[Dnsmasq-discuss] dnsmasq-2.43rc3 available.

Simon Kelley simon at thekelleys.org.uk
Thu Jul 10 07:24:35 BST 2008


Patrick McLean wrote:
> On Linux 2.6.24 (Gentoo kernel, though I don't see why it wouldn't 
> happen on other distros), starting this release with the user set to 
> anything other than root fails with this message:
> 
> dnsmasq: setting capabilities failed: Operation not permitted
> 

Hmm, would it be possible to revert to an earlier version of dnsmasq, 
and check the log messages at startup? I suspect that you will find that 
dnsmasq was logging a winge about the same thing, and then  running as 
root anyway. This (former) behaviour is seen as a security hole and so 
has changed.

The thing which I know can cause the problem is a kernel configuration. 
The dnsmasq FAQ states that the solution is  "either deselect 
CONFIG_SECURITY_or_ select CONFIG_SECURITY_CAPABILITIES" but I suspect 
that it may be more complicated than that.

An strace would be useful (use strace -f, from dnsmasq with the -k flag) 
and a close look at how Gentoo configures security in its kernel.

Cheers,

Simon.



More information about the Dnsmasq-discuss mailing list