This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug nss/24939] New: Please support per-user configuration (resolv.conf, hosts)

From: "korn-sourceware.org at elan dot rulez.org" <sourceware-bugzilla at sourceware dot org>
To: glibc-bugs at sourceware dot org
Date: Mon, 26 Aug 2019 07:16:54 +0000
Subject: [Bug nss/24939] New: Please support per-user configuration (resolv.conf, hosts)
Auto-submitted: auto-generated

https://sourceware.org/bugzilla/show_bug.cgi?id=24939

            Bug ID: 24939
           Summary: Please support per-user configuration (resolv.conf,
                    hosts)
           Product: glibc
           Version: unspecified
            Status: UNCONFIRMED
          Severity: enhancement
          Priority: P2
         Component: nss
          Assignee: unassigned at sourceware dot org
          Reporter: korn-sourceware.org at elan dot rulez.org
  Target Milestone: ---

Sometimes, it's useful to have some users query different nameservers or see
different hostnames than others. Examples:

 * A user is developing software that involves DNS; testing should not affect
other users on the system.
 * DNS can be used to block access to unwanted webservers (e.g. trackers, ads).
Some users may have different preferences from others; it would be nice to
allow them to query their own DNS servers (maybe ones they run themselves).
(This is, incidentally, my specific use-case: I have a single user who wants to
see the ads and tracking cookies, for reasons of their own.)
 * In a split horizon DNS setup, some processes may need to query different
nameservers than others in order to see different records for the same names
(e.g. a reverse proxy webserver may need to see internal IPs while other
processes may need to see the reverse proxy address).

Currently, such setups are difficult but not impossible to achieve. Options
include:

 * Separate namespaces, with /etc/resolv.conf being bind mounted into each.
 * LD_PRELOAD
 * Adding a new (AFAICT, hypothetical) nss module to nsswitch.conf which would
prefer per-user configuration to system-level configfiles.

Looking at the source it seems to me that glibc could implement this relatively
easily; for example, the user could set an environment variable (in the vein of
LD_PRELOAD or LD_LIBRARY_PATH) to point to their preferred resolv.conf or hosts
file, which their processes could then prefer over the system-level ones.

Security concerns arise around setuid binaries; I'm not sure what the correct
behaviour would be. Perhaps system-level configuration could specify whether
setuid programs should ignore these envvars, with the default being to ignore
them.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Follow-Ups:
- [Bug nss/24939] Please support per-user configuration (resolv.conf, hosts)
  - From: korn-sourceware.org at elan dot rulez.org
- [Bug nss/24939] Please support per-user configuration (resolv.conf, hosts)
  - From: carlos at redhat dot com
- [Bug nss/24939] Please support per-user configuration (resolv.conf, hosts)
  - From: fweimer at redhat dot com

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]