Re: [PATCH] dnsmasq: procd-ujail: workaround startup failure, when leasefile location is in /tmp
On Mon, Oct 18, 2021 at 10:20:56AM +0100, Daniel Golle wrote: > On Mon, Oct 18, 2021 at 08:12:00AM +, Bastian Bittorf wrote: [...] > > This is v2 of the patch with a more correct description what is does. > > > > Ref: https://bugs.openwrt.org/index.php?do=details_id=4085 > > Suggested-by: Daniel Golle > > I have neither Ack-ed nor suggested this change. I'am sorry about the confusion: I troubleshooted together with Daniel the issue and he proposed a change which i did unterstood in a wrong way, hence the situation. Sorry about that. Finally the underlying issue was even another thing, so I will bring up another patch, so please ignre the patch v2 too. bye, bastian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] dnsmasq: procd-ujail: workaround startup failure, when leasefile location is in /tmp
On Mon, Oct 18, 2021 at 08:12:00AM +, Bastian Bittorf wrote: > introduced with 44f694ba1bca1417d24e851c637c284f9f78c06d > ("build: select procd-ujail if !SMALL_FLASH") dnsmasq fails > to startup when the leasefile is configured to be in /tmp, > which is just not suited for beeing a jail location. > > With this patch we explicit call jail_mount_rw() for the > (now autocreated) leasedir and show a warning in syslog > for the special case when leasefile is in directory /tmp > > without this patch, the syslog shows: > Thu Oct 14 18:32:38 2021 user.err : jail: > creat(/tmp/ujail-lhNbFK/tmp/dhcp.leases) failed: Read-only file system > Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: cannot open or create lease > file /tmp/dhcp.leases: Read-only file system > Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: FAILED to start up > > This is v2 of the patch with a more correct description what is does. > > Ref: https://bugs.openwrt.org/index.php?do=details_id=4085 > Suggested-by: Daniel Golle I have neither Ack-ed nor suggested this change. The problem here (according to the ticket) is the option resolvfile dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto' which should be dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto' for things to work well by default. Moving it back to /tmp (for which ever reason) will break things in the way described here as then resolvdir == leasedir which causes the problem. Maybe we should just add a warning for that ("resolvfile and leasefile cannot be in the same directory, please change your configuration.") > Signed-off-by: Bastian Bittorf > --- > .../services/dnsmasq/files/dnsmasq.init | 19 --- > 1 file changed, 16 insertions(+), 3 deletions(-) > > diff --git a/package/network/services/dnsmasq/files/dnsmasq.init > b/package/network/services/dnsmasq/files/dnsmasq.init > index 3250b2179b..af2effdb26 100644 > --- a/package/network/services/dnsmasq/files/dnsmasq.init > +++ b/package/network/services/dnsmasq/files/dnsmasq.init > @@ -616,7 +616,7 @@ dhcp_add() { > > case $ra_management in > 0) > - # SLACC with DCHP for extended options > + # SLACC with DHCP for extended options > xappend > "--dhcp-range=$nettag::,constructor:$ifname,ra-stateless,ra-names" > ;; > 2) > @@ -816,7 +816,7 @@ dnsmasq_start() > { > local cfg="$1" > local disabled user_dhcpscript > - local resolvfile resolvdir localuse=0 > + local resolvfile resolvdir leasedir localuse=0 > > config_get_bool disabled "$cfg" disabled 0 > [ "$disabled" -gt 0 ] && return 0 > @@ -994,7 +994,11 @@ dnsmasq_start() > fi > > config_get leasefile $cfg leasefile "/tmp/dhcp.leases" > - [ -n "$leasefile" ] && [ ! -e "$leasefile" ] && touch "$leasefile" > + [ -n "$leasefile" ] && { > + leasedir="$( dirname "$leasefile" )" && mkdir -p "$leasedir" > + [ ! -e "$leasefile" ] && touch "$leasefile" > + } > + > config_get_bool cachelocal "$cfg" cachelocal 1 > > config_get_bool noresolv "$cfg" noresolv 0 > @@ -1154,6 +1158,15 @@ dnsmasq_start() > procd_add_jail_mount $EXTRA_MOUNT $RFC6761FILE $TRUSTANCHORSFILE > procd_add_jail_mount $dnsmasqconffile $dnsmasqconfdir $resolvdir > $user_dhcpscript > procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts > /etc/ethers > + > + [ -d "$leasedir" ] && { > + [ "$leasedir" = '/tmp' ] && { > + logger -t dnsmasq \ > + "consider using a more private directory for > leasefile" \ > + "because jailing /tmp does not work: choose > e.g. /tmp/dnsmasq/leasefile" > + } > + procd_add_jail_mount_rw $leasedir > + } > procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile > > procd_close_instance > -- > 2.30.2 > ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] dnsmasq: procd-ujail: workaround startup failure, when leasefile location is in /tmp
