Mercurial > hg > dhcpcd

changeset 5467:49e119831377 draft

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
privsep: Send signal from launcher to master over the socket rather than using kill which is not permitted in capsicum. This also allows us to drop the proc pledge.
author Roy Marples <roy@marples.name>
date Sun, 20 Sep 2020 19:24:26 +0100
parents 8bf1ce29152c
children a2d2d095088f
files src/dhcpcd.c src/dhcpcd.h
diffstat 2 files changed, 11 insertions(+), 18 deletions(-) [+]
line wrap: on
line diff
--- a/src/dhcpcd.c	Sun Sep 20 19:09:08 2020 +0100
+++ b/src/dhcpcd.c	Sun Sep 20 19:24:26 2020 +0100
@@ -1417,8 +1417,9 @@
 	}
 
 	if (sig != SIGCHLD && ctx->options & DHCPCD_FORKED) {
-		if (sig != SIGHUP && kill(ctx->fork_pid, sig) == -1)
-			logerr("%s: kill", __func__);
+		if (sig != SIGHUP &&
+		    write(ctx->fork_fd, &sig, sizeof(sig)) == -1)
+			logerr("%s: write", __func__);
 		return;
 	}
 
@@ -1760,16 +1761,9 @@
 {
 	struct dhcpcd_ctx *ctx = arg;
 	int exit_code;
-	bool do_exit;
 	ssize_t len;
 
-	if (ctx->fork_pid == 0) {
-		do_exit = false;
-		len = read(ctx->fork_fd, &ctx->fork_pid, sizeof(ctx->fork_pid));
-	} else {
-		do_exit = true;
-		len = read(ctx->fork_fd, &exit_code, sizeof(exit_code));
-	}
+	len = read(ctx->fork_fd, &exit_code, sizeof(exit_code));
 	if (len == -1) {
 		logerr(__func__);
 		exit_code = EXIT_FAILURE;
@@ -1778,8 +1772,10 @@
 		    __func__, len, sizeof(exit_code));
 		exit_code = EXIT_FAILURE;
 	}
-	if (do_exit)
+	if (ctx->options & DHCPCD_FORKED)
 		eloop_exit(ctx->eloop, exit_code);
+	else
+		dhcpcd_signal_cb(exit_code, ctx);
 }
 
 static void
@@ -2285,6 +2281,8 @@
 			goto exit_failure;
 		}
 #endif
+		eloop_event_add(ctx.eloop, ctx.fork_fd, dhcpcd_fork_cb, &ctx);
+
 		/*
 		 * Redirect stderr to the stderr socketpair.
 		 * Redirect stdout as well.
@@ -2312,9 +2310,6 @@
 			logerr("fork");
 			goto exit_failure;
 		case 0:
-			/* Inform the launcher of our pid as it's chrooted */
-			pid = getpid();
-			write(ctx.fork_fd, &pid, sizeof(pid));
 			break;
 		default:
 			ctx.options |= DHCPCD_FORKED; /* A lie */
@@ -2324,7 +2319,7 @@
 		break;
 	default:
 		setproctitle("[launcher]");
-		ctx.options |= DHCPCD_FORKED; /* A lie */
+		ctx.options |= DHCPCD_FORKED;
 		ctx.fork_fd = fork_fd[0];
 		close(fork_fd[1]);
 #ifdef PRIVSEP_RIGHTS
@@ -2351,8 +2346,7 @@
 				    dhcpcd_stderr_cb, &ctx);
 		}
 #ifdef PRIVSEP
-		if (IN_PRIVSEP(&ctx) &&
-		    ps_mastersandbox(&ctx, "stdio proc") == -1)
+		if (IN_PRIVSEP(&ctx) && ps_mastersandbox(&ctx, NULL) == -1)
 			goto exit_failure;
 #endif
 		goto run_loop;
--- a/src/dhcpcd.h	Sun Sep 20 19:09:08 2020 +0100
+++ b/src/dhcpcd.h	Sun Sep 20 19:24:26 2020 +0100
@@ -122,7 +122,6 @@
 	bool stderr_valid;
 	int stderr_fd;	/* FD for logging to stderr */
 	int fork_fd;	/* FD for the fork init signal pipe */
-	pid_t fork_pid;
 	const char *cffile;
 	unsigned long long options;
 	char *logfile;