dnsmasq: add jail support

Signed-off-by: John Crispin <blogic@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/trunk@45011 3c298f89-4303-0410-b956-a3cf2f4a3e73

1 files changed, 10 insertions, 1 deletions

diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init
index a0197ef764..052a22dade 100644
--- a/package/network/services/dnsmasq/files/dnsmasq.init
+++ b/package/network/services/dnsmasq/files/dnsmasq.init
@@ -547,13 +547,22 @@ start_service() {
 	config_load dhcp
 
 	procd_open_instance
-	procd_set_param command $PROG -C $CONFIGFILE -k
+	procd_set_param command $PROG -C $CONFIGFILE -d -x /var/run/dnsmasq/dnsmasq.pid
 	procd_set_param file $CONFIGFILE
 	procd_set_param respawn
+
+	procd_add_jail dnsmasq ubus log
+	procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE /etc/passwd /dev/urandom /etc/dnsmasq.conf /tmp/dnsmasq.d /tmp/resolv.conf.auto /etc/hosts /etc/ethers
+	procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases
+	
 	procd_close_instance
 
 	# before we can call xappend
+	mkdir -p /var/run/dnsmasq/
 	mkdir -p $(dirname $CONFIGFILE)
+	mkdir -p /var/lib/misc
+	touch /tmp/dhcp.leases
+
 
 	echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE
 	echo "# auto-generated config file from /etc/config/dhcp" > $HOSTFILE