Add a command line option to dnsmasq when used for kvm/qemu

What is the output of:

lsb_release -a; uname -a

Thanks

Blast ... I should have known ... I apologize!

LSB Version: core-9.20160110ubuntu0.2-amd64:core-9.20160110ubuntu0.2-noarch:security-9.20160110ubuntu0.2-amd64:security-9.20160110ubuntu0.2-noarch
Distributor ID: Ubuntu
Description: Ubuntu 16.04.7 LTS
Release: 16.04
Codename: xenial

Linux firefly.moellers.local 4.4.0-190-generic #220-Ubuntu SMP Fri Aug 28 23:02:15 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

If you edit the /etc/unit.d/dnsmasq file you can add options there in the start section. Does that work.

I suggest you upgrade to Focal (ideally via a clean install) the newer packages may help

Sorry. Typo

/etc/ini.d/dnsmasq

Is the file to edit

Once more

/etc/init.d/dnsmasq

(proofread this time). Sorry. Need coffee

Nitpicking: /etc/default/dnsmasq would be THE PLACE TO GO ;-)

I enabled the DNSMASQ_OPTS setting there but this only adds it to the dnsmasq I need for the VPN to my employer:
    /usr/sbin/dnsmasq ... --dnssec ...

The libvirt's dnsmasq seems to be started from a different place with different options:
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper

I tried to modify virsh's default network configuration
    virsh net-edit default
as described in
    https://libvirt.org/formatnetwork.html#elementsNamespaces
but that was silently discarded.

As to the "clean install":
I have slightly less than 2 years to work until retirement and as 16.04 has EOL AFTER Aug, 1 2022, I was hoping not to have to make a major upgrade to the system that I use in my daily work until then.
I usually do a clean install when upgrading, it gets rid of an awful lot of old stuff, but it does take quite some time to have it back at the same level as before.

https://wiki.ubuntu.com/Releases

April 2021, not Aug 2022

If you edit the file in init.d to have the option as part of the startup rather than using variables, does it help

Re EOL ... OK. Update planned for the end of the year.

Re editing the file: I'm not sure how this should work differently from using the variable there.
The command lines look VERY different and my VPN dnsmasq has the option there.
BTDTNT:
/usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper

I just found out by going through the libvirt sources that dnsmasq is started directly from libvirt and that libvirt constructs the argument list without a means to add custom options:

    cmd = virCommandNew(dnsmasqCapsGetBinaryPath(dnsmasq_caps));
    virCommandAddArgFormat(cmd, "--conf-file=%s", configfile);
    /* Libvirt gains full control of leases database */
    virCommandAddArgFormat(cmd, "--leasefile-ro");
    virCommandAddArgFormat(cmd, "--dhcp-script=%s", leaseshelper_path);
    virCommandAddEnvPair(cmd, "VIR_BRIDGE_NAME", def->bridge);

So, I'm afraid, this is nothing that can be solved (easily).
I guess the question can be closed. Thanks!

Nice one and great share. Hopefully this will help others

Great work