subject:"\[PATCH\] resolver\: allow writing to \/etc\/resolv.conf to be disabled"

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-15 Thread Patrik Flykt

Hi,

On Tue, 2015-09-15 at 11:29 +, Sam Nazarko wrote:
> >But also scripts/connman.in should be modified to create the
> >needed symlink.
> 
> Are you saying that you would like to create the symlink as part of
> the packaging? I'm not sure this is necessarily a good idea,
> particularly when packaging with Debian. This means that connman would
> take 'ownership' of /etc/resolv.conf which is not necessarily a good
> idea.

That connman.in file is a generic init script. Need it work for Debian,
it needs LSB fields added in a patch or otherwise anyway. The init
script in the upstream tar ball properly sources /etc/default/connman,
so one can always hide updating of resolv.conf behind a variable.

Having ConnMan write directly into /etc/resolv.conf is probably not what
Debian would like to happen either, but for better or worse it's the
current behavior. The idea here is that from one version to another
there should be a very high probability of things working exactly as
before, also when using init scripts.

Cheers,

Patrik

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-15 Thread Sam Nazarko

Hi,

>But also scripts/connman.in should be modified to create the
>needed symlink.

Are you saying that you would like to create the symlink as part of the 
packaging? I'm not sure this is necessarily a good idea, particularly when 
packaging with Debian. This means that connman would take 'ownership' of 
/etc/resolv.conf which is not necessarily a good idea.

>Here I suppose the modifications are done via a connman.service.d/*.conf
>systemd.unit files in order to eliminate source code patches for ConnMan
>systemd service startup.

We do not use a systemd dropin, we instead distribute our own systemd 
configuration. Part of this stems from the need for customisation at the 
moment, and also because at the time ConnMan had incorrect service 
dependencies. This was raised in #CM-683 by Simon Byrnand (OSMC) and was fixed 
in 1.30. 

Sam

From: connman  on behalf of Patrik Flykt 

Sent: 15 September 2015 11:46
To: connman@connman.net
Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

On Tue, 2015-09-15 at 07:15 +, Sam Nazarko wrote:
> I am happy with this solution to write
> to /var/run/connman/resolv.conf. I am happy to submit a patch for this
> as well as a revised systemd service unit with an ExecStartPre= entry
> to create the symlink before starting ConnMan. Please let me know if
> you will accept this.

systemd-tmpfiles looks like being the correct tool for this task. With
this solution no additional variables are needed main.conf, which is a
good thing. But also scripts/connman.in should be modified to create the
needed symlink.

The above scheme can fail if the system provides its own init scripts,
so now would be the time to take notice, speak up and/or fix such init
scripts.

> Our current implementation actually calls a script before launching
> ConnMan to run some sanity checks and evaluate whether we want
> ConnMan's resolv.conf or not, but revising the systemd unit is
> probably the best method to maintain immediate compatibility and
> provide an entry point for other distributions to change this
> behaviour.

Here I suppose the modifications are done via a connman.service.d/*.conf
systemd.unit files in order to eliminate source code patches for ConnMan
systemd service startup.

More comments, anyone?

Patrik

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-15 Thread Patrik Flykt

On Tue, 2015-09-15 at 07:15 +, Sam Nazarko wrote:
> I am happy with this solution to write
> to /var/run/connman/resolv.conf. I am happy to submit a patch for this
> as well as a revised systemd service unit with an ExecStartPre= entry
> to create the symlink before starting ConnMan. Please let me know if
> you will accept this. 

systemd-tmpfiles looks like being the correct tool for this task. With
this solution no additional variables are needed main.conf, which is a
good thing. But also scripts/connman.in should be modified to create the
needed symlink.

The above scheme can fail if the system provides its own init scripts,
so now would be the time to take notice, speak up and/or fix such init
scripts.

> Our current implementation actually calls a script before launching
> ConnMan to run some sanity checks and evaluate whether we want
> ConnMan's resolv.conf or not, but revising the systemd unit is
> probably the best method to maintain immediate compatibility and
> provide an entry point for other distributions to change this
> behaviour. 

Here I suppose the modifications are done via a connman.service.d/*.conf
systemd.unit files in order to eliminate source code patches for ConnMan
systemd service startup.

More comments, anyone?

Patrik

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-15 Thread Sam Nazarko

Hi Patrik,

I am happy with this solution to write to /var/run/connman/resolv.conf. I am 
happy to submit a patch for this as well as a revised systemd service unit with 
an ExecStartPre= entry to create the symlink before starting ConnMan. Please 
let me know if you will accept this. 

