On Thu, 2016-09-29 at 18:01 +0200, Guido Trentalancia wrote: > On Thu, 29/09/2016 at 17.52 +0200, Michael Biebl wrote: > > > > Am 29.09.2016 um 17:33 schrieb Guido Trentalancia: > > > > > > > > > On Thu, 29/09/2016 at 17.29 +0200, Michael Biebl wrote: > > > > > > > > > > > > Am 29.09.2016 um 17:11 schrieb Guido Trentalancia: > > > > > > > > > > > > > > > > > > > > Run-time checks are wrong because they leave the filesystem > > > > > in > > > > > a > > > > > state that is not usable when SELinux goes back into > > > > > enforcing > > > > > mode. > > > > > > > > > > Compile-time checks have no side effects and in any case are > > > > > better > > > > > than the bug! > > > > > > > > Debian enables selinux support during compile time but we do > > > > not > > > > enable > > > > selinux by default. > > > > > > > > So the side-effect of this patch would be that suddenly NM > > > > would > > > > use > > > > files instead of symlinks on Debian. > > > > > > This is not a side-effect in my opinion, but an added benefit > > > because > > > there is no good reason for using a symbolic link. > > > > So you want to get rid of the symbolic link altogether and selinux > > is > > only a diversion? > > I am in favor of getting rid completely of the symbolic link > creation, > but this is outside of the scope of a simple patch created as a quick > fix of an existing bug. > > I'll leave more extensive changes to the author... They are not > strictly required for running NetworkManager. > > Guido
Hi Guido, I don't see what is there to fix here. If you dislike the setting, configure rc-manager=file (it is here to be configured by the user). If you build NM yourself, configure --with-config-dns-rc-manager- default=file and have the setting to be the default (or fix your selinux policy). If your distro enables SELinux, it should either fix their selinux policy or again build NM with --with-config-dns-rc-manager- default=file. Using a symlink by default IMO makes a lot of sense, because this way NM announces that it is in charge of managing resolv.conf. If you manually change resolv.conf to be a symlink to anywhere else, NM will automatically understand that it is not supposed to touch the symlink, without requiring additional configuration from you. This way, multiple management deamons can cooperate in who is in charge of configuring resolv.conf. Best, Thomas
signature.asc
Description: This is a digitally signed message part
_______________________________________________ networkmanager-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/networkmanager-list
