Description: run dnsmasq as private user
 It's deemed safer to protect services (wotherwise all running as `nobody')
 from each other.
 I'm not sure whether this will be forwarded, because some would feel that
 the more appropriate way to change dnsmasq usage would be to create a
 /etc/dnsmasq.d/libvirt file and not run dnsmasq ourselves.
Author: Serge Hallyn <serge.hallyn@ubuntu.com>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/938255
Forwarded: no

Index: libvirt/src/network/bridge_driver.c
===================================================================
--- libvirt.orig/src/network/bridge_driver.c	2012-02-24 18:23:14.000000000 +0000
+++ libvirt/src/network/bridge_driver.c	2012-02-24 18:23:14.000000000 +0000
@@ -481,6 +481,11 @@
      */
 
     /*
+     * Run as user libvirt-dnsmasq
+     */
+    virCommandAddArgList(cmd, "-u", "libvirt-dnsmasq", NULL);
+
+    /*
      * Needed to ensure dnsmasq uses same algorithm for processing
      * multiple namedriver entries in /etc/resolv.conf as GLibC.
      */
Index: libvirt/tests/networkxml2argvdata/isolated-network.argv
===================================================================
--- libvirt.orig/tests/networkxml2argvdata/isolated-network.argv	2012-02-24 18:23:14.000000000 +0000
+++ libvirt/tests/networkxml2argvdata/isolated-network.argv	2012-02-24 19:00:16.000000000 +0000
@@ -1,4 +1,4 @@
-/usr/sbin/dnsmasq --strict-order --bind-interfaces --conf-file= \
+/usr/sbin/dnsmasq -u libvirt-dnsmasq --strict-order --bind-interfaces --conf-file= \
 --except-interface lo --dhcp-option=3 --no-resolv \
 --listen-address 192.168.152.1 \
 --dhcp-range 192.168.152.2,192.168.152.254 \
Index: libvirt/tests/networkxml2argvdata/nat-network-dns-hosts.argv
===================================================================
--- libvirt.orig/tests/networkxml2argvdata/nat-network-dns-hosts.argv	2012-02-24 18:23:14.000000000 +0000
+++ libvirt/tests/networkxml2argvdata/nat-network-dns-hosts.argv	2012-02-24 19:00:23.000000000 +0000
@@ -1,3 +1,3 @@
-/usr/sbin/dnsmasq --strict-order --bind-interfaces --domain example.com \
+/usr/sbin/dnsmasq -u libvirt-dnsmasq --strict-order --bind-interfaces --domain example.com \
 --conf-file= --except-interface lo --listen-address 192.168.122.1 \
 --expand-hosts --addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhosts\
Index: libvirt/tests/networkxml2argvdata/nat-network-dns-txt-record.argv
===================================================================
--- libvirt.orig/tests/networkxml2argvdata/nat-network-dns-txt-record.argv	2012-02-24 18:23:14.000000000 +0000
+++ libvirt/tests/networkxml2argvdata/nat-network-dns-txt-record.argv	2012-02-24 19:00:25.000000000 +0000
@@ -1,4 +1,4 @@
-/usr/sbin/dnsmasq --strict-order --bind-interfaces --conf-file= \
+/usr/sbin/dnsmasq -u libvirt-dnsmasq --strict-order --bind-interfaces --conf-file= \
 --except-interface lo --txt-record=example,example value \
 --listen-address 192.168.122.1 --listen-address 192.168.123.1 \
 --listen-address 2001:db8:ac10:fe01::1 \
Index: libvirt/tests/networkxml2argvdata/nat-network.argv
===================================================================
--- libvirt.orig/tests/networkxml2argvdata/nat-network.argv	2012-02-24 18:23:14.000000000 +0000
+++ libvirt/tests/networkxml2argvdata/nat-network.argv	2012-02-24 19:00:21.000000000 +0000
@@ -1,4 +1,4 @@
-/usr/sbin/dnsmasq --strict-order --bind-interfaces --conf-file= \
+/usr/sbin/dnsmasq -u libvirt-dnsmasq --strict-order --bind-interfaces --conf-file= \
 --except-interface lo --listen-address 192.168.122.1 \
 --listen-address 192.168.123.1 --listen-address 2001:db8:ac10:fe01::1 \
 --listen-address 2001:db8:ac10:fd01::1 --listen-address 10.24.10.1 \
Index: libvirt/tests/networkxml2argvdata/netboot-network.argv
===================================================================
--- libvirt.orig/tests/networkxml2argvdata/netboot-network.argv	2012-02-24 18:23:14.000000000 +0000
+++ libvirt/tests/networkxml2argvdata/netboot-network.argv	2012-02-24 19:00:27.000000000 +0000
@@ -1,4 +1,4 @@
-/usr/sbin/dnsmasq --strict-order --bind-interfaces --domain example.com \
+/usr/sbin/dnsmasq -u libvirt-dnsmasq --strict-order --bind-interfaces --domain example.com \
 --conf-file= --except-interface lo --listen-address 192.168.122.1 \
 --dhcp-range 192.168.122.2,192.168.122.254 \
 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \
Index: libvirt/tests/networkxml2argvdata/netboot-proxy-network.argv
===================================================================
--- libvirt.orig/tests/networkxml2argvdata/netboot-proxy-network.argv	2012-02-24 18:23:14.000000000 +0000
+++ libvirt/tests/networkxml2argvdata/netboot-proxy-network.argv	2012-02-24 19:00:30.000000000 +0000
@@ -1,4 +1,4 @@
-/usr/sbin/dnsmasq --strict-order --bind-interfaces --domain example.com \
+/usr/sbin/dnsmasq -u libvirt-dnsmasq --strict-order --bind-interfaces --domain example.com \
 --conf-file= --except-interface lo --listen-address 192.168.122.1 \
 --dhcp-range 192.168.122.2,192.168.122.254 \
 --dhcp-leasefile=/var/lib/libvirt/dnsmasq/netboot.leases \
Index: libvirt/tests/networkxml2argvdata/routed-network.argv
===================================================================
--- libvirt.orig/tests/networkxml2argvdata/routed-network.argv	2012-02-24 18:23:14.000000000 +0000
+++ libvirt/tests/networkxml2argvdata/routed-network.argv	2012-02-24 19:00:34.000000000 +0000
@@ -1,2 +1,2 @@
-/usr/sbin/dnsmasq --strict-order --bind-interfaces --conf-file= \
+/usr/sbin/dnsmasq -u libvirt-dnsmasq --strict-order --bind-interfaces --conf-file= \
 --except-interface lo --listen-address 192.168.122.1\
