Closed babaric-dev closed 1 year ago
Android's DNS resolver is a system service. I think it is hard to have a real DNS resolver for termux-docker
.
How does Linux's DNS resolver work, then? Can we take the Linux approach and apply it in termux-docker
?
I'm afraid not. That means we need to hook all the res_*
functions and I think it would be a huge work.
How does Linux's DNS resolver work, then? Can we take the Linux approach and apply it in termux-docker?
I'm not going to backport a DNS resolver from GNU or Musl libc and neither going to maintain sources of it. Too much work for the original purpose of termux-docker.
@sylirre @licy183 dnsmasq
from AOSP generic system image (https://developer.android.com/topic/generic-system-image/releases) works out of box.
I built a minimal android container by stripping AOSP GSI, available at ghcr.io/dart-android/toybox. It runs dnsmasq
at start and DNS works inside the container.
I think we can take a similar approach here.
@ntkme how can i try out your docker image?
[opc@instance-0 ~]$ podman run --rm --privileged ghcr.io/dart-android/toybox sh -c "sleep 1; ping google.com"
Ping google.com (216.58.220.142): 56(84) bytes.
64 bytes from 216.58.220.142: icmp_seq=1 ttl=255 time=2 ms
64 bytes from 216.58.220.142: icmp_seq=2 ttl=255 time=2 ms
64 bytes from 216.58.220.142: icmp_seq=3 ttl=255 time=2 ms
--- 216.58.220.142 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss
round-trip min/avg/max = 2/2/2 ms
Note:
--privileged
is only needed for arm64/arm for the known personality
issue.sleep 1
is to avoid a race condition of dnsmasq taking some time to complete startup in background.Will check this.
Another small tip about dnsmasq
from GSI:
ENTRYPOINT ["/bin/sh", "-c", "/bin/sh -T /dev/ptmx -c dnsmasq 2>/dev/null; exec \"$@\"", "--"]
CMD ["/bin/sh"]
The reason I had to use /bin/sh -T /dev/ptmx -c dnsmasq
:
dnsmasq </dev/null
, somehow dnsmasq
goes 100% CPU usage for unknown reason.dnsmasq
stays normal, but the mksh
shell in current tty would randomly become laggy on user input./dev/ptmx
, everything seems to be good.Added necessary changes for dynamic DNS. Looks like working.
When doing AArch64 and ARM image builds, getting these errors:
#11 0.221 error getting old personality value: Operation not permitted
#11 0.222 libc: error getting old personality value: Operation not permitted
That is the known issue for personality
call on arm mentioned on README. Maybe try add --security-opt seccomp:unconfined
to docker build
and see if it works?
It doesn't work.
WARNING: security-opt flag is deprecated. "RUN --security=insecure" should be used with BuildKit.
and then same issue about personality
. Tried adding --security=insecure
to RUN steps. This cause docker file parse errors. Both locally and on GitHub Actions.
Tried locally building image without buildkit, here is error that I got:
Error response from daemon: The daemon on this platform does not support setting security options on build
Here is a workaround I used in the past for lack of privileged mode during docker build
: just use docker run --privileged
with a persisted volume to get all the bits saved into the persisted volume, and then do docker build
to copy the files. It is kind of annoying, but at least would work more consistently.
Hi @sylirre ,
With current container:
$ docker run -it --privileged termux/termux-docker:latest
WARNING: The requested image's platform (linux/386) does not match the detected host platform (linux/amd64) and no specific platform was requested
-env: unknown program ‘-env’
Try '-env --help' for more information.
Any idea?
Looking into it. Interestingly that it doesn't happen with aarch64 image for some reason.
Looking into it. Interestingly that it doesn't happen with aarch64 image for some reason.
It seems to work when adding --entrypoint /entrypoint.sh
to the run command.
But after inside the Termux:
Welcome to Termux!
Docs: https://termux.dev/docs
Donate: https://termux.dev/donate
Community: https://termux.dev/community
Working with packages:
- Search: pkg search <query>
- Install: pkg install <package>
- Upgrade: pkg upgrade
Subscribing to additional repositories:
- Root: pkg install root-repo
- X11: pkg install x11-repo
For fixing any repository issues,
try 'termux-change-repo' command.
Report issues at https://termux.dev/issues
~ # pkg
Error: Cannot run 'pkg' command as root
~ #
Something is broken in the i686 image. 😢
Remove and download again the images:
IMAGE ID REPOSITORY TAG
a451ab2ab57d termux/termux-docker arm
70cf1552bf05 termux/termux-docker aarch64
eea96e3e7475 termux/termux-docker x86_64
724de9049b81 termux/termux-docker i686
724de9049b81 termux/termux-docker latest
Error with -env
is fixed. There were issues with building proper command line for launching the shell.
Something is broken in the i686 image.
pkg
and apt
can't be used as root. Intended behaviour.
But normally there should be system
user. Again this is issue of entrypoint script which is fixed.
Hi @sylirre ,
After updating the images all will work like a charm. Thank you!
After this is implemented, we have theoratically a working DNS resolver? This would be a cool update that will improve this project greatly.
Edit: This is already discussed in #44. But since it is closed, perhaps we should discuss here.