diff options
| author | Roy Marples <roy@marples.name> | 2020-06-09 18:25:18 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-06-09 18:25:18 +0100 |
| commit | bc4a5e852a8b810bdbe5679ef3e03a634709d722 (patch) | |
| tree | 77ab40db824324751c6617c325ea57a8fcdcc3f1 /src/privsep.h | |
| parent | 7e4b8c2ec9b521495a5c4906f8315f0530dd0ffd (diff) | |
| download | dhcpcd-bc4a5e852a8b810bdbe5679ef3e03a634709d722.tar.xz | |
privsep: Implement a resource limited sandbox
For systems without Capsicum or Pledge we can create a resource
limited sandbox provided that either ppoll(2) or works with
RLIMIT_NOFILES set to zero.
As far as dhcpcd is concerned, that means Linux and Solaris
won't work with this, but NetBSD and DragonFlyBSD will.
To achieve this, a special control proxy process will be spawned
just to accept new connections over the control socket because
this *cannot* be limited by RLIMIT_NOFILES.
Diffstat (limited to 'src/privsep.h')
| -rw-r--r-- | src/privsep.h | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/privsep.h b/src/privsep.h index 5d7b4ec0..7428adc7 100644 --- a/src/privsep.h +++ b/src/privsep.h @@ -50,6 +50,8 @@ #define PS_WRITEFILE 0x0015 #define PS_FILEMTIME 0x0016 #define PS_AUTH_MONORDM 0x0017 +#define PS_CTL 0x0018 +#define PS_CTL_EOF 0x0019 /* BSD Commands */ #define PS_IOCTLLINK 0x0101 @@ -69,6 +71,10 @@ #define PS_DEV_IFREMOVED 0x0002 #define PS_DEV_IFUPDATED 0x0003 +/* Control Type (via flags) */ +#define PS_CTL_PRIV 0x0301 +#define PS_CTL_UNPRIV 0x0302 + /* Process commands */ #define PS_START 0x4000 #define PS_STOP 0x8000 @@ -157,6 +163,9 @@ TAILQ_HEAD(ps_process_head, ps_process); #ifdef INET #include "privsep-bpf.h" #endif +#ifdef PRIVSEP_CONTROLLER +#include "privsep-control.h" +#endif int ps_init(struct dhcpcd_ctx *); int ps_dropprivs(struct dhcpcd_ctx *); |