--- a/src/dhcpcd.c	Sun Sep 20 20:22:40 2020 +0100
+++ b/src/dhcpcd.c	Sun Sep 20 21:22:49 2020 +0100
@@ -2552,6 +2552,9 @@
 #endif
 			freeifaddrs(ifaddrs);
 	}
+	/* ps_stop will clear DHCPCD_PRIVSEP but we need to
+	 * remember it to avoid attemping to remove the pidfile */
+	oi = ctx.options & DHCPCD_PRIVSEP ? 1 : 0;
 #ifdef PRIVSEP
 	ps_stop(&ctx);
 #endif
@@ -2600,14 +2603,14 @@
 	setproctitle_free();
 #endif
 #ifdef USE_SIGNALS
-	if (ctx.options & DHCPCD_FORKED)
-		_exit(i); /* so atexit won't remove our pidfile */
-	else if (ctx.options & DHCPCD_STARTED) {
+	if (ctx.options & DHCPCD_STARTED) {
 		/* Try to detach from the launch process. */
 		if (ctx.fork_fd != -1 &&
 		    write(ctx.fork_fd, &i, sizeof(i)) == -1)
 			logerr("%s: write", __func__);
 	}
+	if (ctx.options & DHCPCD_FORKED || oi != 0)
+		_exit(i); /* so atexit won't remove our pidfile */
 #endif
 	return i;
 }

--- a/src/privsep-linux.c	Sun Sep 20 20:22:40 2020 +0100
+++ b/src/privsep-linux.c	Sun Sep 20 21:22:49 2020 +0100
@@ -217,6 +217,9 @@
 #ifdef __NR_close
 	SECCOMP_ALLOW(__NR_close),
 #endif
+#ifdef __NR_exit_group
+	SECCOMP_ALLOW(__NR_exit_group),
+#endif
 #ifdef __NR_fcntl
 	SECCOMP_ALLOW(__NR_fcntl),
 #endif
@@ -235,6 +238,9 @@
 	/* SECCOMP BPF is newer than nl80211 so we don't need SIOCGIWESSID
 	 * which lives in the impossible to include linux/wireless.h header */
 #endif
+#ifdef __NR_munmap
+	SECCOMP_ALLOW(__NR_munmap),
+#endif
 #ifdef __NR_ppoll
 	SECCOMP_ALLOW(__NR_ppoll),
 #endif
@@ -278,21 +284,6 @@
 	SECCOMP_ALLOW(__NR_uname),
 #endif
 
-	/* Avoid unconfined dmesg warnings.
-	 * XXX Why do we need these? */
-#ifdef __NR_exit_group
-	SECCOMP_ALLOW(__NR_exit_group),
-#endif
-#ifdef __NR_ftruncate
-	SECCOMP_ALLOW(__NR_ftruncate),
-#endif
-#ifdef __NR_munmap
-	SECCOMP_ALLOW(__NR_munmap),
-#endif
-#ifdef __NR_unlink
-	SECCOMP_ALLOW(__NR_unlink),
-#endif
-
 	/* Deny everything else */
 	BPF_STMT(BPF_RET + BPF_K, SECCOMP_FILTER_FAIL),
 };