diff options
author | John Crispin <john@openwrt.org> | 2016-04-26 11:44:10 +0000 |
---|---|---|
committer | John Crispin <john@openwrt.org> | 2016-04-26 11:44:10 +0000 |
commit | 3481d0d793b87ed4c0f0fa899497f49060e5511d (patch) | |
tree | 9415db0673f8f3122b3309bb6183d95f4341e384 | |
parent | 1a1bb3aaff9010f978f0743db04880ec6d4a42b1 (diff) | |
download | openwrt-3481d0d793b87ed4c0f0fa899497f49060e5511d.tar.gz openwrt-3481d0d793b87ed4c0f0fa899497f49060e5511d.tar.bz2 openwrt-3481d0d793b87ed4c0f0fa899497f49060e5511d.zip |
dnsmasq: run as dedicated UID/GID
Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
SVN-Revision: 49252
-rw-r--r-- | package/network/services/dnsmasq/Makefile | 3 | ||||
-rw-r--r-- | package/network/services/dnsmasq/files/dnsmasq.init | 4 |
2 files changed, 5 insertions, 2 deletions
diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index a5c3740179..a5b96a3d28 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.75 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq @@ -34,6 +34,7 @@ define Package/dnsmasq/Default CATEGORY:=Base system TITLE:=DNS and DHCP server URL:=http://www.thekelleys.org.uk/dnsmasq/ + USERID:=dnsmasq=453:dnsmasq=453 endef define Package/dnsmasq diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 0cda02d4fe..7f90b8fa3e 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -218,6 +218,8 @@ dnsmasq() { mkdir -p /tmp/hosts /tmp/dnsmasq.d xappend "--addn-hosts=/tmp/hosts" xappend "--conf-dir=/tmp/dnsmasq.d" + xappend "--user=dnsmasq" + xappend "--group=dnsmasq" echo >> $CONFIGFILE @@ -592,7 +594,7 @@ start_service() { if [ ! -f "$TIMESTAMPFILE" ]; then touch "$TIMESTAMPFILE" - chown nobody.nogroup "$TIMESTAMPFILE" + chown dnsmasq.dnsmasq "$TIMESTAMPFILE" fi echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE |