Unfortunately the fix doesn't work and Ubuntu 19.10 with ppp 2.4.7-2+4.1ubuntu4.1 is still affected. I've added a bunch of
logger -t 0000usepeerdns -- doing stuff
commands to /etc/ppp/ip-up.d/0000usepeerdns and /etc/ppp/ip-down.d/0000usepeerdns.
Here's what I see when /etc/resolv.conf is a symlink to /run/systemd/resolve/stub-resolv.conf (which is the standard Ubuntu configuration) and /run/systemd/resolve/stub-resolv.conf is owned by systemd-resolve:systemd-resolve:
kov. 18 22:16:44 blynas 0000usepeerdns[29590]: running /etc/ppp/ip-up.d/0000usepeerdns ppp0 0 10.46.37.85 192.0.2.1 7c4ea6b5-3f8b-4874-a81a-c4712fa17787
kov. 18 22:16:44 blynas 0000usepeerdns[29592]: the real resolv.conf is /run/systemd/resolve/stub-resolv.conf
kov. 18 22:16:44 blynas 0000usepeerdns[29595]: created /run/systemd/resolve/stub-resolv.conf.tmp
kov. 18 22:16:44 blynas 0000usepeerdns[29597]: -rw-r--r-- 1 systemd-resolve systemd-resolve 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf -rw-r--r-- 1 root root 749 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf.tmp
This indicates that the script aborted early due to the `#!/bin/sh -e` shebang line, as I had more logging statements. The failing command must've been the cp -a.
Disconnecting produces
kov. 18 22:16:49 blynas 0000usepeerdns[29785]: running /etc/ppp/ip-down.d/0000usepeerdns ppp0 0 10.46.37.85 192.0.2.1 7c4ea6b5-3f8b-4874-a81a-c4712fa17787
kov. 18 22:16:49 blynas 0000usepeerdns[29791]: -rw-r--r-- 1 systemd-resolve systemd-resolve 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf -rw------- 1 root root 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0
kov. 18 22:16:49 blynas 0000usepeerdns[29797]: moved /run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0 to /run/systemd/resolve/stub-resolv.conf
kov. 18 22:16:49 blynas 0000usepeerdns[29803]: -rw------- 1 root root 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf
kov. 18 22:16:49 blynas 0000usepeerdns[29805]: all is well!
Now if I apply a manual fix of the form
sudo chmod a+r /etc/resolv.conf
and then connect to the VPN again, I'll see that the script runs successfully to the end
kov. 18 22:18:17 blynas 0000usepeerdns[30617]: running /etc/ppp/ip-up.d/0000usepeerdns ppp0 0 10.46.37.85 192.0.2.1 7c4ea6b5-3f8b-4874-a81a-c4712fa17787
kov. 18 22:18:17 blynas 0000usepeerdns[30619]: the real resolv.conf is /run/systemd/resolve/stub-resolv.conf
kov. 18 22:18:17 blynas 0000usepeerdns[30622]: created /run/systemd/resolve/stub-resolv.conf.tmp
kov. 18 22:18:17 blynas 0000usepeerdns[30627]: -rw-r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf -rw-r--r-- 1 root root 749 Mar 18 22:18 /run/systemd/resolve/stub-resolv.conf.tmp
kov. 18 22:18:17 blynas 0000usepeerdns[30636]: backed up /run/systemd/resolve/stub-resolv.conf to /run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0
kov. 18 22:18:17 blynas 0000usepeerdns[30638]: -rw-r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf -rw-r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0 -rw-r--r-- 1 root root 749 Mar 18 22:18 /run/systemd/resolve/stub-resolv.conf.tmp
kov. 18 22:18:17 blynas 0000usepeerdns[30640]: moved /run/systemd/resolve/stub-resolv.conf.tmp to /run/systemd/resolve/stub-resolv.conf
kov. 18 22:18:17 blynas 0000usepeerdns[30643]: -rw-r--r-- 1 systemd-resolve systemd-resolve 719 Mar 18 22:18 /run/systemd/resolve/stub-resolv.conf -rw-r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0
kov. 18 22:18:17 blynas 0000usepeerdns[30644]: all is well!
