Fixing wg-quick's DNS= directive with a hatchet
Jason A. Donenfeld
Jason at zx2c4.com
Sun Oct 29 18:07:07 CET 2017
On Oct 29, 2017 1:21 PM, "Geo Kozey" <geokozey at mailfence.com> wrote:
October 28, 2017 7:57:06 PM CEST "Jason A. Donenfeld" <Jason at zx2c4.com>
wrote:
>On Oct 28, 2017 5:03 PM, "Daniel Kahn Gillmor" <dkg at fifthhorseman.net>
wrote:
>
>My concern with the resolvconf model (whether implemented by openresolv
>or not) is that each daemon that needs to execute resolvconf needs to be
>root.
>
>1) wg-quick isn't a daemon, though openvpn is.
>
>2) I can think of at least 5 ways to implement a resolvconf binary without
requiring root, making your argument moot. There's nothing inherent in the
resolvconf model that would require it.
>
>If you're interested in spending the time implementing this for
openresolv, I can spec those out in detail for you. Alternatively, you can
just wait for the systemd devs to add a resolvconf for controlling
systemd-resolved, if that's the horse you're betting on.
FYI you can already change DNS through resolvconf from non-root daemons
with correct file permissions or ACLs but that's off-topic.
Yep! Pretty straight forward.
Yours sincerely
G. K.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20171029/9df9608d/attachment.html>
More information about the WireGuard
mailing list