gaenserich
commented
9 years ago I agree. Considering all the issues that have been coming up with the checks, I think stripping out the checks will ultimately make this a whole lot better.
Closed moesasji closed 9 years ago
gaenserich
commented
9 years ago I agree. Considering all the issues that have been coming up with the checks, I think stripping out the checks will ultimately make this a whole lot better.
In trying out hostsblock check on a Slackware machine that uses Networkmanager combined with dnsmasq the script fails for me due to a number of what appear to be wrong assumptions in the check_dnsmasq_config function in /usr/lib/hostsblock-common.sh
The background is that when someone uses Networkmanager to manage the network it becomes responsible for starting dnsmasq (by setting dns=dnsmasq). When doing this Networkmanager starts dnsmasq and it no longer uses a dnsmasq config file; instead it reads files that are put in a user defined conf-dir directory(user can pick the name of that directory). Note that this is something that can be the case without Networkmanager as well (see config file for dnsmasq)
For reference I get the following output for the options dnsmasq runs with:
bash-4.3$ ps -eo comm,args| grep dnsm dnsmasq /usr/sbin/dnsmasq --no-resolv --keep-in-foreground --no-hosts --bind-interfaces --pid-file=/var/run/NetworkManager/dnsmasq.pid --listen-address=127.0.0.1 --conf-file=/var/run/NetworkManager/dnsmasq.conf --cache-size=400 --proxy-dnssec --conf-dir=/etc/NetworkManager/dnsmasq.d1) The above line has both a conf-file and a conf-dir, however the settings that are added in the conf-directory DO NOT get added to the conf-file written by Networkmanager. So if you want to check the configuration you need to read both the conf-file and the content of all the files in the conf-dir. If you don't read the content of the conf-dir the check will always fail as the user has no control over the content of the conf-file.
2) Note that I explicitly write "conf-file" instead of the "config-file" that you grep for in the code in this function. It should be like this if I look at the above output of ps. Moreover this is the way how these options are specified in the man-page of dnsmasq, see http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html (search for conf-file).
3) Some of the dnsmasq options you check for are hardcoded in the networkmanager code that starts dnsmasq and don't appear in either the config file or the config directory you are trying to read. See line 273 - 290 in http://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/src/dns-manager/nm-dns-dnsmasq.c for this. You would miss for example that the listen-address is in fact configured correctly.
For now I gave up on trying to get the script working after this; however a quick glance through shows that I would have issues with the dhcpcd_config function as well as that also appears to look for files that don't exist. This is set in /etc/resolv.conf as Networkmanager manages this.
Personally I would opt for giving clear instructions of what settings should be used instead of these checks. Simply because getting these checks functioning correctly is hard because of distro and setup specific differences in network-config.