[Dnsmasq-discuss] dnsmasq-2.43rc3 caps failed

Jan Psota jasiu at belsznica.pl
Thu Jul 10 09:19:55 BST 2008


> > On Linux 2.6.24 (Gentoo kernel, though I don't see why it wouldn't 
> > happen on other distros), starting this release with the user set
> > to anything other than root fails with this message:
> > 
> > dnsmasq: setting capabilities failed: Operation not permitted
> > 
> 
> I think I may have been guilty of answering the question I expected
> in my last reply. Its valid if what you are talking about is running
> (as root)
> 
> dnsmasq --user <someuser>
> 
> if you are actually starting dnsmasq as <someuser> (presumably
> listening on a high port) then I can see that changing the capability
> error from soft to hard is a problem. The solution is not to attempt
> any of that stuff if the original process uid is non-zero.
> 
> I'll fix that before a final release.
?
I use kernel 2.6.25 on recent Gentoo, and have no such problem (and
never before had). I never cared of using capabilities (I don't know
much about it, but enough to remove capabilities setting from kernel
tun driver -- it does not let run qemu -net tun as normal user).
On Gentoo dnsmasq is started that way:
	start-stop-daemon --start --exec /usr/sbin/dnsmasq \
	--pidfile /var/run/dnsmasq.pid -- -x /var/run/dnsmasq.pid \
	${DNSMASQ_OPTS}		# =""
so it runs as nobody, as he likes. Running:
	dnsmasq --user nobody
as root goes without problems and as normal user I must use:
	/usr/sbin/dnsmasq -u jasiu --dhcp-alternate-port 1067 -d -p 1053
and disable TFTP server because of port numbers.
All on 2.43rc3. Kernel compiled for my machine. Dnsmasq runs well.

--
jasiu

____________________________________________________________________________
Firmowy Serwis WWW
Setki projektow! Darmowy test przez 14 dni!
www.nazwa.pl



More information about the Dnsmasq-discuss mailing list