mirror of
https://github.com/dnscrypt/dnscrypt-server-docker
synced 2024-11-22 11:21:58 +01:00
Re-drop privileges
This commit is contained in:
parent
44c42a989b
commit
cd8f720cf6
@ -36,7 +36,7 @@ RUN apt-get install -qy --no-install-recommends $BUILD_DEPS && \
|
|||||||
curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly
|
curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly
|
||||||
|
|
||||||
RUN export PATH="$HOME/.cargo/bin:$PATH" && \
|
RUN export PATH="$HOME/.cargo/bin:$PATH" && \
|
||||||
echo "Compiling encrypted-dns version 0.2.2" && \
|
echo "Compiling encrypted-dns version 0.2.3" && \
|
||||||
cargo install encrypted-dns && \
|
cargo install encrypted-dns && \
|
||||||
mkdir -p /opt/encrypted-dns/sbin && \
|
mkdir -p /opt/encrypted-dns/sbin && \
|
||||||
mkdir -p /opt/encrypted-dns/etc/keys && \
|
mkdir -p /opt/encrypted-dns/etc/keys && \
|
||||||
|
@ -93,12 +93,12 @@ daemonize = false
|
|||||||
|
|
||||||
## User name to drop privileges to, when started as root.
|
## User name to drop privileges to, when started as root.
|
||||||
|
|
||||||
# user = "_encrypted-dns"
|
user = "_encrypted-dns"
|
||||||
|
|
||||||
|
|
||||||
## Group name to drop privileges to, when started as root.
|
## Group name to drop privileges to, when started as root.
|
||||||
|
|
||||||
# group = "_encrypted-dns"
|
group = "_encrypted-dns"
|
||||||
|
|
||||||
|
|
||||||
## Path to chroot() to, when started as root.
|
## Path to chroot() to, when started as root.
|
||||||
|
@ -5,11 +5,3 @@ sleep 300
|
|||||||
for service in unbound encrypted-dns; do
|
for service in unbound encrypted-dns; do
|
||||||
sv check "$service" || sv force-restart "$service"
|
sv check "$service" || sv force-restart "$service"
|
||||||
done
|
done
|
||||||
|
|
||||||
KEYS_DIR="/opt/encrypted-dns/etc/keys"
|
|
||||||
GRACE_PERIOD=60
|
|
||||||
|
|
||||||
provider_name=$(cat "${KEYS_DIR}/provider_name")
|
|
||||||
|
|
||||||
drill -p 443 -Q TXT "$provider_name" @127.0.0.1 ||
|
|
||||||
sv force-restart encrypted-dns
|
|
||||||
|
Loading…
Reference in New Issue
Block a user