Skip to content
Snippets Groups Projects
Unverified Commit dc13c17a authored by Matthias Schiffer's avatar Matthias Schiffer
Browse files

gluon-wan-dnsmasq: add ujail configuration 

Use ujail to restrict dnsmasq privileges, similar to the regular OpenWrt
dnsmasq initscript.
parent 4ccb5ccb
Branches
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
package/gluon-wan-dnsmasq/files/etc/init.d/gluon-wan-dnsmasq
+ 9
0
View file @ dc13c17a
...@@ -8,6 +8,7 @@ RESOLV_CONF_DIR=/var/gluon/wan-dnsmasq ...@@ -8,6 +8,7 @@ RESOLV_CONF_DIR=/var/gluon/wan-dnsmasq
RESOLV_CONF=$RESOLV_CONF_DIR/resolv.conf RESOLV_CONF=$RESOLV_CONF_DIR/resolv.conf
start_service() { start_service() {
mkdir -p /var/run/dnsmasq/
mkdir -p $RESOLV_CONF_DIR mkdir -p $RESOLV_CONF_DIR
touch "$RESOLV_CONF" touch "$RESOLV_CONF"
...@@ -19,9 +20,17 @@ start_service() { ...@@ -19,9 +20,17 @@ start_service() {
--port=54 \ --port=54 \
--no-hosts \ --no-hosts \
--keep-in-foreground \ --keep-in-foreground \
--pid-file=/var/run/dnsmasq/gluon-wan-dnsmasq.pid \
--cache-size=0 \ --cache-size=0 \
--resolv-file=$RESOLV_CONF --resolv-file=$RESOLV_CONF
procd_set_param env LD_PRELOAD=libpacketmark.so LIBPACKETMARK_MARK=1 procd_set_param env LD_PRELOAD=libpacketmark.so LIBPACKETMARK_MARK=1
procd_set_param respawn 60 5 5 procd_set_param respawn 60 5 5
procd_add_jail dnsmasq log
procd_add_jail_mount $RESOLV_CONF_DIR
procd_add_jail_mount /usr/lib/libpacketmark.so
procd_add_jail_mount /etc/passwd /etc/group /etc/TZ
procd_add_jail_mount_rw /var/run/dnsmasq/
procd_close_instance procd_close_instance
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz