[Dnsmasq-discuss] dnsmasq runs as root if setcap() fails

Bill C. Riemers briemers at redhat.com
Thu Jun 19 21:21:43 BST 2008

Simon Kelley wrote:
> Carlos Carvalho wrote:
>> Simon Kelley (simon at thekelleys.org.uk) wrote on 19 June 2008 19:53:
>>  >The result of this is that if dnsmasq is going to exit because of
>>  >capability problems, it can't return a non-zero exit code: starting
>> the  >daemon will appear to start fine, and then it will silently
>> kill itself  >(logging is allowed, but not a return code to the init
>> script.)
>> I don't understand why. I think what Uwe says is that dnsmasq should
>> completely abort, that is, it should kill the helper as well. This is
>> possible if it still runs as root. And it should return a non-zero
>> exit code, of course.
> It's an ordering problem: for instance, you can do (the current order)
> fork to background
> fork helper
> do capset
Do it in this order, but have the original process stay around listening
to a pipe.   Then the steps become:

create a pipe
fork to background
fork helper
do capset
write to the pipe to tell the parent what exit status to use

If the pipe is closed with no status being sent, then we know to that an
error occurred.


More information about the Dnsmasq-discuss mailing list