How to set `chattr +i` for my `/etc/resolv.conf `?

Your /etc/resolv.conf is probably a symlink. See this explanation for further information.

You could try:

chattr +i "$(realpath /etc/resolv.conf)"

Does the root mountpoint support Access Control Lists (acl) or Extended Attributes?

Check it via:

findmnt -fn / | grep -E "acl|user_xattr" || echo "acl or user_xattr mount option not set for mountpoint /"

Is your root partition of the type 'VFAT'? I believe 'VFAT' does not support ACLs.

Check it via:

findmnt -fn / | grep vfat

Or maybe your symlink target directory is a tmpfs? ACLs are lost on tmpfs

Test it:

findmnt -fn $(dirname $(realpath /etc/resolv.conf)) | grep tmpfs && echo $(dirname $(realpath /etc/resolv.conf)) is tmpfs

cheers

As you saw, it seems you can't set chattr attributes on symlinks. Also, they're not supported on tmpfs. The man page for chattr mentions that

Not all flags are supported or utilized by all filesystems; refer to filesystem-specific man pages such as btrfs(5), ext4(5), and xfs(5) for more filesystem-specific details.

And there's no mention of the immutable flag or chattr in tmpfs(5).

ACLs or extended attributes have nothing to do with this, chattr attributes are stored directly on the inode, as seen for ext4 in this table of the inode structure.

---

You'll need to find some other way to prevent your programs from modifying it. systemd-resolved should be smart enough to leave the file alone if you replace the symlink with a static file:

Three modes of handling /etc/resolv.conf (see resolv.conf(5)) are supported:

· Alternatively, /etc/resolv.conf may be managed by other packages, in which case systemd-resolved will read it for DNS configuration data. In this mode of operation systemd-resolved is consumer rather than provider of this configuration file.

Note that the selected mode of operation for this file is detected fully automatically, depending on whether /etc/resolv.conf is a symlink to /run/systemd/resolve/resolv.conf or lists 127.0.0.53 as DNS server.

If you have other programs that might modify it (like a DHCP client), you'll have to see about reconfiguring them. Or chattr +i /etc/resolv.conf after making it a static file instead of a symlink, but beware that whatever tries to write it, might not like the resulting errors.

sudo rm /etc/resolv.conf //remove the symlink
sudo nano /etc/resolv.conf //create the new file and populate it as you wish
sudo chattr +i /etc/resolv.conf //change its attributes as you wish.....