diff options
Diffstat (limited to 'internal/wireguard')
| -rw-r--r-- | internal/wireguard/wireguard.go | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/internal/wireguard/wireguard.go b/internal/wireguard/wireguard.go index a45401c..5bbc518 100644 --- a/internal/wireguard/wireguard.go +++ b/internal/wireguard/wireguard.go @@ -244,9 +244,14 @@ func ConfigureResolvConf(dns string) error { // 1. Bind-mount the temp file over /etc/resolv.conf if err := unix.Mount(tmpFile.Name(), "/etc/resolv.conf", "", unix.MS_BIND, ""); err != nil { + _ = os.Remove(tmpFile.Name()) return fmt.Errorf("failed to bind-mount %s to /etc/resolv.conf: %w", tmpFile.Name(), err) } + // Unlink the temporary source file. Since /etc/resolv.conf is a bind mount, + // the kernel will keep the inode alive, but the file is removed from /tmp. + _ = os.Remove(tmpFile.Name()) + // 2. Make the mount private to ensure it doesn't propagate back to the host // and to satisfy kernel requirements for mount transitions in some environments. if err := unix.Mount("/etc/resolv.conf", "/etc/resolv.conf", "", unix.MS_REMOUNT|unix.MS_BIND|unix.MS_PRIVATE, ""); err != nil { |