1
1
mirror of https://github.com/dnscrypt/dnscrypt-server-docker synced 2024-11-22 11:21:58 +01:00

Re-drop privileges

This commit is contained in:
Frank Denis 2019-09-24 22:59:40 +02:00
parent 44c42a989b
commit cd8f720cf6
3 changed files with 3 additions and 11 deletions

@ -36,7 +36,7 @@ RUN apt-get install -qy --no-install-recommends $BUILD_DEPS && \
curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly curl -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain nightly
RUN export PATH="$HOME/.cargo/bin:$PATH" && \ RUN export PATH="$HOME/.cargo/bin:$PATH" && \
echo "Compiling encrypted-dns version 0.2.2" && \ echo "Compiling encrypted-dns version 0.2.3" && \
cargo install encrypted-dns && \ cargo install encrypted-dns && \
mkdir -p /opt/encrypted-dns/sbin && \ mkdir -p /opt/encrypted-dns/sbin && \
mkdir -p /opt/encrypted-dns/etc/keys && \ mkdir -p /opt/encrypted-dns/etc/keys && \

@ -93,12 +93,12 @@ daemonize = false
## User name to drop privileges to, when started as root. ## User name to drop privileges to, when started as root.
# user = "_encrypted-dns" user = "_encrypted-dns"
## Group name to drop privileges to, when started as root. ## Group name to drop privileges to, when started as root.
# group = "_encrypted-dns" group = "_encrypted-dns"
## Path to chroot() to, when started as root. ## Path to chroot() to, when started as root.

@ -5,11 +5,3 @@ sleep 300
for service in unbound encrypted-dns; do for service in unbound encrypted-dns; do
sv check "$service" || sv force-restart "$service" sv check "$service" || sv force-restart "$service"
done done
KEYS_DIR="/opt/encrypted-dns/etc/keys"
GRACE_PERIOD=60
provider_name=$(cat "${KEYS_DIR}/provider_name")
drill -p 443 -Q TXT "$provider_name" @127.0.0.1 ||
sv force-restart encrypted-dns