Hello, I might have stumbled upon a minor bug in dnsmasq which causes NET_ADMIN capability being required even if it's actually not needed (according to provided command line arguments).
diff --git a/src/dnsmasq.c b/src/dnsmasq.c index 30fb419..cef42f6 100644 --- a/src/dnsmasq.c +++ b/src/dnsmasq.c @@ -313,9 +313,10 @@ int main (int argc, char **argv) { dhcp_init(); # ifdef HAVE_LINUX_NETWORK - if (!option_bool(OPT_NO_PING)) - need_cap_net_raw = 1; - need_cap_net_admin = 1; + if (!option_bool(OPT_NO_PING)) { + need_cap_net_raw = 1; + need_cap_net_admin = 1; + } # endif } Without this patch, with following arguments, dnsmasq ends with "dnsmasq: process is missing required capability NET_ADMIN" src/dnsmasq \ --strict-order \ --bind-interfaces \ --interface=br-mgmt \ --listen-address=10.0.0.254 \ --dhcp-range=10.0.0.1,10.0.0.250 \ --dhcp-authoritative \ --no-ping \ --dhcp-broadcast \ --port=0 \ --conf-file= \ --pid-file=/tmp/dnsmasq.pid \ --dhcp-leasefile=/tmp/dnsmasq.leases \ --dhcp-no-override \ --no-daemon After applying the patch dnsmasq starts and runs fine. Best regards, Martin
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss