Fix acl hot reload

Seji64 · Mar 20, 2024 · 7de1ac9 · 7de1ac9
1 parent 59da3d4
commit 7de1ac9
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -61,6 +61,7 @@ COPY entrypoint.sh /entrypoint.sh
 COPY generateACL.sh /generateACL.sh
 COPY dynDNSCron.sh /dynDNSCron.sh
 RUN chown -R dnsdist:dnsdist /etc/dnsdist/ && \
+    chown dnsdist:dnsdist /etc/sniproxy/allowedClients.acl && \
     chmod +x /entrypoint.sh && \
     chmod +x /generateACL.sh && \
     chmod +x dynDNSCron.sh

diff --git a/configs/dnsdist/conf.d/00-SniDust.conf b/configs/dnsdist/conf.d/00-SniDust.conf
@@ -57,6 +57,7 @@ function ReloadACL(dq)
     dq.dh:setQR(true)
 
     infolog("[INFO] [SniDust] *** Reloading ACL... ***")
+    os.execute("/generateACL.sh && touch /tmp/reload_sni_proxy && PID_SNIPROXY=$(pidof sniproxy) && kill -HUP $PID_SNIPROXY")
     setACLFromFile("/etc/dnsdist/allowedClients.acl")
     infolog("[INFO] [SniDust] *** ACL reload complete! ***")
 

diff --git a/generateACL.sh b/generateACL.sh
@@ -41,4 +41,5 @@ then
   do
       echo "$line,allow" >> /etc/sniproxy/allowedClients.acl
   done < "/etc/dnsdist/allowedClients.acl"
+  chown dnsdist:dnsdist /etc/sniproxy/allowedClients.acl
 fi