Fix migrate_sonic_packages() crash on symlink resolv.conf#4365
Merged
yxieca merged 1 commit intosonic-net:masterfrom Mar 20, 2026
Merged
Fix migrate_sonic_packages() crash on symlink resolv.conf#4365yxieca merged 1 commit intosonic-net:masterfrom
yxieca merged 1 commit intosonic-net:masterfrom
Conversation
When /etc/resolv.conf in the new image is a symlink (e.g. -> /run/resolvconf/resolv.conf), the cp command follows it through the overlay mount. The absolute target path resolves to the host's file, causing "cp: are the same file" error. Detect symlinks and populate the target path inside the chroot instead of copying over the symlink. For regular files, overwrite directly with host DNS content. Backup and restore are removed since the symlink target lives under /run (tmpfs, recreated at boot) and the regular file case overwrites an empty file that will be reconfigured by resolv-config service after reboot. Signed-off-by: William Tsai <[email protected]>
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
8 tasks
oleksandrivantsiv
approved these changes
Mar 17, 2026
8 tasks
Contributor
|
@saiarcot895 please help approve |
yxieca
approved these changes
Mar 20, 2026
Contributor
yxieca
left a comment
yxieca
left a comment
There was a problem hiding this comment.
Looks good. Handles symlinked /etc/resolv.conf correctly and updates tests. AI agent on behalf of Ying.
Collaborator
|
Cherry-pick PR to 202511: #4380 |
mssonicbld
added
Included in 202511 Branch
and removed
Created PR to 202511 Branch
labels
mssonicbld
added a commit
to mssonicbld/sonic-buildimage
that referenced
this pull request
Apr 2, 2026
<!--
Please make sure you've read and understood our contributing guidelines:
https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md
** Make sure all your commits include a signature generated with `git commit -s` **
If this is a bug fix, make sure your description includes "fixes #xxxx", or
"closes #xxxx" or "resolves #xxxx"
Please provide the following information:
-->
#### Dependency
This PR depends on sonic-net/sonic-utilities#4365. The other PR should be merged first before this one can be merged.
#### Why I did it
After installing SONiC 202511 from ONIE, 10 out of 15 docker containers have empty `/etc/resolv.conf` and no DNS resolution. This is a regression from 202412.
The Trixie base image upgrade introduced two lines in `build_debian.sh` that destroy the `/etc/resolv.conf` symlink (created by the `resolvconf` package) and replace it with a regular empty file:
```bash
sudo rm -f $FILESYSTEM_ROOT/etc/resolv.conf
sudo touch $FILESYSTEM_ROOT/etc/resolv.conf
```
This breaks the DNS propagation chain to docker containers because `/etc/resolvconf/update.d/libc` checks whether `/etc/resolv.conf` is a symlink to `/run/resolvconf/resolv.conf` before notifying downstream consumers (including `update-libc.d/update-containers`). When the symlink is missing, DHCP-obtained DNS is never propagated to containers.
##### Work item tracking
- Microsoft ADO **(number only)**:
#### How I did it
Replaced `sudo touch` with `sudo ln -sf /run/resolvconf/resolv.conf` to preserve the symlink that the `resolvconf` package expects:
```bash
sudo rm -f $FILESYSTEM_ROOT/etc/resolv.conf
sudo ln -sf /run/resolvconf/resolv.conf $FILESYSTEM_ROOT/etc/resolv.conf
```
This is consistent with what `resolv-config.sh` does at runtime (`ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf`) and matches the behavior of all SONiC releases prior to 202511.
#### How to verify it
<!--
If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012.
-->
1. Install from ONIE on a switch
2. After boot, verify:
```bash
# Host resolv.conf should be a symlink
ls -la /etc/resolv.conf
# Expected: /etc/resolv.conf -> /run/resolvconf/resolv.conf
# All containers should have DNS
for c in $(docker ps --format '{{.Names}}'); do
echo "=== $c ==="
docker exec $c cat /etc/resolv.conf
done
```
#### Which release branch to backport (provide reason below if selected)
<!--
- Note we only backport fixes to a release branch, *not* features!
- Please also provide a reason for the backporting below.
- e.g.
- [x] 202006
-->
- [ ] 202305
- [ ] 202311
- [ ] 202405
- [ ] 202411
- [ ] 202505
- [x] 202511
#### Tested branch (Please provide the tested image version)
<!--
- Please provide tested image version
- e.g.
- [x] 20201231.100
-->
- [ ] <!-- image version 1 -->
- [ ] <!-- image version 2 -->
#### Description for the changelog
<!--
Write a short (one line) summary that describes the changes in this
pull request for inclusion in the changelog:
-->
<!--
Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU.
