[systemd-devel] Unit in network namespace uses default namespace resolv.conf instead of the bind mount /etc/netns/<namespace>/resolv.conf
Ruben Di Battista
rubendibattista at gmail.com
Sat Aug 5 22:29:58 UTC 2023
Hello, can someone please help me fix this:
https://github.com/systemd/systemd/issues/28694?
The transmission-daemon that is started via systemd in a dedicated network
namespace <vpn> is seeing the main namespace resolv.conf instead of the one
mounted by netns. If I manually pop into the vpn namespace, the
/etc/resolv.conf is correctly identified as the same in
/etc/netns/vpn/resolv.conf.
This used to work before 254. I tried to set PrivateMounts=false also for
the transmission drop-in, but it doesn't work. Transmission is still
querying the main namespace DNS instead of the specific one for the <vpn>
netns.
What am I missing?
Cheers
::::::::::::::::: Archlinux Transmission Unit ::::::::::::::::::
[Unit]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
Description=Transmission BitTorrent Daemon
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Wants=network-online.target
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
After=network-online.target
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
[Service]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
explodie.org
User=transmission
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
Type=notify
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStart=/usr/bin/transmission-daemon -f --log-level=error
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
ExecReload=/bin/kill -s HUP $MAINPID
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
NoNewPrivileges=true
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
MemoryDenyWriteExecute=true
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ProtectSystem=true
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
PrivateTmp=true
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
[Install]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
WantedBy=multi-user.target
::::::::::::::::: Drop in ::::::::::::::::::::::
[Unit]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
After=vpn.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
BindsTo=vpn.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
[Service]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
NetworkNamespacePath=/run/netns/vpn
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Environment="TR_CURL_VERBOSE=1"
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
ExecStart=
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStart=/usr/bin/transmission-daemon -f --log-level=debug
:::::::::::::::: vpn.service ::::::::::::::::::::
[Unit]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Description=Start Wireguard VPN with a random peer
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
Wants=network-online.target nss-lookup.target
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Requires=wireguard.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
After=network-online.target nss-lookup.target wireguard.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
PartOf=wireguard.service netns at vpn.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
JoinsNamespaceOf=netns at vpn.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
explodie.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
[Service]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Type=oneshot
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
RemainAfterExit=true
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
ExecStartPre=-/usr/bin/env ip -n vpn addr flush dev wg0
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStartPre=-/usr/bin/env ip -n vpn link set down wg0
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
ExecStartPre=-/usr/bin/env ip netns exec vpn
/usr/local/bin/teardown_wg
│Aug 05 21:28:11 gagazet transmission-daemon[226124]: * Could not
resolve host: tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
# Set wg
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStart=/usr/bin/env ip netns exec vpn /usr/local/bin/setup_wg
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
# Set interface up
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
ExecStart=/usr/bin/env ip -n vpn link set up dev wg0
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
# Set default route
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStart=/usr/bin/env ip -n vpn route add default dev wg0
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
[Install]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
WantedBy=multi-user.target
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
WantedBy=network-online.target
::::::::::::::::::: wireguard.service :::::::::::::::::
[Unit]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Description=Wireguard interface in a dedicated namespace
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
Requires=netns at vpn.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Wants=network-online.target nss-lookup.target
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
After=network-online.target nss-lookup.target netns at vpn.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
PartOf=netns at vpn.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
JoinsNamespaceOf=netns at vpn.service
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
explodie.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
[Service]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Type=oneshot
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
RemainAfterExit=true
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
ExecStartPre=-/usr/bin/env ip -n vpn link delete wg0
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
# Create wg0 interface in normal namespace
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStart=/usr/bin/env ip link add dev wg0 type wireguard
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
# Move wg0 interface to the vpn namespace
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
ExecStart=/usr/bin/env ip link set wg0 netns vpn
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
# Stop process
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStop=/usr/bin/env ip -n vpn link delete wg0
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
[Install]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
WantedBy=multi-user.target
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
WantedBy=network-online.target
:::::::::::::::::: netns at .service :::::::::::::::::::::
[Unit]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Description=%I Namespace wrapper
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
After=network-online.target nss-lookup.target
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
Wants=network-online.target nss-lookup.target
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
[Service]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
Type=oneshot
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
explodie.org
RemainAfterExit=true
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
PrivateNetwork=true
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
PrivateMounts=false
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStartPre=-/usr/bin/env ip netns delete %i
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
# Add vpn dedicated namespace
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
ExecStart=/usr/bin/env ip netns add %i
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
# Pause
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStart=/usr/bin/env echo %i
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
# Set loopback device up
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
ExecStart=/usr/bin/env ip -n %i link set dev lo up
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
# Stop process
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
ExecStop=/usr/bin/env ip netns delete %i
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
[Install]
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Closing connection
WantedBy=multi-user.target
│Aug 05 21:28:11
gagazet transmission-daemon[226124]: * Could not resolve host:
tracker.tleechreload.org
WantedBy=network-online.target
--
rdb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20230806/faa110cd/attachment-0001.htm>
More information about the systemd-devel
mailing list