| View previous topic :: View next topic |
| Author |
Message |
benjaminb
n00b
Joined: 14 Sep 2023
Posts: 1
|
 Posted: Thu Sep 14, 2023 10:02 am Post subject: Openvpn: Up/Down handling of symlinked /etc/resolv.conf |
 |
|
In the case that the original /etc/resolv.conf is a symlink, is it generally preferable that up/down
- A: alters the file the link points to
- B: make it a regular file for the duration openvpn is up and restore the link later
Background for my question
In my setup, the /etc/resolv.conf is a symlink to a read-only file. The standard `up.sh` of the openvpn package attempts this:
| Code: | if [ -e /etc/resolv.conf ] ; then
cp /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
fi
printf "${DNS}" > /etc/resolv.conf
chmod 644 /etc/resolv.conf
|
This does not work if the original /etc/resolv.conf is read-only.
What I am currently doing to make it work:
- not follow the symlinks in up.sh with "-P". For regular files, nothing changes. For symlinks, they are copied and can be restored later as a symlink w/o altering the underlying file.
- use "mv" in down.sh instead of the copy
change in up.sh
| Code: | if [ -e /etc/resolv.conf ] ; then
cp -P /etc/resolv.conf /etc/resolv.conf-"${dev}".sv
rm -f /etc/resolv.conf
fi
printf "${DNS}" > /etc/resolv.conf
chmod 644 /etc/resolv.conf
|
change in down.sh
| Code: |
elif [ -e /etc/resolv.conf-"${dev}".sv ] ; then
mv /etc/resolv.conf-"${dev}".sv /etc/resolv.conf
rm -f /etc/resolv.conf-"${dev}".sv
fi
|
My question: Is this approach generally applicable? I would love to do a PR to make up/down work for the currently covered case but also for the case I described.
My concern, if I understand it correctly, is that the author of the down.sh explicitly opted to manipulate the underlying file in the case of a symlink this:
| Quote: | # Important that we copy instead of move incase resolv.conf is
# a symlink and not an actual file |
|
|
| Back to top |
|
 |
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3477
|
| Posted: Thu Sep 14, 2023 11:17 am Post subject: |
|
|
| Quote: | My concern, if I understand it correctly, is that the author of the down.sh explicitly opted to manipulate the underlying file in the case of a symlink this:
Quote:
# Important that we copy instead of move incase resolv.conf is
# a symlink and not an actual file |
Copying will update the linked file leaving symlink in place.
Moving will replace symlink with the moved file, leaving previously linked file in place, but no longer referenced.
AKA if you move instead of copying, you'll change - and most likely break - system's DNS config after shutting down your VPN. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Gentoo Chat
