* `--disable-arping`
* `--disable-ipv4ll`
* `--disable-dhcp6`
+ * `--disable-privsep`
You can also move the embedded extended configuration from the dhcpcd binary
to an external file (LIBEXECDIR/dhcpcd-definitions.conf)
able to decode any DHCP/DHCPv6 options that are not defined by the user
in /etc/dhcpcd.conf. This does not really change the total on disk size.
-## Priviledge Separation
-To enable this, use the `--enable-privsep` configure option.
-It's not enabled by default because it's an experimental feature and
-requires adding a user (default `_dhcpcd`) to the system.
-
## Cross compiling
If you're cross compiling you may need set the platform if OS is different
from the host.
To add more simply
`./configure -with-hook=ntp.conf`
+If running privilege separation and on Linux then the `00-linux` hook is
+**mandatory**.
+If you choose not to run it, then you are responsible for setting up the
+needed mount points: `/dev`, `/proc`, `/sys`, `/run/udev`
+
Some system services expose the name of the service we are in,
by default dhcpcd will pick `RC_SVCNAME` from the environment.
You can override this in `CPPFLAGS+= -DRC_SVCNAME="YOUR_SVCNAME"`.
-.\" Copyright (c) 2006-2018 Roy Marples
+.\" Copyright (c) 2006-2020 Roy Marples
.\" All rights reserved
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd February 20, 2018
+.Dd January 21, 2020
.Dt DHCPCD-RUN-HOOKS 8
.Os
.Sh NAME
is run on and
.Ev $reason
is to the reason why
+q
.Nm
was invoked.
DHCP information to be configured is held in variables starting with the word
.Nm
could be invoked:
.Bl -tag -width EXPIREXXXEXPIRE6
+.It Dv CHROOT
+dhcpcd is starting up and needs to configure a chroot environment.
.It Dv PREINIT
dhcpcd is starting up and any pre-initialisation should be done.
.It Dv CARRIER
The following variables will then be set, along with any protocol supplied
ones.
.Bl -tag -width xnew_delegated_dhcp6_prefix
+.It Ev $chroot
+the directory where
+.Nm dhcpcd
+is chrooted.
.It Ev $interface
the name of the interface.
.It Ev $protocol
* or address specific listener.
* Spawn an unpriv process to send/receive common network data.
* Then drop all privs and start running.
+ * Every process aside from the privileged actioneer is chrooted.
+ *
+ * dhcpcd will maintain the config file in the chroot, no need to handle
+ * this in a script or something.
*/
#include <sys/socket.h>
goto eexit;
#ifdef PRIVSEP
- if (strcmp(reason, "CHROOT") == 0) {
+ if (ctx->options & DHCPCD_PRIVSEP && ctx->ps_user != NULL) {
if (efprintf(fp, "chroot=%s", ctx->ps_user->pw_dir) == -1)
goto eexit;
- goto make;
}
+ if (strcmp(reason, "CHROOT") == 0)
+ goto make;
#endif
ifo = ifp->options;
goto eexit;
}
+#ifdef PRIVSEP
make:
+#endif
/* Convert buffer to argv */
fflush(fp);
projects / thirdparty / dhcpcd.git / commitdiff