Our current implementation actually calls a script before launching ConnMan to 
run some sanity checks and evaluate whether we want ConnMan's resolv.conf or 
not, but revising the systemd unit is probably the best method to maintain 
immediate compatibility and provide an entry point for other distributions to 
change this behaviour. 

Sam

From: connman  on behalf of Patrik Flykt 

Sent: 11 September 2015 07:17
To: connman@connman.net
Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Hi,

On Fri, 2015-09-11 at 01:07 +, Sam Nazarko wrote:

> The primary use case is to keep ConnMan running so that in OSMC users
> can still configure Bluetooth connections or WiFi adapters with a
> unified interface (and we can support it with a single API).

Thanks for the info.

The above means that in the OSMC configuration the DNS servers from the
kernel command line, kernel variables or other static entries written to
resolv.conf also satisfy the name lookups done while using Bluetooth or
WiFi.

I was thinking that this leads to a solution like:
- always write ConnMan's resolv.conf entries to the hereafter
  "well-known" location at /var/run/connman/resolv.conf
- by default replace /etc/resolv conf with a symlink to ConnMan's own
  resolv.conf file
- prevent the creation of the symlink by defining a command line
  option and main.conf variable.

By not making ConnMan's resolv.conf location configurable keeps
resolv.conf handling distribution agnostic and ConnMan specific while
being in line with what systemd-resolved offers. The two latter points
above are there only to keep the current status quo.

Cheers,

Patrik

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-10 Thread Patrik Flykt

Hi,

On Fri, 2015-09-11 at 01:07 +, Sam Nazarko wrote:

> The primary use case is to keep ConnMan running so that in OSMC users
> can still configure Bluetooth connections or WiFi adapters with a
> unified interface (and we can support it with a single API).

Thanks for the info.

The above means that in the OSMC configuration the DNS servers from the
kernel command line, kernel variables or other static entries written to
resolv.conf also satisfy the name lookups done while using Bluetooth or
WiFi.

I was thinking that this leads to a solution like:
- always write ConnMan's resolv.conf entries to the hereafter
  "well-known" location at /var/run/connman/resolv.conf
- by default replace /etc/resolv conf with a symlink to ConnMan's own
  resolv.conf file
- prevent the creation of the symlink by defining a command line
  option and main.conf variable.

By not making ConnMan's resolv.conf location configurable keeps
resolv.conf handling distribution agnostic and ConnMan specific while
being in line with what systemd-resolved offers. The two latter points
above are there only to keep the current status quo.

Cheers,

Patrik

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-10 Thread Sam Nazarko

Hi Patrik,

>If you use ConnMan with either patch of yours applied, using the DNS
>servers for the primary nfsroot interface will always work properly,
>even for any other Bluetooth or WiFi network, right?

When we run ConnMan in this way, we only have a network connection in eth0, but 
it does work via BT or WiFi as well.

>So your use of ConnMan is either or both:
>- tethering of other interfaces
>- connecting other interfaces but using the primary nfsroot interface
>  nameservers

The primary use case is to keep ConnMan running so that in OSMC users can still 
configure Bluetooth connections or WiFi adapters with a unified interface (and 
we can support it with a single API).

ConnMan is configured to ignore eth0 when nfsroot is active because the 
connection has been configured as a kernel command line parameter.

Sam

From: connman  on behalf of Patrik Flykt 

Sent: 07 September 2015 14:20
To: connman@connman.net
Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Hi,

On Mon, 2015-09-07 at 12:40 +, Sam Nazarko wrote:

> We do not need DNS on other interfaces when ConnMan is running on an
> nfsroot. We cannot tether as eth0 is ignored, so this is less of a
> concern for us.

If you use ConnMan with either patch of yours applied, using the DNS
servers for the primary nfsroot interface will always work properly,
even for any other Bluetooth or WiFi network, right? Or you use ConnMan
only for tethering Bluetooth and WiFi?

> For now, DNS is not handled by ConnMan properly so we get a
> blank /etc/resolv.conf with 'Generated by Connection Manager' which
> will overwrite our /etc/resolv.conf which was previously populated
> from procfs.

