From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 3e8ef019 for ; Sat, 28 Oct 2017 17:55:09 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 1736c997 for ; Sat, 28 Oct 2017 17:55:09 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 4c697d81 for ; Sat, 28 Oct 2017 17:55:09 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 3629200f (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Sat, 28 Oct 2017 17:55:08 +0000 (UTC) Received: by mail-oi0-f47.google.com with SMTP id v132so15509483oie.1 for ; Sat, 28 Oct 2017 10:57:08 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: <87ineze3x2.fsf@fifthhorseman.net> References: <3a761178-19bc-1d01-b6a8-9fb801312d47@solidadmin.com> <44ac12fe-685b-730e-8afd-e4081daf038d@solidadmin.com> <92b6b9c5-b07c-52fa-a72a-0fc2dcc253bc@solidadmin.com> <87she4fdol.fsf@fifthhorseman.net> <87ineze3x2.fsf@fifthhorseman.net> From: "Jason A. Donenfeld" Date: Sat, 28 Oct 2017 19:57:06 +0200 Message-ID: Subject: Re: Fixing wg-quick's DNS= directive with a hatchet To: Daniel Kahn Gillmor Content-Type: multipart/alternative; boundary="001a113cca143a19bb055c9f2291" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , --001a113cca143a19bb055c9f2291 Content-Type: text/plain; charset="UTF-8" On Oct 28, 2017 5:03 PM, "Daniel Kahn Gillmor" wrote: My concern with the resolvconf model (whether implemented by openresolv or not) is that each daemon that needs to execute resolvconf needs to be root. 1) wg-quick isn't a daemon, though openvpn is. 2) I can think of at least 5 ways to implement a resolvconf binary without requiring root, making your argument moot. There's nothing inherent in the resolvconf model that would require it. If you're interested in spending the time implementing this for openresolv, I can spec those out in detail for you. Alternatively, you can just wait for the systemd devs to add a resolvconf for controlling systemd-resolved, if that's the horse you're betting on. --001a113cca143a19bb055c9f2291 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Oct 28, 2017 5:0= 3 PM, "Daniel Kahn Gillmor" <dkg@fifthhorseman.net> wrote:

My concern with the resolvconf model (whether implemented by openreso= lv
or not) is that each daemon that needs to execute resolvconf needs to be root.

1) wg-quick isn't a daemon, though openvpn is.

2) I can think of at least 5 ways to = implement a resolvconf binary without requiring root, making your argument = moot. There's nothing inherent in the resolvconf model that would requi= re it.

If you're int= erested in spending the time implementing this for openresolv, I can spec t= hose out in detail for you. Alternatively, you can just wait for the system= d devs to add a resolvconf for controlling systemd-resolved, if that's = the horse you're betting on.
--001a113cca143a19bb055c9f2291--