manager: also restart stub listner on reload

author Yu Watanabe <watanabe.yu+github@gmail.com>

Mon, 16 Jun 2025 08:55:11 +0000 (17:55 +0900)

committer Luca Boccassi <luca.boccassi@gmail.com>

Wed, 25 Jun 2025 17:17:42 +0000 (18:17 +0100)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Mon, 16 Jun 2025 08:55:11 +0000 (17:55 +0900)
committer Luca Boccassi <luca.boccassi@gmail.com>
Wed, 25 Jun 2025 17:17:42 +0000 (18:17 +0100)
diff --git a/src/resolve/resolved-manager.c b/src/resolve/resolved-manager.c

index f468cea4ece265163bc8bf0e3f5cdb3b8a6aa2e2..3f1ebf4c535833f1011083bd34c9e6438991a2b5 100644 (file)
--- a/src/resolve/resolved-manager.c
+++ b/src/resolve/resolved-manager.c
@@ -601,6 +601,7 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa
          dns_server_unlink_on_reload(m->dns_servers);
          dns_server_unlink_on_reload(m->fallback_dns_servers);
          m->dns_extra_stub_listeners = ordered_set_free(m->dns_extra_stub_listeners);
+        manager_dns_stub_stop(m);
          dnssd_service_clear_on_reload(m->dnssd_services);
          m->unicast_scope = dns_scope_free(m->unicast_scope);
  
@@ -638,6 +639,10 @@ static int manager_dispatch_reload_signal(sd_event_source *s, const struct signa
          manager_flush_caches(m, LOG_INFO);
          manager_verify_all(m);
  
+        r = manager_dns_stub_start(m);
+        if (r < 0)
+                return sd_event_exit(sd_event_source_get_event(s), r);
+
          (void) sd_notify(/* unset= */ false, NOTIFY_READY);
          return 0;
  }
diff --git a/src/resolve/resolved.c b/src/resolve/resolved.c

index 664e7dd6539cac040e5c7942315e9253bc3329ef..9b8dab580b2cf9590620fca4097fce5d0174e515 100644 (file)
--- a/src/resolve/resolved.c
+++ b/src/resolve/resolved.c
@@ -58,11 +58,10 @@ static int run(int argc, char *argv[]) {
                  if (r < 0)
                          return log_error_errno(r, "Could not create runtime directory: %m");
  
-                /* Drop privileges, but keep three caps. Note that we drop two of those too, later on (see below) */
+                /* Drop privileges, but keep two caps. */
                  r = drop_privileges(uid, gid,
-                                    (UINT64_C(1) << CAP_NET_RAW)|          /* needed for SO_BINDTODEVICE */
-                                    (UINT64_C(1) << CAP_NET_BIND_SERVICE)| /* needed to bind on port 53 */
-                                    (UINT64_C(1) << CAP_SETPCAP)           /* needed in order to drop the caps later */);
+                                    (UINT64_C(1) << CAP_NET_RAW)|           /* needed for SO_BINDTODEVICE */
+                                    (UINT64_C(1) << CAP_NET_BIND_SERVICE)); /* needed to bind on port 53 */
                  if (r < 0)
                          return log_error_errno(r, "Failed to drop privileges: %m");
          }
@@ -82,11 +81,6 @@ static int run(int argc, char *argv[]) {
  
          (void) manager_check_resolv_conf(m);
  
-        /* Let's drop the remaining caps now */
-        r = capability_bounding_set_drop((UINT64_C(1) << CAP_NET_RAW), true);
-        if (r < 0)
-                return log_error_errno(r, "Failed to drop remaining caps: %m");
-
          notify_stop = notify_start(NOTIFY_READY, NOTIFY_STOPPING);
  
          r = sd_event_loop(m->event);
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Mon, 16 Jun 2025 08:55:11 +0000 (17:55 +0900)
committer	Luca Boccassi <luca.boccassi@gmail.com>
	Wed, 25 Jun 2025 17:17:42 +0000 (18:17 +0100)
src/resolve/resolved-manager.c		patch \| blob \| blame \| history
src/resolve/resolved.c		patch \| blob \| blame \| history