On Sun 2017-10-29 13:21:24 +0100, Geo Kozey wrote:
> FYI you can already change DNS through resolvconf from non-root
> daemons with correct file permissions or ACLs

resolvconf has plugins on the consumer side as well.  while you might be
able to guarantee that you have the correct file permissions or ACLs on
/etc/resolv.conf, you probably can't make a guarantee that all of the
plugins are going to work with that arrangement.

That said, i'd love to see this kind of proposal standardized and
documented.  Are there any systems that ship with correct file
permissions or ACLs?

> but that's off-topic.

It was off-topic until wg-quick started messing around with the local
system's DNS resolution.  Now it's on-topic :/

             --dkg