On Mon, Oct 18, 2021 at 08:12:00AM +0000, Bastian Bittorf wrote:
> introduced with 44f694ba1bca1417d24e851c637c284f9f78c06d
> ("build: select procd-ujail if !SMALL_FLASH") dnsmasq fails
> to startup when the leasefile is configured to be in /tmp,
> which is just not suited for beeing a jail location.
>
> With this patch we explicit call jail_mount_rw() for the
> (now autocreated) leasedir and show a warning in syslog
> for the special case when leasefile is in directory /tmp
>
> without this patch, the syslog shows:
> Thu Oct 14 18:32:38 2021 user.err : jail:
> creat(/tmp/ujail-lhNbFK/tmp/dhcp.leases) failed: Read-only file system
> Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: cannot open or create lease
> file /tmp/dhcp.leases: Read-only file system
> Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: FAILED to start up
>
> This is v2 of the patch with a more correct description what is does.
>
> Ref: https://bugs.openwrt.org/index.php?do=details&task_id=4085
> Suggested-by: Daniel Golle <dan...@makrotopia.org>
I have neither Ack-ed nor suggested this change.
The problem here (according to the ticket) is the option resolvfile
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
which should be
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
for things to work well by default.
Moving it back to /tmp (for which ever reason) will break things in
the way described here as then resolvdir == leasedir which causes
the problem.
Maybe we should just add a warning for that
("resolvfile and leasefile cannot be in the same directory, please
change your configuration.")
> Signed-off-by: Bastian Bittorf <b...@npl.de>
> ---
> .../services/dnsmasq/files/dnsmasq.init | 19 ++++++++++++++++---
> 1 file changed, 16 insertions(+), 3 deletions(-)
>
> diff --git a/package/network/services/dnsmasq/files/dnsmasq.init
> b/package/network/services/dnsmasq/files/dnsmasq.init
> index 3250b2179b..af2effdb26 100644
> --- a/package/network/services/dnsmasq/files/dnsmasq.init
> +++ b/package/network/services/dnsmasq/files/dnsmasq.init
> @@ -616,7 +616,7 @@ dhcp_add() {
>
> case $ra_management in
> 0)
> - # SLACC with DCHP for extended options
> + # SLACC with DHCP for extended options
> xappend
> "--dhcp-range=$nettag::,constructor:$ifname,ra-stateless,ra-names"
> ;;
> 2)
> @@ -816,7 +816,7 @@ dnsmasq_start()
> {
> local cfg="$1"
> local disabled user_dhcpscript
> - local resolvfile resolvdir localuse=0
> + local resolvfile resolvdir leasedir localuse=0
>
> config_get_bool disabled "$cfg" disabled 0
> [ "$disabled" -gt 0 ] && return 0
> @@ -994,7 +994,11 @@ dnsmasq_start()
> fi
>
> config_get leasefile $cfg leasefile "/tmp/dhcp.leases"
> - [ -n "$leasefile" ] && [ ! -e "$leasefile" ] && touch "$leasefile"
> + [ -n "$leasefile" ] && {
> + leasedir="$( dirname "$leasefile" )" && mkdir -p "$leasedir"
> + [ ! -e "$leasefile" ] && touch "$leasefile"
> + }
> +
> config_get_bool cachelocal "$cfg" cachelocal 1
>
> config_get_bool noresolv "$cfg" noresolv 0
> @@ -1154,6 +1158,15 @@ dnsmasq_start()
> procd_add_jail_mount $EXTRA_MOUNT $RFC6761FILE $TRUSTANCHORSFILE
> procd_add_jail_mount $dnsmasqconffile $dnsmasqconfdir $resolvdir
> $user_dhcpscript
> procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts
> /etc/ethers
> +
> + [ -d "$leasedir" ] && {
> + [ "$leasedir" = '/tmp' ] && {
> + logger -t dnsmasq \
> + "consider using a more private directory for
> leasefile" \
> + "because jailing /tmp does not work: choose
> e.g. /tmp/dnsmasq/leasefile"
> + }
> + procd_add_jail_mount_rw $leasedir
> + }
> procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile
>
> procd_close_instance
> --
> 2.30.2
>
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
