fix: prefer configured nameservers, fix DHCP6 in container

Always prefer explicitly configured nameservers, networkd was missing capability to bind address for DHCP6. Signed-off-by: Andrey Smirnov <smirnov.andrey@gmail.com>
siderolabs · Feb 6, 2021 · 757cc20 · 757cc20
1 parent 6cf98a7
commit 757cc20
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 14 deletions.
diff --git a/internal/app/machined/pkg/system/services/networkd.go b/internal/app/machined/pkg/system/services/networkd.go
@@ -115,6 +115,7 @@ func (n *Networkd) Runner(r runtime.Runtime) (runner.Runner, error) {
 				strings.ToUpper("CAP_" + capability.CAP_NET_ADMIN.String()),
 				strings.ToUpper("CAP_" + capability.CAP_SYS_ADMIN.String()),
 				strings.ToUpper("CAP_" + capability.CAP_NET_RAW.String()),
+				strings.ToUpper("CAP_" + capability.CAP_NET_BIND_SERVICE.String()),
 			}),
 			oci.WithHostNamespace(specs.NetworkNamespace),
 			oci.WithMounts(mounts),

diff --git a/internal/app/networkd/pkg/networkd/networkd.go b/internal/app/networkd/pkg/networkd/networkd.go
@@ -60,8 +60,6 @@ func New(config config.Provider) (*Networkd, error) {
 		resolvers []string
 	)
 
-	resolvers = []string{DefaultPrimaryResolver, DefaultSecondaryResolver}
-
 	netconf := make(map[string][]nic.Option)
 
 	if option = procfs.ProcCmdline().Get("ip").First(); option != nil {
@@ -203,31 +201,36 @@ func (n *Networkd) Configure() (err error) {
 		}
 	}
 
-	resolvers := []string{}
+	// prefer resolvers from the configuration
+	resolvers := append([]string(nil), n.resolvers...)
 
-	for _, netif := range n.Interfaces {
-		for _, method := range netif.AddressMethod {
-			if !method.Valid() {
-				continue
-			}
+	// if no resolvers configured, use addressing method resolvers
+	if len(resolvers) == 0 {
+		for _, netif := range n.Interfaces {
+			for _, method := range netif.AddressMethod {
+				if !method.Valid() {
+					continue
+				}
 
-			for _, resolver := range method.Resolvers() {
-				resolvers = append(resolvers, resolver.String())
+				for _, resolver := range method.Resolvers() {
+					resolvers = append(resolvers, resolver.String())
+				}
 			}
 		}
 	}
 
+	// use default resolvers if nothing is configured
+	if len(resolvers) == 0 {
+		resolvers = append(resolvers, DefaultPrimaryResolver, DefaultSecondaryResolver)
+	}
+
 	// Set hostname must be before the resolv configuration
 	// so we can ensure the hosts domainname is set properly
 	// before we write the search stanza
 	if err = n.Hostname(); err != nil {
 		return err
 	}
 
-	if len(resolvers) == 0 {
-		resolvers = n.resolvers
-	}
-
 	if err = writeResolvConf(resolvers); err != nil {
 		return err
 	}