# HG changeset patch # User Roy Marples # Date 1600633369 -3600 # Node ID d7a5671d08c52c4bd0ee5a9539bc247f79813603 # Parent f9a05c95d611a3bc20773e7e52af2b396483c513 privsep: Don't remove pidfile at exit The privileged actioneer will remove it. diff -r f9a05c95d611 -r d7a5671d08c5 src/dhcpcd.c --- a/src/dhcpcd.c Sun Sep 20 20:22:40 2020 +0100 +++ b/src/dhcpcd.c Sun Sep 20 21:22:49 2020 +0100 @@ -2552,6 +2552,9 @@ #endif freeifaddrs(ifaddrs); } + /* ps_stop will clear DHCPCD_PRIVSEP but we need to + * remember it to avoid attemping to remove the pidfile */ + oi = ctx.options & DHCPCD_PRIVSEP ? 1 : 0; #ifdef PRIVSEP ps_stop(&ctx); #endif @@ -2600,14 +2603,14 @@ setproctitle_free(); #endif #ifdef USE_SIGNALS - if (ctx.options & DHCPCD_FORKED) - _exit(i); /* so atexit won't remove our pidfile */ - else if (ctx.options & DHCPCD_STARTED) { + if (ctx.options & DHCPCD_STARTED) { /* Try to detach from the launch process. */ if (ctx.fork_fd != -1 && write(ctx.fork_fd, &i, sizeof(i)) == -1) logerr("%s: write", __func__); } + if (ctx.options & DHCPCD_FORKED || oi != 0) + _exit(i); /* so atexit won't remove our pidfile */ #endif return i; } diff -r f9a05c95d611 -r d7a5671d08c5 src/privsep-linux.c --- a/src/privsep-linux.c Sun Sep 20 20:22:40 2020 +0100 +++ b/src/privsep-linux.c Sun Sep 20 21:22:49 2020 +0100 @@ -217,6 +217,9 @@ #ifdef __NR_close SECCOMP_ALLOW(__NR_close), #endif +#ifdef __NR_exit_group + SECCOMP_ALLOW(__NR_exit_group), +#endif #ifdef __NR_fcntl SECCOMP_ALLOW(__NR_fcntl), #endif @@ -235,6 +238,9 @@ /* SECCOMP BPF is newer than nl80211 so we don't need SIOCGIWESSID * which lives in the impossible to include linux/wireless.h header */ #endif +#ifdef __NR_munmap + SECCOMP_ALLOW(__NR_munmap), +#endif #ifdef __NR_ppoll SECCOMP_ALLOW(__NR_ppoll), #endif @@ -278,21 +284,6 @@ SECCOMP_ALLOW(__NR_uname), #endif - /* Avoid unconfined dmesg warnings. - * XXX Why do we need these? */ -#ifdef __NR_exit_group - SECCOMP_ALLOW(__NR_exit_group), -#endif -#ifdef __NR_ftruncate - SECCOMP_ALLOW(__NR_ftruncate), -#endif -#ifdef __NR_munmap - SECCOMP_ALLOW(__NR_munmap), -#endif -#ifdef __NR_unlink - SECCOMP_ALLOW(__NR_unlink), -#endif - /* Deny everything else */ BPF_STMT(BPF_RET + BPF_K, SECCOMP_FILTER_FAIL), };