dnsmasq: add uci option fail_unknown
In
0299a4b73e72 ("dnsmasq: skip options that are not compiled in"), the
init script was changed to silently ignore and move on before presenting
unknown/unsupported options to dnsmasq
It was so to accomodate the situation where the init script will try to
emit some options unconditionally for a custom build of dnsmasq lacking
it. We allow custom build in the Makefile, we should allow it be used
with the uci and init script code
However the "silently ignore and move on" part raises security concern
for options like "dnssec". When uci option "dnssec" option is on, we
should interpret that as an explicit request and fail if the build is
not capable of handling it.
Add a new uci option "fail_unknown". It defaults to on, meaning a
behavior change from the old "silently ignore".
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
projects / openwrt / staging / yousong.git / commit