git.openwrt.org Git - feed/packages.git/commit

author	George Sapkin <[email protected]>
	Wed, 26 Mar 2025 00:04:22 +0000 (02:04 +0200)
committer	Tianling Shen <[email protected]>
	Wed, 6 Aug 2025 13:49:54 +0000 (21:49 +0800)
commit	754a9908f41595fd184030b5c121d7bae5f89dc4
tree	69b2f4349075f4240c09f79d6c98ee4b7bf2fe4b	tree \| snapshot
parent	79f78c0e77e61a20063db53f6cf8a12768036cdf	commit \| diff

adguardhome: run as an unprivileged user

Run AdGuard Home without superuser privileges, by granting the binary
capabilities through ujail.

AdGuard Home writes new config files, so it must have r/w access to the
directory where these files live. Which means existing configs must be
migrated to a new directory, /etc/adguardhome, by default.

CAP_NET_BIND_SERVICE and CAP_NET_RAW capabilities are based on the
official documentation linked below.

Link: https://github.com/AdguardTeam/AdGuardHome/wiki/Getting-Started#running-without-superuser-linux-only
Signed-off-by: George Sapkin <[email protected]>

net/adguardhome/Makefile		diff \| blob \| history
net/adguardhome/files/adguardhome.config		diff \| blob \| history
net/adguardhome/files/adguardhome.defaults	[new file with mode: 0644]	blob
net/adguardhome/files/adguardhome.init		diff \| blob \| history
net/adguardhome/files/adguardhome.json	[new file with mode: 0644]	blob