Bug 1337222 - Please consider managing /etc/resolv.conf not a symlink
Summary: Please consider managing /etc/resolv.conf not a symlink
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: NetworkManager
Version: 7.2
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Thomas Haller
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On: 1116999 1342401
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-18 14:18 UTC by Petr Sklenar ⛄
Modified: 2016-11-03 19:10 UTC (History)
9 users (show)

Fixed In Version: NetworkManager-1.2.0-2.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-11-03 19:10:16 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2016:2581 normal SHIPPED_LIVE Low: NetworkManager security, bug fix, and enhancement update 2016-11-03 12:08:07 UTC

Description Petr Sklenar ⛄ 2016-05-18 14:18:39 UTC
Description of problem:
/etc/resolv.conf as a symlink is lost after reboot

Version-Release number of selected component (if applicable):
NetworkManager-1.2.0-1.el7.s390x
initscripts-9.49.30-1.el7_2.2.s390x

How reproducible:
always

Steps to Reproduce:
0,
# ls -la /etc/resolv.conf 
lrwxrwxrwx. 1 root root 35 May 18 09:25 /etc/resolv.conf -> /var/run/NetworkManager/resolv.conf

1, have a static network
cat /etc/sysconfig/network-scripts/ifcfg-enccw0.0.8000
# Generated by dracut initrd
NAME="enccw0.0.8000"
SUBCHANNELS="0.0.8000,0.0.8001,0.0.8002"
NETTYPE="qeth"
OPTIONS="layer2=1 portname=z-25 portno=0"
DEVICE="enccw0.0.8000"
ONBOOT=yes
NETBOOT=yes
UUID="d7bd1af6-2701-4b15-80f9-44aca4235b73"
BOOTPROTO=none
IPADDR="10.16.66.216"
PREFIX="21"
GATEWAY="10.16.71.254"
TYPE=Ethernet
DNS1="10.11.5.19"
2, systemctl disable NetworkManger
3, reboot

Actual results:
[root@ibm-z-25 ~]# ls /etc/resolv.conf -la
lrwxrwxrwx. 1 root root 35 May 18 09:25 /etc/resolv.conf -> /var/run/NetworkManager/resolv.conf
[root@ibm-z-25 ~]# ls -la /var/run/NetworkManager/resolv.conf
ls: cannot access /var/run/NetworkManager/resolv.conf: No such file or directory

Expected results:
/etc/resolv.conf is not symlink, this is too much invasive change for rhel7.3

Additional info:

Comment 1 Petr Sklenar ⛄ 2016-05-18 14:21:26 UTC
there are also issues with our testing environment which is not ready to have this file like a symlink, backuping and restoring stop to work

Comment 6 Thomas Haller 2016-05-19 15:00:31 UTC
this is already configurable at runtime via main.rc-manager (see `man NetworkManager.conf`).

after discussion, it seems the best way to solve this is by changing the compile-time default-value of the configuration option for RHEL.

For that, I added a new configure option "--with-config-dns-rc-manager-default", and RHEL-7 packages should be build "--with-config-dns-rc-manager-default=file"


How about: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=th%2Fdns-rc-manager-default-rh1337222

Comment 7 Beniamino Galvani 2016-05-20 12:10:01 UTC
(In reply to Thomas Haller from comment #6)
> this is already configurable at runtime via main.rc-manager (see `man
> NetworkManager.conf`).
> 
> after discussion, it seems the best way to solve this is by changing the
> compile-time default-value of the configuration option for RHEL.
> 
> For that, I added a new configure option
> "--with-config-dns-rc-manager-default", and RHEL-7 packages should be build
> "--with-config-dns-rc-manager-default=file"
> 
> 
> How about:
> https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/
> ?id=th%2Fdns-rc-manager-default-rh1337222

Can't the same result be achieved by installing a configuration snippet in /usr/lib/NetworkManager/conf.d/ ? It looks like a simpler solution to me. And also, allowing different build-time defaults makes it slightly harder to debug and understand the desired behavior (because you need to know how the daemon was compiled)... I thinking about different distributions choosing different defaults.

Comment 8 Thomas Haller 2016-05-20 12:20:47 UTC
(In reply to Beniamino Galvani from comment #7)
> (In reply to Thomas Haller from comment #6)
> > this is already configurable at runtime via main.rc-manager (see `man
> > NetworkManager.conf`).
> > 
> > after discussion, it seems the best way to solve this is by changing the
> > compile-time default-value of the configuration option for RHEL.
> > 
> > For that, I added a new configure option
> > "--with-config-dns-rc-manager-default", and RHEL-7 packages should be build
> > "--with-config-dns-rc-manager-default=file"
> > 
> > 
> > How about:
> > https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/
> > ?id=th%2Fdns-rc-manager-default-rh1337222
> 
> Can't the same result be achieved by installing a configuration snippet in
> /usr/lib/NetworkManager/conf.d/ ? It looks like a simpler solution to me.
> And also, allowing different build-time defaults makes it slightly harder to
> debug and understand the desired behavior (because you need to know how the
> daemon was compiled)... I thinking about different distributions choosing
> different defaults.

You are right. Yes, a configuration snippet would have a very similar effect.
I think both solutions are very similar, unclear which is better.

The main reason I prefer changing the compile-time default is that it avoids reading a configuration file *every* time NM starts on RHEL. No strong reason there...

Also, the manual states that the default might differ between distributions -- which is already now the case, e.g. on SUSE the default is netconfig. So, that didn't really change for the worse.

Comment 9 Lubomir Rintel 2016-05-23 13:20:11 UTC
+1 for a config-time option; but not that I care too much either, a configuration file would be fine too.

ACK for the branch

Comment 10 Thomas Haller 2016-05-23 19:59:47 UTC
merged to master: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=51791c4772e7a9c26a1afc088069e9d4d862d36c

(still needs backporting)

Comment 11 Vitezslav Humpa 2016-06-02 13:00:24 UTC
Looks like this breaks selinux policy for the resolv.conf. Perhaps will also require update of that.

See: https://beaker.engineering.redhat.com/jobs/1356695

Which contains lots of AVC such as:
http://beaker-archive.app.eng.bos.redhat.com/beaker-logs/2016/06/13566/1356695/2765632/41633057/205217065/test_log-NetworkManager_Test5_testcase_290425-avc.log

Comment 13 Vladimir Benes 2016-06-06 12:45:13 UTC
[root@qe-dell-ovs5-vm-23 NetworkManager]# rpm -q NetworkManager
NetworkManager-1.2.0-2.el7.x86_64

[root@qe-dell-ovs5-vm-23 NetworkManager]# ls -la /etc/resolv.conf 
-rw-r--r--. 1 root root 132 Jun  6 08:43 /etc/resolv.conf

Comment 15 errata-xmlrpc 2016-11-03 19:10:16 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2581.html


Note You need to log in before you can comment on or make changes to this bug.