dhcpcd-discuss

On 2020/04/10 10:23, Roy Marples wrote:
> Hi Ben
> 
> On 10/04/2020 01:50, Ben Woods wrote:
> > I would like to package dhcpcd to work with privsep on FreeBSD:
> > 
> >   * Unprivileged User: _dhcp
> >   * DBDIR: /var/db/dhcpcd/
> >   * RUNDIR: /var/run/dhcpcd/
> > 
> > 
> > Can you please advise:
> > 
> >  1. Should the package create the 2 directories above, or should it be left to
> >     the first run of dhcpcd to create them itself?
> 
> IF the package is setup correctly for privsep, only the chroot directory
> needs to exist.
> Otherwise the parent directory needs to.
> 
> >  2. If dhcpcd is left to create these directories itself, why does it create
> >     them owned by root instead of the unprivileged user? According to the
> >     upgrading section of README.md, the unprivileged user needs write access to
> >     DBDIR. Does it also need write access to RUNDIR?
> 
> The unprivileged user only needs to be able to write to /var/db/dhcpcd
> 
> >  3. Given the _dhcp user on FreeBSD has its home directory set to /var/empty,
> >     what is required to correctly setup chroot?
> 
> It needs to be elsewhere because more that _dhcp uses /var/emtpy - and it's
> silly to fill something called empty with files!
> So either change it or create a new user.
> 
> I'm starting to thing that by default, the dhcpcd package should use _dhcpcd
> by default and create that user rather than changing the home directory of
> _dhcp.
> That's why I've not updated pkgsrc for dhcpcd-9 yet.
> But after this discussion I think dropping the auto detection of _dhcp is
> the right thing to do as a *package*.
> 
> As such I've made this commit:
> https://roy.marples.name/cgit/dhcpcd.git/commit/?id=36c47a8df0951236a7842bbf8241e2932357ef61
> 
> cc'ing Stuart as he maintains the OpenBSD port and I'd like both your
> thoughts on this.

Yes I think that makes sense.

Another thing that would be useful is being able to set the chroot directory
explicitly rather than using the user's home dir.