountered: