Petr Menšík wrote:
> I don't think it is so easy. It can add facl on resolv.conf file before
> it drops privileges. But Any other process might remove the file again
> and write a new one, preventing openvpn to update it later. Because
> openvpn is not supposed to be owner of /etc/resolv.conf, it should not
> dictate what rights it needs.
Well, what I propose is really to have a systemwide file ACL set by the RPM
owning resolv.conf, listing all system users that need write access to the
file, and openvpn would be one of them.
If something then overwrites the file losing the ACLs, that something needs
to be fixed then.
Kevin Kofler
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
