Description
OS: Fedora Linux 35
Kernel: Linux 5.17.7-200.fc35.x86_64
Compositor: Wayland
Firewall: firewalld (backend=nftables)
NetworkManager: Yes
systemd-resolved: Yes
vopono ver: 0.9.0
Protocol: OpenVPN
I am unable to connect to any website on Firefox and is seeing
Hmm. We’re having trouble finding that site. We can’t connect to the server at www.example.com.
I tried another browser Falkon and it also do not have network connection.
I also tried disabling firewalld, starting nftables service, setting firewalld backend to iptables etc. to no avail.
After much troubleshooting, I realized that I actually have network connection in the namespace but is unable to resolve host without sudo.
In namespace:
$ curl ifconfig.co/country
curl: (6) Could not resolve host: ifconfig.co
$ sudo curl ifconfig.co/country
JapanI believe this is due to the fact that namespace /etc/resolv.conf permissions are not set properly:
$ cat /etc/resolv.conf
cat: /etc/resolv.conf: Permission denied
$ sudo cat /etc/resolv.conf
nameserver 10.19.0.1
$ ls -l /etc/resolv/conf
-rw-------. 1 root root 21 May 20 22:15 /etc/resolv.confIn host machine:
$ cat /etc/resolv.conf
nameserver 127.0.0.53
options edns0 trust-ad
search .
$ ls -l /etc/resolv.conf
-rw-r--r--. 1 systemd-resolve systemd-resolve 920 May 20 18:19 /etc/resolv.confThe cause is that my default umask is set to 077.
Explicitly changing the permissions of namespace's /etc/resolv.conf, or setting to a less restrictive umask before running vopono solves the problem.
Perhaps there can be a check for the file permissions and to set them correctly during the startup process?
On a somewhat related note, flatpak browsers have no problem with this as they are leaking DNS even after given access to all system files.