Bug#860928: [pkg-dhcp-devel] Bug#860928: dnssec-trigger + isc-dhcp-client: /etc/ being cluttered with tons of resolv.conf.dhclient-new.* files
On Fri, Oct 27, 2017 at 10:37:55AM -0400, Roberto C. Sánchez wrote: > On Sat, Apr 22, 2017 at 02:26:59AM +0200, Axel Beckert wrote: > > > * dhclient prepares resolv.conf.dhclient-new.$pid not in /etc/ but in > > /tmp/. There it's far less annoying if the directory is cluttered with > > small files and those files would be usually cleaned up at > > reboot. (Disavantage: The renaming is often a move from one file > > system to another -- which might not be wanted.) > > > I think that this is the best solution. Could you explain why you think > that the crossing the filesystem boundary is a disadvantage? Crossing the filesystem boundary makes the operation not atomic and therefore less desirable. Really I think that both should be fixed. Making the file immutable is a bit rich, and dhclient-script needs to handle the failure better. signature.asc Description: Digital signature
Bug#860928: dnssec-trigger + isc-dhcp-client: /etc/ being cluttered with tons of resolv.conf.dhclient-new.* files
On Sat, Apr 22, 2017 at 02:26:59AM +0200, Axel Beckert wrote: > > * dhclient remove /etc/resolv.conf.dhclient-new.$pid again, if the > renaming failed. > Incidentally, the dhclient-script performs the move, the stderr output of the failed mv command does not get properly logged. I did notice that systemd will capture it, but I use logcheck (which doesn't look at the systemd journal) and so did not notice this problem for some time. > * dhclient prepares resolv.conf.dhclient-new.$pid not in /etc/ but in > /tmp/. There it's far less annoying if the directory is cluttered with > small files and those files would be usually cleaned up at > reboot. (Disavantage: The renaming is often a move from one file > system to another -- which might not be wanted.) > I think that this is the best solution. Could you explain why you think that the crossing the filesystem boundary is a disadvantage? > * dnssec-triggerd cleans up those files, either time-based or > event-based. > I think this is not the right approach as it results in the files still being there if dnssec-trigger is not present. Regards, -Roberto -- Roberto C. Sánchez
Bug#860928: dnssec-trigger + isc-dhcp-client: /etc/ being cluttered with tons of resolv.conf.dhclient-new.* files
Package: dnssec-trigger,isc-dhcp-client Version: dnssec-trigger/0.13-6 Version: isc-dhcp-client/4.3.5-3 Severity: important Dear dnssec-trigger and ISC DHCP maintainers, for at least a few weeks now (maybe longer), systems, which have dnssec-trigger installed together with isc-dhcp-client, get cluttered with one resolv.conf.dhclient-new.* file per DHCP response in /etc/ as dnssec-trigger uses chattr to make /etc/resolv.conf immutable and hence making sure noone else overwrites /etc/resolv.conf (see also #776776 and #776778). But since recently (don't know since when exactly) dhclient seems to no more just overwrite /etc/resolv.conf directly but first creates a supposed to be temporary /etc/resolv.conf.dhclient-new.$pid file and then moves it to /etc/resolv.conf (probably to avoid some race condition). But it seems no more clean up those files if the renaming fails. IMHO dhclient should clean up these files in case the renaming fails. But I can also understand if someone argues that dnssec-triggerd's methods are too radical and unusual so that other programs can't be expected to handle such exotic cases. So I'm not sure which package should be fixed, but at least one of them should be fixed to not clutter /etc/. And I'd be happy if this could be fixed even for Stretch. I can imagine multiple potential ways to fix this: * dhclient remove /etc/resolv.conf.dhclient-new.