introduced with 44f694ba1bca1417d24e851c637c284f9f78c06d ("build: select procd-ujail if !SMALL_FLASH") dnsmasq fails to startup when the leasefile is configured to be in /tmp, which is just not suited for beeing a jail location. With this patch we explicit call jail_mount_rw() for the (now autocreated) leasedir and show a warning in syslog for the special case when leasefile is in directory /tmp without this patch, the syslog shows: Thu Oct 14 18:32:38 2021 user.err : jail: creat(/tmp/ujail-lhNbFK/tmp/dhcp.leases) failed: Read-only file system Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: cannot open or create lease file /tmp/dhcp.leases: Read-only file system Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: FAILED to start up This is v2 of the patch with a more correct description what is does. Ref: https://bugs.openwrt.org/index.php?do=details_id=4085 Suggested-by: Daniel Golle Signed-off-by: Bastian Bittorf --- .../services/dnsmasq/files/dnsmasq.init | 19 --- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 3250b2179b..af2effdb26 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -616,7 +616,7 @@ dhcp_add() { case $ra_management in 0) - # SLACC with DCHP for extended options + # SLACC with DHCP for extended options xappend "--dhcp-range=$nettag::,constructor:$ifname,ra-stateless,ra-names" ;; 2) @@ -816,7 +816,7 @@ dnsmasq_start() { local cfg="$1" local disabled user_dhcpscript - local resolvfile resolvdir localuse=0 + local resolvfile resolvdir leasedir localuse=0 config_get_bool disabled "$cfg" disabled 0 [ "$disabled" -gt 0 ] && return 0 @@ -994,7 +994,11 @@ dnsmasq_start() fi config_get leasefile $cfg leasefile "/tmp/dhcp.leases" - [ -n "$leasefile" ] && [ ! -e "$leasefile" ] && touch "$leasefile" + [ -n "$leasefile" ] && { + leasedir="$( dirname "$leasefile" )" && mkdir -p "$leasedir" + [ ! -e "$leasefile" ] && touch "$leasefile" + } + config_get_bool cachelocal "$cfg" cachelocal 1 config_get_bool noresolv "$cfg" noresolv 0 @@ -1154,6 +1158,15 @@ dnsmasq_start() procd_add_jail_mount $EXTRA_MOUNT $RFC6761FILE $TRUSTANCHORSFILE procd_add_jail_mount $dnsmasqconffile $dnsmasqconfdir $resolvdir $user_dhcpscript procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts /etc/ethers + + [ -d "$leasedir" ] && { + [ "$leasedir" = '/tmp' ] && { + logger -t dnsmasq \ + "consider using a more private directory for leasefile" \ + "because jailing /tmp does not work: choose e.g. /tmp/dnsmasq/leasefile" + } + procd_add_jail_mount_rw $leasedir + } procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile procd_close_instance -- 2.30.2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] dnsmasq: procd-ujail: workaround startup failure, when leasefile location is in /tmp
On Sun, Oct 17, 2021 at 05:45:19PM +0100, Daniel Golle wrote: > > + "because jailing /tmp does not work: choose > > e.g. /tmp/dnsmasq/leasefile" > > + } > To do what you describe in the commit message it would be > } else { > > I'm fine with either, just the commit message should match the code... > sorry, will do that and resend. please ignore this patch for now. thanks & bye, bastian ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH] dnsmasq: procd-ujail: workaround startup failure, when leasefile location is in /tmp
On Sun, Oct 17, 2021 at 03:42:18PM +, Bastian Bittorf wrote: > introduced with 44f694ba1bca1417d24e851c637c284f9f78c06d > ("build: select procd-ujail if !SMALL_FLASH") dnsmasq fails > to startup when the leasefile is configured to be in /tmp, > which is just not suited for beeing a jail location. > > Workaround this (no jailing for this file for this special case) > and show a proper information in syslog. > > without this patch, the syslog shows: > Thu Oct 14 18:32:38 2021 user.err : jail: > creat(/tmp/ujail-lhNbFK/tmp/dhcp.leases) failed: Read-only file system > Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: cannot open or create lease > file /tmp/dhcp.leases: Read-only file system > Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: FAILED to start up > > Ref: https://bugs.openwrt.org/index.php?do=details_id=4085 > Acked-by: Daniel Golle > Signed-off-by: Bastian Bittorf > --- > .../services/dnsmasq/files/dnsmasq.init | 19 --- > 1 file changed, 16 insertions(+), 3 deletions(-) > > diff --git a/package/network/services/dnsmasq/files/dnsmasq.init > b/package/network/services/dnsmasq/files/dnsmasq.init > index 3250b2179b..af2effdb26 100644 > --- a/package/network/services/dnsmasq/files/dnsmasq.init > +++ b/package/network/services/dnsmasq/files/dnsmasq.init > @@ -616,7 +616,7 @@ dhcp_add() { > > case $ra_management in > 0) > - # SLACC with DCHP for extended options > + # SLACC with DHCP for extended options > xappend > "--dhcp-range=$nettag::,constructor:$ifname,ra-stateless,ra-names" > ;; > 2) > @@ -816,7 +816,7 @@ dnsmasq_start() > { > local cfg="$1" > local disabled user_dhcpscript > - local resolvfile resolvdir localuse=0 > + local resolvfile resolvdir leasedir localuse=0 > > config_get_bool disabled "$cfg" disabled 0 > [ "$disabled" -gt 0 ] && return 0 > @@ -994,7 +994,11 @@ dnsmasq_start() > fi > > config_get leasefile $cfg leasefile "/tmp/dhcp.leases" > - [ -n "$leasefile" ] && [ ! -e "$leasefile" ] && touch "$leasefile" > + [ -n "$leasefile" ] && { > + leasedir="$( dirname "$leasefile" )" && mkdir -p "$leasedir" > + [ ! -e "$leasefile" ] && touch "$leasefile" > + } > + > config_get_bool cachelocal "$cfg" cachelocal 1 > > config_get_bool noresolv "$cfg" noresolv 0 > @@ -1154,6 +1158,15 @@ dnsmasq_start() > procd_add_jail_mount $EXTRA_MOUNT $RFC6761FILE $TRUSTANCHORSFILE > procd_add_jail_mount $dnsmasqconffile $dnsmasqconfdir $resolvdir > $user_dhcpscript > procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts > /etc/ethers > + > + [ -d "$leasedir" ] && { > + [ "$leasedir" = '/tmp' ] && { > + logger -t dnsmasq \ > + "consider using a more private directory for > leasefile" \ > + "because jailing /tmp does not work: choose > e.g. /tmp/dnsmasq/leasefile" > + } To do what you describe in the commit message it would be } else { I'm fine with either, just the commit message should match the code... > + procd_add_jail_mount_rw $leasedir > + } > procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile > > procd_close_instance > -- > 2.30.2 > > > ___ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH] dnsmasq: procd-ujail: workaround startup failure, when leasefile location is in /tmp
introduced with 44f694ba1bca1417d24e851c637c284f9f78c06d ("build: select procd-ujail if !SMALL_FLASH") dnsmasq fails to startup when the leasefile is configured to be in /tmp, which is just not suited for beeing a jail location. Workaround this (no jailing for this file for this special case) and show a proper information in syslog. without this patch, the syslog shows: Thu Oct 14 18:32:38 2021 user.err : jail: creat(/tmp/ujail-lhNbFK/tmp/dhcp.leases) failed: Read-only file system Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: cannot open or create lease file /tmp/dhcp.leases: Read-only file system Thu Oct 14 18:32:38 2021 daemon.crit dnsmasq[1]: FAILED to start up Ref: https://bugs.openwrt.org/index.php?do=details_id=4085 Acked-by: Daniel Golle Signed-off-by: Bastian Bittorf --- .../services/dnsmasq/files/dnsmasq.init | 19 --- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init index 3250b2179b..af2effdb26 100644 --- a/package/network/services/dnsmasq/files/dnsmasq.init +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -616,7 +616,7 @@ dhcp_add() { case $ra_management in 0) - # SLACC with DCHP for extended options + # SLACC with DHCP for extended options xappend "--dhcp-range=$nettag::,constructor:$ifname,ra-stateless,ra-names" ;; 2) @@ -816,7 +816,7 @@ dnsmasq_start() { local cfg="$1" local disabled user_dhcpscript - local resolvfile resolvdir localuse=0 + local resolvfile resolvdir leasedir localuse=0 config_get_bool disabled "$cfg" disabled 0 [ "$disabled" -gt 0 ] && return 0 @@ -994,7 +994,11 @@ dnsmasq_start() fi config_get leasefile $cfg leasefile "/tmp/dhcp.leases" - [ -n "$leasefile" ] && [ ! -e "$leasefile" ] && touch "$leasefile" + [ -n "$leasefile" ] && { + leasedir="$( dirname "$leasefile" )" && mkdir -p "$leasedir" + [ ! -e "$leasefile" ] && touch "$leasefile" + } + config_get_bool cachelocal "$cfg" cachelocal 1 config_get_bool noresolv "$cfg" noresolv 0 @@ -1154,6 +1158,15 @@ dnsmasq_start() procd_add_jail_mount $EXTRA_MOUNT $RFC6761FILE $TRUSTANCHORSFILE procd_add_jail_mount $dnsmasqconffile $dnsmasqconfdir $resolvdir $user_dhcpscript procd_add_jail_mount /etc/passwd /etc/group /etc/TZ /etc/hosts /etc/ethers + + [ -d "$leasedir" ] && { + [ "$leasedir" = '/tmp' ] && { + logger -t dnsmasq \ + "consider using a more private directory for leasefile" \ + "because jailing /tmp does not work: choose e.g. /tmp/dnsmasq/leasefile" + } + procd_add_jail_mount_rw $leasedir + } procd_add_jail_mount_rw /var/run/dnsmasq/ $leasefile procd_close_instance -- 2.30.2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel