Unable to change file attributes (e.g. immutable) on /etc/resolv.conf

networking network-manager dns

5,795

/run is a tmpfs (ramdisk) filesystem, and doesn't support extended attributes:

% df -T /run
Filesystem     Type  1K-blocks  Used Available Use% Mounted on
tmpfs          tmpfs    393016  6416    386600   2% /run

On how to avoid /etc/resolv.conf being changed by NetworkManager, I found a possible solution at the Arch Linux forums.

Create a resolv.conf file containing the settings you wish to keep somewhere in your system (say in /etc/resolv.conf.DNSoverride) and put this script in /etc/NetworkManager/dispatcher.d:

#! /bin/sh
cp -f /etc/resolv.conf.DNSoverride /etc/resolv.conf

The script, quoting man networkmanager:

[...] should be a regular executable file owned by root. Furthermore, it must not be writable by group or other, and not setuid. [...]

Quoting man networkmanager:

[...] NetworkManager will execute scripts in the /etc/NetworkManager/dispatcher.d directory or subdirectories in alphabetical order in response to network events. [...]

This means that the script will copy /etc/resolv.conf.DNSoverride overwriting /etc/resolv.conf each time a network event takes place, overriding possible changes made to /etc/resolv.conf.

5,795

boolean.is.null

Updated on September 18, 2022

Comments

boolean.is.null over 1 year
I noticed that the network manager frequently changed my DNS server, so I wanted to set the immutable bit on the /etc/resolv.conf file, which didn't work. I noticed that the /etc/resolv.conf file is actually a symbolic link to /run/resolvconf/resolv.conf.

Now, sudo chattr +i /run/resolvconf/resolv.conf results in:
```
chattr: Inappropriate ioctl for device while reading flags on /run/resolvconf/resolv.conf
```
From what I can tell, this means that /run/resolvconf/ doesn't support such attributes. Is that right?

Xubuntu 15.10;

How can I write-protect my resolv.conf file?