interesting
/
linux-router
mirror of https://github.com/garywill/linux-router.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

hostapd in apparmor complain mode 

to solve problem that openSUSE users meet
This commit is contained in:
garywill 2021-08-29 10:24:50 +08:00
parent c2b21bb391
commit 3b71515e07
2 changed files with 29 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
README.md
View File

@ -4,8 +4,7 @@ Set Linux as router in one command. Able to Provide Internet, or create Wifi hot
It wraps `iptables`, `dnsmasq` etc. stuff. Use in one command, restore in one command or by `control-c` (or even by closing terminal window). It wraps `iptables`, `dnsmasq` etc. stuff. Use in one command, restore in one command or by `control-c` (or even by closing terminal window).
[Buy me a coffee](https://github.com/garywill/receiving/blob/master/receiving_methods.md) [More tools and projects](https://garywill.github.io) | [Buy me a coffee](https://github.com/garywill/receiving/blob/master/receiving_methods.md)
## Features ## Features
@ -325,12 +324,13 @@ Options:
``` ```
> These changes to system will not be restored by script's cleanup: > These changes to system will not be restored by script's cleanup:
>
> 1. `/proc/sys/net/ipv4/ip_forward = 1` and `/proc/sys/net/ipv6/conf/all/forwarding = 1` > 1. `/proc/sys/net/ipv4/ip_forward = 1` and `/proc/sys/net/ipv6/conf/all/forwarding = 1`
> 1. dnsmasq in Apparmor complain mode > 2. dnsmasq (if used) in Apparmor complain mode
> 1. Kernel module `nf_nat_pptp` loaded > 3. hostapd (if used) in Apparmor complain mode
> 1. The wifi device which is used to create hotspot is `rfkill unblock`ed > 4. Kernel module `nf_nat_pptp` loaded
> 1. Wifi country code, if user specified > 5. The wifi device which is used to create hotspot is `rfkill unblock`ed
> 6. Wifi country code, if user specified
## Dependencies ## Dependencies
@ -353,22 +353,14 @@ Options:
- Explictly ban forwarding if not needed - Explictly ban forwarding if not needed
- Bring bridging method back - Bring bridging method back
## Donate ## Meet author(s) and maintainer(s) and become one of them
[Buy me a coffee](https://github.com/garywill/receiving/blob/master/receiving_methods.md) , this project took me lots of time! Visit [**my homepage**](https://garywill.github.io) to see **more tools and projects**.
> [Buy me a coffee](https://github.com/garywill/receiving/blob/master/receiving_methods.md) , this project took me lots of time! ([打赏一个!](https://github.com/garywill/receiving/blob/master/receiving_methods.md))
>
> ( ^\_^) o自自o (^_^ )
[打赏一个](https://github.com/garywill/receiving/blob/master/receiving_methods.md) Bisides, thank [create_ap](/create_ap) by [oblique](https://github.com/oblique). This script was forked from create\_ap. Now they are quite different. (See `history` branch for how I modified create_ap). Also thank those who contributed to that project.
## For developers
**Many thanks to project [create_ap](https://github.com/oblique/create_ap)**.
This script was forked from create\_ap. Now it's quite different from it. (See `history` branch for how I modified create_ap)
There're some TO-DOs listed, at both above and in the code file. We'll appreciate your help.
------------------
More of my projects: https://garywill.github.io
You can be contributor, too! There're some TO-DOs listed, at both above and in the code file. Your name ban be here!

18
lnxrouter Executable file → Normal file
View File

@ -1,6 +1,5 @@
#!/bin/bash #!/bin/bash
# TODO: showing version (or git commit) on running
VERSION=0.6.2 VERSION=0.6.2
PROGNAME="$(basename $0)" PROGNAME="$(basename $0)"
@ -9,9 +8,12 @@ export LC_ALL=C
SCRIPT_UMASK=0122 SCRIPT_UMASK=0122
umask $SCRIPT_UMASK umask $SCRIPT_UMASK
phead() {
echo "linux-router $VERSION (https://github.com/garywill/linux-router)"
}
usage() { usage() {
phead
cat << EOF cat << EOF
linux-router $VERSION (https://github.com/garywill/linux-router)
Released under LGPL, with no warranty. Use on your own risk. Released under LGPL, with no warranty. Use on your own risk.
Usage: $PROGNAME <options> Usage: $PROGNAME <options>
@ -1848,6 +1850,7 @@ run_wifi_ap_processes() {
haveged_watchdog & haveged_watchdog &
HAVEGED_WATCHDOG_PID=$! HAVEGED_WATCHDOG_PID=$!
echo "$HAVEGED_WATCHDOG_PID" > "$CONFDIR/haveged_watchdog.pid" echo "$HAVEGED_WATCHDOG_PID" > "$CONFDIR/haveged_watchdog.pid"
echo
echo "haveged_watchdog PID: $HAVEGED_WATCHDOG_PID" echo "haveged_watchdog PID: $HAVEGED_WATCHDOG_PID"
fi fi
@ -1860,6 +1863,11 @@ run_wifi_ap_processes() {
fi fi
echo echo
echo "Starting hostapd" echo "Starting hostapd"
if which complain > /dev/null 2>&1; then
complain hostapd
fi
# hostapd '-P' works only when use '-B' (run in background) # hostapd '-P' works only when use '-B' (run in background)
$STDBUF_PATH hostapd $HOSTAPD_DEBUG_ARGS -P "$CONFDIR/hostapd.pid" "$CONFDIR/hostapd.conf" & $STDBUF_PATH hostapd $HOSTAPD_DEBUG_ARGS -P "$CONFDIR/hostapd.pid" "$CONFDIR/hostapd.conf" &
HOSTAPD_PID=$! HOSTAPD_PID=$!
@ -1874,14 +1882,15 @@ run_wifi_ap_processes() {
} }
start_dnsmasq() { start_dnsmasq() {
echo
echo "Starting dnsmasq"
if which complain > /dev/null 2>&1; then if which complain > /dev/null 2>&1; then
# openSUSE's apparmor does not allow dnsmasq to read files. # openSUSE's apparmor does not allow dnsmasq to read files.
# remove restriction. # remove restriction.
complain dnsmasq complain dnsmasq
fi fi
echo
echo "Starting dnsmasq"
# Using '-d'(no daemon) dnsmasq will not turn into 'nobody' # Using '-d'(no daemon) dnsmasq will not turn into 'nobody'
# '-x' works only when no '-d' # '-x' works only when no '-d'
dnsmasq -k -C "$CONFDIR/dnsmasq.conf" -x "$CONFDIR/dnsmasq.pid" -l "$CONFDIR/dnsmasq.leases" & dnsmasq -k -C "$CONFDIR/dnsmasq.conf" -x "$CONFDIR/dnsmasq.pid" -l "$CONFDIR/dnsmasq.leases" &
@ -1943,6 +1952,7 @@ daemonizing_check
## ===== Above don't echo anything if no warning or error==================== ## ===== Above don't echo anything if no warning or error====================
## ======================================================== ## ========================================================
phead
echo "PID: $$" echo "PID: $$"
TARGET_IFACE="$(decide_target_interface)" || exit 1 # judge wired (-i CONN_IFACE) or wireless hotspot (--ap $WIFI_IFACE) TARGET_IFACE="$(decide_target_interface)" || exit 1 # judge wired (-i CONN_IFACE) or wireless hotspot (--ap $WIFI_IFACE)