On Thu, Oct 26, 2017 at 12:43 AM, Jason A. Donenfeld <ja...@zx2c4.com> wrote: > The hatchet works as follows. On interface addition: > > # echo nameserver 1.2.3.4 > /etc/resolv.conf.wg-quick.wg0 > # [ -f /etc/resolv.conf ] || touch /etc/resolv.conf > # mount -o ro --bind /etc/resolv.conf.wg-quick.wg0 /etc/resolv.conf > # unlink /etc/resolv.conf.wg-quick.wg0 > > On interface removal: > > # umount /etc/resolv.conf
Alternative version: echo nameserver 1.2.3.4 | unshare -m --propagation shared sh -c "mount --make-private /tmp && mount -t tmpfs none /tmp && cat > /tmp/resolv.conf && mount -o remount,ro /tmp && mount -B /tmp/resolv.conf /etc/resolv.conf" This has the advantage of not using any disk temporary files or creating dangling inodes, and it means that users can still bind mount /etc/resolv.conf to other places, such as when they enter a chroot, which is usually important to allow. The one maybe disadvantage is that it still allows for people binding _on top_ of /etc/resolv.conf, which may or may not be a good thing. _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard