Am 29.09.2016 um 18:01 schrieb Guido Trentalancia: > On Thu, 29/09/2016 at 17.52 +0200, Michael Biebl wrote: >> Am 29.09.2016 um 17:33 schrieb Guido Trentalancia: >>> >>> On Thu, 29/09/2016 at 17.29 +0200, Michael Biebl wrote: >>>> >>>> Am 29.09.2016 um 17:11 schrieb Guido Trentalancia: >>>>> >>>>> >>>>> Run-time checks are wrong because they leave the filesystem in >>>>> a >>>>> state that is not usable when SELinux goes back into enforcing >>>>> mode. >>>>> >>>>> Compile-time checks have no side effects and in any case are >>>>> better >>>>> than the bug! >>>> >>>> Debian enables selinux support during compile time but we do not >>>> enable >>>> selinux by default. >>>> >>>> So the side-effect of this patch would be that suddenly NM would >>>> use >>>> files instead of symlinks on Debian. >>> >>> This is not a side-effect in my opinion, but an added benefit >>> because >>> there is no good reason for using a symbolic link. >> >> So you want to get rid of the symbolic link altogether and selinux is >> only a diversion? > > I am in favor of getting rid completely of the symbolic link creation, > but this is outside of the scope of a simple patch created as a quick > fix of an existing bug. > > I'll leave more extensive changes to the author... They are not > strictly required for running NetworkManager.
How do resolvconf/openresolv or resolved/networkd handle this? They use a file in /run as well and /etc/resolv.conf being a symlink to that file. I know basically zero about selinux but I would assume there is a way to get the selinux labelling right otherwise they would be broken as well. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
