]> git.ipfire.org Git - thirdparty/dhcpcd.git/commit
projects / thirdparty / dhcpcd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7e4b8c2) | patch
privsep: Implement a resource limited sandbox
authorRoy Marples <roy@marples.name>
Tue, 9 Jun 2020 17:25:18 +0000 (18:25 +0100)
committerRoy Marples <roy@marples.name>
Tue, 9 Jun 2020 17:25:18 +0000 (18:25 +0100)
commitbc4a5e852a8b810bdbe5679ef3e03a634709d722
tree77ab40db824324751c6617c325ea57a8fcdcc3f1tree
parent7e4b8c2ec9b521495a5c4906f8315f0530dd0ffdcommit | diff
privsep: Implement a resource limited sandbox

For systems without Capsicum or Pledge we can create a resource
limited sandbox provided that either ppoll(2) or works with
RLIMIT_NOFILES set to zero.

As far as dhcpcd is concerned, that means Linux and Solaris
won't work with this, but NetBSD and DragonFlyBSD will.

To achieve this, a special control proxy process will be spawned
just to accept new connections over the control socket because
this *cannot* be limited by RLIMIT_NOFILES.
configure diff | blob | blame | history
src/Makefile diff | blob | blame | history
src/control.c diff | blob | blame | history
src/control.h diff | blob | blame | history
src/dhcpcd.c diff | blob | blame | history
src/dhcpcd.h diff | blob | blame | history
src/privsep-control.c [new file with mode: 0644] blob
src/privsep-control.h [new file with mode: 0644] blob
src/privsep.c diff | blob | blame | history
src/privsep.h diff | blob | blame | history
src/script.c diff | blob | blame | history
Mirror of https://github.com/NetworkConfiguration/dhcpcd.git