<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hello,</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"> First time poster. Glad to be here!</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">
<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I have found a handful of posts relating to this, but with no clear answer: is there a way to prevent dnsmasq from calling setcap() without running it as root? I see this error when strace'ing dnsmasq startup, which I assume is why dnsmasq is exiting:</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font face="arial, helvetica, sans-serif">[pid  3284] capset(0x20080522, 0, {CAP_SETUID|CAP_NET_ADMIN|CAP_NET_RAW, CAP_SETUID|CAP_NET_ADMIN|CAP_NET_RAW, CAP_SETUID|CAP_NET_ADMIN|CAP_NET_RAW}) = -1 EPERM (Operation not permitted)</font></blockquote>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">My aim is to run dnsmasq (no DHCP needed) for my LAN's local DNS on a remote Virtuozzo VPS instance. My home router caches records for me -- an Airport Extreme. I have firewall rules in place on the VPS to only allow inbound traffic on port 53 from my home network. Running dnsmasq as root is not preferable.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">I've tried variations in the config with listen-address, interface, no-dhcp-interface and/or bind-interfaces to get dnsmasq to bind only to my WAN IP interface on the specific ports it needs. Again, not using dnsmasq for anything but DNS.</div>
<div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Any hints would be well appreciated. Thanks!</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">
<br></div><div class="gmail_default"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="arial, helvetica, sans-serif">[jherm@jh86 ~]$ uname -r</font></blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="arial, helvetica, sans-serif">2.6.32-042stab076.8</font></blockquote>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font face="arial, helvetica, sans-serif">[jherm@jh86 ~]$ cat /etc/centos-release <br>
</font><font face="arial, helvetica, sans-serif">CentOS release 6.4 (Final)</font></blockquote><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font face="arial, helvetica, sans-serif">[jherm@jh86 ~]$ rpm -q dnsmasq<br></font><font face="arial, helvetica, sans-serif">dnsmasq-2.48-13.el6.x86_64</font></blockquote><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<font face="arial, helvetica, sans-serif">[jherm@jh86 ~]$ egrep -v '^$|^#' /etc/dnsmasq.conf /etc/dnsmasq.d/*<br></font><font face="arial, helvetica, sans-serif">/etc/dnsmasq.conf:conf-dir=/etc/dnsmasq.d<br></font><font face="arial, helvetica, sans-serif">/etc/dnsmasq.d/zzz001-jh86.org:user=nobody<br>
</font><font face="arial, helvetica, sans-serif">/etc/dnsmasq.d/zzz001-jh86.org:group=nobody</font></blockquote></div><div><div><br></div>J</div>
</div>