On SELinux-enabled systems, /etc/hosts has a different type `net_conf_t`
than the other files in /etc, so the temporary file that overwrites it
ends up with the wrong context, resulting in many system services
becoming unable to access the file. To fix this, manually look up the
context /etc/hosts has and copy it to the temporary file before
the rename.
In order to avoid depending on libselinux on systems that don't use it,
this support is gated behind the new "selinux" feature. It *is*
installed and enabled in the Dockerfile, however, in order to ensure
that it still builds.
* Use our Endpoints type alias
* Add the recent wireguard endpoint to NAT candidates if a peer has an endpoint override
* Simplify logic in the inject_endpoints() function
Co-authored-by: Matěj Laitl <matej@laitl.cz>
* Specify mock wireguard endpoints for developer 1 and 2 in the test data
* Add a test for verifying the wireguard endpoint is returned in the list of NAT candidates
* Remove FromStr usage
* Appease clippy
---------
Co-authored-by: Matěj Laitl <matej@laitl.cz>
* hostsfile: change internal map from hash to btree
This change makes the innernet section of /etc/hosts always ordered and
deterministic. We can take advantage of that to avoid writes, that will
be done in another commit.
* hostsfile: reduce number of writes if content hasn't changed
* hostsfile: return bool to inform if file has been written
This commit also makes the logs print accordingly to the new behavior.
* hostsfile: remove has_content_changed in favor of comparing old and new sections
* hostsfile: print the correct hosts path in log message
* hostsfile: remove unnecessary intermediate variable
Windows has some peculiarities for example it only allows one hostname per line
and the file's location depends on an environment variable. Although in most
cases just using C:\Windows\ for %WinDir% would probably work.
Note that editing the hosts file on Windows will require running with elevated
privileges ("Run as Administrator") and in some cases also antivirus may block
access to the file.
Introduces `--hosts-path [PATH]` and `--no-write-hosts` options in `innernet`.
This could be further improved to have a persistent setting in a config file i.e. /etc/innernet.conf (which doesn't currently exist).
Fixes#6
Ryan Gonzalez