From 47984e7f9234c597e51775162438a062b597eeb1 Mon Sep 17 00:00:00 2001 From: Ludovic Poujol Date: Mon, 19 Apr 2021 11:01:49 +0200 Subject: [PATCH] Add new check IS_LXC_CONTAINER_RESOLV_CONF Will ensure that every container has a resolv.conf file and that all nameservers configured in the host resolv.conf file are present in the container's resolv.conf --- evocheck.sh | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/evocheck.sh b/evocheck.sh index bca0ce1..50559d2 100755 --- a/evocheck.sh +++ b/evocheck.sh @@ -1295,6 +1295,27 @@ check_nginx_letsencrypt_uptodate() { fi } +check_lxc_container_resolv_conf() { + if is_installed lxc; then + container_list=$(lxc-ls) + current_resolvers=$(grep nameserver /etc/resolv.conf | sed 's/nameserver//g' ) + + for container in $container_list; do + if [ -f "/var/lib/lxc/${container}/rootfs/etc/resolv.conf" ]; then + + while read -r resolver; do + if ! grep -qE "^nameserver\s+${resolver}" "/var/lib/lxc/${container}/rootfs/etc/resolv.conf"; then + failed "IS_LXC_CONTAINER_RESOLV_CONF" "resolv.conf miss-match beween host and container : missing nameserver ${resolver} in container ${container} resolv.conf" + fi + done <<< "${current_resolvers}" + + else + failed "IS_LXC_CONTAINER_RESOLV_CONF" "resolv.conf missing in container ${container}" + fi + done + fi +} + main() { # Default return code : 0 = no error RC=0 @@ -1421,6 +1442,7 @@ main() { test "${IS_APT_VALID_UNTIL:=1}" = 1 && check_apt_valid_until test "${IS_CHROOTED_BINARY_UPTODATE:=1}" = 1 && check_chrooted_binary_uptodate test "${IS_NGINX_LETSENCRYPT_UPTODATE:=1}" = 1 && check_nginx_letsencrypt_uptodate + test "${IS_LXC_CONTAINER_RESOLV_CONF:=1}" = 1 && check_lxc_container_resolv_conf fi #-----------------------------------------------------------