You are running connman with the --nodnsproxy option with no networks
connected when the resolv.conf file contains only the "# Generated by
Connection Manager" line. If you connect a network using ConnMan, it
will overwrite the nameserver information in /etc/resolv.conf with the
information obtained from DHCP for the newly connected network... This
without either of your patch applied, of course.

So your use of ConnMan is either or both:
- tethering of other interfaces
- connecting other interfaces but using the primary nfsroot interface
  nameservers

Is this what is happening?

> I have submitted an alternate patch which allows /etc/resolv.conf to
> be saved in another location

Yes, I saw them, thanks for both variants. After I have figured out what
OSMC is up to, there is perhaps an optimal way of making this work well
for both OSMC and the rest of the "road warrior" setups.

Cheers,

Patrik

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-07 Thread Patrik Flykt

Hi,

On Mon, 2015-09-07 at 12:40 +, Sam Nazarko wrote:

> We do not need DNS on other interfaces when ConnMan is running on an
> nfsroot. We cannot tether as eth0 is ignored, so this is less of a
> concern for us.

If you use ConnMan with either patch of yours applied, using the DNS
servers for the primary nfsroot interface will always work properly,
even for any other Bluetooth or WiFi network, right? Or you use ConnMan
only for tethering Bluetooth and WiFi? 

> For now, DNS is not handled by ConnMan properly so we get a
> blank /etc/resolv.conf with 'Generated by Connection Manager' which
> will overwrite our /etc/resolv.conf which was previously populated
> from procfs.

You are running connman with the --nodnsproxy option with no networks
connected when the resolv.conf file contains only the "# Generated by
Connection Manager" line. If you connect a network using ConnMan, it
will overwrite the nameserver information in /etc/resolv.conf with the
information obtained from DHCP for the newly connected network... This
without either of your patch applied, of course.

So your use of ConnMan is either or both:
- tethering of other interfaces
- connecting other interfaces but using the primary nfsroot interface
  nameservers

Is this what is happening?

> I have submitted an alternate patch which allows /etc/resolv.conf to
> be saved in another location

Yes, I saw them, thanks for both variants. After I have figured out what
OSMC is up to, there is perhaps an optimal way of making this work well
for both OSMC and the rest of the "road warrior" setups.

Cheers,

Patrik

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-07 Thread Sam Nazarko

Hi Patrik,

We do not need DNS on other interfaces when ConnMan is running on an nfsroot. 
We cannot tether as eth0 is ignored, so this is less of a concern for us. For 
now, DNS is not handled by ConnMan properly so we get a blank /etc/resolv.conf 
with 'Generated by Connection Manager' which will overwrite our 
/etc/resolv.conf which was previously populated from procfs. 

I have submitted an alternate patch which allows /etc/resolv.conf to be saved 
in another location

Sam

From: connman  on behalf of Patrik Flykt 

Sent: 07 September 2015 13:36
To: connman@connman.net
Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Hi,

On Fri, 2015-09-04 at 14:29 +, Sam Nazarko wrote:

> When OSMC uses an nfsroot, we ignore the primary interface (eth0), as
> the kernel is handling the network connection itself. Currently,
> without this patch, ConnMan will try and update /etc/resolv.conf, but
> may not have sufficient 'knowlege' to be able to accurately do so. We
> still want ConnMan to handle other technologies on the system, such as
> Bluetooth. Whether we used DHCP for DNS servers or configured it
> statically, it is obtainable from procfs. For DHCP we can
> use /proc/net/pnp and for static configuration we can populate
> via /proc/cmdline.

How is DNS handled when ConnMan uses Bluetooh, WiFi etc. other networks
than the primary eth0 ethernet? /proc/net/pnp and /proc/cmdline are only
relevant for the primary eth0 nfsroot interface.

Cheers,

Patrik

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman
___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-07 Thread Patrik Flykt


Hi,

On Fri, 2015-09-04 at 14:29 +, Sam Nazarko wrote:

> When OSMC uses an nfsroot, we ignore the primary interface (eth0), as
> the kernel is handling the network connection itself. Currently,
> without this patch, ConnMan will try and update /etc/resolv.conf, but
> may not have sufficient 'knowlege' to be able to accurately do so. We
> still want ConnMan to handle other technologies on the system, such as
> Bluetooth. Whether we used DHCP for DNS servers or configured it
> statically, it is obtainable from procfs. For DHCP we can
> use /proc/net/pnp and for static configuration we can populate
> via /proc/cmdline.

