lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 25 Jul 2023 08:01:34 +0200
From: Gioele Barabucci <gioele@...rio.it>
To: Stephen Hemminger <stephen@...workplumber.org>
Cc: netdev@...r.kernel.org, Petr Machata <petrm@...dia.com>
Subject: Re: [iproute2 00/22] Support for stateless configuration (read from
 /etc and /usr)

On 25/07/23 03:40, Stephen Hemminger wrote:
> On Wed, 19 Jul 2023 20:50:44 +0200
> Gioele Barabucci <gioele@...rio.it> wrote:
> 
>> Dear iproute2 maintainers,
>>
>> this patch series adds support for the so called "stateless" configuration
>> pattern, i.e. reading the default configuration from /usr while allowing
>> overriding it in /etc, giving system administrators a way to define local
>> configuration without changing any distro-provided files.
>>
>> In practice this means that each configuration file FOO is loaded
>> from /usr/lib/iproute2/FOO unless /etc/iproute2/FOO exists.
> 
> These files are not something the typical user ever looks at or changes.
> Please explain why all this churn is necessary

Dear Stephen,

I fully agree that these files are rarely if ever modified.

However I assumed that you wished them to remain configurable given that:

1) these files are in /etc, suggesting that they are normal system-wide 
configuration files, and
2) the const is called CONFDIR,
3) the man pages refer to these files as modifiable files, for example, 
ip-link: «GROUP may be a number or a string from the file 
/etc/iproute2/group which can be manually filled.».
4) there are a few guides around the Web that suggest to add entries to 
these files.

If these files are to be configurable, then they should follow the 
stateless pattern (default provided by distro in /usr, local sysadmin 
override /etc).

If these files are not supposed to be configurable and are just 
convenience listings of settings to be considered hard-coded, then 
changing CONFDIR to /usr/lib/iproute2 is the simplest way to make 
iproute2 stateless (i.e. working in cases where /etc is not present).

Would you prefer, instead of this patch series, a patch that simply 
changes CONFDIR to /usr/lib/iproute2/?

Regards,

-- 
Gioele Barabucci

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