Pi-Hole/dnsmasq
1
0
Fork 0
mirror of https://github.com/pi-hole/dnsmasq.git synced 2025-12-19 10:18:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

CONNTRACK needs CAP_NET_ADMIN.

Browse Source
This commit is contained in:
Simon Kelley
2021-08-05 23:40:04 +01:00
parent 8389b943d3
commit a163c63787
2 changed files with 11 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -82,6 +82,10 @@ version 2.86
Make domains generated by --synth-domain appear in replies Make domains generated by --synth-domain appear in replies
when in authoritative mode. when in authoritative mode.
Ensure CAP_NET_ADMIN capability is available when
conntrack is configured. Thanks to Yick Xie for spotting
the lack of this.
version 2.85 version 2.85
Fix problem with DNS retries in 2.83/2.84. Fix problem with DNS retries in 2.83/2.84.

9
src/dnsmasq.c
View File

@@ -212,8 +212,13 @@ int main (int argc, char **argv)
#endif #endif
#ifdef HAVE_CONNTRACK #ifdef HAVE_CONNTRACK
if (option_bool(OPT_CONNTRACK) && (daemon->query_port != 0 || daemon->osport)) if (option_bool(OPT_CONNTRACK))
die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF); {
if (daemon->query_port != 0 || daemon->osport)
die (_("cannot use --conntrack AND --query-port"), NULL, EC_BADCONF);
need_cap_net_admin = 1;
}
#else #else
if (option_bool(OPT_CONNTRACK)) if (option_bool(OPT_CONNTRACK))
die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF); die(_("conntrack support not available: set HAVE_CONNTRACK in src/config.h"), NULL, EC_BADCONF);