How is DNS handled when ConnMan uses Bluetooh, WiFi etc. other networks
than the primary eth0 ethernet? /proc/net/pnp and /proc/cmdline are only
relevant for the primary eth0 nfsroot interface.

Cheers,

Patrik

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-04 Thread Sam Nazarko

Hi Patrik,

> Unfortunately there is no motivation for this change

When OSMC uses an nfsroot, we ignore the primary interface (eth0), as the 
kernel is handling the network connection itself. Currently, without this 
patch, ConnMan will try and update /etc/resolv.conf, but may not have 
sufficient 'knowlege' to be able to accurately do so. We still want ConnMan to 
handle other technologies on the system, such as Bluetooth. Whether we used 
DHCP for DNS servers or configured it statically, it is obtainable from procfs. 
For DHCP we can use /proc/net/pnp and for static configuration we can populate 
via /proc/cmdline.

How's about a patch for a command line option called --resolv-path which allows 
writing to an alternative path? Would you accept that?

This would provide sufficient scope in the future for other use cases -- and I 
am sure there are other reasons when someone has to ignore an interface, to 
update /etc/resolv.conf themselves as well as provide a means to which the 
output from ConnMan and another service can be confirmed. 

Sam

From: connman  on behalf of Patrik Flykt 

Sent: 04 September 2015 06:55
To: connman@connman.net
Subject: Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Hi,

On Thu, 2015-09-03 at 16:07 +, Sam Nazarko wrote:
> ---

Unfortunately there is no motivation for this change. Apparently it does
something very much needed, as you have sent a patch for the issue. With
this change, how are DNS servers handed down by a DHCP server or
modified manually supposed to handled?

In order to fit into existing frameworks (which? what use cases?), I
could envision ConnMan writing it's resolv.conf into another location
entirely, say /run/connman/resolv.conf, which could then be symlinked
to /etc/resolv.conf if needed.

Comments?

Cheers,

Patrik

>  src/connman.h  |  2 +-
>  src/main.c |  6 +-
>  src/resolver.c | 10 +-
>  3 files changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/src/connman.h b/src/connman.h
> index 35eb3f5..0d7b500 100644
> --- a/src/connman.h
> +++ b/src/connman.h
> @@ -244,7 +244,7 @@ int __connman_inet_get_address_netmask(int ifindex,
>
>  #include 
>
> -int __connman_resolver_init(gboolean dnsproxy);
> +int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify);
>  void __connman_resolver_cleanup(void);
>  int __connman_resolvfile_append(int index, const char *domain, const char 
> *server);
>  int __connman_resolvfile_remove(int index, const char *domain, const char 
> *server);
> diff --git a/src/main.c b/src/main.c
> index e46fa7b..4d6f064 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -468,6 +468,7 @@ static gchar *option_noplugin = NULL;
>  static gchar *option_wifi = NULL;
>  static gboolean option_detach = TRUE;
>  static gboolean option_dnsproxy = TRUE;
> +static gboolean option_allowresolvmodify = TRUE;
>  static gboolean option_backtrace = TRUE;
>  static gboolean option_version = FALSE;
>
> @@ -505,6 +506,9 @@ static GOptionEntry options[] = {
>  { "nodnsproxy", 'r', G_OPTION_FLAG_REVERSE,
>  G_OPTION_ARG_NONE, &option_dnsproxy,
>  "Don't enable DNS Proxy" },
> +{ "noresolvmodify", 's', G_OPTION_FLAG_REVERSE,
> +G_OPTION_ARG_NONE, &option_allowresolvmodify,
> +"Don't allow resolv.conf changes. Useful if ignoring the 
> primary interface" },
>  { "nobacktrace", 0, G_OPTION_FLAG_REVERSE,
>  G_OPTION_ARG_NONE, &option_backtrace,
>  "Don't print out backtrace information" },
> @@ -687,7 +691,7 @@ int main(int argc, char *argv[])
>
>  __connman_plugin_init(option_plugin, option_noplugin);
>
> -__connman_resolver_init(option_dnsproxy);
> +__connman_resolver_init(option_dnsproxy, option_allowresolvmodify);
>  __connman_rtnl_start();
>  __connman_dhcp_init();
>  __connman_dhcpv6_init();
> diff --git a/src/resolver.c b/src/resolver.c
> index 6a64938..473412b 100644
> --- a/src/resolver.c
> +++ b/src/resolver.c
> @@ -55,6 +55,7 @@ struct entry_data {
>
>  static GSList *entry_list = NULL;
>  static bool dnsproxy_enabled = false;
> +static bool allowresolvmodify_enabled = true;
>
>  struct resolvfile_entry {
>  int index;
> @@ -89,6 +90,9 @@ static int resolvfile_export(void)
>  unsigned int count;
>  mode_t old_umask;
>
> +if (! allowresolvmodify_enabled)
> +return 0;
> +
>  content = g_string_new("# Generated by Connection Manager\n");
>
>  /*
> @@ -619,11 +623,15 @@ static void free_resolvfile(gpointer data)
>

