[lxc-devel] [lxd/master] Run dnsmasq with lower privilege
cryptofuture on Github
lxc-bot at linuxcontainers.org
Mon Jan 9 15:14:32 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 943 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170109/1191559b/attachment.bin>
-------------- next part --------------
From 94fab4ba2b9bc1e005bda1dc0ee0d7e0c15ead90 Mon Sep 17 00:00:00 2001
From: Anonymous <admin at hda.me>
Date: Mon, 9 Jan 2017 14:53:45 +0000
Subject: [PATCH] Run dnsmasq with lower privilege
Signed-off-by: Eugene Gusev <admin at hda.me>
---
lxd/networks.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/networks.go b/lxd/networks.go
index 8ad97ec..ef6f3dc 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -720,7 +720,7 @@ func (n *network) Start() error {
}
// Start building the dnsmasq command line
- dnsmasqCmd := []string{"dnsmasq", "-u", "root", "--strict-order", "--bind-interfaces",
+ dnsmasqCmd := []string{"dnsmasq", "-u", "nobody", "--strict-order", "--bind-interfaces",
fmt.Sprintf("--pid-file=%s", shared.VarPath("networks", n.name, "dnsmasq.pid")),
"--except-interface=lo",
fmt.Sprintf("--interface=%s", n.name)}
More information about the lxc-devel
mailing list