Hi. On Sun, 11 Oct 2015 12:23:03 +0100 Dominic Hargreaves <[email protected]> wrote:
> On Sun, Oct 11, 2015 at 12:39:02PM +0200, [email protected] wrote: > > On Sun, Oct 11, 2015 at 12:05:53PM +0100, Dominic Hargreaves wrote: > > > [Please CC me on replies] > > > > > > Hi, > > > > > > On my freshly installed Debian jessie system, running XFCE and > > > Network Manager, I'm seeing /etc/resolv.conf being blanked every so > > > often (it seems to be about every 20 minutes). I can't see what is doing > > > this; there's nothing in the system logs which correlates with this event. > > > > See my other post: the brutal (but effective) self-defense tool I used > > (back then, when NM was yet allowed on my boxes ;-) was to "chattr +i" > > the file. With some luck I'd find complaints in the log files which helped > > clear up which program (and in which context) was trying to do something > > to the files. > > > > The nice part of chattr is that it protects the direntry too (so the > > obvious fall-back of removing and re-creating doesn't help). > > But I *want* NM to update the file, and I don't have any evidence that > it's NM blanking it here. So preventing updates isn't what I want. > > Having said that, you're right that looking for complaints could be > an effective debugging tool. I'll give that a go. Setting immutable bit is a crude, but effective technique indeed. But there's less destructive approach called auditd. Install it, start it, invoke auditctl -w /etc/resolv.conf -p wa Watch the results in /var/log/audit. To disable watching, invoke auditctl -W /etc/resolv.conf Reco
