New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unit in network namespace uses default namespace resolv.conf instead of the bind mount /etc/netns/<namespace>/resolv.conf #28694
Comments
After a Why |
Should be duplicate of #28686. Please use PrivateMounts=no. |
@yuwata Setting |
No, PrivateMounts= should be set on vpn.service or so that have PrivateNetwork=. BTW, what's the purpose of PriveteNetwork= in these services? It looks meaningless to me. |
Well, the description of the option is cryptic, but in my head that would have prevented any potential leak on the main network namespace interface. Anyway, I've:
The configuraton I posted used to work flawlessly with |
Hmm. Strictly speaking, we made several backward incompat changes on v254. But, still I cannot understand the motivation of several settings in the services you use.
Moreover, I do not understand the issue explained in the title:
Who manages the bind mount?? Is it done by vpn command?? If so, please provide script of config used in vpn command. |
Hello @yuwata, thanks for your feedback.
Indeed I removed
Well, if I create manually the netns, and then I do
|
More specifically, in order to have a |
Following @yuwata suggestions I edited my units:
wireguard.service
vpn.service
This works! :) |
@rdbisme it should be norbind right? Also, what about I think /etc/nsswitch.conf checks that file if there's |
Mmmmh... In my case using |
Well, for others I guess :)
…On Fri, 13 Oct 2023 at 11:07, Ruben Di Battista ***@***.***> wrote:
@rdbisme <https://github.com/rdbisme> it should be norbind right?
Also, what about
BindReadOnlyPaths=/etc/netns/vpn/resolv.conf:/run/systemd/resolve/resolv.conf:norbind
?
I think /etc/nsswitch.conf checks that file if there's hosts resolve in
it.
Mmmmh... In my case using /etc/resolv.conf works. Isn't
/run/systemd/resolve/resolve.conf used by systemd-resolved (that I'm not
using)?
—
Reply to this email directly, view it on GitHub
<#28694 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAWI4MYFBTJUUAHXN44YYM3X7EAGNAVCNFSM6AAAAAA3FMZWWSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONRRGE3TMOJUGM>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
systemd version the issue has been seen with
254
Used distribution
Archlinux
Linux kernel version used
6.1.39-3-lts
CPU architectures issue was seen on
x86_64
Component
systemd
Expected behaviour you didn't see
Before the latest update, the process (transmission torrent client) started in a dedicated namespace was able to resolve domains successfully
Unexpected behaviour you saw
Now I get errors about transmission not being able to resolve the tracker domains.
Steps to reproduce the problem
I'm not sure 100% is systemd related. Also if I enter the namespace doing
sudo ip netns exec vpn su $USER -
, domain are correctly resolved (e.g.drill google.com
returns correctly).Transmission Arch unit
Drop-in
vpn.service
wireguard.service
netns@.service
Additional program output to the terminal or log subsystem illustrating the issue
The text was updated successfully, but these errors were encountered: