[opensuse] dnsmasq won't load auxillar hosts file
I'm using a axillary hosts-like file with dnsmasq to exclude advert and pwn sites. We've touched on this as an alternative for adblock with firefox. I have in /etc/dnsmasq.conf ---------------------- # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. #no-hosts # or if you want it to read another file, as well as /etc/hosts, use # this. #addn-hosts=/etc/banner_add_hosts addn-hosts=/etc/block.hosts.txt ---------------------- And # ls -l /etc/hosts /etc/block.hosts.txt -rw-rw-rw- 1 root root 762944 Aug 14 10:50 /etc/block.hosts.txt -rw-r--r-- 1 root root 764312 Aug 14 11:08 /etc/hosts But when I restart dnsmasq I get the following error $ sudo systemctl status dnsmasq.service ... Aug 14 11:09:01 Mainbox dnsmasq[14934]: failed to load names from /etc/block.hosts.txt: Permission denied I've also tried with the command line option. That produces the same error. But if I paste the block file into the end of /etc/hosts there is no problem. I can't see why dnsmasq is seeing an access control problem? What am I missing? https://hugoheden.wordpress.com/2009/02/24/dnsmasq-and-etchosts/ http://www.linksysinfo.org/index.php?threads/blocking-ads-using-dnsmasq-with... -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, Aug 15, 2015 at 09:26:11AM -0400, Anton Aylward wrote:
I'm using a axillary hosts-like file with dnsmasq to exclude advert and pwn sites. We've touched on this as an alternative for adblock with firefox.
I have in /etc/dnsmasq.conf
---------------------- # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. #no-hosts # or if you want it to read another file, as well as /etc/hosts, use # this. #addn-hosts=/etc/banner_add_hosts addn-hosts=/etc/block.hosts.txt ----------------------
And
# ls -l /etc/hosts /etc/block.hosts.txt -rw-rw-rw- 1 root root 762944 Aug 14 10:50 /etc/block.hosts.txt -rw-r--r-- 1 root root 764312 Aug 14 11:08 /etc/hosts
But when I restart dnsmasq I get the following error
$ sudo systemctl status dnsmasq.service ... Aug 14 11:09:01 Mainbox dnsmasq[14934]: failed to load names from /etc/block.hosts.txt: Permission denied
I've also tried with the command line option. That produces the same error.
But if I paste the block file into the end of /etc/hosts there is no problem.
I can't see why dnsmasq is seeing an access control problem? What am I missing?
https://hugoheden.wordpress.com/2009/02/24/dnsmasq-and-etchosts/
http://www.linksysinfo.org/index.php?threads/blocking-ads-using-dnsmasq-with...
apparmor. dnsmasq has an apparmor profile. Run logprof to allow access to your extra files or edit /etc/apparmor.d/usr.sbin.dnsmasq . Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/15/2015 09:37 AM, Marcus Meissner wrote:
I can't see why dnsmasq is seeing an access control problem? What am I missing?
apparmor. dnsmasq has an apparmor profile.
Run logprof to allow access to your extra files or edit /etc/apparmor.d/usr.sbin.dnsmasq .
Ah! If I had created /etc/dnsmasq.d and put it there there woldn't be the problem. Curiously that directory didn't exist before. Thank you. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat, 15 Aug 2015 15:26, Anton Aylward wrote:
I'm using a axillary hosts-like file with dnsmasq to exclude advert and pwn sites. We've touched on this as an alternative for adblock with firefox.
I have in /etc/dnsmasq.conf
---------------------- # If you don't want dnsmasq to read /etc/hosts, uncomment the # following line. #no-hosts # or if you want it to read another file, as well as /etc/hosts, use # this. #addn-hosts=/etc/banner_add_hosts addn-hosts=/etc/block.hosts.txt ----------------------
And
# ls -l /etc/hosts /etc/block.hosts.txt -rw-rw-rw- 1 root root 762944 Aug 14 10:50 /etc/block.hosts.txt -rw-r--r-- 1 root root 764312 Aug 14 11:08 /etc/hosts
But when I restart dnsmasq I get the following error
$ sudo systemctl status dnsmasq.service ... Aug 14 11:09:01 Mainbox dnsmasq[14934]: failed to load names from /etc/block.hosts.txt: Permission denied
I've also tried with the command line option. That produces the same error.
But if I paste the block file into the end of /etc/hosts there is no problem.
I can't see why dnsmasq is seeing an access control problem? What am I missing?
https://hugoheden.wordpress.com/2009/02/24/dnsmasq-and-etchosts/
http://www.linksysinfo.org/index.php?threads/blocking-ads-using-dnsmasq-with...
First hint: Permission problem. Try: "chmod go-w /etc/block.hosts.txt" and "systemctl restart dnsmasq.service" The shown file (/etc/block.hosts.txt) is too open in its file permissions and thus dnsmasq blocks opening that file for security reasons. - Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 08/15/2015 09:38 AM, Yamaban wrote:
First hint: Permission problem. Try: "chmod go-w /etc/block.hosts.txt" and "systemctl restart dnsmasq.service"
The shown file (/etc/block.hosts.txt) is too open in its file permissions and thus dnsmasq blocks opening that file for security reasons.
Actually I'd started with -r-------- then -r--r------ And more permutations And I'd also tried the file owned by dnsmasq. And various others. None worked. No, it was a apparmor issue. Dealing with Marks's suggestion of looking at the apparmor file for dnsmasq told me what the problem was and showed a simple way to fix it without even having to 'recompile' the apparmor settings :-) See my other email. Bug *DUH* for not thinking of apparmor earlier. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (3)
-
Anton Aylward
-
Marcus Meissner
-
Yamaban