On Sat, Apr 12, 2014 at 04:40:50PM +0100, Richard W.M. Jones wrote:
On Sat, Apr 12, 2014 at 11:01:20AM -0400, Paul Wouters wrote:
> On Sat, 12 Apr 2014, Chuck Anderson wrote:
> >Maybe we should set the file to be immutable after setting it to 127.0.0.1:
> >
> >chattr +i /etc/resolv.conf
>
> That is the trick currently used by dnssec-triggerd to prevent other
> applications from messing with that file.
Oh crap, that means I'm going to need a "really really don't touch
this file" flag, perhaps a one-way flag that can never be un-set.
I'm already setting chattr +i /etc/resolv.conf to stop anything
touching the file, and I don't want apps to mess with that flag (or
the file).
Bind mount the file to a read-only filesystem?