privsep: Enable capsicum for network facing processes

All fd's in network facing processes are fully limited. Capability mode is only enabled for BPF processes because it's too restrictive otherwise - the reasons are noted in the commit.
author: Roy Marples <roy@marples.name> 2020-05-07 20:57:22 +0100
committer: Roy Marples <roy@marples.name> 2020-05-07 20:57:22 +0100
commit: 727b7e9bf8b2fe810913c76c5fd36767869944bb (patch)
tree: 6658f3e35253c3e454db835643e0bdaaf860a885 /src/dhcpcd.c
parent: 47fd1621cbe22b4e085d2bb36d01b610bb125980 (diff)
download: dhcpcd-727b7e9bf8b2fe810913c76c5fd36767869944bb.tar.xz
1 files changed, 10 insertions, 3 deletions
diff --git a/src/dhcpcd.c b/src/dhcpcd.c
index 060f2e93..4c61c6f0 100644
--- a/src/dhcpcd.c
+++ b/src/dhcpcd.c
@@ -2236,9 +2236,16 @@ printpidfile:
 		dev_start(&ctx);
 
 #ifdef PRIVSEP
-	if (ctx.options & DHCPCD_PRIVSEP && ps_dropprivs(&ctx) == -1) {
-		logerr("ps_dropprivs");
-		goto exit_failure;
+	if (ctx.options & DHCPCD_PRIVSEP) {
+		/*
+		 * PSF_CAP_ENTER is not set because the following functions
+		 * won't work in it:
+		 * getifaddrs(3), gethostname(3), uname(3).
+		 */
+		if (ps_dropprivs(&ctx, 0) == -1) {
+			logerr("ps_dropprivs");
+			goto exit_failure;
+		}
 	}
 #endif
author	Roy Marples <roy@marples.name>	2020-05-07 20:57:22 +0100
committer	Roy Marples <roy@marples.name>	2020-05-07 20:57:22 +0100
commit	727b7e9bf8b2fe810913c76c5fd36767869944bb (patch)
tree	6658f3e35253c3e454db835643e0bdaaf860a885 /src/dhcpcd.c
parent	47fd1621cbe22b4e085d2bb36d01b610bb125980 (diff)
download	dhcpcd-727b7e9bf8b2fe810913c76c5fd36767869944bb.tar.xz