Closed sabedevops closed 1 year ago
This may be moot because ZET normally runs-as user "ziti" and doesn't have permission to munge /etc/resolv.conf
. We might decide to find a way to allow that. Here's a place for discussing it.
With PRs #674 (we no longer clobber the symlink) and #614, this should indeed be moot for all intents and purposes.
In cases where
/etc/resolv.conf
is a regular file, butorg.freedesktop.resolve1
is an acquired name indbus
, the resolution will always configuresystemd-resolved
as if it was the primary resolver on the system.This assumption is valid in the container case, where
/etc/resolv.conf
is a regular file and the dbus socket is mounted from the host filesystem. On systems where/etc/resolv.conf
was potentially clobbered by an errantsed -i
, the tunneler's auto-configuration scheme is insufficient.We may want to drive this via an environment variable or CLI flag instead so that the detection logic behavior can be adjusted when the overall system state cannot be determined purely through introspection (as may be the case inside of a container).