summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohn Crispin <john@openwrt.org>2016-04-26 11:44:10 +0000
committerJohn Crispin <john@openwrt.org>2016-04-26 11:44:10 +0000
commit3481d0d793b87ed4c0f0fa899497f49060e5511d (patch)
tree9415db0673f8f3122b3309bb6183d95f4341e384
parent1a1bb3aaff9010f978f0743db04880ec6d4a42b1 (diff)
downloadopenwrt-3481d0d793b87ed4c0f0fa899497f49060e5511d.tar.gz
openwrt-3481d0d793b87ed4c0f0fa899497f49060e5511d.tar.bz2
openwrt-3481d0d793b87ed4c0f0fa899497f49060e5511d.zip
dnsmasq: run as dedicated UID/GID
Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle <daniel@makrotopia.org> SVN-Revision: 49252
-rw-r--r--package/network/services/dnsmasq/Makefile3
-rw-r--r--package/network/services/dnsmasq/files/dnsmasq.init4
2 files changed, 5 insertions, 2 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile
index a5c3740179..a5b96a3d28 100644
--- a/package/network/services/dnsmasq/Makefile
+++ b/package/network/services/dnsmasq/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_VERSION:=2.75
-PKG_RELEASE:=6
+PKG_RELEASE:=7
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
@@ -34,6 +34,7 @@ define Package/dnsmasq/Default
CATEGORY:=Base system
TITLE:=DNS and DHCP server
URL:=http://www.thekelleys.org.uk/dnsmasq/
+ USERID:=dnsmasq=453:dnsmasq=453
endef
define Package/dnsmasq
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 0cda02d4fe..7f90b8fa3e 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -218,6 +218,8 @@ dnsmasq() {
mkdir -p /tmp/hosts /tmp/dnsmasq.d
xappend "--addn-hosts=/tmp/hosts"
xappend "--conf-dir=/tmp/dnsmasq.d"
+ xappend "--user=dnsmasq"
+ xappend "--group=dnsmasq"
echo >> $CONFIGFILE
@@ -592,7 +594,7 @@ start_service() {
if [ ! -f "$TIMESTAMPFILE" ]; then
touch "$TIMESTAMPFILE"
- chown nobody.nogroup "$TIMESTAMPFILE"
+ chown dnsmasq.dnsmasq "$TIMESTAMPFILE"
fi
echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE