From b0a8ea1c3fa844d1006764fae3f0d8382351313b Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Tue, 13 Jul 2021 00:59:32 +0100
Subject: [PATCH] jail: do not hack /etc/resolv.conf on container rootfs

While useful for slim containers, this violates OCI spec and breaks
containers like pihole.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 jail/jail.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/jail/jail.c b/jail/jail.c
index c350be2..cf3127a 100644
--- a/jail/jail.c
+++ b/jail/jail.c
@@ -689,7 +689,7 @@ static int build_jail_fs(void)
 		create_dev_console(jail_root);
 
 	/* make sure /etc/resolv.conf exists if in new network namespace */
-	if (opts.namespace & CLONE_NEWNET) {
+	if (!opts.extroot && opts.namespace & CLONE_NEWNET) {
 		char jailetc[PATH_MAX], jaillink[PATH_MAX];
 
 		snprintf(jailetc, PATH_MAX, "%s/etc", jail_root);
-- 
2.30.2