morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 08:25:20 +09:00
Code Issues Packages Projects Releases Wiki Activity

manager: also restart stub listner on reload

Browse Source 
Previously, the extra stub listners were stopped but new ones were not
started. Also, the main stub listners were not restarted, hence the
new settings were not applied. This fixes the above two issues.

Note, to fix the issue, we need to keep CAP_NET_BIND_SERVICE capability
to make it allow to bind stub listner later.

Fixes #37843.
This commit is contained in:
Yu Watanabe
2025-06-16 17:55:11 +09:00
parent 9ed99b0793
commit 752cdf5051
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/resolve/resolved-manager.c
View File

@@ -653,6 +653,7 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa
dns_server_unlink_on_reload(m->dns_servers);
dns_server_unlink_on_reload(m->fallback_dns_servers);
m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
manager_dns_stub_stop(m);
dnssd_service_clear_on_reload(m->dnssd_services);
m->unicast_scope = dns_scope_free(m->unicast_scope);
m->delegates = hashmap_free(m->delegates);
@@ -691,6 +692,10 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa
manager_flush_caches(m, LOG_INFO);
manager_verify_all(m);
r = manager_dns_stub_start(m);
if (r < 0)
return sd_event_exit(sd_event_source_get_event(s), r);
(void) sd_notify(/* unset_environment= */ false, NOTIFY_READY_MESSAGE);
return 0;
}

12
src/resolve/resolved.c
View File

@@ -56,11 +56,10 @@ static int run(int argc, char *argv[]) {
if (r < 0)
return log_error_errno(r, "Could not create runtime directory: %m");
/* Drop privileges, but keep three caps. Note that we drop two of those too, later on (see below) */
/* Drop privileges, but keep two caps. */
r = drop_privileges(uid, gid,
(UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */
(UINT64_C(1) << CAP_NET_BIND_SERVICE)| /* needed to bind on port 53 */
(UINT64_C(1) << CAP_SETPCAP) /* needed in order to drop the caps later */);
(UINT64_C(1) << CAP_NET_RAW)| /* needed for SO_BINDTODEVICE */
(UINT64_C(1) << CAP_NET_BIND_SERVICE)); /* needed to bind on port 53 */
if (r < 0)
return log_error_errno(r, "Failed to drop privileges: %m");
}
@@ -78,11 +77,6 @@ static int run(int argc, char *argv[]) {
(void) manager_check_resolv_conf(m);
/* Let's drop the remaining caps now */
r = capability_bounding_set_drop((UINT64_C(1) << CAP_NET_RAW), true);
if (r < 0)
return log_error_errno(r, "Failed to drop remaining caps: %m");
notify_stop = notify_start(NOTIFY_READY_MESSAGE, NOTIFY_STOPPING_MESSAGE);
r = sd_event_loop(m->event);