system/skeleton: move target of /etc/resolv.conf symlink

In commit ba70f94e629e (subversion makes it so we do not need a separate
tarball to store empty directories and symlinks for the target_skeleton.)
/etc/resolv.conf was made a symlink to ../tmp/resolv.conf. There was no
rationale behind this change, but back at the time (2006!), the only
location that Buildroot guaranteed to be writable was /tmp, and we
needed a writable location to create resolv.conf from a DHCP reply for
example, so the change made sense.

Commits 2f67d9e2fe7b (preparation for BR2_PACKAGE_BUSYBOX_SKELETON), in
2007, then d9119c0bc55d (move default skeleton to fs/ and drop busybox
skeleton), in 2010, and finally 6c3e3ad41977 (New top-level directory:
system), in 2012, propagated that /etc/resolv.conf without any change in
the target of the symlink.

However, since commit d380dde1d287 (skeleton: make /run a proper
directory/filesystem), in 2015, a tmpfs has been mounted on /run, so it
is now guaranteed to be writable as well for SYS-V-based systems. That
has also been the case for openrc since commit a840e485d174
(package/skeleton-init-openrc: new package), in 2019. This has also
always been the case for systemd as well.

resolv.conf is not a temporary file [0]; it is really more of a runtime
data; its location in /tmp is just a historical artefact of a long-wrong
assertion.

Nowadays, distributions either have an actual file as /etc/resolv.conf
(when /etc is writable), or it is a symlink to a location below /run.

Although resolv.conf is used by the C library resolver, a lot of
applications now will directly use it; this is the case for some
container management tools, such as podman (and its helpers, like
netavark), that expect /etc/resolv.conf to either be a file or a symlink
to somewhere in /run, and fail to provide DNS services if that is not
the case.

So, we move the target of /etc/resolv.conf to ../run/resolv.conf.

As a consequence, we can drop the workaround in podman's runtime test.

To be noted: there are tow custom fstab files in Buildroot that do not
explicitly mount a tmpfs on /run:
  - one for a systemd runtime test, so /run would also be a tmpfs there
    anyway, as systemd does mount one;
  - one for the mender_x86_64_efi_defconfig; that's a not a problem:
    / is an ext4 that is mounted r/w (and /tmp is not a tmpfs either, so
    the symlink to /tmp would not not have worked if / was not r/w
    anyway).

This leaves people with their own fstab, to adapt. Cater to them by
adding a little blurb in the documentation.

Note: the following 43 tests all built and ran successfully:
    tests.init
    tests.package.test_apache
    tests.package.test_docker_compose
    tests.package.test_dropbear
    tests.package.test_iputils
    tests.package.test_podman
    tests.package.test_skopeo
    tests.package.test_wget

(no other runtime test were attempted)

[0] temporary, as in relatively short-lived.

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Signed-off-by: Julien Olivain <ju.o@free.fr>

docs/manual/migrating.adoc

@@ -195,3 +195,17 @@ host-mender-artifact. See +board/mender/x86_64/post-image-efi.sh+ for an
 example of how to generate the bootstrap.mender file. See 
 https://docs.mender.io/release-information/release-notes-changelog/mender-client#mender-3-5-0-1[the
 release notes], under features, for more information.
+
+[[migrating-resolv.conf]]
+=== Migrating to 2025.05
+
+In 2025.05, for SYS-V-like systems (busybox, sysvinit, openrc), the
+`/etc/resolv.conf` symlink was changed to point to `/run/resolv.conf`,
+rather than the legacy location in `/tmp`. Users of a custom `fstab`
+will need to ensure that `/run` is writable before resolv.conf is
+created (usually by a DHCP client), either with an entry for `/run`,
+or with a startup script.
+
+Note that systems using systemd are not impacted: systemd always ensures
+that `/run` is writable. Systems further using systemd-resolved already
+had a `/etc/resolv.conf` that pointed into `/run` anyway.

support/testing/tests/package/test_podman.py

@@ -71,13 +71,6 @@ class PodmanBase(infra.basetest.BRTest):
         self.assertRunOk("touch /etc/subuid /etc/subgid")
         self.assertRunOk("usermod --add-subuids 10000-75535 foo")
         self.assertRunOk("usermod --add-subgids 10000-75535 foo")
-        # If /etc/resolv.conf is a symlink, it has to point either into /etc
-        # (or deep in there), or into /run (or deep in there), as only those
-        # would eventually get used by podman/netavark for # rootless containers.
-        # This is considered a workaround to the current situation; resolv,conf
-        # should ultimately be in /run rather than /tmp.
-        self.assertRunOk("mv /tmp/resolv.conf /run/resolv.conf")
-        self.assertRunOk("ln -sf /run/resolv.conf /etc/resolv.conf")
 
         # First, test podman as root (the current user)
         self.do_podman()

system/skeleton/etc/resolv.conf

@@ -1 +1 @@
-../tmp/resolv.conf
+../run/resolv.conf