[Dnsmasq-discuss] dnsmasq-2.43rc3 available.
Simon Kelley
simon at thekelleys.org.uk
Thu Jul 10 07:24:35 BST 2008
Patrick McLean wrote:
> On Linux 2.6.24 (Gentoo kernel, though I don't see why it wouldn't
> happen on other distros), starting this release with the user set to
> anything other than root fails with this message:
>
> dnsmasq: setting capabilities failed: Operation not permitted
>
Hmm, would it be possible to revert to an earlier version of dnsmasq,
and check the log messages at startup? I suspect that you will find that
dnsmasq was logging a winge about the same thing, and then running as
root anyway. This (former) behaviour is seen as a security hole and so
has changed.
The thing which I know can cause the problem is a kernel configuration.
The dnsmasq FAQ states that the solution is "either deselect
CONFIG_SECURITY_or_ select CONFIG_SECURITY_CAPABILITIES" but I suspect
that it may be more complicated than that.
An strace would be useful (use strace -f, from dnsmasq with the -k flag)
and a close look at how Gentoo configures security in its kernel.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list