[openwrt/openwrt] dnsmasq: add option to expose additional paths to jail

LEDE Commits lede-commits at lists.infradead.org
Sun Nov 27 06:08:51 PST 2022 

dangole pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/aa12a0fdd1c5a004281633c5b0758da1781bb41c

commit aa12a0fdd1c5a004281633c5b0758da1781bb41c
Author: Daniel Golle <daniel at makrotopia.org>
AuthorDate: Sun Nov 27 12:33:31 2022 +0000

    dnsmasq: add option to expose additional paths to jail
    
    Add new UCI list 'addn_mount' allowing the expose additional filesystem
    paths to the jailed dnsmasq process. This is useful e.g. in case of
    manually configured includes to the configuration file or symlinks
    pointing outside of the exposed paths as used by e.g. the safe-search
    package in the packages feed.
    
    Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
 package/network/services/dnsmasq/files/dhcp.conf    | 1 +
 package/network/services/dnsmasq/files/dnsmasq.init | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/package/network/services/dnsmasq/files/dhcp.conf b/package/network/services/dnsmasq/files/dhcp.conf
index 4ddef172e6..ec8b1ae950 100644
--- a/package/network/services/dnsmasq/files/dhcp.conf
+++ b/package/network/services/dnsmasq/files/dhcp.conf
@@ -23,6 +23,7 @@ config dnsmasq
 	option ednspacket_max	1232
 	option filter_aaaa	0
 	option filter_a		0
+	#list addnmount		/some/path # read-only mount path to expose it to dnsmasq
 
 config dhcp lan
 	option interface	lan
diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index 21910f5fd1..d3928c2399 100755
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -204,8 +204,12 @@ ismounted() {
 	return 1
 }
 
-append_addnhosts() {
+append_extramount() {
 	ismounted "$1" || append EXTRA_MOUNT "$1"
+}
+
+append_addnhosts() {
+	append_extramount "$1"
 	xappend "--addn-hosts=$1"
 }
 
@@ -1186,6 +1190,8 @@ dnsmasq_start()
 		done
 	}
 
+	config_list_foreach "$cfg" addnmount append_extramount
+
 	procd_open_instance $cfg
 	procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."${cfg}".pid
 	procd_set_param file $CONFIGFILE

More information about the lede-commits mailing list