Resort to writing to /etc/resolv.conf directly if mount permissions are missing

2025-06-10 08:29:35 +00:00 · 2023-10-08 12:27:32 +02:00 · 2023-10-08 12:27:32 +02:00 · cea0e0fa27
commit cea0e0fa27
parent 6169014564
1 changed files with 29 additions and 13 deletions
--- a/src/setup.rs
+++ b/src/setup.rs
@ -155,12 +155,7 @@ impl Setup {
        Ok(false)
    }

-    fn setup_resolv_conf() -> Result<(), Error> {
-        let fd = nix::fcntl::open(
-            "/tmp/tun2proxy-resolv.conf",
-            nix::fcntl::OFlag::O_RDWR | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_CREAT,
-            nix::sys::stat::Mode::from_bits(0o644).unwrap(),
-        )?;
+    fn write_nameserver(fd: RawFd) -> Result<(), Error> {
        let data = "nameserver 198.18.0.1\n".as_bytes();
        let mut written = 0;
        loop {
@ -170,14 +165,35 @@ impl Setup {
            written += nix::unistd::write(fd, &data[written..])?;
        }
        nix::sys::stat::fchmod(fd, nix::sys::stat::Mode::from_bits(0o444).unwrap())?;
-        let source = format!("/proc/self/fd/{}", fd);
-        nix::mount::mount(
-            source.as_str().into(),
-            "/etc/resolv.conf",
-            "".into(),
-            nix::mount::MsFlags::MS_BIND,
-            "".into(),
+        Ok(())
+    }
+
+    fn setup_resolv_conf() -> Result<(), Error> {
+        let mut fd = nix::fcntl::open(
+            "/tmp/tun2proxy-resolv.conf",
+            nix::fcntl::OFlag::O_RDWR | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_CREAT,
+            nix::sys::stat::Mode::from_bits(0o644).unwrap(),
        )?;
+        Self::write_nameserver(fd)?;
+        let source = format!("/proc/self/fd/{}", fd);
+        if Ok(())
+            != nix::mount::mount(
+                source.as_str().into(),
+                "/etc/resolv.conf",
+                "".into(),
+                nix::mount::MsFlags::MS_BIND,
+                "".into(),
+            )
+        {
+            log::warn!("failed to bind mount custom resolv.conf onto /etc/resolv.conf, resorting to direct write");
+            nix::unistd::close(fd)?;
+            fd = nix::fcntl::open(
+                "/etc/resolv.conf",
+                nix::fcntl::OFlag::O_WRONLY | nix::fcntl::OFlag::O_CLOEXEC | nix::fcntl::OFlag::O_TRUNC,
+                nix::sys::stat::Mode::from_bits(0o644).unwrap(),
+            )?;
+            Self::write_nameserver(fd)?;
+        }
        nix::unistd::close(fd)?;
        Ok(())
    }