# Specifies the chroot directory. # # You can prepare this directory by running '/etc/init.d/dnscrypt-proxy-multi-chroot setup'. # # If the directory already exists, the command would delay for 10 seconds # before overriding the contents of it. # # Default value is '/chroot/dnscrypt-proxy-multi'. # #CHROOT_DIR=/chroot/dnscrypt-proxy-multi # Set this to 'false' if you have set up your own chroot environment and you # don't want/need the chroot consistency check. # # Default value is 'true'. # #CHROOT_DIR_CHECK=true # Specifies the location of chroot. # # This is not needed if CHROOT_JCHROOT is set to 'true'. # # Default is '/bin/chroot'. # #CHROOT_EXEC=/bin/chroot # Set this option to 'true' if you want to use jchroot for chrooting instead of # /bin/chroot. You'll need to install sys-apps/jchroot for this. # # Default value is 'false'. # #CHROOT_JCHROOT=false # Set the location of jchroot. # # Default is '/usr/bin/jchroot'. # #CHROOT_JCHROOT_EXEC=/usr/bin/jchroot # Set this option to 'true' if you want to create a new user namespace when # creating a chroot environment with jchroot. # # It requires a recent kernel (3.8+) with CONFIG_USER_NS enabled. # # Since this method is only meaningful if the privilege is dropped before # chroot occurs, it's only valid if used with 'chroot' privilege drop mode. # # Default value is 'false'. # #CHROOT_JCHROOT_NEW_USER_NS=false # Check if CONFIG_USER_NS is set in /proc/config.gz, if file exists. # It gives a warning if CONFIG_USER_NS isn't set. # # Default value is 'true'. # #CHROOT_JCHROOT_NEW_USER_NS_CHECK_KERNEL=true # Specify the relative path to the log directory in CHROOT that LOG_DIR # binds with. # # This really has no meaning unless you enable CHROOT_LOG_DIR_BIND, and use # '--log' option. # # Default value is '/var/log/dnscrypt-proxy-multi'. # #CHROOT_LOG_DIR=/var/log/dnscrypt-proxy-multi # Bind LOG_DIR to CHROOT_DIR/CHROOT_LOG_DIR. # # Default value is 'false'. # #CHROOT_LOG_DIR_BIND=false # Specifies the location of the resolvers list file in CHROOT_DIR. This # is the file that gets updated with RESOLVERS_LIST if # CHROOT_RESOLVERS_LIST_UPDATE is enabled, and also the file that's passed # as an argument to dnscrypt-proxy-multi with the --resolvers-list option. # # The default value for this is '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'. # #CHROOT_RESOLVERS_LIST=/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv # Set this to 'true' if you want CHROOT_DIR/CHROOT_RESOLVERS_LIST to be updated # with RESOLVERS_LIST everytime this service starts. # # Default value is 'false'. # #CHROOT_RESOLVERS_LIST_UPDATE=false # The installed Ruby package that should be installed in chroot. # # It is recommended that this is explicitly specified to prevent delays when # `qlist` is called, and prevent errors caused by incompatibilties with future # Ruby versions. # # Example: dev-lang/ruby:2.2 # # Default is the newest version installed: 'qlist -CIS dev-lang/ruby | tail -n 1' # #CHROOT_RUBY_PACKAGE= # Specifies the path to the ruby executable in CHROOT_DIR which would run # /usr/bin/dnscrypt-proxy-multi. # # It is recommended that this is explicitly specified to prevent delays when # `qlist` is called, and prevent errors caused by incompatibilties with future # Ruby versions. # # Example: /usr/bin/ruby22 # # Default is "$(qlist -C "${CHROOT_RUBY_PACKAGE}" | grep '^/usr/bin/ruby' | tail -n 1)". # #CHROOT_RUBY_EXEC= # In some systems, some specific dependencies are required, but they are not # detected by rcopy as a dependency. This is why they are explicitly passed # as an argument. # # Setting this variable to 'true' copies files whose paths are produced by # `qlist sys-devel/gcc | grep libgcc_s` during setup. Default is 'true'. # #CHROOT_SETUP_COPY_LIBGCC_S=true # Setting this variable to 'true' copies files whose paths are produced by # `qlist sys-libs/glibc | grep libnss_compat` during setup. Default is 'true'. # #CHROOT_SETUP_COPY_LIBNSS_COMPAT=true # Specifies the group that dnscrypt-proxy-multi or dnscrypt-proxy drops # privilege to. # # Default is 'dnscrypt'. # #DPM_GROUP=dnscrypt # Specifies the user that dnscrypt-proxy-multi or dnscrypt-proxy drops # privilege to. # # Default is 'dnscrypt'. # #DPM_USER=dnscrypt # Specifies the directory that binds to CHROOT_DIR/CHROOT_LOG_DIR when # CHROOT_LOG_DIR_BIND is enabled. # # Default is '/var/log/dnscrypt-proxy-multi'. # #LOG_DIR=/var/log/dnscrypt-proxy-multi # Specifies in which the whole instance of dnscrypt-proxy-multi and its child # processes gets to drop its prvileges. # # The valid values are 'chroot', 'dnscrypt-proxy-multi', and 'dnscrypt-proxy'. # # In 'chroot' mode, the permissions are dropped right before or after chroot # occurs. I.e. before the dnscrypt-proxy-multi is executed. # # In 'dnscrypt-proxy-multi' mode, dnscrypt-proxy-multi gets to drop its # privileges before executing instances of dnscrypt-proxy. This doesn't work # with CHROOT_JCHROOT_NEW_USER_NS. # # In 'dnscrypt-proxy' mode, it is dnscrypt-proxy itself that drops the # privilege. It is the only mode that allows dnscrypt-proxy to listen # to ports lower than 1024, because dnscrypt-proxy only drops the privilege # after binding to the port. Since dnscrypt-proxy also does chroot(2) to the # user's home directory, the home directory of that user must also exist in # CHROOT_DIR. This doesn't work with CHROOT_JCHROOT_NEW_USER_NS. # # The default value for this is 'chroot'. # #PRIVILEGE_DROP_MODE=chroot # Specifies resolvers list file to copy to CHROOT_DIR/CHROOT_RESOLVERS_LIST if # CHROOT_RESOLVERS_LIST_UPDATE is enabled. # # Default is '/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv'. # #RESOLVERS_LIST=/usr/share/dnscrypt-proxy/dnscrypt-resolvers.csv # Set this option to 'true' to add verbosity. # # The default value is 'false'. # #VERBOSE=false # Set this option to 'true' to run start-stop-daemon verbosely. # # The default value is 'false', and it doesn't get set to # 'true' by default even when VERBOSE is set to 'true'. # #VERBOSE_START_STOP_DAEMON=false # Specifies arguments passed to dnscrypt-proxy-multi. # # Run 'dnscrypt-proxy-multi --help' for more info. # # Note: Do not use '--user', '--group', '--dnscrypt-proxy-user', and # --resolvers-list. Configure DPM_USER, DPM_GROUP, PRIVILEGE_DROP_MODE, # RESOLVERS_LIST, CHROOT_RESOLVERS_LIST and CHROOT_RESOLVERS_LIST_UPDATE # instead. # DNSCRYPT_PROXY_MULTI_OPTIONS='--local-ip=127.0.0.1 --local-port=5300-5399 --max-instances=10 --syslog --dnscrypt-proxy-syslog'