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-03 Thread Patrik Flykt


Hi,

On Thu, 2015-09-03 at 16:07 +, Sam Nazarko wrote:
> ---

Unfortunately there is no motivation for this change. Apparently it does
something very much needed, as you have sent a patch for the issue. With
this change, how are DNS servers handed down by a DHCP server or
modified manually supposed to handled?

In order to fit into existing frameworks (which? what use cases?), I
could envision ConnMan writing it's resolv.conf into another location
entirely, say /run/connman/resolv.conf, which could then be symlinked
to /etc/resolv.conf if needed.

Comments?

Cheers,

Patrik

>  src/connman.h  |  2 +-
>  src/main.c |  6 +-
>  src/resolver.c | 10 +-
>  3 files changed, 15 insertions(+), 3 deletions(-)
> 
> diff --git a/src/connman.h b/src/connman.h
> index 35eb3f5..0d7b500 100644
> --- a/src/connman.h
> +++ b/src/connman.h
> @@ -244,7 +244,7 @@ int __connman_inet_get_address_netmask(int ifindex,
> 
>  #include 
> 
> -int __connman_resolver_init(gboolean dnsproxy);
> +int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify);
>  void __connman_resolver_cleanup(void);
>  int __connman_resolvfile_append(int index, const char *domain, const char 
> *server);
>  int __connman_resolvfile_remove(int index, const char *domain, const char 
> *server);
> diff --git a/src/main.c b/src/main.c
> index e46fa7b..4d6f064 100644
> --- a/src/main.c
> +++ b/src/main.c
> @@ -468,6 +468,7 @@ static gchar *option_noplugin = NULL;
>  static gchar *option_wifi = NULL;
>  static gboolean option_detach = TRUE;
>  static gboolean option_dnsproxy = TRUE;
> +static gboolean option_allowresolvmodify = TRUE;
>  static gboolean option_backtrace = TRUE;
>  static gboolean option_version = FALSE;
> 
> @@ -505,6 +506,9 @@ static GOptionEntry options[] = {
>  { "nodnsproxy", 'r', G_OPTION_FLAG_REVERSE,
>  G_OPTION_ARG_NONE, &option_dnsproxy,
>  "Don't enable DNS Proxy" },
> +{ "noresolvmodify", 's', G_OPTION_FLAG_REVERSE,
> +G_OPTION_ARG_NONE, &option_allowresolvmodify,
> +"Don't allow resolv.conf changes. Useful if ignoring the 
> primary interface" },
>  { "nobacktrace", 0, G_OPTION_FLAG_REVERSE,
>  G_OPTION_ARG_NONE, &option_backtrace,
>  "Don't print out backtrace information" },
> @@ -687,7 +691,7 @@ int main(int argc, char *argv[])
> 
>  __connman_plugin_init(option_plugin, option_noplugin);
> 
> -__connman_resolver_init(option_dnsproxy);
> +__connman_resolver_init(option_dnsproxy, option_allowresolvmodify);
>  __connman_rtnl_start();
>  __connman_dhcp_init();
>  __connman_dhcpv6_init();
> diff --git a/src/resolver.c b/src/resolver.c
> index 6a64938..473412b 100644
> --- a/src/resolver.c
> +++ b/src/resolver.c
> @@ -55,6 +55,7 @@ struct entry_data {
> 
>  static GSList *entry_list = NULL;
>  static bool dnsproxy_enabled = false;
> +static bool allowresolvmodify_enabled = true;
> 
>  struct resolvfile_entry {
>  int index;
> @@ -89,6 +90,9 @@ static int resolvfile_export(void)
>  unsigned int count;
>  mode_t old_umask;
> 
> +if (! allowresolvmodify_enabled)
> +return 0;
> +
>  content = g_string_new("# Generated by Connection Manager\n");
> 
>  /*
> @@ -619,11 +623,15 @@ static void free_resolvfile(gpointer data)
>  g_free(entry);
>  }
> 
> -int __connman_resolver_init(gboolean dnsproxy)
> +int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify)
>  {
>  int i;
>  char **ns;
> 
> +DBG("allowresolvmodify %d", allowresolvmodify);
> +
> +allowresolvmodify_enabled = allowresolvmodify;
> +
>  DBG("dnsproxy %d", dnsproxy);
> 
>  if (!dnsproxy)
> --
> 2.1.0
> 
> ___
> connman mailing list
> connman@connman.net
> https://lists.connman.net/mailman/listinfo/connman


