[Dnsmasq-discuss] [PATCH] Allow root group write to log file

Petr Menšík pemensik at redhat.com
Tue Jan 11 00:11:18 UTC 2022


Hi!

I have received error report on Fedora [1] with problem of log-facility
used. Problem happens because systemd does not grant even root processes
cap_dac_override. Therefore log file created by dnsmasq has to be
writable by dnsmasq user. But it is created/opened when still did not
drop privileges under effective uid == 0. It leads to surprising
situation. If dnsmasq with log-facility=/var/log/dnsmasq.log is started
first time, it passes just fine. However when it is started second time
with /var/log/dnsmasq owned by dnsmasq:root, mode 0640, it fails opening
the log.

My attached patch fixes it. If dnsmasq were started as root, it gives
also group write right to log file. Because it does not change group of
file, it should be always root. My patch expects log file group is not
changed in mean time. If it is something different, for example adm
group, skip granting writeable flag. It fixes the problem at hand.

What do you think Simon? Others?

Cheers,
Petr

1. https://bugzilla.redhat.com/show_bug.cgi?id=2024166

-- 
Petr Menšík
Software Engineer
Red Hat, http://www.redhat.com/
email: pemensik at redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-root-group-writeable-flag-to-log-file.patch
Type: text/x-patch
Size: 2114 bytes
Desc: not available
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20220111/df8f8560/attachment.bin>


More information about the Dnsmasq-discuss mailing list