| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
| |
While here, if we cannot find ypbind to work out how the hook script
should be configured, guess according to OS.
|
| |
|
|
|
|
|
|
|
|
| |
Even though we now have fully working kqueue(2) and epoll(7)
with our privsep code, ppoll(2) is faster and smaller for our
workload.
This time though, we will keep the code here as it's fully working
and while fixing kqueue we also fixed other bugs in dhcpcd as a result
so it's not time wasted at all.
|
| |
|
|
|
| |
eloop allows for O(1) processing of active fd's.
The problems with the prior implementation have now been fixed.
|
| | |
|
| |
|
|
|
|
|
|
| |
kqueue allows for O(1) processing of active fd's an a more
robust signal handling method without the need to use global
variables to avoid calling functions during signal delivery.
The problems with the prior implemenation have now been fixed.
|
| | |
|
| |
|
|
| |
Their ps tools go out of their way to only show how it was launched :/
|
| | |
|
| | |
|
| |
|
|
| |
Allows to force for example ypbind if it's not installed.
|
| | |
|
| |
|
|
|
|
|
|
| |
On FreeBSD udev, the function udev_device_new_from_subsystem_sysname
exists but is not implemented.
As such it breaks our device initialisation detection.
Disabled by default, but can be enabled with ./configure --with-udev
|
| |
|
|
|
|
| |
It's required for pledge.
It *could* be optional for capsicum but I'd like to try and
keep the sandboxing the same for now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
For systems without Capsicum or Pledge we can create a resource
limited sandbox provided that either ppoll(2) or works with
RLIMIT_NOFILES set to zero.
As far as dhcpcd is concerned, that means Linux and Solaris
won't work with this, but NetBSD and DragonFlyBSD will.
To achieve this, a special control proxy process will be spawned
just to accept new connections over the control socket because
this *cannot* be limited by RLIMIT_NOFILES.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
epoll and kqueue are really too heavy weight.
With privsep, we now favour more processes for BPF and per address sockets.
As such, the number of fds to monitor will always be quite small.
All modern OS now have ppoll(2) (NetBSD has pollts, which is the same)
which works perfectly for us.
If neither are present, the a wrapper around pselect(2) is provided,
which can be found on all POSIX systems.
This makes the code a lot smaller and easier to follow.
The reduced binary size and memory usage is a nice win here.
|
| |
|
|
| |
Inside the privsep users home directory.
|
| | |
|
| | |
|
| |
|
|
| |
As we work with an empty chroot directory.
|
| | |
|
| |
|
|
|
|
|
| |
All fd's in network facing processes are fully limited.
Capability mode is only enabled for BPF processes because
it's too restrictive otherwise - the reasons are noted
in the commit.
|
| |
|
|
| |
So FreeBSD users can set it like other OS's if they so choose.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Overrides the directory to chroot to away from the privilege separation
users home directory.
|
| |
|
|
| |
Wups, I was debugging.
|
| |
|
|
|
|
| |
System users generally have _ preceeding their username.
Only use this user if it exists and their home dir is not /var/empty.
Otherwise default to using dhcpcd.
|
| |
|
|
| |
This reverts commit 36c47a8df0951236a7842bbf8241e2932357ef61.
|
| |
|
|
|
|
|
| |
_dhcp home dir defaults to /var/empty.
System integrators can and should be in charge of changing it when needed.
Packagers on the other hand don't have such a luxury and so should not
use _dhcp by default.
|
| |
|
|
|
|
| |
As recent production kernels ship with ASLR by default which
stops dhcpcd running dead when this is enabled.
We dont want to break a systems boot, so force it via configure.
|
| |
|
|
|
| |
It's blank for the BSD's.
Respect this when relinquishing the hostname.
|
| | |
|
| |
|
|
| |
Found by Arfrever.
|
| |
|
|
|
| |
This allows dhcpcd to work.
udev sadly requires /run/udev as well, so heh ho.
|
| |
|
|
|
|
|
|
|
|
| |
BSD and glibc have the signature for request as unsigned long.
musl and Solaris have a signed int.
As such, we need to detect this at compile time and adjust the
signature of our internal ioctl functions to match.
To keep the onwire format the same, memcpy the request to the
unsigned long request and back again, thus preserving the signedness.
|
| |
|
|
| |
No need to create a specific _dhcpcd user in this instance.
|
| | |
|
| |
|
|
| |
Except on Solaris where it's not expected to work.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Not enabled by default - enable with ./configure --enable-privsep
Requires a user added to the system - default _dhcpcd
Several processes will be spawned off the main state engine:
a privileged actioneer and a generic network proxy.
Only the privileged actioneer process will retain root permissions.
When required, the privileged actioneer will also spawn
BPF listeners for BOOTP (DHCP) and ARP.
The BOOTP BPF listener should be a short lived process.
On kernels with RFC 5227 support, the ARP BPF listener will only
be used for ARPing and announcing a preferred address and will
also be a short lived process.
When not running in master mode, an address listener will be
spawned for each address (with the exception of RA dervived addresses)
dhcpcd cares about.
TODO:
* Solaris support.
* ARP BPF address filtering.
|
| | |
|
| |
|
|
|
|
|
| |
This will allow dhcpcd to create and unlink pidfiles and sockets
which it could otherwise not if dropped priviledges.
Downstream packages such as dhcpcd-ui will need to be adjusted.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
| |
The dbdir option is used to specify the location of the DHCPd database. The default /var/db is not FHS compliant so some may wish to change this to
|
| | |
|
| | |
|
