[Dnsmasq-discuss] Fwd: no-ping
Simon Kelley
simon at thekelleys.org.uk
Mon Feb 19 23:53:15 UTC 2024
If you're doing DHCP, even if you're not sending ICMP ping packets, you
still need CAP_NET_ADMIN, because the DHCP server has to be able to
manipulate the ARP table.
I guess you're starting dnsmasq without CAP_NET_ADMIN, dnsmasq is
determining that it needs CPA_NET_ADMIN to run the DHCP server, and
erroring out because it doesn't have it.
Simon.
On 19/02/2024 15:32, Martin Ivičič wrote:
> Hello,
>
> I might have stumbled upon a minor bug in dnsmasq which causes NET_ADMIN
> capability being required even if it's actually not needed (according to
> provided command line arguments).
>
> diff --git a/src/dnsmasq.c b/src/dnsmasq.c
> index 30fb419..cef42f6 100644
> --- a/src/dnsmasq.c
> +++ b/src/dnsmasq.c
> @@ -313,9 +313,10 @@ int main (int argc, char **argv)
> {
> dhcp_init();
> # ifdef HAVE_LINUX_NETWORK
> - if (!option_bool(OPT_NO_PING))
> - need_cap_net_raw = 1;
> - need_cap_net_admin = 1;
> + if (!option_bool(OPT_NO_PING)) {
> + need_cap_net_raw = 1;
> + need_cap_net_admin = 1;
> + }
> # endif
> }
>
> Without this patch, with following arguments, dnsmasq ends with
> "dnsmasq: process is missing required capability NET_ADMIN"
>
> src/dnsmasq \
> --strict-order \
> --bind-interfaces \
> --interface=br-mgmt \
> --listen-address=10.0.0.254 \
> --dhcp-range=10.0.0.1,10.0.0.250 \
> --dhcp-authoritative \
> --no-ping \
> --dhcp-broadcast \
> --port=0 \
> --conf-file= \
> --pid-file=/tmp/dnsmasq.pid \
> --dhcp-leasefile=/tmp/dnsmasq.leases \
> --dhcp-no-override \
> --no-daemon
>
> After applying the patch dnsmasq starts and runs fine.
>
> Best regards,
> Martin
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
More information about the Dnsmasq-discuss
mailing list