mirror of
https://github.com/openwrt/openwrt.git
synced 2024-12-20 14:13:16 +00:00
dnsmasq: run as dedicated UID/GID
Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 49252
This commit is contained in:
parent
1a1bb3aaff
commit
3481d0d793
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=dnsmasq
|
||||
PKG_VERSION:=2.75
|
||||
PKG_RELEASE:=6
|
||||
PKG_RELEASE:=7
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
|
||||
@ -34,6 +34,7 @@ define Package/dnsmasq/Default
|
||||
CATEGORY:=Base system
|
||||
TITLE:=DNS and DHCP server
|
||||
URL:=http://www.thekelleys.org.uk/dnsmasq/
|
||||
USERID:=dnsmasq=453:dnsmasq=453
|
||||
endef
|
||||
|
||||
define Package/dnsmasq
|
||||
|
@ -218,6 +218,8 @@ dnsmasq() {
|
||||
mkdir -p /tmp/hosts /tmp/dnsmasq.d
|
||||
xappend "--addn-hosts=/tmp/hosts"
|
||||
xappend "--conf-dir=/tmp/dnsmasq.d"
|
||||
xappend "--user=dnsmasq"
|
||||
xappend "--group=dnsmasq"
|
||||
|
||||
echo >> $CONFIGFILE
|
||||
|
||||
@ -592,7 +594,7 @@ start_service() {
|
||||
|
||||
if [ ! -f "$TIMESTAMPFILE" ]; then
|
||||
touch "$TIMESTAMPFILE"
|
||||
chown nobody.nogroup "$TIMESTAMPFILE"
|
||||
chown dnsmasq.dnsmasq "$TIMESTAMPFILE"
|
||||
fi
|
||||
|
||||
echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE
|
||||
|
Loading…
Reference in New Issue
Block a user