privsep: chroot the master process

This means that the privileged actioneer process needs to cleanup sockets and pidfile. It also has some reliance on how dhcpcd is started to create a decent chroot area AND copy the configuration file to it.
author: Roy Marples <roy@marples.name> 2020-01-21 16:17:18 +0000
committer: Roy Marples <roy@marples.name> 2020-01-21 16:17:18 +0000
commit: 67a805408331eeaaff5d9b00196d50f93cca42f8 (patch)
tree: 6f7cc694770aa6830d5accf0f12a1c884eb4b9f2 /src/dhcpcd.c
parent: 18043c2fba9868086534f99b072a7ef7f53a547f (diff)
download: dhcpcd-67a805408331eeaaff5d9b00196d50f93cca42f8.tar.xz
1 files changed, 9 insertions, 2 deletions
diff --git a/src/dhcpcd.c b/src/dhcpcd.c
index f437977b..ad2249c4 100644
--- a/src/dhcpcd.c
+++ b/src/dhcpcd.c
@@ -2091,6 +2091,13 @@ printpidfile:
 		goto exit_failure;
 	}
 
+#ifdef PRIVSEP
+	if (ctx.options & DHCPCD_PRIVSEP && ps_dropprivs(&ctx) == -1) {
+		logerr("ps_dropprivs");
+		goto exit_failure;
+	}
+#endif
+
 	setproctitle("%s%s%s",
 	    ctx.options & DHCPCD_MASTER ? "[master]" : argv[optind],
 	    ctx.options & DHCPCD_IPV4 ? " [ip4]" : "",
@@ -2223,13 +2230,13 @@ exit_failure:
 	i = EXIT_FAILURE;
 
 exit1:
+	if (control_stop(&ctx) == -1)
+		logerr("%s: control_stop", __func__);
 #ifdef PRIVSEP
 	ps_stop(&ctx);
 #endif
 	if (ifaddrs != NULL)
 		freeifaddrs(ifaddrs);
-	if (control_stop(&ctx) == -1)
-		logerr("%s: control_stop", __func__);
 	/* Free memory and close fd's */
 	if (ctx.ifaces) {
 		while ((ifp = TAILQ_FIRST(ctx.ifaces))) {
author	Roy Marples <roy@marples.name>	2020-01-21 16:17:18 +0000
committer	Roy Marples <roy@marples.name>	2020-01-21 16:17:18 +0000
commit	67a805408331eeaaff5d9b00196d50f93cca42f8 (patch)
tree	6f7cc694770aa6830d5accf0f12a1c884eb4b9f2 /src/dhcpcd.c
parent	18043c2fba9868086534f99b072a7ef7f53a547f (diff)
download	dhcpcd-67a805408331eeaaff5d9b00196d50f93cca42f8.tar.xz