$pid again, if the renaming failed. * dhclient prepares resolv.conf.dhclient-new.$pid not in /etc/ but in /tmp/. There it's far less annoying if the directory is cluttered with small files and those files would be usually cleaned up at reboot. (Disavantage: The renaming is often a move from one file system to another -- which might not be wanted.) * dnssec-triggerd cleans up those files, either time-based or event-based. Example files as found on one of my systems in /etc/: /etc $ ls resolv.conf.dhclient-new.* resolv.conf.dhclient-new.10093 resolv.conf.dhclient-new.24190 resolv.conf.dhclient-new.10237 resolv.conf.dhclient-new.24468 resolv.conf.dhclient-new.10240 resolv.conf.dhclient-new.24625 resolv.conf.dhclient-new.10354 resolv.conf.dhclient-new.24696 resolv.conf.dhclient-new.1040 resolv.conf.dhclient-new.24892 resolv.conf.dhclient-new.1044 resolv.conf.dhclient-new.25138 resolv.conf.dhclient-new.10445 resolv.conf.dhclient-new.25671 resolv.conf.dhclient-new.10538 resolv.conf.dhclient-new.25907 resolv.conf.dhclient-new.1083 resolv.conf.dhclient-new.25947 resolv.conf.dhclient-new.10878 resolv.conf.dhclient-new.26515 resolv.conf.dhclient-new.11028 resolv.conf.dhclient-new.26989 resolv.conf.dhclient-new.11087 resolv.conf.dhclient-new.27046 resolv.conf.dhclient-new.1117 resolv.conf.dhclient-new.27113 resolv.conf.dhclient-new.11401 resolv.conf.dhclient-new.27293 resolv.conf.dhclient-new.11537 resolv.conf.dhclient-new.27323 resolv.conf.dhclient-new.11668 resolv.conf.dhclient-new.27413 resolv.conf.dhclient-new.11755 resolv.conf.dhclient-new.27613 resolv.conf.dhclient-new.12184 resolv.conf.dhclient-new.27957 resolv.conf.dhclient-new.12438 resolv.conf.dhclient-new.27971 resolv.conf.dhclient-new.12576 resolv.conf.dhclient-new.28008 resolv.conf.dhclient-new.12677 resolv.conf.dhclient-new.28561 resolv.conf.dhclient-new.1291 resolv.conf.dhclient-new.2862 resolv.conf.dhclient-new.12956 resolv.conf.dhclient-new.28736 resolv.conf.dhclient-new.12991 resolv.conf.dhclient-new.28793 resolv.conf.dhclient-new.13251 resolv.conf.dhclient-new.28808 resolv.conf.dhclient-new.13265 resolv.conf.dhclient-new.28816 resolv.conf.dhclient-new.13299 resolv.conf.dhclient-new.28846 resolv.conf.dhclient-new.13310 resolv.conf.dhclient-new.2896 resolv.conf.dhclient-new.13334 resolv.conf.dhclient-new.28988 resolv.conf.dhclient-new.1334 resolv.conf.dhclient-new.2910 resolv.conf.dhclient-new.1344 resolv.conf.dhclient-new.29101 resolv.conf.dhclient-new.13472 resolv.conf.dhclient-new.29225 resolv.conf.dhclient-new.13730 resolv.conf.dhclient-new.29371 resolv.conf.dhclient-new.13896 resolv.conf.dhclient-new.29597 resolv.conf.dhclient-new.13950 resolv.conf.dhclient-new.29803 resolv.conf.dhclient-new.14031 resolv.conf.dhclient-new.30016 resolv.conf.dhclient-new.14214 resolv.conf.dhclient-new.30190 resolv.conf.dhclient-new.14270 resolv.conf.dhclient-new.30291 resolv.conf.dhclient-new.14662 resolv.conf.dhclient-new.30464 resolv.conf.dhclient-new.14695 resolv.conf.dhclient-new.30583 resolv.conf.dhclient-new.14873 resolv.conf.dhclient-new.30980 resolv.conf.dhclient-new.15120 resolv.conf.dhclient-new.31030 resolv.conf.dhclient-new.15142 resolv.conf.dhclient-new.31543 resolv.conf.dhclient-new.15267 resolv.conf.dhclient-new.3165 resolv.conf.dhclient-new.15521 resolv.conf.dhclient-new.31899 resolv.conf.dhclient-new.15922 resolv.conf.dhclient-new.3 resolv.conf.dhclient-new.15964 resolv.conf.dhclient-new.32708 resolv.conf.dhclient-new.16095 resolv.conf.dhclient-new.3274 resolv.conf.dhclient-new.16435