Re: [PATCH v2] Do not use /etc/resolv.conf symbolic links on SELinux

On Thu, Sep 29, 2016 at 02:06:58AM +0200, Guido Trentalancia wrote:
When SELinux is enabled, do not create a symbolic link to a "resolv.conf"
file outside /etc (e.g. in /var/run/NetworkManager), but instead create a
regular file in /etc.

This is to avoid creating policy permissions to read files in the other
non-standard "resolv.conf" directories for each application that needs to
access the network.


the patch seems to reimplement what rc-manager=file already does, with
the difference that the patch will hardcode a behavior at build time
when HAVE_SELINUX is set.

Can't you simply set 'rc-manager=file' in NetworkManager.conf to
achieve the same result? If you prefer you can also have that option
enabled by default by building NetworkManager with

  ./configure --with-config-dns-rc-manager-default=file


Attachment: signature.asc
Description: PGP signature

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]