dnsmasq: add option to expose additional paths to jail

Add new UCI list 'addn_mount' allowing the expose additional filesystem
paths to the jailed dnsmasq process. This is useful e.g. in case of
manually configured includes to the configuration file or symlinks
pointing outside of the exposed paths as used by e.g. the safe-search
package in the packages feed.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diff --git a/package/network/services/dnsmasq/files/dhcp.conf b/package/network/services/dnsmasq/files/dhcp.conf
index 4ddef172e63852851b803674b4b8a26bfe22903e..ec8b1ae950fe53528c1c499a3dc98e92a23c18b0 100644 (file)
--- a/package/network/services/dnsmasq/files/dhcp.conf
+++ b/package/network/services/dnsmasq/files/dhcp.conf
@@ -23,6 +23,7 @@ config dnsmasq
        option ednspacket_max   1232
        option filter_aaaa      0
        option filter_a         0
+       #list addnmount         /some/path # read-only mount path to expose it to dnsmasq
 
 config dhcp lan
        option interface        lan

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 21910f5fd19907248f3979ca837c31c39e049ae2..d3928c23993a890f0744a4b6ce5d59717b3072b7 100755 (executable)
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -204,8 +204,12 @@ ismounted() {
        return 1
 }
 
-append_addnhosts() {
+append_extramount() {
        ismounted "$1" || append EXTRA_MOUNT "$1"
+}
+
+append_addnhosts() {
+       append_extramount "$1"
        xappend "--addn-hosts=$1"
 }
 
@@ -1186,6 +1190,8 @@ dnsmasq_start()
                done
        }
 
+       config_list_foreach "$cfg" addnmount append_extramount
+
        procd_open_instance $cfg
        procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."${cfg}".pid
        procd_set_param file $CONFIGFILE