From 3481d0d793b87ed4c0f0fa899497f49060e5511d Mon Sep 17 00:00:00 2001 From: John Crispin Date: Tue, 26 Apr 2016 11:44:10 +0000 Subject: [PATCH] dnsmasq: run as dedicated UID/GID Running dnsmasq in a dedicated user/group allows matching its outgoing traffic more easily using iptables' owner match. Add UID/GID to the package metadata and append the user/group parameters to the init script. Signed-off-by: Daniel Golle SVN-Revision: 49252 --- package/network/services/dnsmasq/Makefile | 3 ++- package/network/services/dnsmasq/files/dnsmasq.init | 4 +++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile index a5c37401798e..a5b96a3d28e7 100644 --- a/package/network/services/dnsmasq/Makefile +++ b/package/network/services/dnsmasq/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dnsmasq PKG_VERSION:=2.75 -PKG_RELEASE:=6 +PKG_RELEASE:=7 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq @@ -34,6 +34,7 @@ define Package/dnsmasq/Default CATEGORY:=Base system TITLE:=DNS and DHCP server URL:=http://www.thekelleys.org.uk/dnsmasq/ + USERID:=dnsmasq=453:dnsmasq=453 endef define Package/dnsmasq diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 0cda02d4feaa..7f90b8fa3e27 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -218,6 +218,8 @@ dnsmasq() { mkdir -p /tmp/hosts /tmp/dnsmasq.d xappend "--addn-hosts=/tmp/hosts" xappend "--conf-dir=/tmp/dnsmasq.d" + xappend "--user=dnsmasq" + xappend "--group=dnsmasq" echo >> $CONFIGFILE @@ -592,7 +594,7 @@ start_service() { if [ ! -f "$TIMESTAMPFILE" ]; then touch "$TIMESTAMPFILE" - chown nobody.nogroup "$TIMESTAMPFILE" + chown dnsmasq.dnsmasq "$TIMESTAMPFILE" fi echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE -- 2.30.2