# HG changeset patch
# User Roy Marples <roy@marples.name>
# Date 1599396788 -3600
# Node ID 66512375d75929aba839a6a0475fc58be3d96a0d
# Parent  560e67bb9f6f2683cdf9b7dfa1e1d5c6ec4a70aa
privsep: dump leases in a sandbox

diff -r 560e67bb9f6f -r 66512375d759 src/dhcpcd.c
--- a/src/dhcpcd.c	Sun Sep 06 13:27:31 2020 +0100
+++ b/src/dhcpcd.c	Sun Sep 06 13:53:08 2020 +0100
@@ -2198,6 +2198,14 @@
 			ctx.control_fd = control_open(NULL, AF_UNSPEC,
 			    ctx.options & DHCPCD_DUMPLEASE);
 		if (ctx.control_fd != -1) {
+#ifdef PRIVSEP
+			ctx.options &= ~DHCPCD_FORKED;
+			if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx) == -1) {
+				ctx.options |= DHCPCD_FORKED;
+				goto exit_failure;
+			}
+			ctx.options |= DHCPCD_FORKED;
+#endif
 			if (!(ctx.options & DHCPCD_DUMPLEASE))
 				loginfox("sending commands to dhcpcd process");
 			len = control_send(&ctx, argc, argv);
diff -r 560e67bb9f6f -r 66512375d759 src/privsep.c
--- a/src/privsep.c	Sun Sep 06 13:27:31 2020 +0100
+++ b/src/privsep.c	Sun Sep 06 13:53:08 2020 +0100
@@ -124,9 +124,10 @@
 	if (chdir("/") == -1)
 		logerr("%s: chdir `/'", __func__);
 
-	if (setgroups(1, &pw->pw_gid) == -1 ||
+	if ((setgroups(1, &pw->pw_gid) == -1 ||
 	     setgid(pw->pw_gid) == -1 ||
-	     setuid(pw->pw_uid) == -1)
+	     setuid(pw->pw_uid) == -1) &&
+	     (errno != EPERM || ctx->options & DHCPCD_FORKED))
 	{
 		logerr("failed to drop privileges");
 		return -1;