From 4772f708e3217409cfe73a43af80bb6f24e7cb52 Mon Sep 17 00:00:00 2001
From: Zsombor Welker <fedora@zdeqb.com>
Date: Sun, 26 Jun 2022 10:54:00 +0200
Subject: [PATCH] Don't allow top-level only domains

systemd-resolved (v249) doesn't seem to route the domain correctly.
---
 README.md                                 |  5 -----
 src/systemd_resolved_docker/cli.py        |  4 ++--
 src/systemd_resolved_docker/test_utils.py | 12 ++++++++++++
 src/systemd_resolved_docker/utils.py      |  8 ++++++++
 4 files changed, 22 insertions(+), 7 deletions(-)
 create mode 100644 src/systemd_resolved_docker/test_utils.py

diff --git a/README.md b/README.md
index 11e5a4e..c3d7060 100644
--- a/README.md
+++ b/README.md
@@ -35,11 +35,6 @@ an exact match is required. If a generated domain address doesn't match the list
    ```sh
    docker run --rm -it --hostname test      alpine                   # test.docker
    ```
-   When the hostname is in the list of _allowed domains_ (`ALLOWED_DOMAINS=.docker,some-host`), then the `default_domain`
-   will not be appended:
-   ```sh
-   docker run --rm -it --hostname some-host alpine                   # some-host
-   ```
    Glob matching is supported in the `--hostname`, with which wildcard domains are supported:
    ```sh
    docker run --hostname '*.test' --rm -it alpine                    # anything.test
diff --git a/src/systemd_resolved_docker/cli.py b/src/systemd_resolved_docker/cli.py
index 30556af..1489c60 100644
--- a/src/systemd_resolved_docker/cli.py
+++ b/src/systemd_resolved_docker/cli.py
@@ -9,7 +9,7 @@ from systemd import daemon
 from .dockerdnsconnector import DockerDNSConnector
 from .resolvedconnector import SystemdResolvedConnector
 from .utils import find_default_docker_bridge_gateway, parse_ip_port, parse_listen_address, remove_dummy_interface, \
-    create_dummy_interface
+    create_dummy_interface, sanify_domain
 
 
 class Handler:
@@ -44,7 +44,7 @@ def main():
     if tld is None or len(tld.strip()) == 0:
         domains = [".docker"]
     else:
-        domains = [item.strip() for item in tld.split(',')]
+        domains = [sanify_domain(item) for item in tld.split(',')]
 
     cli = docker.from_env()
     docker_gateway = find_default_docker_bridge_gateway(cli)
diff --git a/src/systemd_resolved_docker/test_utils.py b/src/systemd_resolved_docker/test_utils.py
new file mode 100644
index 0000000..4b14d7f
--- /dev/null
+++ b/src/systemd_resolved_docker/test_utils.py
@@ -0,0 +1,12 @@
+from unittest import TestCase
+
+from .utils import sanify_domain
+
+
+class TestUtils(TestCase):
+    def test_sanify_domain(self):
+        self.assertEquals(".domain", sanify_domain(".domain"))
+        self.assertEquals(".domain", sanify_domain("domain"))
+
+        self.assertEquals(".domain", sanify_domain(" .domain "))
+        self.assertEquals(".domain", sanify_domain(" domain "))
diff --git a/src/systemd_resolved_docker/utils.py b/src/systemd_resolved_docker/utils.py
index 7c07a45..a46e6d1 100644
--- a/src/systemd_resolved_docker/utils.py
+++ b/src/systemd_resolved_docker/utils.py
@@ -74,3 +74,11 @@ def remove_dummy_interface(interface):
         ndbif = ndb.interfaces.get(interface)
         if ndbif is not None:
             ndbif.remove().commit()
+
+
+def sanify_domain(domain: str):
+    domain = domain.strip()
+    if domain[0] == '.':
+        return domain
+    else:
+        return '.' + domain
-- 
GitLab