From 16aad4026e45a07817a29af80aa1c507bc36e66c Mon Sep 17 00:00:00 2001 From: Michael McVady Date: Wed, 4 Jan 2023 18:21:23 -0600 Subject: Fix DNS in chroot env --- Dockerfile | 7 +++++-- conf/clog.conf | 2 ++ docker-compose.yml | 3 +-- run.sh | 5 +++++ 4 files changed, 13 insertions(+), 4 deletions(-) create mode 100755 run.sh diff --git a/Dockerfile b/Dockerfile index 9d840c1..0c436bb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -31,6 +31,9 @@ RUN set -e \ && mkdir -p /var/chroot \ && addgroup --gid 502 clog \ && adduser --disabled-password --uid 502 --home /var/chroot/clog --shell /sbin/nologin --ingroup clog --gecos "" clog \ + && mkdir -p /var/chroot/clog/etc \ + && mkdir -p /var/chroot/clog/lib/x86_64-linux-gnu \ + && cp /lib/x86_64-linux-gnu/libnss_dns.so.2 /var/chroot/clog/lib/x86_64-linux-gnu/libnss_dns.so.2 \ && apt-get update -qq \ && apt-get install -y \ libssl-dev \ @@ -38,10 +41,10 @@ RUN set -e \ && rm -rf /var/lib/apt/lists/* COPY --from=build-stage /tmp/clog/assets /var/chroot/clog/assets/. -COPY --from=build-stage /tmp/clog/clog /var/chroot/clog/. +COPY --from=build-stage /tmp/clog/clog /tmp/clog/run.sh /var/chroot/clog/. EXPOSE 8888 STOPSIGNAL SIGQUIT WORKDIR /var/chroot/clog -ENTRYPOINT [ "./clog", "-f"] +ENTRYPOINT [ "./run.sh" ] diff --git a/conf/clog.conf b/conf/clog.conf index 953af9f..35440fe 100644 --- a/conf/clog.conf +++ b/conf/clog.conf @@ -11,6 +11,8 @@ privsep worker { runas clog root /var/chroot/clog + + # skip chroot } seccomp_tracing no diff --git a/docker-compose.yml b/docker-compose.yml index a5e0b79..340b255 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,7 +8,7 @@ services: - "8888:8888" environment: - POSTGRES_DB=${POSTGRES_DB} - - POSTGRES_HOST=${POSTGRES_HOST} + - POSTGRES_HOST=postgres - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} - POSTGRES_USER=${POSTGRES_USER} depends_on: @@ -17,7 +17,6 @@ services: postgres: container_name: clog-postgres image: postgres:14-alpine - # network_mode: host volumes: - .vols/database:/var/lib/postgresql/data ports: diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..aa3869f --- /dev/null +++ b/run.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env sh + +cp /etc/resolv.conf /var/chroot/clog/etc/resolv.conf + +exec ./clog -f -- cgit v1.2.3