[Dnsmasq-discuss] Disable setcap() call when dnsmasq starts?

Jon Hermansen jon.hermansen at gmail.com
Thu May 16 04:29:04 BST 2013


Hello,
 First time poster. Glad to be here!

I have found a handful of posts relating to this, but with no clear answer:
is there a way to prevent dnsmasq from calling setcap() without running it
as root? I see this error when strace'ing dnsmasq startup, which I assume
is why dnsmasq is exiting:

[pid  3284] capset(0x20080522, 0, {CAP_SETUID|CAP_NET_ADMIN|CAP_NET_RAW,
> CAP_SETUID|CAP_NET_ADMIN|CAP_NET_RAW,
> CAP_SETUID|CAP_NET_ADMIN|CAP_NET_RAW}) = -1 EPERM (Operation not permitted)


My aim is to run dnsmasq (no DHCP needed) for my LAN's local DNS on a
remote Virtuozzo VPS instance. My home router caches records for me -- an
Airport Extreme. I have firewall rules in place on the VPS to only allow
inbound traffic on port 53 from my home network. Running dnsmasq as root is
not preferable.

I've tried variations in the config with listen-address, interface,
no-dhcp-interface and/or bind-interfaces to get dnsmasq to bind only to my
WAN IP interface on the specific ports it needs. Again, not using dnsmasq
for anything but DNS.

Any hints would be well appreciated. Thanks!

[jherm at jh86 ~]$ uname -r

2.6.32-042stab076.8



> [jherm at jh86 ~]$ cat /etc/centos-release
> CentOS release 6.4 (Final)



> [jherm at jh86 ~]$ rpm -q dnsmasq
> dnsmasq-2.48-13.el6.x86_64



> [jherm at jh86 ~]$ egrep -v '^$|^#' /etc/dnsmasq.conf /etc/dnsmasq.d/*
> /etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d
> /etc/dnsmasq.d/zzz001-jh86.org:user=nobody
> /etc/dnsmasq.d/zzz001-jh86.org:group=nobody


J
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20130515/d09327ce/attachment.html>


More information about the Dnsmasq-discuss mailing list