Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi, On Tue, 2015-09-15 at 11:29 +, Sam Nazarko wrote: > >But also scripts/connman.in should be modified to create the > >needed symlink. > > Are you saying that you would like to create the symlink as part of > the packaging? I'm not sure this is necessarily a good idea, > particularly when packaging with Debian. This means that connman would > take 'ownership' of /etc/resolv.conf which is not necessarily a good > idea. That connman.in file is a generic init script. Need it work for Debian, it needs LSB fields added in a patch or otherwise anyway. The init script in the upstream tar ball properly sources /etc/default/connman, so one can always hide updating of resolv.conf behind a variable. Having ConnMan write directly into /etc/resolv.conf is probably not what Debian would like to happen either, but for better or worse it's the current behavior. The idea here is that from one version to another there should be a very high probability of things working exactly as before, also when using init scripts. Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi, >But also scripts/connman.in should be modified to create the >needed symlink. Are you saying that you would like to create the symlink as part of the packaging? I'm not sure this is necessarily a good idea, particularly when packaging with Debian. This means that connman would take 'ownership' of /etc/resolv.conf which is not necessarily a good idea. >Here I suppose the modifications are done via a connman.service.d/*.conf >systemd.unit files in order to eliminate source code patches for ConnMan >systemd service startup. We do not use a systemd dropin, we instead distribute our own systemd configuration. Part of this stems from the need for customisation at the moment, and also because at the time ConnMan had incorrect service dependencies. This was raised in #CM-683 by Simon Byrnand (OSMC) and was fixed in 1.30. Sam From: connman on behalf of Patrik Flykt Sent: 15 September 2015 11:46 To: connman@connman.net Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled On Tue, 2015-09-15 at 07:15 +, Sam Nazarko wrote: > I am happy with this solution to write > to /var/run/connman/resolv.conf. I am happy to submit a patch for this > as well as a revised systemd service unit with an ExecStartPre= entry > to create the symlink before starting ConnMan. Please let me know if > you will accept this. systemd-tmpfiles looks like being the correct tool for this task. With this solution no additional variables are needed main.conf, which is a good thing. But also scripts/connman.in should be modified to create the needed symlink. The above scheme can fail if the system provides its own init scripts, so now would be the time to take notice, speak up and/or fix such init scripts. > Our current implementation actually calls a script before launching > ConnMan to run some sanity checks and evaluate whether we want > ConnMan's resolv.conf or not, but revising the systemd unit is > probably the best method to maintain immediate compatibility and > provide an entry point for other distributions to change this > behaviour. Here I suppose the modifications are done via a connman.service.d/*.conf systemd.unit files in order to eliminate source code patches for ConnMan systemd service startup. More comments, anyone? Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
On Tue, 2015-09-15 at 07:15 +, Sam Nazarko wrote: > I am happy with this solution to write > to /var/run/connman/resolv.conf. I am happy to submit a patch for this > as well as a revised systemd service unit with an ExecStartPre= entry > to create the symlink before starting ConnMan. Please let me know if > you will accept this. systemd-tmpfiles looks like being the correct tool for this task. With this solution no additional variables are needed main.conf, which is a good thing. But also scripts/connman.in should be modified to create the needed symlink. The above scheme can fail if the system provides its own init scripts, so now would be the time to take notice, speak up and/or fix such init scripts. > Our current implementation actually calls a script before launching > ConnMan to run some sanity checks and evaluate whether we want > ConnMan's resolv.conf or not, but revising the systemd unit is > probably the best method to maintain immediate compatibility and > provide an entry point for other distributions to change this > behaviour. Here I suppose the modifications are done via a connman.service.d/*.conf systemd.unit files in order to eliminate source code patches for ConnMan systemd service startup. More comments, anyone? Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi Patrik, I am happy with this solution to write to /var/run/connman/resolv.conf. I am happy to submit a patch for this as well as a revised systemd service unit with an ExecStartPre= entry to create the symlink before starting ConnMan. Please let me know if you will accept this. Our current implementation actually calls a script before launching ConnMan to run some sanity checks and evaluate whether we want ConnMan's resolv.conf or not, but revising the systemd unit is probably the best method to maintain immediate compatibility and provide an entry point for other distributions to change this behaviour. Sam From: connman on behalf of Patrik Flykt Sent: 11 September 2015 07:17 To: connman@connman.net Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled Hi, On Fri, 2015-09-11 at 01:07 +, Sam Nazarko wrote: > The primary use case is to keep ConnMan running so that in OSMC users > can still configure Bluetooth connections or WiFi adapters with a > unified interface (and we can support it with a single API). Thanks for the info. The above means that in the OSMC configuration the DNS servers from the kernel command line, kernel variables or other static entries written to resolv.conf also satisfy the name lookups done while using Bluetooth or WiFi. I was thinking that this leads to a solution like: - always write ConnMan's resolv.conf entries to the hereafter "well-known" location at /var/run/connman/resolv.conf - by default replace /etc/resolv conf with a symlink to ConnMan's own resolv.conf file - prevent the creation of the symlink by defining a command line option and main.conf variable. By not making ConnMan's resolv.conf location configurable keeps resolv.conf handling distribution agnostic and ConnMan specific while being in line with what systemd-resolved offers. The two latter points above are there only to keep the current status quo. Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi, On Fri, 2015-09-11 at 01:07 +, Sam Nazarko wrote: > The primary use case is to keep ConnMan running so that in OSMC users > can still configure Bluetooth connections or WiFi adapters with a > unified interface (and we can support it with a single API). Thanks for the info. The above means that in the OSMC configuration the DNS servers from the kernel command line, kernel variables or other static entries written to resolv.conf also satisfy the name lookups done while using Bluetooth or WiFi. I was thinking that this leads to a solution like: - always write ConnMan's resolv.conf entries to the hereafter "well-known" location at /var/run/connman/resolv.conf - by default replace /etc/resolv conf with a symlink to ConnMan's own resolv.conf file - prevent the creation of the symlink by defining a command line option and main.conf variable. By not making ConnMan's resolv.conf location configurable keeps resolv.conf handling distribution agnostic and ConnMan specific while being in line with what systemd-resolved offers. The two latter points above are there only to keep the current status quo. Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi Patrik, >If you use ConnMan with either patch of yours applied, using the DNS >servers for the primary nfsroot interface will always work properly, >even for any other Bluetooth or WiFi network, right? When we run ConnMan in this way, we only have a network connection in eth0, but it does work via BT or WiFi as well. >So your use of ConnMan is either or both: >- tethering of other interfaces >- connecting other interfaces but using the primary nfsroot interface > nameservers The primary use case is to keep ConnMan running so that in OSMC users can still configure Bluetooth connections or WiFi adapters with a unified interface (and we can support it with a single API). ConnMan is configured to ignore eth0 when nfsroot is active because the connection has been configured as a kernel command line parameter. Sam From: connman on behalf of Patrik Flykt Sent: 07 September 2015 14:20 To: connman@connman.net Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled Hi, On Mon, 2015-09-07 at 12:40 +, Sam Nazarko wrote: > We do not need DNS on other interfaces when ConnMan is running on an > nfsroot. We cannot tether as eth0 is ignored, so this is less of a > concern for us. If you use ConnMan with either patch of yours applied, using the DNS servers for the primary nfsroot interface will always work properly, even for any other Bluetooth or WiFi network, right? Or you use ConnMan only for tethering Bluetooth and WiFi? > For now, DNS is not handled by ConnMan properly so we get a > blank /etc/resolv.conf with 'Generated by Connection Manager' which > will overwrite our /etc/resolv.conf which was previously populated > from procfs. You are running connman with the --nodnsproxy option with no networks connected when the resolv.conf file contains only the "# Generated by Connection Manager" line. If you connect a network using ConnMan, it will overwrite the nameserver information in /etc/resolv.conf with the information obtained from DHCP for the newly connected network... This without either of your patch applied, of course. So your use of ConnMan is either or both: - tethering of other interfaces - connecting other interfaces but using the primary nfsroot interface nameservers Is this what is happening? > I have submitted an alternate patch which allows /etc/resolv.conf to > be saved in another location Yes, I saw them, thanks for both variants. After I have figured out what OSMC is up to, there is perhaps an optimal way of making this work well for both OSMC and the rest of the "road warrior" setups. Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi, On Mon, 2015-09-07 at 12:40 +, Sam Nazarko wrote: > We do not need DNS on other interfaces when ConnMan is running on an > nfsroot. We cannot tether as eth0 is ignored, so this is less of a > concern for us. If you use ConnMan with either patch of yours applied, using the DNS servers for the primary nfsroot interface will always work properly, even for any other Bluetooth or WiFi network, right? Or you use ConnMan only for tethering Bluetooth and WiFi? > For now, DNS is not handled by ConnMan properly so we get a > blank /etc/resolv.conf with 'Generated by Connection Manager' which > will overwrite our /etc/resolv.conf which was previously populated > from procfs. You are running connman with the --nodnsproxy option with no networks connected when the resolv.conf file contains only the "# Generated by Connection Manager" line. If you connect a network using ConnMan, it will overwrite the nameserver information in /etc/resolv.conf with the information obtained from DHCP for the newly connected network... This without either of your patch applied, of course. So your use of ConnMan is either or both: - tethering of other interfaces - connecting other interfaces but using the primary nfsroot interface nameservers Is this what is happening? > I have submitted an alternate patch which allows /etc/resolv.conf to > be saved in another location Yes, I saw them, thanks for both variants. After I have figured out what OSMC is up to, there is perhaps an optimal way of making this work well for both OSMC and the rest of the "road warrior" setups. Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi Patrik, We do not need DNS on other interfaces when ConnMan is running on an nfsroot. We cannot tether as eth0 is ignored, so this is less of a concern for us. For now, DNS is not handled by ConnMan properly so we get a blank /etc/resolv.conf with 'Generated by Connection Manager' which will overwrite our /etc/resolv.conf which was previously populated from procfs. I have submitted an alternate patch which allows /etc/resolv.conf to be saved in another location Sam From: connman on behalf of Patrik Flykt Sent: 07 September 2015 13:36 To: connman@connman.net Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled Hi, On Fri, 2015-09-04 at 14:29 +, Sam Nazarko wrote: > When OSMC uses an nfsroot, we ignore the primary interface (eth0), as > the kernel is handling the network connection itself. Currently, > without this patch, ConnMan will try and update /etc/resolv.conf, but > may not have sufficient 'knowlege' to be able to accurately do so. We > still want ConnMan to handle other technologies on the system, such as > Bluetooth. Whether we used DHCP for DNS servers or configured it > statically, it is obtainable from procfs. For DHCP we can > use /proc/net/pnp and for static configuration we can populate > via /proc/cmdline. How is DNS handled when ConnMan uses Bluetooh, WiFi etc. other networks than the primary eth0 ethernet? /proc/net/pnp and /proc/cmdline are only relevant for the primary eth0 nfsroot interface. Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi, On Fri, 2015-09-04 at 14:29 +, Sam Nazarko wrote: > When OSMC uses an nfsroot, we ignore the primary interface (eth0), as > the kernel is handling the network connection itself. Currently, > without this patch, ConnMan will try and update /etc/resolv.conf, but > may not have sufficient 'knowlege' to be able to accurately do so. We > still want ConnMan to handle other technologies on the system, such as > Bluetooth. Whether we used DHCP for DNS servers or configured it > statically, it is obtainable from procfs. For DHCP we can > use /proc/net/pnp and for static configuration we can populate > via /proc/cmdline. How is DNS handled when ConnMan uses Bluetooh, WiFi etc. other networks than the primary eth0 ethernet? /proc/net/pnp and /proc/cmdline are only relevant for the primary eth0 nfsroot interface. Cheers, Patrik ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi Patrik, > Unfortunately there is no motivation for this change When OSMC uses an nfsroot, we ignore the primary interface (eth0), as the kernel is handling the network connection itself. Currently, without this patch, ConnMan will try and update /etc/resolv.conf, but may not have sufficient 'knowlege' to be able to accurately do so. We still want ConnMan to handle other technologies on the system, such as Bluetooth. Whether we used DHCP for DNS servers or configured it statically, it is obtainable from procfs. For DHCP we can use /proc/net/pnp and for static configuration we can populate via /proc/cmdline. How's about a patch for a command line option called --resolv-path which allows writing to an alternative path? Would you accept that? This would provide sufficient scope in the future for other use cases -- and I am sure there are other reasons when someone has to ignore an interface, to update /etc/resolv.conf themselves as well as provide a means to which the output from ConnMan and another service can be confirmed. Sam From: connman on behalf of Patrik Flykt Sent: 04 September 2015 06:55 To: connman@connman.net Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled Hi, On Thu, 2015-09-03 at 16:07 +, Sam Nazarko wrote: > --- Unfortunately there is no motivation for this change. Apparently it does something very much needed, as you have sent a patch for the issue. With this change, how are DNS servers handed down by a DHCP server or modified manually supposed to handled? In order to fit into existing frameworks (which? what use cases?), I could envision ConnMan writing it's resolv.conf into another location entirely, say /run/connman/resolv.conf, which could then be symlinked to /etc/resolv.conf if needed. Comments? Cheers, Patrik > src/connman.h | 2 +- > src/main.c | 6 +- > src/resolver.c | 10 +- > 3 files changed, 15 insertions(+), 3 deletions(-) > > diff --git a/src/connman.h b/src/connman.h > index 35eb3f5..0d7b500 100644 > --- a/src/connman.h > +++ b/src/connman.h > @@ -244,7 +244,7 @@ int __connman_inet_get_address_netmask(int ifindex, > > #include > > -int __connman_resolver_init(gboolean dnsproxy); > +int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify); > void __connman_resolver_cleanup(void); > int __connman_resolvfile_append(int index, const char *domain, const char > *server); > int __connman_resolvfile_remove(int