dnsmasq: export tftp root to the procd jail
Signed-off-by: Felix Fietkau <nbd@openwrt.org> SVN-Revision: 48761
This commit is contained in:
parent
5e84051a0f
commit
b4a1bd8992
1 changed files with 17 additions and 11 deletions
|
@ -220,6 +220,12 @@ dnsmasq() {
|
|||
xappend "--conf-dir=/tmp/dnsmasq.d"
|
||||
|
||||
echo >> $CONFIGFILE
|
||||
|
||||
config_get_bool enable_tftp "$cfg" enable_tftp 0
|
||||
[ "$enable_tftp" -gt 0 ] && {
|
||||
config_get tftp_root "$cfg" tftp_root
|
||||
append EXTRA_MOUNT $tftp_root
|
||||
}
|
||||
}
|
||||
|
||||
dhcp_subscrid_add() {
|
||||
|
@ -555,17 +561,6 @@ start_service() {
|
|||
|
||||
config_load dhcp
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq.pid
|
||||
procd_set_param file $CONFIGFILE
|
||||
procd_set_param respawn
|
||||
|
||||
procd_add_jail dnsmasq ubus log
|
||||
procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE /etc/passwd /etc/group /etc/TZ /dev/null /dev/urandom /etc/dnsmasq.conf /tmp/dnsmasq.d /tmp/resolv.conf.auto /etc/hosts /etc/ethers
|
||||
procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases $TIMESTAMPFILE
|
||||
|
||||
procd_close_instance
|
||||
|
||||
# before we can call xappend
|
||||
mkdir -p /var/run/dnsmasq/
|
||||
mkdir -p $(dirname $CONFIGFILE)
|
||||
|
@ -643,6 +638,17 @@ start_service() {
|
|||
for DNS_SERVER in $DNS_SERVERS ; do
|
||||
echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf
|
||||
done
|
||||
|
||||
procd_open_instance
|
||||
procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq.pid
|
||||
procd_set_param file $CONFIGFILE
|
||||
procd_set_param respawn
|
||||
|
||||
procd_add_jail dnsmasq ubus log
|
||||
procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE /etc/passwd /etc/group /etc/TZ /dev/null /dev/urandom /etc/dnsmasq.conf /tmp/dnsmasq.d /tmp/resolv.conf.auto /etc/hosts /etc/ethers $EXTRA_MOUNT
|
||||
procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases $TIMESTAMPFILE
|
||||
|
||||
procd_close_instance
|
||||
}
|
||||
|
||||
reload_service() {
|
||||
|
|
Loading…
Reference in a new issue