Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1912131
Summary: | [Flatpak] Domain name resolution (DNS) fails to resolve anything (“Name or service not known”) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora Modules | Reporter: | rugk <7d28c752> | ||||
Component: | flatpak-runtime | Assignee: | Owen Taylor <otaylor> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | high | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | unspecified | CC: | alexl, gecko-bugs-nobody, gnome-sig, jhorak, klember, mcatanza, mclasen, otaylor, peter, rhughes, rstrode, sandmann, tpopela | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | flatpak-runtime-f33-3320210116175640.1 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2021-01-20 01:41:23 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
From the GNOME nightly runtime, where DNS works: flatpak run --command=/bin/bash org.gnome.Epiphany.Devel [📦 org.gnome.Epiphany.Devel ~]$ cat /etc/nsswitch.conf # Name Service Switch configuration file. # See nsswitch.conf(5) for details. passwd: files group: files shadow: files publickey: files hosts: files dns networks: files protocols: files services: files ethers: files rpc: files netgroup: files Whereas the Fedora 33 runtime has Fedora's full /etc/nsswitch.conf containing the following hosts line: hosts: files resolve [!UNAVAIL=return] myhostname dns And nss-resolve is not going to work inside the flatpak environment because its D-Bus calls will be filtered by xdg-dbus-proxy. Hm... So it should be falling back to nss-dns, but clearly it is not. Inside the sandbox, we have: $ gdbus call --system --dest org.freedesktop.resolve1 --object-path /org/freedesktop/resolve1 --method org.freedesktop.resolve1.Manager.ResolveHostname example.com Error: GDBus.Error:org.freedesktop.DBus.Error.ServiceUnknown: org.freedesktop.DBus.Error.ServiceUnknown Which is what I would expect. Now, nss-resolve knows it should fallback to nss-dns by returning NSS_STATUS_UNAVAIL when it sees org.freedesktop.DBus.Error.ServiceUnknown, see https://github.com/systemd/systemd/blob/v246/src/nss-resolve/nss-resolve.c#L25. There, bus_error_shall_fallback() should return true, leading to NSS_STATUS_UNAVAIL, which should trigger fallback to nss-dns. But that is not happening for reasons unknown. I got as far as running resolvectl under gdb inside the runtime before I remembered that Fedora runtimes don't have debuginfo yet, so that's the end of the journey for now... too hard to debug further. Behavior in the Fedora 34 runtime should be different. There, systemd will use a varlink socket instead of D-Bus, /run/systemd/resolve/io.systemd.Resolve. This socket is not going to be mounted in the sandbox, so it should again fallback to nss-dns. My guess is there is less room for error here, so I guess it should probably be fixed in the F34 runtime. Owen says the F34 runtime doesn't exist yet, though. So for F33, my suggestion is to hack up /etc/nsswitch.conf to look more like the upstream nsswitch.conf: hosts: files dns Owen has pointed to https://src.fedoraproject.org/modules/flatpak-runtime/blob/f33/f/container.yaml. Filed https://src.fedoraproject.org/rpms/systemd/pull-request/45 with a fix for systemd (tested the fix with a local build of flatpak-runtime that included a patched systemd), but it may be more expeditious to just use cleanup-commands to rewrite nsswitch.conf for F33. FEDORA-FLATPAK-2021-1ed8faa49d has been submitted as an update to Fedora 33 Flatpaks. https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2021-1ed8faa49d FEDORA-FLATPAK-2021-1ed8faa49d has been pushed to the Fedora 33 Flatpaks testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-FLATPAK-2021-1ed8faa49d See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-FLATPAK-2021-1ed8faa49d has been pushed to the Fedora 33 Flatpaks stable repository. If problem still persists, please make note of it in this bug report. |
Created attachment 1744112 [details] Epiphany DNS error with fragdenstaat.de in background and Firefox Sync/Accounts in the foreground Description of problem: Any website I try to access fails to resolve, because of DNS errors. Version-Release number of selected component (if applicable): 3.38.2 How reproducible: Always. Steps to Reproduce: 1. Open epiphany and open any website. 2. Also try the settings -> Firefox sync settings. That fails, too. Actual results: Error resolving “accounts.firefox.com”: Name or service not known Expected results: I should be able to access DNS requests. Additional info: I've tried to find an "offline mode" setting in Epiphany, but could not find anything, so I assume that is not the cause. I've tried to test it with curl and even that fails: $ flatpak enter org.gnome.Epiphany /bin/bash [📦 org.gnome.Epiphany ~]$ curl test.de curl: (6) Could not resolve host: test.de [📦 org.gnome.Epiphany ~]$ curl test.de^C [📦 org.gnome.Epiphany ~]$ systemd-resolve test.de test.de: resolve call failed: Der Socket ist nicht verbunden This curl requests works outside of the flatpak. $ flatpak info org.gnome.Epiphany GNOME Web - Webbrowser für GNOME Kennung: org.gnome.Epiphany Ref: app/org.gnome.Epiphany/x86_64/stable Architektur: x86_64 Zweig: stable Version: 3.38.2 License: GPL-3.0+ Ursprung: fedora Collection: Installation: system Installed: 12,8 MB Laufzeitumgebung: org.fedoraproject.Platform/x86_64/f33 Sdk: org.fedoraproject.Sdk/x86_64/f33 Commit: cbe2075a7b6e84ae85b2e872ff39d0b2c804e5e1217c2321960fb96c1da2a1ab Subject: Export org.gnome.Epiphany Date: 2020-12-16 10:17:28 +0000 Alt-id: e5481236e3183a6e5402ff878b322b1713e800e0dbdbbf5413f8ba7574133931 This is Fedora Silverblue. ostree://fedora:fedora/33/x86_64/silverblue Fedora 33.20201230.0 (Silverblue)