Re: /run and read-only /etc
Thomas Hood writes:
> Emile's design looks good.
Yes.
> One great thing about it is that it puts an end the insanity of all and
> sundry programs overwriting /etc/resolv.conf!
Yes.
> An example
> ...
> ...
A more detailed example:
/run/resolvers/link /etc/resolv.conf is a symlink to this symlink.
Points to /etc/resolvers/default when not
pointing to another file in /run/resolvers.
/run/resolvers/eth0 Created by the DHCP client process that
has configured interface eth0.
"resolv.conf"-formatted info for eth0
/run/resolvers/ppp0 Created by the pppd process that has
created ppp0. "resolv.conf"-formatted
info for ppp0.
...
...
/etc/resolvers/default The standard Debian resolv.conf.
Copied here by the update-resolv
postinst. Copied back to /etc/resolv.conf
when update-resolv is purged.
/etc/resolvers/update Moves the /run/resolvers/link
symlink to one of the files in
/run/resolvers as instructed by variables
passed to it from /sbin/update-resolvers.
/etc/resolvers/named Included in bind package. Generates a
"forwarders { ... }" statement derived from
the file that /run/resolvers/link
points to and puts it in an "options {
... }" statement in named.conf. Then
reloads named.
/etc/resolvers/dnscache Included in djbdns package.
Does appropriate stuff to configure and
notify dnscache.
...
...
/sbin/update-resolvers Does a run-parts on /etc/resolvers.
Is called by ifup/ifdown, 0dns-{up|down},
etc. Passes its options in variables.
update-resolvers options:
--activate <filename> Move the symlink to <filename>.
--deactivate <filename> Move the symlink back where it was before
<filename> was activated.
update-resolvers and /etc/resolvers/update would have more options and
logic that I'm not ready to write up right now. There also needs to be
policy on how the various packages that want to futz with resolv.conf
cooperate.
All of the above would be in an update-resolv package that admins who don't
like this scheme could purge. Scripts such as 0dns-up would test for it
and exit if it wasn't there (or take some alternate action).
> DHCP clients would have to be modified to write files under /run. Pump,
> for example, currently writes to /etc/resolv.conf.
Everything that writes to /etc/resolv.conf would have to be modified, but
that should be done anyway.
> Question: Must this stuff be in /run or could it be elsewhere?
Doesn't it have to be on a local filesystem?
--
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin
Reply to: