[Bug 857524] Re: dhclient-script will not work with read-only /etc

Scott Moser smoser at canonical.com
Fri Sep 23 17:52:11 UTC 2011 

The following are comments on the changes in the patch

fix updating of /etc/resolv.conf for read-only

This patch makes the following changes:
 * instead of writing to a temp file in /etc/, write directly to
   /etc/resolv.conf
 * replace the multiple '>>' with a single '>' and braces.  This means
   the file will be opened for write once rather than append many times.
 * opening for write (truncate) keeps the ownership of the file if it exists, 
   and correctly follows a symlink.
   This makes the chmod and chown --reference un-necessary
 * use 'grep -i' rather than 'sed' to get the old nameserver entries from
   existing resolv.conf. This is how the linux.udeb does it, and I find it more clean.
 * changes 'wait_for_rw' to take a file argument rather than hard coding /etc

Note, there is an issue with this patch if /etc/resolv.conf is a symlink and
is the symlink (*not the target*) is not owned by root.  To demonstrate:
  $ rm -f /tmp/foo /tmp/bar
  $ ln -s /tmp/foo /tmp/bar
  $ sudo sh -c 'echo hi > /tmp/foo'
  $ sudo sh -c 'echo himom > /tmp/bar'
  sh: /tmp/bar: Permission denied

The only solution I see for this is to attempt to resolve the target of the
symlink (readlink -f) and writing directly there instead of through the
symlink.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to isc-dhcp in Ubuntu.
https://bugs.launchpad.net/bugs/857524

Title:
  dhclient-script will not work with read-only /etc

Status in “isc-dhcp” package in Ubuntu:
  New

Bug description:
  dhclient-script attempts to support read-only root , but it wont correctly work.
  For a read-only root to work, and support dhclient-script writing to /etc/resolv.conf, then /etc/resolv.conf would have to be a symlink to a writeable location (ie, /run).

  To that end, dhclient-script attempts to check and see if / is going
  to be mounted 'rw' and only wait for that case if it is.

  The problem is that it basically has the following logic:
    if root_will_be_mounted_rw; then
        wait-for-writable /etc/
    fi
    new_resolv_conf=/etc/resolv.conf.dhclient-new
    write new file to to $new_resolv_conf
    change attributes of $new_resolv_conf to match resolv.conf
    mv $new_resolv_conf /etc/resolv.conf

  That doesn't work if /etc is read-only and /etc/resolv.conf is a symlink for the following reasons:
   * $new_resolv_conf is being written to /etc/ (and wont be writable)
   * the mv will actually break the symlink and try to create a new file in /etc

  ProblemType: Bug
  DistroRelease: Ubuntu 11.10
  Package: isc-dhcp-client 4.1.1-P1-17ubuntu9
  ProcVersionSignature: Ubuntu 3.0.0-11.18-generic 3.0.4
  Uname: Linux 3.0.0-11-generic x86_64
  ApportVersion: 1.23-0ubuntu1
  Architecture: amd64
  Date: Fri Sep 23 11:50:56 2011
  EcryptfsInUse: Yes
  InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Beta amd64 (20100318)
  ProcEnviron:
   SHELL=/bin/bash
   PATH=(custom, user)
   LANG=en_US.UTF-8
  SourcePackage: isc-dhcp
  UpgradeStatus: Upgraded to oneiric on 2010-11-15 (311 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/isc-dhcp/+bug/857524/+subscriptions

More information about the foundations-bugs mailing list