privsep: Add support for priviledge separation

Not enabled by default - enable with ./configure --enable-privsep
Requires a user added to the system - default _dhcpcd

Several processes will be spawned off the main state engine:
a privileged actioneer and a generic network proxy.
Only the privileged actioneer process will retain root permissions.

When required, the privileged actioneer will also spawn
BPF listeners for BOOTP (DHCP) and ARP.
The BOOTP BPF listener should be a short lived process.
On kernels with RFC 5227 support, the ARP BPF listener will only
be used for ARPing and announcing a preferred address and will
also be a short lived process.

When not running in master mode, an address listener will be
spawned for each address (with the exception of RA dervived addresses)
dhcpcd cares about.

TODO:
 * Solaris support.
 * ARP BPF address filtering.

1 files changed, 5 insertions, 1 deletions

diff --git a/BUILDING.md b/BUILDING.md
index 6779ccec..cc09380a 100644
--- a/BUILDING.md
+++ b/BUILDING.md
@@ -30,6 +30,11 @@ If dhcpcd cannot load this file at runtime, dhcpcd will work but will not be
 able to decode any DHCP/DHCPv6 options that are not defined by the user
 in /etc/dhcpcd.conf. This does not really change the total on disk size.
 
+## Priviledge Separation
+To enable this, use the `--enable-privsep` configure option.
+It's not enabled by default because it's an experimental feature and
+requires adding a user (default `_dhcpcd`) to the system.
+
 ## Cross compiling
 If you're cross compiling you may need set the platform if OS is different
 from the host.  
@@ -170,4 +175,3 @@ happen in a custom OS hook:
   if true, mark the dhcpcd service as started and then start dependencies
   if false and the dhcpcd service was previously started, mark as inactive and
      stop any dependant services.
-