dnsmasq: add jail support

author John Crispin <john@openwrt.org>

Thu, 26 Mar 2015 10:58:30 +0000 (10:58 +0000)

committer John Crispin <john@openwrt.org>

Thu, 26 Mar 2015 10:58:30 +0000 (10:58 +0000)
author John Crispin <john@openwrt.org>
Thu, 26 Mar 2015 10:58:30 +0000 (10:58 +0000)
committer John Crispin <john@openwrt.org>
Thu, 26 Mar 2015 10:58:30 +0000 (10:58 +0000)
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init

index a0197ef7642457dd8a98fb287f9b6aa0173a12d4..052a22dade85be5f5d020abf99d1f0782b143fd3 100644 (file)
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -547,13 +547,22 @@ start_service() {
         config_load dhcp
  
         procd_open_instance
-       procd_set_param command $PROG -C $CONFIGFILE -k
+       procd_set_param command $PROG -C $CONFIGFILE -d -x /var/run/dnsmasq/dnsmasq.pid
         procd_set_param file $CONFIGFILE
         procd_set_param respawn
+
+       procd_add_jail dnsmasq ubus log
+       procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE /etc/passwd /dev/urandom /etc/dnsmasq.conf /tmp/dnsmasq.d /tmp/resolv.conf.auto /etc/hosts /etc/ethers
+       procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases
+       
         procd_close_instance
  
         # before we can call xappend
+       mkdir -p /var/run/dnsmasq/
         mkdir -p $(dirname $CONFIGFILE)
+       mkdir -p /var/lib/misc
+       touch /tmp/dhcp.leases
+
  
         echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE
         echo "# auto-generated config file from /etc/config/dhcp" > $HOSTFILE
author	John Crispin <john@openwrt.org>
	Thu, 26 Mar 2015 10:58:30 +0000 (10:58 +0000)
committer	John Crispin <john@openwrt.org>
	Thu, 26 Mar 2015 10:58:30 +0000 (10:58 +0000)