snow/wireguard-tools
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

dns-hatchet: apply resolv.conf's selinux context to new resolv.conf

Browse source 
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This commit is contained in:
Jason A. Donenfeld 2018-06-17 00:06:58 +02:00
parent 6f85449d79
commit 2ce4680bd3
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
contrib/dns-hatchet/hatchet.bash
View file

@ -17,9 +17,11 @@ set_dns() {
printf 'nameserver %s\n' "${DNS[@]}" printf 'nameserver %s\n' "${DNS[@]}"
} | unshare -m --propagation shared bash -c "$(cat <<-_EOF } | unshare -m --propagation shared bash -c "$(cat <<-_EOF
set -e set -e
context="\$(stat -c %C /etc/resolv.conf 2>/dev/null)" || unset context
mount --make-private /dev/shm mount --make-private /dev/shm
mount -t tmpfs none /dev/shm mount -t tmpfs none /dev/shm
cat > /dev/shm/resolv.conf cat > /dev/shm/resolv.conf
[[ -z \$context || \$context == "?" ]] || chcon "\$context" /dev/shm/resolv.conf 2>/dev/null || true
mount -o remount,ro /dev/shm mount -o remount,ro /dev/shm
mount -o bind,ro /dev/shm/resolv.conf /etc/resolv.conf mount -o bind,ro /dev/shm/resolv.conf /etc/resolv.conf
_EOF _EOF