make lxc-net hermetic w.r.t. existing dnsmasq config

lxc's dnsmasq will try to read system's dnsmasq if `--conf-file` is not specified. This is likely not desirable, as lxc's dnsmasq should be self-contained. On my system the conflicting options are `--bind-interfaces` and `--bind-dynamic`, since the same host is doing other DNS-y things unrelated to lxc. This is an incompatible change, since lxc's dnsmasq will stop honoring system's `/etc/dnsmasq.conf`, and some systems may be relying on it. Given that, I believe it should not depend on it by default, since dnsmasq is lxc's implementation detail. However, if the user desires, the old behavior could be brought back by setting `LXC_DHCP_CONFILE=/etc/dnsmasq.conf` in `/etc/default/lxc-net`. Signed-off-by: Motiejus Jakštys <motiejus@jakstys.lt>

make lxc-net hermetic w.r.t. existing dnsmasq config
1058884a · Motiejus Jakštys · Christian Brauner · 34a93d41 · 1058884a
Unverified Commit 1058884a authored Jan 11, 2021 by Motiejus Jakštys Committed by Christian Brauner Jan 11, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 4 deletions

lxc-net.in config/init/common/lxc-net.in +3 -4

No files found.
--- a/config/init/common/lxc-net.in
+++ b/config/init/common/lxc-net.in
@@ -115,10 +115,9 @@ start() {
        LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
    fi
-    LXC_DHCP_CONFILE_ARG=""
+    # lxc's dnsmasq should be hermetic and not read `/etc/dnsmasq.conf` (which
-    if [ -n "$LXC_DHCP_CONFILE" ]; then
+    # it does by default if `--conf-file` is not present
-        LXC_DHCP_CONFILE_ARG="--conf-file=${LXC_DHCP_CONFILE}"
+    LXC_DHCP_CONFILE_ARG="--conf-file=${LXC_DHCP_CONFILE:-/dev/null}"
-    fi
    # https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-October/010561.html
    for DNSMASQ_USER in lxc-dnsmasq dnsmasq nobody