[systemd-devel] [PATCH] resolved: Move symlink creation from tmpfiles to daemon runtime
Lennart Poettering
lennart at poettering.net
Mon Jul 7 10:35:37 PDT 2014
On Mon, 07.07.14 10:22, Colin Walters (walters at verbum.org) wrote:
> https://git.fedorahosted.org/cgit/anaconda.git/tree/pyanaconda/network.py#n1036
> is one case.
>
> There are several other image-building tools like lorax and
> livecd-creator which also expect either ENOENT, or a writable
> resolv.conf and not a symlink to an unmounted /run path.
Well, /etc/resolv.conf being symlink isn't really the most exotic idea
in the world. Several distros (such as Debian) have been doing that for
ages. And of course, it's the most reasonable thing to do really, as in
today's world it's populated dynamically from DHCP more often than not,
and hence more runtime material than static configuration material.
> > This really feels
> > like something to fix in anaconda, where it should remove the existing
> > file if there is one.
>
> See thread from
> https://lists.fedorahosted.org/pipermail/anaconda-patches/2014-July/011933.html
Humm, well, NM really shouldn't write around in /etc all the time. For
most cases it really should consider /etc read-only. In fact, I wished
it would be written in a style that makes sure ProtectSystem=full can be
used on it, i.e. with write access to /run, but certainly never to /etc.
I really don't see anything to fix here in systemd. Anaconda should be
fixed.
Sorry,
Lennart
(Happy to take the blame on this one, please redirect all complaints
from anaconda folks to me!)
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list