Hello,
I might have stumbled upon a minor bug in dnsmasq which causes NET_ADMIN
capability being required even if it's actually not needed (according to
provided command line arguments).
diff --git a/src/dnsmasq.c b/src/dnsmasq.c
index 30fb419..cef42f6 100644
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -313,9 +313,10 @@ int main (int argc, char **argv)
{
dhcp_init();
# ifdef HAVE_LINUX_NETWORK
- if (!option_bool(OPT_NO_PING))
- need_cap_net_raw = 1;
- need_cap_net_admin = 1;
+ if (!option_bool(OPT_NO_PING)) {
+ need_cap_net_raw = 1;
+ need_cap_net_admin = 1;
+ }
# endif
}
Without this patch, with following arguments, dnsmasq ends with "dnsmasq:
process is missing required capability NET_ADMIN"
src/dnsmasq \
--strict-order \
--bind-interfaces \
--interface=br-mgmt \
--listen-address=10.0.0.254 \
--dhcp-range=10.0.0.1,10.0.0.250 \
--dhcp-authoritative \
--no-ping \
--dhcp-broadcast \
--port=0 \
--conf-file= \
--pid-file=/tmp/dnsmasq.pid \
--dhcp-leasefile=/tmp/dnsmasq.leases \
--dhcp-no-override \
--no-daemon
After applying the patch dnsmasq starts and runs fine.
Best regards,
Martin
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
