Special FUSE filesystem to map /etc/resolv.conf to different files depending on Linux network namespace

Overview

resolvconffs

Linux network namespaces allow separate networking environment for a group of processes (sharing uid or from a separate user). DNS settings (/etc/resolv.conf) are however shared between all those environments, which may be inconvenient in some setups.

Typically (i.e. in ip netns tool) the mount (filesystem) namespace is used along with netns as a workaround, mapping distinct /etc/netns/... files to main /etc/resolv.conf. This tool provides different approach based on a FUSE filesystem which provides similar mapping without using additional mount namespace.

It works by inspecing PIDs of each programs that access the mounted /etc/resolv.conf and using /proc/ /ns/net to find out which underlying file should be used and forwarding reads and writes to that file instead. Missing files may be propagated from a user-specified template file.

Example

(untested)

# cp /etc/resolv.conf /etc/resolv.conf.bak
# mkdir /tmp/resolvconfs
# /opt/resolvconffs -d /etc/resolv.conf.bak /tmp/resolvconfs /etc/resolv.conf&

Installation

Download a pre-built x64_64 version from Github releases or try cargo install or download source code and use cargo build --release. Copy resulting executable where you want.

Integrating the tool with distro's networking stack is out of scope for this document.

Usage output

resolvconffs --help
Usage: /opt/resolvconffs [OPTIONS]

Special FUSE filesystem that maps its sole file to other files based on network namespace of process that queries the file.

Positional arguments:
  backing_directory          Directory where to look for resolv.conf-like files for each netns.
  mountpoint_file

Optional arguments:
  -h, --help
  -p, --extension EXTENSION  Filename extension. resolvconffs maps its file to 
   
    /
    
     
       (default: conf)
  -d, --default-file DEFAULT-FILE
                             In case of target file does not exist, copy this file to target instead of returning ENOENT.
  -P, --procfs PROCFS        Directory where to look up network namespace IDs based on PIDs. (default: /proc)
  -o, --fuse-opt OTHER-FUSE-OPTS

     
    
   

Library usage

The project is not libified and library usage is not intended.

There is a simple reusable component named FileMapperFs inside, allowing implementing similar single-file filesystems based on fuser crate that maps the file based on uid, gid or pid of accessing process.

You might also like...
Rust command line utility to quickly display useful secrets in a Kubernetes namespace
Rust command line utility to quickly display useful secrets in a Kubernetes namespace

kube-secrets This is a command line utility for quickly looking at secrets in a Kubernetes namespace that are typically looked at by humans. It specif

the file filesystem: mount semi-structured data (like JSON) as a Unix filesystem

ffs: the file filesystem ffs, the file filessytem, let's you mount semi-structured data as a fileystem---a tree structure you already know how to work

Rust lib for a Vec-like structure that can store different types of different sizes contiguous with each other in memory.

hvec In memory of Anna Harren, who coined the term turbofish - which you'll see a lot of if you use this crate. The main purpose of this crate is the

This is a cross-platform tool to historicize different branches/depots/manifests and generating pseudocode for it to compare different game updates
This is a cross-platform tool to historicize different branches/depots/manifests and generating pseudocode for it to compare different game updates

CSHP This is a cross-platform tool to historicize different branches/depots/manifests and generating pseudocode for it to compare different game updat

Test cargo crates in different envs & via different methods
Test cargo crates in different envs & via different methods

Test cargo crates in different envs & via different methods

Rust library for filesystems in userspace (FUSE)

Rust FUSE - Filesystem in Userspace About fuse-rs is a Rust library crate for easy implementation of FUSE filesystems in userspace. fuse-rs does not j

A utility that can download JavaScript and TypeScript module graphs and store them locally in a special zip file.

eszip A utility that can download JavaScript and TypeScript module graphs and store them locally in a special zip file. To create a new archive: esz

A special web app to render fancy UTF-8 sequences. :hindu_temple: :scroll:

UTF RENDER 🛕 📜 A special web app to render fancy UTF-8 sequences. 🛕 📜 ABOUT 📚 Emojis and fancy symbols are part of the UTF-8 character standard (

A special rope, designed to work with any data type that is not String

AnyRope AnyRope is an arbitrary data type rope for Rust, designed for similar operations that a rope would do, but targeted at data types that are not

SELYA (Special Esoteric Language for Young and Adult)

SELYA (Special Esoteric Language for Young and Adult) -- it is esoteric language for everyone based on hex :D

Microscopic fetch tool in Rust, for NixOS systems, with special emphasis on speed
Microscopic fetch tool in Rust, for NixOS systems, with special emphasis on speed

Microfetch Stupidly simple, laughably fast fetch tool. Written in Rust for speed and ease of maintainability. Runs in a fraction of a millisecond and

Supertag is a tag-based filesystem, written in Rust, for Linux and MacOS
Supertag is a tag-based filesystem, written in Rust, for Linux and MacOS

Supertag is a tag-based filesystem, written in Rust, for Linux and MacOS. It provides a tag-based view of your files by removing the hierarchy constraints typically imposed on files and folders. In other words, it allows you to think about your files not as objects stored in folders, but as objects that can be filtered by folders.

Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps. 👻🐚

moonwalk Cover your tracks during Linux Exploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps. 📖 Table o

 Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.
Cover your tracks during Linux Exploitation by leaving zero traces on system logs and filesystem timestamps.

moonwalk-back Cover your tracks during Linux Exploitation / Penetration Testing by leaving zero traces on system logs and filesystem timestamps. 📖 Ta

Swap token protocol for cryptocurrencies, supported in cosmos network, such as UST, LUNA, LUNI, etc.

Tokenswap This is a Smart Contract built in Rust to run inside Cosmos SDK module on all chains that enable it. To understand the framework better, ple

A lite tool to make systemd work in any container(Windows Subsystem for Linux 2, Docker, Podman, etc.)

Angea Naming from hydrangea(アジサイ) A lite tool to make systemd work in any container(Windows Subsystem for Linux 2, Docker, Podman, etc.) WSL1 is not s

A lite tool to make systemd work in any container(Windows Subsystem for Linux 2, Docker, Podman, etc.)

Angea Naming from hydrangea(アジサイ) A lite tool to make systemd work in any container(Windows Subsystem for Linux 2, Docker, Podman, etc.) WSL1 is not s

Prints the absolute path of all regular files in an unmounted btrfs filesystem image.

btrfs-walk-tut Prints the absolute path of all regular files in an unmounted btrfs filesystem image. Learning about btrfs: Btrfs Basics Series This re

This utility traverses through your filesystem looking for open-source dependencies that are seeking donations by parsing README.md and FUNDING.yml files
This utility traverses through your filesystem looking for open-source dependencies that are seeking donations by parsing README.md and FUNDING.yml files

This utility traverses through your filesystem looking for open-source dependencies that are seeking donations by parsing README.md and FUNDING.yml files

Releases(v0.1.0)
Owner
Vitaly Shukela
Vitaly Shukela
A simple Vec-based Map inspired on JavaScript for rust.

A simple alternative to HashMap inspired on JavaScript's Map.

Squioole 2 Oct 3, 2021
B-Tree map for pub/sub services

submap B-tree map for pub/sub services. Create a new subscription map let mut smap: SubMap<Client> = SubMap::new(); where "Client" is a pub/sub client

Altertech 6 Sep 21, 2022
Serializable map of any type.

??️ type_reg Serializable map of any type. This library provides a map that can store any serializable type, and retrieve it as the strong type. Seria

Azriel Hoh 3 Dec 26, 2022
enum-map enum-map xfix/enum-map [enum-map] — An optimized map implementation for enums using an array to store values.

enum-map A library providing enum map providing type safe enum array. It is implemented using regular Rust arrays, so using them is as fast as using r

Konrad Borowski 57 Dec 19, 2022
The reference implementation of the Linux FUSE (Filesystem in Userspace) interface

libfuse About FUSE (Filesystem in Userspace) is an interface for userspace programs to export a filesystem to the Linux kernel. The FUSE project consi

null 4.2k Jan 4, 2023
Fuse filesystem that returns symlinks to executables based on the PATH of the requesting process.

Envfs Fuse filesystem that returns symlinks to executables based on the PATH of the requesting process. This is useful to execute shebangs on NixOS th

Jörg Thalheim 98 Jan 2, 2023
A small in-memory filesystem using FUSE.

slabfs A small in-memory filesystem using FUSE. Running Simply run: RUST_LOG="slabfs=trace" cargo r -r -- <mountpoint> To suppress most log messages:

Carlos López 2 Jul 7, 2023
API bindings, CLI client and FUSE filesystem for Wiki.js written in Rust.

wikijs-rs API bindings, CLI client and FUSE filesystem for Wiki.js written in Rust. What's inside? Library: Rust bindings to Wiki.js's entire GraphQL

Sandro-Alessio Gierens 4 Sep 19, 2023
FUSE filesystem that provides FizzBuzz.txt(8 Exabyte)

FizzBuzzFS root@8a2db3fc6292:/# cd /mnt/FizzBuzz/ root@8a2db3fc6292:/mnt/FizzBuzz# ls -l total 9007199254740992 -rw-r--r-- 1 501 dialout 9223372036854

todesking 8 Oct 1, 2023
SelfOrgMap 5 Nov 4, 2020