This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug nss/24939] New: Please support per-user configuration (resolv.conf, hosts)
- From: "korn-sourceware.org at elan dot rulez.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Mon, 26 Aug 2019 07:16:54 +0000
- Subject: [Bug nss/24939] New: Please support per-user configuration (resolv.conf, hosts)
- Auto-submitted: auto-generated
https://sourceware.org/bugzilla/show_bug.cgi?id=24939
Bug ID: 24939
Summary: Please support per-user configuration (resolv.conf,
hosts)
Product: glibc
Version: unspecified
Status: UNCONFIRMED
Severity: enhancement
Priority: P2
Component: nss
Assignee: unassigned at sourceware dot org
Reporter: korn-sourceware.org at elan dot rulez.org
Target Milestone: ---
Sometimes, it's useful to have some users query different nameservers or see
different hostnames than others. Examples:
* A user is developing software that involves DNS; testing should not affect
other users on the system.
* DNS can be used to block access to unwanted webservers (e.g. trackers, ads).
Some users may have different preferences from others; it would be nice to
allow them to query their own DNS servers (maybe ones they run themselves).
(This is, incidentally, my specific use-case: I have a single user who wants to
see the ads and tracking cookies, for reasons of their own.)
* In a split horizon DNS setup, some processes may need to query different
nameservers than others in order to see different records for the same names
(e.g. a reverse proxy webserver may need to see internal IPs while other
processes may need to see the reverse proxy address).
Currently, such setups are difficult but not impossible to achieve. Options
include:
* Separate namespaces, with /etc/resolv.conf being bind mounted into each.
* LD_PRELOAD
* Adding a new (AFAICT, hypothetical) nss module to nsswitch.conf which would
prefer per-user configuration to system-level configfiles.
Looking at the source it seems to me that glibc could implement this relatively
easily; for example, the user could set an environment variable (in the vein of
LD_PRELOAD or LD_LIBRARY_PATH) to point to their preferred resolv.conf or hosts
file, which their processes could then prefer over the system-level ones.
Security concerns arise around setuid binaries; I'm not sure what the correct
behaviour would be. Perhaps system-level configuration could specify whether
setuid programs should ignore these envvars, with the default being to ignore
them.
--
You are receiving this mail because:
You are on the CC list for the bug.