On Mon, Feb 19, 2024 at 04:32:50PM +0100, Martin Ivičič wrote:
> Hello,
>
> I might have stumbled upon a minor bug in dnsmasq which causes NET_ADMIN
> capability being required even if it's actually not needed (according to
> provided command line arguments).
>
> diff --git a/src/dnsmasq.c b/src/dnsmasq.c
> index 30fb419..cef42f6 100644
> --- a/src/dnsmasq.c
> +++ b/src/dnsmasq.c
> @@ -313,9 +313,10 @@ int main (int argc, char **argv)
> {
> dhcp_init();
> # ifdef HAVE_LINUX_NETWORK
> - if (!option_bool(OPT_NO_PING))
> - need_cap_net_raw = 1;
> - need_cap_net_admin = 1;
> + if (!option_bool(OPT_NO_PING)) {
> + need_cap_net_raw = 1;
> + need_cap_net_admin = 1;
> + }
> # endif
> }
>
The proposed patch without white space changes
--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -313,9 +313,10 @@ int main (int argc, char **argv)
{
dhcp_init();
# ifdef HAVE_LINUX_NETWORK
- if (!option_bool(OPT_NO_PING))
+ if (!option_bool(OPT_NO_PING)) {
need_cap_net_raw = 1;
need_cap_net_admin = 1;
+ }
# endif
}
> Without this patch, with following arguments, dnsmasq ends with "dnsmasq:
> process is missing required capability NET_ADMIN"
>
> src/dnsmasq \
> --strict-order \
> --bind-interfaces \
> --interface=br-mgmt \
> --listen-address=10.0.0.254 \
> --dhcp-range=10.0.0.1,10.0.0.250 \
> --dhcp-authoritative \
> --no-ping \
> --dhcp-broadcast \
> --port=0 \
> --conf-file= \
> --pid-file=/tmp/dnsmasq.pid \
> --dhcp-leasefile=/tmp/dnsmasq.leases \
> --dhcp-no-override \
> --no-daemon
>
> After applying the patch dnsmasq starts and runs fine.
Yes, that makes sense.
Allow project leader Simon some time to respond.
And do know that it is OK to do follow-up messages on this.
> Best regards,
> Martin
Groeten
Geert Stappers
--
Silence is hard to parse
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