___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

[PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

2015-09-03 Thread Sam Nazarko

---
 src/connman.h  |  2 +-
 src/main.c |  6 +-
 src/resolver.c | 10 +-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/connman.h b/src/connman.h
index 35eb3f5..0d7b500 100644
--- a/src/connman.h
+++ b/src/connman.h
@@ -244,7 +244,7 @@ int __connman_inet_get_address_netmask(int ifindex,

 #include 

-int __connman_resolver_init(gboolean dnsproxy);
+int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify);
 void __connman_resolver_cleanup(void);
 int __connman_resolvfile_append(int index, const char *domain, const char 
*server);
 int __connman_resolvfile_remove(int index, const char *domain, const char 
*server);
diff --git a/src/main.c b/src/main.c
index e46fa7b..4d6f064 100644
--- a/src/main.c
+++ b/src/main.c
@@ -468,6 +468,7 @@ static gchar *option_noplugin = NULL;
 static gchar *option_wifi = NULL;
 static gboolean option_detach = TRUE;
 static gboolean option_dnsproxy = TRUE;
+static gboolean option_allowresolvmodify = TRUE;
 static gboolean option_backtrace = TRUE;
 static gboolean option_version = FALSE;

@@ -505,6 +506,9 @@ static GOptionEntry options[] = {
 { "nodnsproxy", 'r', G_OPTION_FLAG_REVERSE,
 G_OPTION_ARG_NONE, &option_dnsproxy,
 "Don't enable DNS Proxy" },
+{ "noresolvmodify", 's', G_OPTION_FLAG_REVERSE,
+G_OPTION_ARG_NONE, &option_allowresolvmodify,
+"Don't allow resolv.conf changes. Useful if ignoring the 
primary interface" },
 { "nobacktrace", 0, G_OPTION_FLAG_REVERSE,
 G_OPTION_ARG_NONE, &option_backtrace,
 "Don't print out backtrace information" },
@@ -687,7 +691,7 @@ int main(int argc, char *argv[])

 __connman_plugin_init(option_plugin, option_noplugin);

-__connman_resolver_init(option_dnsproxy);
+__connman_resolver_init(option_dnsproxy, option_allowresolvmodify);
 __connman_rtnl_start();
 __connman_dhcp_init();
 __connman_dhcpv6_init();
diff --git a/src/resolver.c b/src/resolver.c
index 6a64938..473412b 100644
--- a/src/resolver.c
+++ b/src/resolver.c
@@ -55,6 +55,7 @@ struct entry_data {

 static GSList *entry_list = NULL;
 static bool dnsproxy_enabled = false;
+static bool allowresolvmodify_enabled = true;

 struct resolvfile_entry {
 int index;
@@ -89,6 +90,9 @@ static int resolvfile_export(void)
 unsigned int count;
 mode_t old_umask;

+if (! allowresolvmodify_enabled)
+return 0;
+
 content = g_string_new("# Generated by Connection Manager\n");

 /*
@@ -619,11 +623,15 @@ static void free_resolvfile(gpointer data)
 g_free(entry);
 }

-int __connman_resolver_init(gboolean dnsproxy)
+int __connman_resolver_init(gboolean dnsproxy, gboolean allowresolvmodify)
 {
 int i;
 char **ns;

+DBG("allowresolvmodify %d", allowresolvmodify);
+
+allowresolvmodify_enabled = allowresolvmodify;
+
 DBG("dnsproxy %d", dnsproxy);

 if (!dnsproxy)
--
2.1.0

___
connman mailing list
connman@connman.net
https://lists.connman.net/mailman/listinfo/connman

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

Re: [PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

[PATCH] resolver: allow writing to /etc/resolv.conf to be disabled

12 matches

Site Navigation

Mail list logo

Footer information