and when I disconnect, the bug is no longer showing up:
kov. 18 22:18:38 blynas 0000usepeerdns[30885]: running /etc/ppp/ip-down.d/0000usepeerdns ppp0 0 10.46.37.85 192.0.2.1 7c4ea6b5-3f8b-4874-a81a-c4712fa17787
kov. 18 22:18:38 blynas 0000usepeerdns[30900]: -rw-r--r-- 1 systemd-resolve systemd-resolve 719 Mar 18 22:18 /run/systemd/resolve/stub-resolv.conf -rw-r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0
kov. 18 22:18:38 blynas 0000usepeerdns[30905]: moved /run/systemd/resolve/stub-resolv.conf.pppd-backup.ppp0 to /run/systemd/resolve/stub-resolv.conf
kov. 18 22:18:38 blynas 0000usepeerdns[30907]: -rw-r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/resolve/stub-resolv.conf
kov. 18 22:18:38 blynas 0000usepeerdns[30908]: all is well!
The only difference is the ownership of /run/systemd/resolve/stub-resolv.conf. Somehow the cp -a fails to change the ownership of the backup file from root:root to systemd-resolve:systemd-resolve.
What could prevent a script running as root from chowning a file? AppArmor?
Also note that the "running under NetworkManager" check in /etc/ppp/ip-up.d/0000usepeerdns never fires because $6 is always blank AFAICS.
Unfortunately the fix doesn't work and Ubuntu 19.10 with ppp 2.4.7-2+ 4.1ubuntu4. 1 is still affected. I've added a bunch of
logger -t 0000usepeerdns -- doing stuff
commands to /etc/ppp/ ip-up.d/ 0000usepeerdns and /etc/ppp/ ip-down. d/0000usepeerdn s.
Here's what I see when /etc/resolv.conf is a symlink to /run/systemd/ resolve/ stub-resolv. conf (which is the standard Ubuntu configuration) and /run/systemd/ resolve/ stub-resolv. conf is owned by systemd- resolve: systemd- resolve:
$ journalctl -b SYSLOG_ IDENTIFIER= 0000usepeerdns -f
kov. 18 22:16:44 blynas 0000usepeerdns[ 29590]: running /etc/ppp/ ip-up.d/ 0000usepeerdns ppp0 0 10.46.37.85 192.0.2.1 7c4ea6b5- 3f8b-4874- a81a-c4712fa177 87 29592]: the real resolv.conf is /run/systemd/ resolve/ stub-resolv. conf 29595]: created /run/systemd/ resolve/ stub-resolv. conf.tmp 29597]: -rw-r--r-- 1 systemd-resolve systemd-resolve 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf
-rw- r--r-- 1 root root 749 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf.tmp
kov. 18 22:16:44 blynas 0000usepeerdns[
kov. 18 22:16:44 blynas 0000usepeerdns[
kov. 18 22:16:44 blynas 0000usepeerdns[
This indicates that the script aborted early due to the `#!/bin/sh -e` shebang line, as I had more logging statements. The failing command must've been the cp -a.
Disconnecting produces
kov. 18 22:16:49 blynas 0000usepeerdns[ 29785]: running /etc/ppp/ ip-down. d/0000usepeerdn s ppp0 0 10.46.37.85 192.0.2.1 7c4ea6b5- 3f8b-4874- a81a-c4712fa177 87 29791]: -rw-r--r-- 1 systemd-resolve systemd-resolve 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf
-rw- ------ 1 root root 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf.pppd- backup. ppp0 29797]: moved /run/systemd/ resolve/ stub-resolv. conf.pppd- backup. ppp0 to /run/systemd/ resolve/ stub-resolv. conf 29803]: -rw------- 1 root root 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf 29805]: all is well!
