October 28, 2017 7:57:06 PM CEST "Jason A. Donenfeld" <ja...@zx2c4.com> wrote:
>On Oct 28, 2017 5:03 PM, "Daniel Kahn Gillmor" <d...@fifthhorseman.net> wrote: > >My concern with the resolvconf model (whether implemented by openresolv >or not) is that each daemon that needs to execute resolvconf needs to be >root. > >1) wg-quick isn't a daemon, though openvpn is. > >2) I can think of at least 5 ways to implement a resolvconf binary without >requiring root, making your argument moot. There's nothing inherent in the >resolvconf model that would require it. > >If you're interested in spending the time implementing this for openresolv, I >can spec those out in detail for you. Alternatively, you can just wait for the >systemd devs to add a resolvconf for controlling systemd-resolved, if that's >the horse you're betting on. FYI you can already change DNS through resolvconf from non-root daemons with correct file permissions or ACLs but that's off-topic. Yours sincerely G. K. _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard