Re: [Dnsmasq-discuss] Upgrade to [x]ubuntu 23.10 means dnsmasg can't read /run/NetworkManager
I would consider it a bug and it should be reported to distribution bugtracker (launchpad?). We have something similar and I admit there are different SELinux contexts assigned for those files. $ LANG=C.UTF-8 ls -lZ /run/NetworkManager/*resolv.conf -rw-r--r--. 1 root root system_u:object_r:NetworkManager_var_run_t:s0 281 Feb 9 13:29 /run/NetworkManager/no-stub-resolv.conf -rw-r--r--. 1 root root system_u:object_r:net_conf_t:s0 281 Feb 9 13:29 /run/NetworkManager/resolv.conf I think Ubuntu is using AppArmor instead, but anyway. I do not think this file is meant to be private or has any good reason to be. That should be read-only for any service needing that information. Similar files are produced by systemd-resolved: # ls -lZ /run/systemd/resolve/*resolv.conf -rw-r--r--. 1 systemd-resolve systemd-resolve unconfined_u:object_r:user_tmp_t:s0 788 Feb 9 13:48 /run/systemd/resolve/resolv.conf -rw-r--r--. 1 systemd-resolve systemd-resolve unconfined_u:object_r:user_tmp_t:s0 920 Feb 9 13:48 /run/systemd/resolve/stub-resolv.conf Which should be readable by other services as well. Fill a bug for your distribution please. On 12/14/23 23:46, Chris Green wrote: Up until now I have the following in my /etc/dnsmasq.conf:- resolv-file=/run/NetworkManager/no-stub-resolv.conf This means that dnsmasq uses the upstream DNS that Network Manager configures. When I'm on the local LAN this resolves to 'my' DNS server at 192.168.1.2, when I'm connected somewhere else Network Manager sorts things out accordingly and dnsmasq gets the right upstream DNS server. However the latest Ubuntu update has tightened the permissions on /etc/NetworkManager and dnsmasq can't read the file /run/NetworkManager/no-stub-resolv.conf. I know this is a slightly non-standard configuration but it has worked very nicely for me for some years. Can anyone suggest a way to fix this? Obviously /run/NetworkManager/no-stub-resolv.conf is created at every boot so the permissions will revert to 'too strict' every time I start the system. -- Petr Menšík Software Engineer, RHEL Red Hat, https://www.redhat.com/ PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
Re: [Dnsmasq-discuss] Upgrade to [x]ubuntu 23.10 means dnsmasg can't read /run/NetworkManager
On Thu, Dec 14, 2023 at 10:46:36PM +, Chris Green wrote: > Up until now I have the following in my /etc/dnsmasq.conf:- > > resolv-file=/run/NetworkManager/no-stub-resolv.conf > > This means that dnsmasq uses the upstream DNS that Network Manager > configures. When I'm on the local LAN this resolves to 'my' DNS > server at 192.168.1.2, when I'm connected somewhere else Network > Manager sorts things out accordingly and dnsmasq gets the right > upstream DNS server. > > However the latest Ubuntu update has tightened the permissions on > /etc/NetworkManager and dnsmasq can't read the file > /run/NetworkManager/no-stub-resolv.conf. > > I know this is a slightly non-standard configuration but it has worked > very nicely for me for some years. Can anyone suggest a way to fix > this? One can answer that question. And with a very strong collaboration can the yes-no-question also be answered. > Obviously /run/NetworkManager/no-stub-resolv.conf is created > at every boot so the permissions will revert to 'too strict' every > time I start the system. Also obvisously: Explain the desired configuration with what is actual desired. Visit https://xyproblem.info for _why_ explaining more. Groeten Geert Stappers -- Silence is hard to parse ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
[Dnsmasq-discuss] Upgrade to [x]ubuntu 23.10 means dnsmasg can't read /run/NetworkManager
Up until now I have the following in my /etc/dnsmasq.conf:- resolv-file=/run/NetworkManager/no-stub-resolv.conf This means that dnsmasq uses the upstream DNS that Network Manager configures. When I'm on the local LAN this resolves to 'my' DNS server at 192.168.1.2, when I'm connected somewhere else Network Manager sorts things out accordingly and dnsmasq gets the right upstream DNS server. However the latest Ubuntu update has tightened the permissions on /etc/NetworkManager and dnsmasq can't read the file /run/NetworkManager/no-stub-resolv.conf. I know this is a slightly non-standard configuration but it has worked very nicely for me for some years. Can anyone suggest a way to fix this? Obviously /run/NetworkManager/no-stub-resolv.conf is created at every boot so the permissions will revert to 'too strict' every time I start the system. -- Chris Green ___ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