kov. 18 22:16:49 blynas 0000usepeerdns[
kov. 18 22:16:49 blynas 0000usepeerdns[
kov. 18 22:16:49 blynas 0000usepeerdns[
kov. 18 22:16:49 blynas 0000usepeerdns[
Now if I apply a manual fix of the form
sudo chmod a+r /etc/resolv.conf
and then connect to the VPN again, I'll see that the script runs successfully to the end
kov. 18 22:18:17 blynas 0000usepeerdns[ 30617]: running /etc/ppp/ ip-up.d/ 0000usepeerdns ppp0 0 10.46.37.85 192.0.2.1 7c4ea6b5- 3f8b-4874- a81a-c4712fa177 87 30619]: the real resolv.conf is /run/systemd/ resolve/ stub-resolv. conf 30622]: created /run/systemd/ resolve/ stub-resolv. conf.tmp 30627]: -rw-r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf
-rw- r--r-- 1 root root 749 Mar 18 22:18 /run/systemd/ resolve/ stub-resolv. conf.tmp 30636]: backed up /run/systemd/ resolve/ stub-resolv. conf to /run/systemd/ resolve/ stub-resolv. conf.pppd- backup. ppp0 30638]: -rw-r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf
-rw- r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf.pppd- backup. ppp0
-rw- r--r-- 1 root root 749 Mar 18 22:18 /run/systemd/ resolve/ stub-resolv. conf.tmp 30640]: moved /run/systemd/ resolve/ stub-resolv. conf.tmp to /run/systemd/ resolve/ stub-resolv. conf 30643]: -rw-r--r-- 1 systemd-resolve systemd-resolve 719 Mar 18 22:18 /run/systemd/ resolve/ stub-resolv. conf
-rw- r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf.pppd- backup. ppp0 30644]: all is well!
kov. 18 22:18:17 blynas 0000usepeerdns[
kov. 18 22:18:17 blynas 0000usepeerdns[
kov. 18 22:18:17 blynas 0000usepeerdns[
kov. 18 22:18:17 blynas 0000usepeerdns[
kov. 18 22:18:17 blynas 0000usepeerdns[
kov. 18 22:18:17 blynas 0000usepeerdns[
kov. 18 22:18:17 blynas 0000usepeerdns[
kov. 18 22:18:17 blynas 0000usepeerdns[
and when I disconnect, the bug is no longer showing up:
kov. 18 22:18:38 blynas 0000usepeerdns[ 30885]: running /etc/ppp/ ip-down. d/0000usepeerdn s ppp0 0 10.46.37.85 192.0.2.1 7c4ea6b5- 3f8b-4874- a81a-c4712fa177 87 30900]: -rw-r--r-- 1 systemd-resolve systemd-resolve 719 Mar 18 22:18 /run/systemd/ resolve/ stub-resolv. conf
-rw- r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf.pppd- backup. ppp0 30905]: moved /run/systemd/ resolve/ stub-resolv. conf.pppd- backup. ppp0 to /run/systemd/ resolve/ stub-resolv. conf 30907]: -rw-r--r-- 1 root root 719 Mar 18 22:16 /run/systemd/ resolve/ stub-resolv. conf 30908]: all is well!
kov. 18 22:18:38 blynas 0000usepeerdns[
kov. 18 22:18:38 blynas 0000usepeerdns[
kov. 18 22:18:38 blynas 0000usepeerdns[
kov. 18 22:18:38 blynas 0000usepeerdns[
The only difference is the ownership of /run/systemd/ resolve/ stub-resolv. conf. Somehow the cp -a fails to change the ownership of the backup file from root:root to systemd- resolve: systemd- resolve.
What could prevent a script running as root from chowning a file? AppArmor?
Also note that the "running under NetworkManager" check in /etc/ppp/ ip-up.d/ 0000usepeerdns never fires because $6 is always blank AFAICS.