dhcpcd-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

Re: dhcpcd-9 plans

Nathan Houghton

Fri Nov 29 02:11:10 2019
Seems to be working OK so far for me.

I ran into one permission issue with the already-created leases file:

dhcpcd[86955]: dhcp6_writelease: Permission denied
That was resolved by changing the ownership of the leases file to the new _dhcpcd user. 

I still see this message in my logs:

ps_dostart: chroot `/nonexistant': No such file or directory
Is it recommended to set up the user home directory to point to an empty directory (such as /var/empty)? 

Cheers
Nate

On 11/28/2019 9:11 AM, Roy Marples wrote:

On 13/11/2019 11:24, Roy Marples wrote:
My current plan is to finish my privsep work, push the required changes for it into master and then fork off a dhcpcd-8 branch. So consider this an annoncement that no new features will be added to dhcpcd-8 and it will only get serious issues fixed from this point on.
As part of the privsep work, the RUNDIR needs changing from /var/run to /var/run/dhcpcd so that the unprivledged main process can exit cleanly. Other than that, the privsep code is *optional* so you don't have to compile it in. But if you do, it will always run in privsep mode and a user will be required to be added to the system - default _dhcpcd but can be changed. 

dhcpcd-8 has now been branched and will only get security updates.
Priviledge separation has now been added to master - not enabled by default. For implementation details, see the commit message. 

TL;DR guide:
cd ~/src
git clone git://roy.marples.name/dhcpcd.git
useradd -d /nonexistant -s /sbin/nologin -c '& pseudo-user' _dhcpcd
./configure --enable-privsep
make
make proginstall
Note that ASAN is enabled if the compiler supports it and dhcpcd is configured from a git clone. This is quite memory intensive and top / ps will report weird values. Edit config.mk after configure and remove the respective flags before compiling if you don't want this.
Hopefully people can test this and let me know of any issues, concerns, etc. Even an OMG It works!! would be appreciated as I've spent a lot of free time working on this. 

Roy
Follow-Ups:
Re: dhcpcd-9 plansStuart Henderson
References:
dhcpcd-9 plansRoy Marples
Re: dhcpcd-9 plansRoy Marples
Archive administrator: postmaster@marples.name