dnsmasq: add option to expose additional paths to jail

Add new UCI list 'addn_mount' allowing the expose additional filesystem paths to the jailed dnsmasq process. This is useful e.g. in case of manually configured includes to the configuration file or symlinks pointing outside of the exposed paths as used by e.g. the safe-search package in the packages feed. Signed-off-by: Daniel Golle <daniel@makrotopia.org>
2022-11-27 12:33:31 +00:00 · 2022-11-27 12:33:31 +00:00 · aa12a0fdd1
parent d4c460648d
commit aa12a0fdd1
2 changed files with 8 additions and 1 deletions
--- a/package/network/services/dnsmasq/files/dhcp.conf
+++ b/package/network/services/dnsmasq/files/dhcp.conf
@ -23,6 +23,7 @@ config dnsmasq
 	option ednspacket_max	1232
 	option filter_aaaa	0
 	option filter_a		0
+	#list addnmount		/some/path # read-only mount path to expose it to dnsmasq

 config dhcp lan
 	option interface	lan
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@ -204,8 +204,12 @@ ismounted() {
 	return 1
 }

-append_addnhosts() {
+append_extramount() {
 	ismounted "$1" || append EXTRA_MOUNT "$1"
+}
+
+append_addnhosts() {
+	append_extramount "$1"
 	xappend "--addn-hosts=$1"
 }

@ -1186,6 +1190,8 @@ dnsmasq_start()
 		done
 	}

+	config_list_foreach "$cfg" addnmount append_extramount
+
 	procd_open_instance $cfg
 	procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq."${cfg}".pid
 	procd_set_param file $CONFIGFILE