# HG changeset patch # User Roy Marples # Date 1600626266 -3600 # Node ID 49e119831377e031397a022c3c8342deda72b38c # Parent 8bf1ce29152cc049f534d0707c86e98519ca8662 privsep: Send signal from launcher to master over the socket rather than using kill which is not permitted in capsicum. This also allows us to drop the proc pledge. diff -r 8bf1ce29152c -r 49e119831377 src/dhcpcd.c --- a/src/dhcpcd.c Sun Sep 20 19:09:08 2020 +0100 +++ b/src/dhcpcd.c Sun Sep 20 19:24:26 2020 +0100 @@ -1417,8 +1417,9 @@ } if (sig != SIGCHLD && ctx->options & DHCPCD_FORKED) { - if (sig != SIGHUP && kill(ctx->fork_pid, sig) == -1) - logerr("%s: kill", __func__); + if (sig != SIGHUP && + write(ctx->fork_fd, &sig, sizeof(sig)) == -1) + logerr("%s: write", __func__); return; } @@ -1760,16 +1761,9 @@ { struct dhcpcd_ctx *ctx = arg; int exit_code; - bool do_exit; ssize_t len; - if (ctx->fork_pid == 0) { - do_exit = false; - len = read(ctx->fork_fd, &ctx->fork_pid, sizeof(ctx->fork_pid)); - } else { - do_exit = true; - len = read(ctx->fork_fd, &exit_code, sizeof(exit_code)); - } + len = read(ctx->fork_fd, &exit_code, sizeof(exit_code)); if (len == -1) { logerr(__func__); exit_code = EXIT_FAILURE; @@ -1778,8 +1772,10 @@ __func__, len, sizeof(exit_code)); exit_code = EXIT_FAILURE; } - if (do_exit) + if (ctx->options & DHCPCD_FORKED) eloop_exit(ctx->eloop, exit_code); + else + dhcpcd_signal_cb(exit_code, ctx); } static void @@ -2285,6 +2281,8 @@ goto exit_failure; } #endif + eloop_event_add(ctx.eloop, ctx.fork_fd, dhcpcd_fork_cb, &ctx); + /* * Redirect stderr to the stderr socketpair. * Redirect stdout as well. @@ -2312,9 +2310,6 @@ logerr("fork"); goto exit_failure; case 0: - /* Inform the launcher of our pid as it's chrooted */ - pid = getpid(); - write(ctx.fork_fd, &pid, sizeof(pid)); break; default: ctx.options |= DHCPCD_FORKED; /* A lie */ @@ -2324,7 +2319,7 @@ break; default: setproctitle("[launcher]"); - ctx.options |= DHCPCD_FORKED; /* A lie */ + ctx.options |= DHCPCD_FORKED; ctx.fork_fd = fork_fd[0]; close(fork_fd[1]); #ifdef PRIVSEP_RIGHTS @@ -2351,8 +2346,7 @@ dhcpcd_stderr_cb, &ctx); } #ifdef PRIVSEP - if (IN_PRIVSEP(&ctx) && - ps_mastersandbox(&ctx, "stdio proc") == -1) + if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx, NULL) == -1) goto exit_failure; #endif goto run_loop; diff -r 8bf1ce29152c -r 49e119831377 src/dhcpcd.h --- a/src/dhcpcd.h Sun Sep 20 19:09:08 2020 +0100 +++ b/src/dhcpcd.h Sun Sep 20 19:24:26 2020 +0100 @@ -122,7 +122,6 @@ bool stderr_valid; int stderr_fd; /* FD for logging to stderr */ int fork_fd; /* FD for the fork init signal pipe */ - pid_t fork_pid; const char *cffile; unsigned long long options; char *logfile;