|
Bugzilla – Full Text Bug Listing |
| Summary: | dnsmasqd uses dialout group | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.1 | Reporter: | Ludwig Nussel <lnussel> |
| Component: | Security | Assignee: | Marius Tomaschewski <mt> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Normal | ||
| Priority: | P5 - None | CC: | hvogel, mt, security-team, ug |
| Version: | Factory | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: |
proposed patch
ip-up changes from Factory/STABLE (/etc/ppp/resolv.conf not used) |
||
|
Description
Ludwig Nussel
2008-06-19 09:43:03 UTC
Henne, how about writing the /etc/ppp/resolv.conf file somewhere to /var/... and putting a link to /etc/ppp/resolv.conf to that file? I can point dnsmasq to that file then and can take dnsmasq out of the dailout group. ip-up is from sysconfig The ppp daemon writes /etc/ppp/resolv.conf itself, not the ip-up scripts. I'd say, fix the ppp daemon to write it to e.g. /var/run/ppp/resolv.conf plus a link to it in /etc/ppp/resolv.conf for compatibility. Because /-fs may be read-only in the feature, it makes sense anyway. Let me know where it is written in case I've to update the ip-up scripts that just checks the existence of the file. BTW: What happens in case of two ppp interfaces providing DNS config?
I think better would be to write e.g. /var/run/ppp/resolv.conf.ppp0 ...
All together:
- write /var/run/ppp/resolv.conf.$INTERFACE
- link /var/run/ppp/resolv.conf -> resolv.conf.$INTERFACE
[first one that goes up]
or better
write /var/run/ppp/resolv.conf with the content of all up
resolv.confg.$INTERFACE files.
- link /etc/ppp/resolv.conf -> /var/run/ppp/resolv.conf
Okay i have a patch that does /var/run/ppp_resolv.conf.$INTERFACE Note: $INTERFACE is $IFNAME which is the name from the ifcfg file. Created attachment 229290 [details]
proposed patch
Created attachment 239052 [details] ip-up changes from Factory/STABLE (/etc/ppp/resolv.conf not used) As the patch shows, the /etc/ppp/resolv.conf is not used any more in the ip-up script. The patch from comment #6 looks IMO good. We currently don't have support for dnsmasq as forwarder in our netconfig scripts (see /etc/netconfig.d/{dns-resolver,dns-bind}), but it would make sense to implement one... Uwe, when the patch from comment #6 is active, there is no single /etc/ppp/resolv.conf any more. netconfig should collects the nameservers provided by ppp interfaces and it would make sense to implement a netconfig dns-dnsmasq module that merges them and writes to one file for dnsmasq when NETCONFIG_DNS_FORWARDER="dnsmasq". What do you think, what's the best place for this file? Can you add some instructions to the dnsmasq config how to switch to dnsmasq as forwarder? OK, I've implemented a netconfig dnsmasq module just now that is active when NETCONFIG_DNS_FORWARDER is "dnsmasq" in the /etc/sysconfig/network/config. Currently only in sysconfig svn trunk, I'll test it and submit pkg tomorrow. Basically it writes the nameserver into /var/run/dnsmasq-forwarders.conf in resolv.conf format. Uwe will add an comment, etc about to the dnsmasq package and a warning to the init script in case /etc/ppp/resolv.conf is in use. Hendrik, let's submit the patch from comment #6 to STABLE tomorrow. OK? submitted I have added a README.SUSE file to the pacakge and a warning to the init script when /etc/ppp is used by dnsmasq. User dnsmasq moved from group dialout to nogroup. Manpage fixed. The sysconfig-0.71.4 package in STABLE / Factory contains the dns-dnsmasq netconfig module, dnsmasq package is adopted, ppp daemon submitted too... I think we can close this bug now. When something is missing please reopen... I think we can close this bug now. When something is missing please reopen... |