adblock.sh as an unprivileged user; Store the whitelists in /var/; #64

pull/69/head
Evgeniy Ivanov 8 years ago
parent 4b2ae71ffe
commit 3864f8104d

@ -8,6 +8,9 @@
template: src=usr.sbin.dnsmasq.j2 dest=/etc/apparmor.d/usr.sbin.dnsmasq owner=root group=root mode=0600
notify:
- restart dnsmasq
- name: The dnsmasq directory created
file: dest=/var/lib/dnsmasq state=directory mode=755 owner=dnsmasq group=nogroup
- name: Enforce the dnsmasq AppArmor policy
shell: aa-enforce usr.sbin.dnsmasq
@ -21,11 +24,18 @@
template: src=adblock.sh dest=/opt/adblock.sh owner=root group=root mode=0755
- name: Adblock script added to cron
cron: name="Adblock hosts update" minute="10" hour="2" job="/opt/adblock.sh"
cron:
name: Adblock hosts update
minute: 10
hour: 2
job: /opt/adblock.sh
user: dnsmasq
- name: Update adblock hosts
shell: >
/opt/adblock.sh
become: true
become_user: dnsmasq
- name: Dnsmasq enabled and started
service: name=dnsmasq state=started enabled=yes

@ -7,7 +7,7 @@ ENDPOINT_IP6="::"
IPV6="Y"
#Delete the old block.hosts to make room for the updates
rm -f /etc/block.hosts
rm -f /var/lib/dnsmasq/block.hosts
echo 'Downloading hosts lists...'
#Download and process the files needed to make the lists (enable/add more, if you want)
@ -32,9 +32,9 @@ then
#Filter the blacklist, supressing whitelist matches
# This is relatively slow =-(
echo 'Filtering white list...'
egrep -v "^[[:space:]]*$" /etc/white.list | awk '/^[^#]/ {sub(/\r$/,"");print $1}' | grep -vf - /tmp/block.build.before > /etc/block.hosts
egrep -v "^[[:space:]]*$" /etc/white.list | awk '/^[^#]/ {sub(/\r$/,"");print $1}' | grep -vf - /tmp/block.build.before > /var/lib/dnsmasq/block.hosts
else
cat /tmp/block.build.before > /etc/block.hosts
cat /tmp/block.build.before > /var/lib/dnsmasq/block.hosts
fi
if [ "$IPV6" = "Y" ]
@ -42,7 +42,7 @@ then
safe_pattern=$(printf '%s\n' "$ENDPOINT_IP4" | sed 's/[[\.*^$(){}?+|/]/\\&/g')
safe_addition=$(printf '%s\n' "$ENDPOINT_IP6" | sed 's/[\&/]/\\&/g')
echo 'Adding ipv6 support...'
sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" /etc/block.hosts
sed -i -re "s/^(${safe_pattern}) (.*)$/\1 \2\n${safe_addition} \2/g" /var/lib/dnsmasq/block.hosts
fi
service dnsmasq restart

@ -130,7 +130,7 @@ bind-interfaces
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
addn-hosts=/etc/block.hosts
addn-hosts=/var/lib/dnsmasq/block.hosts
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.

@ -13,7 +13,8 @@
/etc/dnsmasq.conf r,
/etc/dnsmasq.d/ r,
/etc/dnsmasq.d/* r,
/etc/block.hosts r,
/var/lib/dnsmasq/ r,
/var/lib/dnsmasq/block.hosts r,
/usr/sbin/dnsmasq mr,

Loading…
Cancel
Save