From aa12a0fdd1c5a004281633c5b0758da1781bb41c Mon Sep 17 00:00:00 2001 From: Daniel Golle Date: Sun, 27 Nov 2022 12:33:31 +0000 Subject: [PATCH] dnsmasq: add option to expose additional paths to jail Add new UCI list 'addn_mount' allowing the expose additional filesystem paths to the jailed dnsmasq process. This is useful e.g. in case of manually configured includes to the configuration file or symlinks pointing outside of the exposed paths as used by e.g. the safe-search package in the packages feed. Signed-off-by: Daniel Golle --- package/network/services/dnsmasq/files/dhcp.conf | 1 + package/network/services/dnsmasq/files/dnsmasq.init | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/package/network/services/dnsmasq/files/dhcp.conf b/package/network/services/dnsmasq/files/dhcp.conf index 4ddef172e63..ec8b1ae950f 100644 --- a/package/network/services/dnsmasq/files/dhcp.conf +++ b/package/network/services/dnsmasq/files/dhcp.conf @@ -23,6 +23,7 @@ config dnsmasq option ednspacket_max 1232 option filter_aaaa 0 option filter_a 0 + #list addnmount /some/path # read-only mount path to expose it to dnsmasq config dhcp lan option interface lan diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 21910f5fd19..d3928c23993 100755 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -204,8 +204,12 @@ ismounted() { return 1 } -append_addnhosts() { +append_extramount() { ismounted "$1" || append EXTRA_MOUNT "$1" +} + +append_addnhosts() { + append_extramount "$1" xappend "--addn-hosts=$1" } @@ -1186,6 +1190,8 @@ dnsmasq_start() done } + config_list_foreach "$cfg" addnmount append_extramount + procd_open_instance $cfg procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."${cfg}".pid procd_set_param file $CONFIGFILE -- 2.30.2