dns-hatchet: apply resolv.conf's selinux context to new resolv.conf
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
parent
6f85449d79
commit
2ce4680bd3
|
@ -17,9 +17,11 @@ set_dns() {
|
||||||
printf 'nameserver %s\n' "${DNS[@]}"
|
printf 'nameserver %s\n' "${DNS[@]}"
|
||||||
} | unshare -m --propagation shared bash -c "$(cat <<-_EOF
|
} | unshare -m --propagation shared bash -c "$(cat <<-_EOF
|
||||||
set -e
|
set -e
|
||||||
|
context="\$(stat -c %C /etc/resolv.conf 2>/dev/null)" || unset context
|
||||||
mount --make-private /dev/shm
|
mount --make-private /dev/shm
|
||||||
mount -t tmpfs none /dev/shm
|
mount -t tmpfs none /dev/shm
|
||||||
cat > /dev/shm/resolv.conf
|
cat > /dev/shm/resolv.conf
|
||||||
|
[[ -z \$context || \$context == "?" ]] || chcon "\$context" /dev/shm/resolv.conf 2>/dev/null || true
|
||||||
mount -o remount,ro /dev/shm
|
mount -o remount,ro /dev/shm
|
||||||
mount -o bind,ro /dev/shm/resolv.conf /etc/resolv.conf
|
mount -o bind,ro /dev/shm/resolv.conf /etc/resolv.conf
|
||||||
_EOF
|
_EOF
|
||||||
|
|
Reference in New Issue