<div dir="ltr"><div class="gmail_default" style="font-family:arial,sans-serif;color:rgb(0,0,0)">Looks like this issue was fixed today by Daniel Golle in OpenWrt:<br></div><div class="gmail_default" style="font-family:arial,sans-serif;color:rgb(0,0,0)"><br></div><div class="gmail_default" style="font-family:arial,sans-serif;color:rgb(0,0,0)"><a href="https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=aa12a0fdd1c5a004281633c5b0758da1781bb41c">https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=aa12a0fdd1c5a004281633c5b0758da1781bb41c</a></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sat, Nov 26, 2022 at 2:46 PM Simon Kelley <<a href="mailto:simon@thekelleys.org.uk">simon@thekelleys.org.uk</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Does the openwrt config use --hostsdir to read all the files in a <br>
directory automatically when they change? The inotify code has explicit <br>
handling for the case that an argument to --hostdir is a symlink, so <br>
there's a chance that's botched somewhere.<br>
<br>
Note that's a symlink in the path to the directory. I just checked and <br>
symlinks to files contained in the directory 1) don't exercise that code <br>
and 2) work fine on my Ubuntu desktop.<br>
<br>
<br>
Cheers,<br>
<br>
Simon.<br>
<br>
<br>
On 26/11/2022 20:45, Gordon Shawn wrote:<br>
> it has something to do with openwrt's ujail (seccomp) I believe, <br>
> probably to avoid symlink attacks? i.e. file works, symlink does not work.<br>
> <br>
> On Sat, Nov 26, 2022 at 2:19 PM Eric Fahlgren <<a href="mailto:ericfahlgren@gmail.com" target="_blank">ericfahlgren@gmail.com</a> <br>
> <mailto:<a href="mailto:ericfahlgren@gmail.com" target="_blank">ericfahlgren@gmail.com</a>>> wrote:<br>
> <br>
> I can't imagine that dnsmasq would even know that the file it was<br>
> opening was a symlink. I'd suspect ownership or permissions. The<br>
> dnsmasq process in OpenWrt is run as the 'dnsmasq' user, so maybe<br>
> 'chown dnsmasq:dnsmasq /etc/safe-search/enabled/*' or some variant<br>
> would resolve your issue.<br>
> <br>
> On Fri, Nov 25, 2022 at 7:05 PM Gordon Shawn <<a href="mailto:capcoding@gmail.com" target="_blank">capcoding@gmail.com</a><br>
> <mailto:<a href="mailto:capcoding@gmail.com" target="_blank">capcoding@gmail.com</a>>> wrote:<br>
> <br>
> On the newest openwrt I installed 'safe-search' which has a few<br>
> files under /etc/safe-search/available/ and they're symlinked to<br>
> /etc/safe-search/enable/ by choice.<br>
> <br>
> dnsmasq reports it failed to load those symlinks under enable/<br>
> <br>
> if I remove the symlinks, and copy the real files over from<br>
> available/, dnsmasq read them all and works fine.<br>
> <br>
> can dnsmasq read addn-hosts files when they're symbolic links?<br>
> <br>
> Thanks,<br>
> Gordon<br>
> _______________________________________________<br>
> Dnsmasq-discuss mailing list<br>
> <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <mailto:<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a>><br>
> <a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a> <<a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a>><br>
> <br>
> <br>
> _______________________________________________<br>
> Dnsmasq-discuss mailing list<br>
> <a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
> <a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a><br>
<br>
_______________________________________________<br>
Dnsmasq-discuss mailing list<br>
<a href="mailto:Dnsmasq-discuss@lists.thekelleys.org.uk" target="_blank">Dnsmasq-discuss@lists.thekelleys.org.uk</a><br>
<a href="https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss" rel="noreferrer" target="_blank">https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss</a><br>
</blockquote></div>