From: Roy Marples Date: Tue, 21 Jan 2020 22:35:31 +0000 (+0000) Subject: privsep: Note CHROOT script X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b7351730bfba82a27a3ce542a2c36564405a6baf;p=thirdparty%2Fdhcpcd.git privsep: Note CHROOT script While here make BUILDING.md match reality and fix a warning compiling without privsep. --- diff --git a/BUILDING.md b/BUILDING.md index 87df556d..20157b76 100644 --- a/BUILDING.md +++ b/BUILDING.md @@ -22,6 +22,7 @@ Or by removing the following features: * `--disable-arping` * `--disable-ipv4ll` * `--disable-dhcp6` + * `--disable-privsep` You can also move the embedded extended configuration from the dhcpcd binary to an external file (LIBEXECDIR/dhcpcd-definitions.conf) @@ -30,11 +31,6 @@ If dhcpcd cannot load this file at runtime, dhcpcd will work but will not be able to decode any DHCP/DHCPv6 options that are not defined by the user in /etc/dhcpcd.conf. This does not really change the total on disk size. -## Priviledge Separation -To enable this, use the `--enable-privsep` configure option. -It's not enabled by default because it's an experimental feature and -requires adding a user (default `_dhcpcd`) to the system. - ## Cross compiling If you're cross compiling you may need set the platform if OS is different from the host. @@ -170,6 +166,11 @@ The configure program attempts to find hooks for systems you have installed. To add more simply `./configure -with-hook=ntp.conf` +If running privilege separation and on Linux then the `00-linux` hook is +**mandatory**. +If you choose not to run it, then you are responsible for setting up the +needed mount points: `/dev`, `/proc`, `/sys`, `/run/udev` + Some system services expose the name of the service we are in, by default dhcpcd will pick `RC_SVCNAME` from the environment. You can override this in `CPPFLAGS+= -DRC_SVCNAME="YOUR_SVCNAME"`. diff --git a/hooks/dhcpcd-run-hooks.8.in b/hooks/dhcpcd-run-hooks.8.in index af2f78ce..7cf17ed1 100644 --- a/hooks/dhcpcd-run-hooks.8.in +++ b/hooks/dhcpcd-run-hooks.8.in @@ -1,4 +1,4 @@ -.\" Copyright (c) 2006-2018 Roy Marples +.\" Copyright (c) 2006-2020 Roy Marples .\" All rights reserved .\" .\" Redistribution and use in source and binary forms, with or without @@ -22,7 +22,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd February 20, 2018 +.Dd January 21, 2020 .Dt DHCPCD-RUN-HOOKS 8 .Os .Sh NAME @@ -69,6 +69,7 @@ is set to the interface that is run on and .Ev $reason is to the reason why +q .Nm was invoked. DHCP information to be configured is held in variables starting with the word @@ -83,6 +84,8 @@ Here's a list of reasons why .Nm could be invoked: .Bl -tag -width EXPIREXXXEXPIRE6 +.It Dv CHROOT +dhcpcd is starting up and needs to configure a chroot environment. .It Dv PREINIT dhcpcd is starting up and any pre-initialisation should be done. .It Dv CARRIER @@ -150,6 +153,10 @@ and The following variables will then be set, along with any protocol supplied ones. .Bl -tag -width xnew_delegated_dhcp6_prefix +.It Ev $chroot +the directory where +.Nm dhcpcd +is chrooted. .It Ev $interface the name of the interface. .It Ev $protocol diff --git a/src/privsep.c b/src/privsep.c index af9e27bf..f0fd444f 100644 --- a/src/privsep.c +++ b/src/privsep.c @@ -33,6 +33,10 @@ * or address specific listener. * Spawn an unpriv process to send/receive common network data. * Then drop all privs and start running. + * Every process aside from the privileged actioneer is chrooted. + * + * dhcpcd will maintain the config file in the chroot, no need to handle + * this in a script or something. */ #include diff --git a/src/script.c b/src/script.c index 81cae18c..d919333a 100644 --- a/src/script.c +++ b/src/script.c @@ -275,11 +275,12 @@ make_env(struct dhcpcd_ctx *ctx, const struct interface *ifp, goto eexit; #ifdef PRIVSEP - if (strcmp(reason, "CHROOT") == 0) { + if (ctx->options & DHCPCD_PRIVSEP && ctx->ps_user != NULL) { if (efprintf(fp, "chroot=%s", ctx->ps_user->pw_dir) == -1) goto eexit; - goto make; } + if (strcmp(reason, "CHROOT") == 0) + goto make; #endif ifo = ifp->options; @@ -508,7 +509,9 @@ dumplease: goto eexit; } +#ifdef PRIVSEP make: +#endif /* Convert buffer to argv */ fflush(fp);