Re: Specify chrootdir independent of privsep_user's homedir
Roy Marples
Thu Apr 30 21:28:13 2020
Hi Ben
On 27/04/2020 07:09, Ben Woods wrote:
I think it would be a nice feature to allow the chrootdir to be specified
independently from the privsep_user's home directory.
Implementation ideas:
1. Suggest this could be a configure time variable (e.g.
--chrootdir=/var/chroot/dhcpcd).
2. If --chrootdir=none, then disable chroot (but continue with privsep)
3. If --chrootdir is not specified, fallback to current behaviour - using the
privsep_user's homedir
Reasons:
1. a user's homedir is normally owned by them, however the chrootdir does not
need to be owned by the privsep_user (only $CHROOT/$DBDIR must be owned by
privsep_user).
2. For operating systems that already have a low privileged user for DHCP client
(e.g. _dhcp), this would allow the existing _dhcp user to be used for dhcpcd,
regardless of it's homedir.
Not keen on it, as it's just wasted code really.
I think this is only needed for FreeBSD?
Anyway, I've added the option here regardless:
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=949d0f9aee6aefa461c949262202af12fa8143cf
If it doesn't begin with / or is /var/empty then chroot is refused.
Build time configurable for it here:
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=dc855cfb9870b2ce078f54ff5fe08deff1233a1f
Is this good enough now?
Roy
Archive administrator: postmaster@marples.name