[OpenWrt-Commits] r49252 - in trunk/package/network/services/dnsmasq: . files

Tue, 26 Apr 2016 04:45:50 -0700 

Author: blogic
Date: 2016-04-26 13:44:10 +0200 (Tue, 26 Apr 2016)
New Revision: 49252

Modified:
   trunk/package/network/services/dnsmasq/Makefile
   trunk/package/network/services/dnsmasq/files/dnsmasq.init
Log:
dnsmasq: run as dedicated UID/GID

Running dnsmasq in a dedicated user/group allows matching its outgoing
traffic more easily using iptables' owner match.
Add UID/GID to the package metadata and append the user/group
parameters to the init script.

Signed-off-by: Daniel Golle <[email protected]>

Modified: trunk/package/network/services/dnsmasq/Makefile
===================================================================
--- trunk/package/network/services/dnsmasq/Makefile     2016-04-26 11:44:07 UTC 
(rev 49251)
+++ trunk/package/network/services/dnsmasq/Makefile     2016-04-26 11:44:10 UTC 
(rev 49252)
@@ -9,7 +9,7 @@
 
 PKG_NAME:=dnsmasq
 PKG_VERSION:=2.75
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq
@@ -34,6 +34,7 @@
   CATEGORY:=Base system
   TITLE:=DNS and DHCP server
   URL:=http://www.thekelleys.org.uk/dnsmasq/
+  USERID:=dnsmasq=453:dnsmasq=453
 endef
 
 define Package/dnsmasq

Modified: trunk/package/network/services/dnsmasq/files/dnsmasq.init
===================================================================
--- trunk/package/network/services/dnsmasq/files/dnsmasq.init   2016-04-26 
11:44:07 UTC (rev 49251)
+++ trunk/package/network/services/dnsmasq/files/dnsmasq.init   2016-04-26 
11:44:10 UTC (rev 49252)
@@ -218,6 +218,8 @@
        mkdir -p /tmp/hosts /tmp/dnsmasq.d
        xappend "--addn-hosts=/tmp/hosts"
        xappend "--conf-dir=/tmp/dnsmasq.d"
+       xappend "--user=dnsmasq"
+       xappend "--group=dnsmasq"
 
        echo >> $CONFIGFILE
 
@@ -592,7 +594,7 @@
 
        if [ ! -f "$TIMESTAMPFILE" ]; then
                touch "$TIMESTAMPFILE"
-               chown nobody.nogroup "$TIMESTAMPFILE"
+               chown dnsmasq.dnsmasq "$TIMESTAMPFILE"
        fi
 
        echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE
_______________________________________________
openwrt-commits mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-commits

Reply via email to