[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /run and read-only /etc

Thomas Hood writes:
> Emile's design looks good.


> One great thing about it is that it puts an end the insanity of all and
> sundry programs overwriting /etc/resolv.conf!


> An example
> ...
> ...

A more detailed example:

/run/resolvers/link             /etc/resolv.conf is a symlink to this symlink.
                                Points to /etc/resolvers/default when not
                                pointing to another file in /run/resolvers.

/run/resolvers/eth0             Created by the DHCP client process that
                                has configured interface eth0.
                                "resolv.conf"-formatted info for eth0

/run/resolvers/ppp0             Created by the pppd process that has
                                created ppp0.  "resolv.conf"-formatted
                                info for ppp0.

/etc/resolvers/default          The standard Debian resolv.conf. 
                                Copied here by the update-resolv
                                postinst.  Copied back to /etc/resolv.conf
                                when update-resolv is purged.

/etc/resolvers/update           Moves the /run/resolvers/link
                                symlink to one of the files in
                                /run/resolvers as instructed by variables
                                passed to it from /sbin/update-resolvers.

/etc/resolvers/named            Included in bind package.  Generates a
                                "forwarders { ... }" statement derived from
                                the file that /run/resolvers/link
                                points to and puts it in an "options {
                                ... }" statement in named.conf.  Then
                                reloads named.

/etc/resolvers/dnscache         Included in djbdns package.
                                Does appropriate stuff to configure and
                                notify dnscache.

/sbin/update-resolvers          Does a run-parts on /etc/resolvers.
                                Is called by ifup/ifdown, 0dns-{up|down},
                                etc.  Passes its options in variables.

update-resolvers options:
  --activate <filename>         Move the symlink to <filename>.
  --deactivate <filename>       Move the symlink back where it was before
                                <filename> was activated.

update-resolvers and /etc/resolvers/update would have more options and
logic that I'm not ready to write up right now.  There also needs to be
policy on how the various packages that want to futz with resolv.conf

All of the above would be in an update-resolv package that admins who don't
like this scheme could purge.  Scripts such as 0dns-up would test for it
and exit if it wasn't there (or take some alternate action).
> DHCP clients would have to be modified to write files under /run.  Pump,
> for example, currently writes to /etc/resolv.conf.

Everything that writes to /etc/resolv.conf would have to be modified, but
that should be done anyway.

> Question: Must this stuff be in /run or could it be elsewhere?

Doesn't it have to be on a local filesystem? 
John Hasler
Dancing Horse Hill
Elmwood, Wisconsin

Reply to: