dhcpcd-discuss

Home Other Lists Thread Index Date Index Search
Thread Prev Thread Next Date Prev Date Next Thread Index Date Index

RE: dhcpcd dumplease reports "dhcpcd not running"

Matthew Clarkson

Fri Nov 13 16:43:21 2020
Oh I may have spoken too soon. It looks like it is working when I have the master process running with the --nobackground option and use a second ssh connection to dump the lease. This is the output when repeatedly dumping the lease (all the control command messages are  expected):

[cid:image002.jpg@01D6B999.07A6B8F0]



But if I run the master process with --background and try in the same console there is another seccomp violation. This time it looks like ioctl, which appears to be more granular in the seccomp filter. Is there a way to determine which argument is being used that causes the violation?



Here is the failing output:

root@RCFA-1048515:~# dhcpcd -d --background --broadcast --timeout 10 --logfile /tmp/dhcpcd.log br0

dhcpcd-9.3.2 starting

chrooting as dhcpcd to /var/lib/dhcpcd

sandbox: seccomp

spawned master process on PID 909

spawned privileged actioneer on PID 910

spawned controller proxy on PID 911

DUID 00:01:00:01:27:10:1b:c0:00:02:d9:1f:ff:c3

forked to background, child pid 909

root@RCFA-1048515:~# dhcpcd -d --dumplease -4 br0

send OK

ps_seccomp_violation: unexpected syscall 54 (arch=0x40000028)

root@RCFA-1048515:~# cat /tmp/dhcpcd.log

Oct 09 08:35:17 [906]: dhcpcd-9.3.2 starting

Oct 09 08:35:17 [906]: chrooting as dhcpcd to /var/lib/dhcpcd

Oct 09 08:35:17 [906]: sandbox: seccomp

Oct 09 08:35:17 [909]: spawned master process on PID 909

Oct 09 08:35:17 [909]: spawned privileged actioneer on PID 910

Oct 09 08:35:17 [909]: spawned controller proxy on PID 911

Oct 09 08:35:17 [909]: DUID 00:01:00:01:27:10:1b:c0:00:02:d9:1f:ff:c3

Oct 09 08:35:17 [909]: br0: executing: /lib/dhcpcd/dhcpcd-run-hooks PREINIT

Oct 09 08:35:17 [909]: br0: executing: /lib/dhcpcd/dhcpcd-run-hooks CARRIER

Oct 09 08:35:17 [909]: br0: IAID d9:1f:ff:c3

Oct 09 08:35:17 [909]: br0: delaying IPv4 for 0.5 seconds

Oct 09 08:35:17 [909]: br0: reading lease: /var/db/dhcpcd/br0.lease

Oct 09 08:35:17 [909]: br0: rebinding lease of 192.168.10.14

Oct 09 08:35:17 [909]: br0: sending REQUEST (xid 0x947596b7), next in 4.8 seconds

Oct 09 08:35:17 [909]: br0: acknowledged 192.168.10.14 from 192.168.10.1

Oct 09 08:35:17 [909]: br0: probing address 192.168.10.14/24

Oct 09 08:35:17 [909]: br0: probing for 192.168.10.14

Oct 09 08:35:17 [909]: br0: ARP probing 192.168.10.14 (1 of 3), next in 1.8 seconds

Oct 09 08:35:19 [909]: br0: ARP probing 192.168.10.14 (2 of 3), next in 1.1 seconds

Oct 09 08:35:20 [909]: br0: ARP probing 192.168.10.14 (3 of 3), next in 2.0 seconds

Oct 09 08:35:22 [909]: br0: DAD completed for 192.168.10.14

Oct 09 08:35:22 [909]: br0: leased 192.168.10.14 for 300 seconds

Oct 09 08:35:22 [909]: br0: renew in 150 seconds, rebind in 262 seconds

Oct 09 08:35:22 [909]: br0: writing lease: /var/db/dhcpcd/br0.lease

Oct 09 08:35:22 [909]: br0: adding IP address 192.168.10.14/24 broadcast 192.168.10.255

Oct 09 08:35:22 [909]: br0: adding route to 192.168.10.0/24

Oct 09 08:35:22 [909]: br0: adding default route via 192.168.10.1

Oct 09 08:35:22 [909]: br0: ARP announcing 192.168.10.14 (1 of 2), next in 2.0 seconds

Oct 09 08:35:22 [909]: br0: executing: /lib/dhcpcd/dhcpcd-run-hooks BOUND

Oct 09 08:35:23 [946]: spawned listener 192.168.10.14 on PID 946

Oct 09 08:35:24 [909]: br0: ARP announcing 192.168.10.14 (2 of 2)

Oct 09 08:35:30 [909]: control command: dhcpcd -d --dumplease -4 br0



Thanks.



