From: Roy Marples Date: Sun, 20 Sep 2020 20:22:49 +0000 (+0100) Subject: privsep: Don't remove pidfile at exit X-Git-Tag: v9.3.0~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bda80910be831d41ea78d8a24db122e4b5732806;p=thirdparty%2Fdhcpcd.git privsep: Don't remove pidfile at exit The privileged actioneer will remove it. --- diff --git a/src/dhcpcd.c b/src/dhcpcd.c index 228f7497..0c226129 100644 --- a/src/dhcpcd.c +++ b/src/dhcpcd.c @@ -2552,6 +2552,9 @@ exit1: #endif freeifaddrs(ifaddrs); } + /* ps_stop will clear DHCPCD_PRIVSEP but we need to + * remember it to avoid attemping to remove the pidfile */ + oi = ctx.options & DHCPCD_PRIVSEP ? 1 : 0; #ifdef PRIVSEP ps_stop(&ctx); #endif @@ -2600,14 +2603,14 @@ exit1: setproctitle_free(); #endif #ifdef USE_SIGNALS - if (ctx.options & DHCPCD_FORKED) - _exit(i); /* so atexit won't remove our pidfile */ - else if (ctx.options & DHCPCD_STARTED) { + if (ctx.options & DHCPCD_STARTED) { /* Try to detach from the launch process. */ if (ctx.fork_fd != -1 && write(ctx.fork_fd, &i, sizeof(i)) == -1) logerr("%s: write", __func__); } + if (ctx.options & DHCPCD_FORKED || oi != 0) + _exit(i); /* so atexit won't remove our pidfile */ #endif return i; } diff --git a/src/privsep-linux.c b/src/privsep-linux.c index c33a00ac..3f0cb123 100644 --- a/src/privsep-linux.c +++ b/src/privsep-linux.c @@ -217,6 +217,9 @@ static struct sock_filter ps_seccomp_filter[] = { #ifdef __NR_close SECCOMP_ALLOW(__NR_close), #endif +#ifdef __NR_exit_group + SECCOMP_ALLOW(__NR_exit_group), +#endif #ifdef __NR_fcntl SECCOMP_ALLOW(__NR_fcntl), #endif @@ -235,6 +238,9 @@ static struct sock_filter ps_seccomp_filter[] = { /* SECCOMP BPF is newer than nl80211 so we don't need SIOCGIWESSID * which lives in the impossible to include linux/wireless.h header */ #endif +#ifdef __NR_munmap + SECCOMP_ALLOW(__NR_munmap), +#endif #ifdef __NR_ppoll SECCOMP_ALLOW(__NR_ppoll), #endif @@ -278,21 +284,6 @@ static struct sock_filter ps_seccomp_filter[] = { SECCOMP_ALLOW(__NR_uname), #endif - /* Avoid unconfined dmesg warnings. - * XXX Why do we need these? */ -#ifdef __NR_exit_group - SECCOMP_ALLOW(__NR_exit_group), -#endif -#ifdef __NR_ftruncate - SECCOMP_ALLOW(__NR_ftruncate), -#endif -#ifdef __NR_munmap - SECCOMP_ALLOW(__NR_munmap), -#endif -#ifdef __NR_unlink - SECCOMP_ALLOW(__NR_unlink), -#endif - /* Deny everything else */ BPF_STMT(BPF_RET + BPF_K, SECCOMP_FILTER_FAIL), };