From ccd08f7c323568add3ee98e4a7ff2e4deaf26fa6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kai=20L=C3=BCke?= <kai@kinvolk.io>
Date: Fri, 24 Jan 2020 16:09:18 +0100
Subject: [PATCH] coreos-base/oem-gce: Bind mount nsswitch.conf for /etc/hosts

The host's /etc/nsswitch.conf is a symlink to
/usr/share/google-oslogin/nsswitch.conf
but that is not present in the rkt container.
Do not only bind-mount /etc but also the target
of the symlink. With a broken nsswitch.conf
any entries in /etc/hosts are not considered
which makes problems when a custom DNS server
is used.
---
 .../coreos-base/oem-gce/files/units/oem-gce.service             | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service
index 6137439a24..621ded604a 100644
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/oem-gce/files/units/oem-gce.service
@@ -19,6 +19,8 @@ ExecStart=/usr/bin/rkt run \
     --volume=etc,kind=host,source=/etc,readOnly=false \
     --volume=home,kind=host,source=/home,readOnly=false \
     --volume=runsystemd,kind=host,source=/run/systemd,readOnly=false \
+    --volume=nsswitch,kind=host,source=/usr/share/google-oslogin/nsswitch.conf,readOnly=true \
+    --mount=volume=nsswitch,target=/usr/share/google-oslogin/nsswitch.conf \
     /usr/share/oem/flatcar-oem-gce.aci
 
 ExecStopPost=/usr/bin/rkt gc --mark-only