-->
#### Link to config_db schema for YANG module changes
<!--
Provide a link to config_db schema for the table for which YANG model
is defined
Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md
-->
Signed-off-by: Sonic Build Admin <[email protected]>
#### A picture of a cute animal (not mandatory but encouraged)
8 tasks
mssonicbld
added a commit
to sonic-net/sonic-buildimage
that referenced
this pull request
Apr 3, 2026
#26535) <!-- Please make sure you've read and understood our contributing guidelines: https://github.com/Azure/SONiC/blob/gh-pages/CONTRIBUTING.md failure_prs.log skip_prs.log Make sure all your commits include a signature generated with `git commit -s` ** If this is a bug fix, make sure your description includes "fixes #xxxx", or "closes #xxxx" or "resolves #xxxx" Please provide the following information: --> #### Dependency This PR depends on sonic-net/sonic-utilities#4365. The other PR should be merged first before this one can be merged. #### Why I did it After installing SONiC 202511 from ONIE, 10 out of 15 docker containers have empty `/etc/resolv.conf` and no DNS resolution. This is a regression from 202412. The Trixie base image upgrade introduced two lines in `build_debian.sh` that destroy the `/etc/resolv.conf` symlink (created by the `resolvconf` package) and replace it with a regular empty file: ```bash sudo rm -f $FILESYSTEM_ROOT/etc/resolv.conf sudo touch $FILESYSTEM_ROOT/etc/resolv.conf ``` This breaks the DNS propagation chain to docker containers because `/etc/resolvconf/update.d/libc` checks whether `/etc/resolv.conf` is a symlink to `/run/resolvconf/resolv.conf` before notifying downstream consumers (including `update-libc.d/update-containers`). When the symlink is missing, DHCP-obtained DNS is never propagated to containers. ##### Work item tracking - Microsoft ADO **(number only)**: #### How I did it Replaced `sudo touch` with `sudo ln -sf /run/resolvconf/resolv.conf` to preserve the symlink that the `resolvconf` package expects: ```bash sudo rm -f $FILESYSTEM_ROOT/etc/resolv.conf sudo ln -sf /run/resolvconf/resolv.conf $FILESYSTEM_ROOT/etc/resolv.conf ``` This is consistent with what `resolv-config.sh` does at runtime (`ln -sf /run/resolvconf/resolv.conf /etc/resolv.conf`) and matches the behavior of all SONiC releases prior to 202511. #### How to verify it <!-- If PR needs to be backported, then the PR must be tested against the base branch and the earliest backport release branch and provide tested image version on these two branches. For example, if the PR is requested for master, 202211 and 202012, then the requester needs to provide test results on master and 202012. --> 1. Install from ONIE on a switch 2. After boot, verify: ```bash # Host resolv.conf should be a symlink ls -la /etc/resolv.conf # Expected: /etc/resolv.conf -> /run/resolvconf/resolv.conf # All containers should have DNS for c in $(docker ps --format '{{.Names}}'); do echo "=== $c ===" docker exec $c cat /etc/resolv.conf done ``` #### Which release branch to backport (provide reason below if selected) <!-- - Note we only backport fixes to a release branch, *not* features! - Please also provide a reason for the backporting below. - e.g. - [x] 202006 --> - [ ] 202305 - [ ] 202311 - [ ] 202405 - [ ] 202411 - [ ] 202505 - [x] 202511 #### Tested branch (Please provide the tested image version) <!-- - Please provide tested image version - e.g. - [x] 20201231.100 --> - [ ] <!-- image version 1 --> - [ ] <!-- image version 2 --> #### Description for the changelog <!-- Write a short (one line) summary that describes the changes in this pull request for inclusion in the changelog: --> <!-- Ensure to add label/tag for the feature raised. example - PR#2174 under sonic-utilities repo. where, Generic Config and Update feature has been labelled as GCU. --> #### Link to config_db schema for YANG module changes <!-- Provide a link to config_db schema for the table for which YANG model is defined Link should point to correct section on https://github.com/Azure/sonic-buildimage/blob/master/src/sonic-yang-models/doc/Configuration.md --> Signed-off-by: Sonic Build Admin <[email protected]> #### A picture of a cute animal (not mandatory but encouraged)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What I did
Fixed
sonic-installer installfailing duringmigrate_sonic_packages()when/etc/resolv.confin the new image is a symlink to/run/resolvconf/resolv.conf.The failure occurs because the
cpcommand atmain.py:386follows the symlink through the overlay mount. Since the symlink target is an absolute path, it resolves to the host's/run/resolvconf/resolv.conf— the same file as the source.cpdetects same source and destination inode and exits with:This was introduced by the
build_debian.shchange that replacedtouchwithln -sf /run/resolvconf/resolv.conffor/etc/resolv.confin the image filesystem.How I did it
Check whether
/etc/resolv.confin the chroot is a symlink or a regular file, and handle each case appropriately:Symlink (images with
resolvconfpackage installed): Read the symlink target viareadlink(e.g./run/resolvconf/resolv.conf), then create the target file inside the chroot with the host's DNS content. The symlink then resolves correctly inside the chroot. This avoids touching the symlink itself, so the overlay upper dir'setc/resolv.confis never modified and the new image boots with the symlink intact. No cleanup is needed — the target lives under/run, which is a tmpfs recreated at every boot.Regular file (images without
resolvconf, or where the build process explicitly creates a regular file viatouch): Overwrite directly with the host's DNS content. No backup/restore is needed — the original file is empty (cleared during build), and after reboot theresolv-configservice reconfigures DNS from CONFIG_DB.The previous backup-overwrite-restore pattern has been removed since it is unnecessary in both cases.
How to verify it
Start with a switch running an image where
/etc/resolv.confis a symlink:Run
sonic-installer installwith an image that also has the symlink:Verify:
cp: ... are the same fileerrorsonic-installer listshows the new image as default/etc/resolv.confis still a symlink to/run/resolvconf/resolv.confPrevious command output (if the output of a command-line utility has changed)
New command output (if the output of a command-line utility has changed)