Allow resolv.conf be written by dhclient

When dhclient is used to assign and IP to the container, it should be able to overwrite resolv.conf Therefore, we do the /etc mirroring similarly to the situation with manually configured nameservers. When both DHCP and manually set nameservers are in use, warn that the manual ones will be overwritten
author: Kristóf Marussy <kris7topher@gmail.com> 2019-12-27 18:41:29 +0100
committer: Kristóf Marussy <kris7topher@gmail.com> 2019-12-30 02:38:59 +0100
commit: d3d806ddb25249cf0c404904b3f5ffc7011204ce (patch)
tree: 3295aef69b5933420df1f68d73b666aee93d83be
parent: Do not try to set up default gateway without an IP address (diff)
download: firejail-d3d806ddb25249cf0c404904b3f5ffc7011204ce.tar.gz
firejail-d3d806ddb25249cf0c404904b3f5ffc7011204ce.tar.zst
firejail-d3d806ddb25249cf0c404904b3f5ffc7011204ce.zip
2 files changed, 25 insertions, 3 deletions
diff --git a/src/firejail/firejail.h b/src/firejail/firejail.h
index a5eeb4067..bfe680d24 100644
--- a/src/firejail/firejail.h
+++ b/src/firejail/firejail.h
@@ -239,6 +239,24 @@ static inline int any_interface_configured(void) {
                return 0;
 }
+static inline int any_ip_dhcp(void) {
+        if (cfg.bridge0.arg_ip_dhcp || cfg.bridge1.arg_ip_dhcp || cfg.bridge2.arg_ip_dhcp || cfg.bridge3.arg_ip_dhcp)
+                return 1;
+        else
+                return 0;
+}
+static inline int any_ip6_dhcp(void) {
+        if (cfg.bridge0.arg_ip6_dhcp || cfg.bridge1.arg_ip6_dhcp || cfg.bridge2.arg_ip6_dhcp || cfg.bridge3.arg_ip6_dhcp)
+                return 1;
+        else
+                return 0;
+}
+static inline int any_dhcp(void) {
+  return any_ip_dhcp() || any_ip6_dhcp();
+}
 extern int arg_private;         // mount private /home
 extern int arg_private_cache;   // private home/.cache
 extern int arg_debug;           // print debug messages
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c
index 9da01b24c..60c65746b 100644
--- a/src/firejail/fs_hostname.c
+++ b/src/firejail/fs_hostname.c
@@ -89,7 +89,7 @@ errexit:
 }
 void fs_resolvconf(void) {
-        if (cfg.dns1 == NULL)
+        if (cfg.dns1 == NULL && !any_dhcp())
                return;
        if (arg_debug)
@@ -108,7 +108,8 @@ void fs_resolvconf(void) {
                if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0)
                        continue;
                // for resolv.conf we create a brand new file
-                if (strcmp(entry->d_name, "resolv.conf") == 0)
+                if (strcmp(entry->d_name, "resolv.conf") == 0 ||
+        strcmp(entry->d_name, "resolv.conf.dhclient-new") == 0)
                        continue;
 //              printf("linking %s\n", entry->d_name);
@@ -169,8 +170,11 @@ void fs_resolvconf(void) {
                exit(1);
        }
-        if (cfg.dns1)
+        if (cfg.dns1) {
+    if (any_dhcp())
+      fwarning("network setup uses DHCP, nameservers will likely be overwritten\n");
                fprintf(fp, "nameserver %s\n", cfg.dns1);
+  }
        if (cfg.dns2)
                fprintf(fp, "nameserver %s\n", cfg.dns2);
        if (cfg.dns3)
author	Kristóf Marussy <kris7topher@gmail.com>	2019-12-27 18:41:29 +0100
committer	Kristóf Marussy <kris7topher@gmail.com>	2019-12-30 02:38:59 +0100
commit	d3d806ddb25249cf0c404904b3f5ffc7011204ce (patch)
tree	3295aef69b5933420df1f68d73b666aee93d83be
parent	Do not try to set up default gateway without an IP address (diff)
download	firejail-d3d806ddb25249cf0c404904b3f5ffc7011204ce.tar.gz firejail-d3d806ddb25249cf0c404904b3f5ffc7011204ce.tar.zst firejail-d3d806ddb25249cf0c404904b3f5ffc7011204ce.zip