azurelinux icon indicating copy to clipboard operation
azurelinux copied to clipboard
verified publisher icon microsoft

imagecustomizer: deletes /etc/resolv.conf even when it's a symlink to /run

Open bureado opened this issue 1 year ago • 2 comments

imagecustomizer overrides or deletes /etc/resolv.conf in https://github.com/microsoft/azurelinux/blob/a952e5f20a10bd24f2d0a27eca9f2c0110c998ed/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go#L110-L147 in order to support managed resolv.conf, as in systemd-resolved (reference).

This breaks managed resolver functionality in cases where /etc is ro, notable example being when setting up a verity rootfs, which is otherwise supported by imagecustomizer.

Possible suggestions include:

  1. Bypass override|deleteResolvConf() if /etc/resolv.conf exists and it's a link, or,
  2. Call those functions before the scriptable customization stages run
  3. Don't call those functions if /etc is calculated to be in a storage.fileSystems that is also an os.verity.dataPartition,

Both options put the user in control as they need to explicitly take an action (create a link, create resolv.conf through a script, or declare a verity partition) that should change the default behavior of resolv.conf management.

The third one is more convoluted implementation wise, because it'll also require creating the symlink, which means assuming that DNS resolution will be managed by systemd-resolved.

bureado avatar Jun 19 '24 17:06 bureado

@vimish

bureado avatar Jun 19 '24 17:06 bureado

Per @cwize1, it is worth noting that the finalizeCustomization scripts run after the resolv.conf file is deleted. This provides an opportunity for the user to set the file explictly.

bureado avatar Jun 19 '24 18:06 bureado