On Fri, Jun 12, 2015 at 10:17 AM, Dan Williams <dcbw@xxxxxxxxxx> wrote: > On Fri, 2015-06-12 at 00:48 -0400, Paul Wouters wrote: >> 2) NM/dnssec-trigger does the HTTP and DNS probing and prompting using >> a dedicated container and any DNS requests in that container are >> thrown away with the container once hotspot has been authenticated. >> This would allow us to never have resolv.conf on the host be >> different from 127.0.0.1. (currently, it needs to put in the hotspot >> DNS servers for the hotspot logon, exposing other applications to >> fake DNS) > > I'm not sure a container really needs to be involved as long as the DNS > resolution can be done without hitting resolv.conf. That's not hugely > hard to do I think as long as we can manually resolve the connectivity > URI address without telling applications about the new DNS servers. > If you have automatic VPN connection enabled, then I don't really see how a captive portal login can be done fully safely without a container -- the captive portal login should see a route or even interface that should never be visible to anything else. --Andy -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
