[Dnsmasq-discuss] dnsmasq-2.43rc3 caps failed

Simon Kelley simon at thekelleys.org.uk
Thu Jul 10 09:26:41 BST 2008


Jan Psota wrote:
>>> On Linux 2.6.24 (Gentoo kernel, though I don't see why it wouldn't 
>>> happen on other distros), starting this release with the user set
>>> to anything other than root fails with this message:
>>>
>>> dnsmasq: setting capabilities failed: Operation not permitted
>>>
>> I think I may have been guilty of answering the question I expected
>> in my last reply. Its valid if what you are talking about is running
>> (as root)
>>
>> dnsmasq --user <someuser>
>>
>> if you are actually starting dnsmasq as <someuser> (presumably
>> listening on a high port) then I can see that changing the capability
>> error from soft to hard is a problem. The solution is not to attempt
>> any of that stuff if the original process uid is non-zero.
>>
>> I'll fix that before a final release.
> ?
> I use kernel 2.6.25 on recent Gentoo, and have no such problem (and
> never before had). I never cared of using capabilities (I don't know
> much about it, but enough to remove capabilities setting from kernel
> tun driver -- it does not let run qemu -net tun as normal user).
> On Gentoo dnsmasq is started that way:
> 	start-stop-daemon --start --exec /usr/sbin/dnsmasq \
> 	--pidfile /var/run/dnsmasq.pid -- -x /var/run/dnsmasq.pid \
> 	${DNSMASQ_OPTS}		# =""
> so it runs as nobody, as he likes. Running:
> 	dnsmasq --user nobody
> as root goes without problems and as normal user I must use:
> 	/usr/sbin/dnsmasq -u jasiu --dhcp-alternate-port 1067 -d -p 1053
> and disable TFTP server because of port numbers.
> All on 2.43rc3. Kernel compiled for my machine. Dnsmasq runs well.
> 

OK, that's good info, thanks. It looks like the original problem is just
running dnsmasq as an ordinary user. You're not seeing the problem
because you're using the '-d' flag, which suppresses all uid-munging. If
you remove -d, I guess you'll see the same  problem as the OP. It will
be fixed for the final release.

Cheers,

Simon.



More information about the Dnsmasq-discuss mailing list