-----Original Message-----
From: Roy Marples <roy@xxxxxxxxxxxx>
Sent: Friday, November 13, 2020 12:26 AM
To: Matthew Clarkson <mclarkson@xxxxxxxxxxxxxxxxxxxx>
Cc: dhcpcd-discuss@xxxxxxxxxxxx
Subject: Re: dhcpcd dumplease reports "dhcpcd not running"



On 12/11/2020 22:58, Matthew Clarkson wrote:

> Hi Roy,

>

> We are running on an ARM32 with glibc 2.3.0. The distro is custom built using the Linux 4.9 kernel (with patches from our processor vendor) and built/configured using the Yocto project.

>

> I compiled with SECCOMP_FILTER_DEBUG, and saw this output:

> root@RCFA-1048515:~# dhcpcd --nobackground --broadcast --timeout 10 -d

> br0

> dhcpcd-9.3.2 starting

> chrooting as dhcpcd to /var/lib/dhcpcd

> sandbox: seccomp

> spawned master process on PID 917

> spawned privileged actioneer on PID 918 spawned controller proxy on

> PID 919 DUID 00:01:00:01:27:10:1b:c0:00:02:d9:1f:ff:c3

> br0: executing: /lib/dhcpcd/dhcpcd-run-hooks PREINIT

> br0: executing: /lib/dhcpcd/dhcpcd-run-hooks CARRIER

> br0: IAID d9:1f:ff:c3

> br0: delaying IPv4 for 0.6 seconds

> br0: reading lease: /var/db/dhcpcd/br0.lease

> br0: rebinding lease of 192.168.10.14

> br0: sending REQUEST (xid 0x857d13e9), next in 4.8 seconds

> br0: acknowledged 192.168.10.14 from 192.168.10.1

> br0: probing address 192.168.10.14/24

> br0: probing for 192.168.10.14

> br0: ARP probing 192.168.10.14 (1 of 3), next in 1.7 seconds

> br0: ARP probing 192.168.10.14 (2 of 3), next in 1.2 seconds

> br0: ARP probing 192.168.10.14 (3 of 3), next in 2.0 seconds

> br0: DAD completed for 192.168.10.14

> br0: leased 192.168.10.14 for 300 seconds

> br0: renew in 150 seconds, rebind in 262 seconds

> br0: writing lease: /var/db/dhcpcd/br0.lease

> br0: adding IP address 192.168.10.14/24 broadcast 192.168.10.255

> br0: adding route to 192.168.10.0/24

> br0: adding default route via 192.168.10.1

> br0: ARP announcing 192.168.10.14 (1 of 2), next in 2.0 seconds

> br0: executing: /lib/dhcpcd/dhcpcd-run-hooks BOUND spawned listener

> 192.168.10.14 on PID 953

> br0: ARP announcing 192.168.10.14 (2 of 2)

> ps_seccomp_violation: unexpected syscall 221 (arch=0x40000028)

>

> The unexpected syscall 221 correlates with attempting to dump the lease:

> root@RCFA-1048515:~# dhcpcd --dumplease -4 -d br0 send OK

> dhcpcd_readdump0: Connection reset by peer

>

> Looks like it is a call to fnctl64. I added fnctl64 to ps_seccomp_filter, and tried again. This time dumping the lease failed with the a different message:

> root@RCFA-1048515:~# dhcpcd --dumplease -4 br0

> ps_seccomp_violation: unexpected syscall 197 (arch=0x40000028)

>

> Syscall 197 is fstat64, so I added that to the filter too and then was able to dump the lease successfully. I've attached the patch file that appears to work for us with privsep enabled.

>

> Thanks for the help.



Thanks for the patch!



Comitted here:

https://roy.marples.name/cgit/dhcpcd.git/commit/?id=694cb5f7dc6a67008a09a6d1d6002c6154e7742d



Roy

JPEG image

Follow-Ups:
Re: dhcpcd dumplease reports "dhcpcd not running"Roy Marples
References:
dhcpcd dumplease reports "dhcpcd not running"Matthew Clarkson
Re: dhcpcd dumplease reports "dhcpcd not running"Roy Marples
RE: dhcpcd dumplease reports "dhcpcd not running"Matthew Clarkson
Re: dhcpcd dumplease reports "dhcpcd not running"Roy Marples
Re: dhcpcd dumplease reports "dhcpcd not running"Roy Marples
RE: dhcpcd dumplease reports "dhcpcd not running"Matthew Clarkson
Re: dhcpcd dumplease reports "dhcpcd not running"Roy Marples
Archive administrator: postmaster@marples.name