index, const char *domain, const char > *server); > diff --git a/src/main.c b/src/main.c > index e46fa7b..4d6f064 100644 > --- a/src/main.c > +++ b/src/main.c > @@ -468,6 +468,7 @@ static gchar *option_noplugin = NULL; > static gchar *option_wifi = NULL; > static gboolean option_detach = TRUE; > static gboolean option_dnsproxy = TRUE; > +static gboolean option_allowresolvmodify = TRUE; > static gboolean option_backtrace = TRUE; > static gboolean option_version = FALSE; > > @@ -505,6 +506,9 @@ static GOptionEntry options[] = { > { "nodnsproxy", 'r', G_OPTION_FLAG_REVERSE, > G_OPTION_ARG_NONE, &option_dnsproxy, > "Don't enable DNS Proxy" }, > +{ "noresolvmodify", 's', G_OPTION_FLAG_REVERSE, > +G_OPTION_ARG_NONE, &option_allowresolvmodify, > +"Don't allow resolv.conf changes. Useful if ignoring the > primary interface" }, > { "nobacktrace", 0, G_OPTION_FLAG_REVERSE, > G_OPTION_ARG_NONE, &option_backtrace, > "Don't print out backtrace information" }, > @@ -687,7 +691,7 @@ int main(int argc, char *argv[]) > > __connman_plugin_init(option_plugin, option_noplugin); > > -__connman_resolver_init(option_dnsproxy); > +__connman_resolver_init(option_dnsproxy, option_allowresolvmodify); > __connman_rtnl_start(); > __connman_dhcp_init(); > __connman_dhcpv6_init(); > diff --git a/src/resolver.c b/src/resolver.c > index 6a64938..473412b 100644 > --- a/src/resolver.c > +++ b/src/resolver.c > @@ -55,6 +55,7 @@ struct entry_data { > > static GSList *entry_list = NULL; > static bool dnsproxy_enabled = false; > +static bool allowresolvmodify_enabled = true; > > struct resolvfile_entry { > int index; > @@ -89,6 +90,9 @@ static int resolvfile_export(void) > unsigned int count; > mode_t old_umask; > > +if (! allowresolvmodify_enabled) > +return 0; > + > content = g_string_new("# Generated by Connection Manager\n"); > > /* > @@ -619,11 +623,15 @@ static void free_resolvfile(gpointer data) >
Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
Hi, On Thu, 2015-09-03 at 16:07 +, Sam Nazarko wrote: > --- Unfortunately there is no motivation for this change. Apparently it does something very much needed, as you have sent a patch for the issue. With this change, how are DNS servers handed down by a DHCP server or modified manually supposed to handled? In order to fit into existing frameworks (which? what use cases?), I could envision ConnMan writing it's resolv.conf into another location entirely, say /run/connman/resolv.conf, which could then be symlinked to /etc/resolv.conf if needed. Comments? Cheers, Patrik > src/connman.h | 2 +- > src/main.c | 6 +- > src/resolver.c | 10 +- > 3 files changed, 15 insertions(+), 3 deletions(-) > > diff --git a/src/connman.h b/src/connman.h > index 35eb3f5..0d7b500 100644 > --- a/src/connman.h > +++ b/src/connman.h > @@ -244,7 +244,7 @@ int __connman_inet_get_address_netmask(int ifindex, > > #include > > -int __connman_resolver_init(gboolean dnsproxy); > +int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify); > void __connman_resolver_cleanup(void); > int __connman_resolvfile_append(int index, const char *domain, const char > *server); > int __connman_resolvfile_remove(int index, const char *domain, const char > *server); > diff --git a/src/main.c b/src/main.c > index e46fa7b..4d6f064 100644 > --- a/src/main.c > +++ b/src/main.c > @@ -468,6 +468,7 @@ static gchar *option_noplugin = NULL; > static gchar *option_wifi = NULL; > static gboolean option_detach = TRUE; > static gboolean option_dnsproxy = TRUE; > +static gboolean option_allowresolvmodify = TRUE; > static gboolean option_backtrace = TRUE; > static gboolean option_version = FALSE; > > @@ -505,6 +506,9 @@ static GOptionEntry options[] = { > { "nodnsproxy", 'r', G_OPTION_FLAG_REVERSE, > G_OPTION_ARG_NONE, &option_dnsproxy, > "Don't enable DNS Proxy" }, > +{ "noresolvmodify", 's', G_OPTION_FLAG_REVERSE, > +G_OPTION_ARG_NONE, &option_allowresolvmodify, > +"Don't allow resolv.conf changes. Useful if ignoring the > primary interface" }, > { "nobacktrace", 0, G_OPTION_FLAG_REVERSE, > G_OPTION_ARG_NONE, &option_backtrace, > "Don't print out backtrace information" }, > @@ -687,7 +691,7 @@ int main(int argc, char *argv[]) > > __connman_plugin_init(option_plugin, option_noplugin); > > -__connman_resolver_init(option_dnsproxy); > +__connman_resolver_init(option_dnsproxy, option_allowresolvmodify); > __connman_rtnl_start(); > __connman_dhcp_init(); > __connman_dhcpv6_init(); > diff --git a/src/resolver.c b/src/resolver.c > index 6a64938..473412b 100644 > --- a/src/resolver.c > +++ b/src/resolver.c > @@ -55,6 +55,7 @@ struct entry_data { > > static GSList *entry_list = NULL; > static bool dnsproxy_enabled = false; > +static bool allowresolvmodify_enabled = true; > > struct resolvfile_entry { > int index; > @@ -89,6 +90,9 @@ static int resolvfile_export(void) > unsigned int count; > mode_t old_umask; > > +if (! allowresolvmodify_enabled) > +return 0; > + > content = g_string_new("# Generated by Connection Manager\n"); > > /* > @@ -619,11 +623,15 @@ static void free_resolvfile(gpointer data) > g_free(entry); > } > > -int __connman_resolver_init(gboolean dnsproxy) > +int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify) > { > int i; > char **ns; > > +DBG("allowresolvmodify %d", allowresolvmodify); > + > +allowresolvmodify_enabled = allowresolvmodify; > + > DBG("dnsproxy %d", dnsproxy); > > if (!dnsproxy) > -- > 2.1.0 > > ___ > connman mailing list > connman@connman.net > https://lists.connman.net/mailman/listinfo/connman ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman
[PATCH] resolver: allow writing to /etc/resolv.conf to be disabled
--- src/connman.h | 2 +- src/main.c | 6 +- src/resolver.c | 10 +- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/connman.h b/src/connman.h index 35eb3f5..0d7b500 100644 --- a/src/connman.h +++ b/src/connman.h @@ -244,7 +244,7 @@ int __connman_inet_get_address_netmask(int ifindex, #include -int __connman_resolver_init(gboolean dnsproxy); +int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify); void __connman_resolver_cleanup(void); int __connman_resolvfile_append(int index, const char *domain, const char *server); int __connman_resolvfile_remove(int index, const char *domain, const char *server); diff --git a/src/main.c b/src/main.c index e46fa7b..4d6f064 100644 --- a/src/main.c +++ b/src/main.c @@ -468,6 +468,7 @@ static gchar *option_noplugin = NULL; static gchar *option_wifi = NULL; static gboolean option_detach = TRUE; static gboolean option_dnsproxy = TRUE; +static gboolean option_allowresolvmodify = TRUE; static gboolean option_backtrace = TRUE; static gboolean option_version = FALSE; @@ -505,6 +506,9 @@ static GOptionEntry options[] = { { "nodnsproxy", 'r', G_OPTION_FLAG_REVERSE, G_OPTION_ARG_NONE, &option_dnsproxy, "Don't enable DNS Proxy" }, +{ "noresolvmodify", 's', G_OPTION_FLAG_REVERSE, +G_OPTION_ARG_NONE, &option_allowresolvmodify, +"Don't allow resolv.conf changes. Useful if ignoring the primary interface" }, { "nobacktrace", 0, G_OPTION_FLAG_REVERSE, G_OPTION_ARG_NONE, &option_backtrace, "Don't print out backtrace information" }, @@ -687,7 +691,7 @@ int main(int argc, char *argv[]) __connman_plugin_init(option_plugin, option_noplugin); -__connman_resolver_init(option_dnsproxy); +__connman_resolver_init(option_dnsproxy, option_allowresolvmodify); __connman_rtnl_start(); __connman_dhcp_init(); __connman_dhcpv6_init(); diff --git a/src/resolver.c b/src/resolver.c index 6a64938..473412b 100644 --- a/src/resolver.c +++ b/src/resolver.c @@ -55,6 +55,7 @@ struct entry_data { static GSList *entry_list = NULL; static bool dnsproxy_enabled = false; +static bool allowresolvmodify_enabled = true; struct resolvfile_entry { int index; @@ -89,6 +90,9 @@ static int resolvfile_export(void) unsigned int count; mode_t old_umask; +if (! allowresolvmodify_enabled) +return 0; + content = g_string_new("# Generated by Connection Manager\n"); /* @@ -619,11 +623,15 @@ static void free_resolvfile(gpointer data) g_free(entry); } -int __connman_resolver_init(gboolean dnsproxy) +int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify) { int i; char **ns; +DBG("allowresolvmodify %d", allowresolvmodify); + +allowresolvmodify_enabled = allowresolvmodify; + DBG("dnsproxy %d", dnsproxy); if (!dnsproxy) -- 2.1.0 ___ connman mailing list connman@connman.net https://lists.connman.net/mailman/listinfo/connman