From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4341 Path: news.gmane.org!not-for-mail From: Laurent Bercot Newsgroups: gmane.linux.lib.musl.general Subject: Re: _PATH_LASTLOG Date: Tue, 03 Dec 2013 20:44:01 +0000 Message-ID: <529E4291.1030100@skarnet.org> References: <20131203184248.GT1685@port70.net> <20131203195433.GM24286@brightrain.aerifal.cx> <20131203202502.GO24286@brightrain.aerifal.cx> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1386103430 29778 80.91.229.3 (3 Dec 2013 20:43:50 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 3 Dec 2013 20:43:50 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4345-gllmg-musl=m.gmane.org@lists.openwall.com Tue Dec 03 21:43:56 2013 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1Vnwp1-00016Z-Jc for gllmg-musl@plane.gmane.org; Tue, 03 Dec 2013 21:43:55 +0100 Original-Received: (qmail 25977 invoked by uid 550); 3 Dec 2013 20:43:55 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 25969 invoked from network); 3 Dec 2013 20:43:54 -0000 X-SourceIP: 89.100.252.69 User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 In-Reply-To: <20131203202502.GO24286@brightrain.aerifal.cx> Xref: news.gmane.org gmane.linux.lib.musl.general:4341 Archived-At: > One problem I'd like to solve is making a way for users to override > the system resolv.conf; The s6-dns client library uses the DNSCACHEIP environment variable for this: if it contains a list of DNS caches, this list will override the /etc/resolv.conf-provided one. (The idea comes from djbdns, but has been extended to a full list instead of a single cache address.) Same thing with the DNSQUALIFY environment variable, which can have a list of suffixes that overrides resolv.conf. (djbdns had a complex rules-rewriting-based qualification mechanism that nobody ever used, so the simpler approach was easier and better.) Maybe musl could use the same approach: environment variables are a reasonable place for hardcoded-path overrides. But it has to be balanced against namespace pollution. > This seems like a good foundation for a package system. I've looked > into Nixos before but never really tried it out, and got the > impression that the concept was very good but it might not be the best > implementation. So something similar to Nixos sounds interesting. :-) I've always believed that the filesystem itself should be used as a packaging system: every package should have its own system user and reside in its own directory, and /usr/bin and friends should only contain symlinks. Native isolation via Unix permissions, atomic package replacement, easy package management. But for some reason, people seem absolutely reluctant to do this. > The philosophy used in musl, which is somewhat different from the sort > of philosophy you might have when designing a new distribution, is not > to invent new policy but to avoid policy and build on existing, > already-widely-accepteed policy when it's unavoidable. I don't agree with all decisions in musl, but this one I can definitely stand for. > There are LOTS of ways one could extend hostname lookups, ranging from NSS modules to > hosts.d and resolv.d, but rather than trying to support everything > imaginable (result: bloat and serious security considerations) in > libc, the musl approach to hostname lookup is that libc contains the > basics that are suitable for most/all simple systems, and anything > more advances can be provided by an external daemon running on > localhost that speaks DNS protocol and provides whatever lookup > semantics you desire. In the DNS case, the flexible - and best, IMNSHO - approach is to run a small local DNS cache on localhost indeed; but the problem is that there's an existing codebase that sometimes insists on clobbering /etc/resolv.conf, which adds to the packaging burden when your purpose is to create or maintain a distribution. Having extension mechanisms at the libc level can help in that situation. -- Laurent