OK I committed to patch to this effect.
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=9adbf009a6df76d9ae5be2b93a90e210e9aa8216
Cheers,
Simon.
On 21/02/2024 00:13, Martin Ivičič wrote:
I tested all the combinations:
- just --no-ping: dnsmasq: process is missing required
That would work, I think. Please try it and report back.
Simon.
On 20/02/2024 23:53, Martin Ivičič wrote:
Our intent is to run tests in CI where we can't use root user or set any
capabilities (eventually we'll be running with
--dhcp-alternate-port=1067,1068 as well)
What do you think about
I tested all the combinations:
- just --no-ping: dnsmasq: process is missing required capability NET_ADMIN
- --no-ping + --dhcp-broadcast=mgmt: dnsmasq: process is missing required
capability NET_ADMIN
- --no-ping + --dhcp-broadcast: works fine
Best regards,
Martin
On Wed, Feb 21, 2024 at
Our intent is to run tests in CI where we can't use root user or set any
capabilities (eventually we'll be running with
--dhcp-alternate-port=1067,1068 as well)
What do you think about the following?
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 30fb419..5969e01 100644
--- a/src/dnsmasq.c
+++
Ah, this is working because you include --dhcp-broadcast, which avoids
the ARP-cache access.
I'm not clear why you want to avoid CAP_NET_ADMIN, but a correct patch
to do that would only not set need_cap_netadmin when --broadcast is set,
and only when it's set unconditionally, without tags.
I'm currently running dnsmasq (with my patch applied) using the
following script and everything seems to work fine actually - no
errors reported.
(I have only added CAP_NET_BIND_SERVICE in order to be able to bind to port 67.)
#!/bin/bash
set -euo pipefail
SCRIPT_DIR="$( cd "$( dirname
If you're doing DHCP, even if you're not sending ICMP ping packets, you
still need CAP_NET_ADMIN, because the DHCP server has to be able to
manipulate the ARP table.
I guess you're starting dnsmasq without CAP_NET_ADMIN, dnsmasq is
determining that it needs CPA_NET_ADMIN to run the DHCP
On Mon, Feb 19, 2024 at 04:32:50PM +0100, Martin Ivičič wrote:
> Hello,
>
> I might have stumbled upon a minor bug in dnsmasq which causes NET_ADMIN
> capability being required even if it's actually not needed (according to
> provided command line arguments).
>
> diff --git a/src/dnsmasq.c
Hello,
I might have stumbled upon a minor bug in dnsmasq which causes NET_ADMIN
capability being required even if it's actually not needed (according to
provided command line arguments).
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 30fb419..cef42f6 100644
--- a/src/dnsmasq.c
+++