From: Roy Marples Date: Wed, 7 Oct 2020 13:37:35 +0000 (+0100) Subject: privsep: Only log chrooting from the launcher process X-Git-Tag: v9.3.1~16 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d047f2dd0d9cee881d1d3e56da8ba67664f7726d;p=thirdparty%2Fdhcpcd.git privsep: Only log chrooting from the launcher process And the sandbox tech as well. Rework stop_interface so we can reuse an option for marking a process as the launcher. --- diff --git a/src/dhcpcd.c b/src/dhcpcd.c index 8f429bc5..a9ced339 100644 --- a/src/dhcpcd.c +++ b/src/dhcpcd.c @@ -409,7 +409,7 @@ dhcpcd_drop(struct interface *ifp, int stop) } static void -stop_interface(struct interface *ifp) +stop_interface(struct interface *ifp, const char *reason) { struct dhcpcd_ctx *ctx; @@ -418,10 +418,7 @@ stop_interface(struct interface *ifp) ifp->options->options |= DHCPCD_STOPPING; dhcpcd_drop(ifp, 1); - if (ifp->options->options & DHCPCD_DEPARTED) - script_runreason(ifp, "DEPARTED"); - else - script_runreason(ifp, "STOPPED"); + script_runreason(ifp, reason == NULL ? "STOPPED" : reason); /* Delete all timeouts for the interfaces */ eloop_q_timeout_delete(ctx->eloop, ELOOP_QUEUE_ALL, NULL, ifp); @@ -1025,8 +1022,7 @@ dhcpcd_handleinterface(void *arg, int action, const char *ifname) } if (ifp->active) { logdebugx("%s: interface departed", ifp->name); - ifp->options->options |= DHCPCD_DEPARTED; - stop_interface(ifp); + stop_interface(ifp, "DEPARTED"); } TAILQ_REMOVE(ctx->ifaces, ifp, next); if_free(ifp); @@ -1339,7 +1335,7 @@ stop_all_interfaces(struct dhcpcd_ctx *ctx, unsigned long long opts) if (ifp->options->options & DHCPCD_RELEASE) ifp->options->options &= ~DHCPCD_PERSISTENT; ifp->options->options |= DHCPCD_EXITING; - stop_interface(ifp); + stop_interface(ifp, NULL); } } @@ -1591,7 +1587,7 @@ dumperr: ifp->options->options |= opts; if (opts & DHCPCD_RELEASE) ifp->options->options &= ~DHCPCD_PERSISTENT; - stop_interface(ifp); + stop_interface(ifp, NULL); } return 0; } @@ -2293,7 +2289,7 @@ printpidfile: break; default: setproctitle("[launcher]"); - ctx.options |= DHCPCD_FORKED; + ctx.options |= DHCPCD_FORKED | DHCPCD_LAUNCHER; ctx.fork_fd = fork_fd[0]; close(fork_fd[1]); #ifdef PRIVSEP_RIGHTS diff --git a/src/if-options.h b/src/if-options.h index 2c974f57..a73ba0d2 100644 --- a/src/if-options.h +++ b/src/if-options.h @@ -99,7 +99,7 @@ #define DHCPCD_NOALIAS (1ULL << 39) #define DHCPCD_IA_FORCED (1ULL << 40) #define DHCPCD_STOPPING (1ULL << 41) -#define DHCPCD_DEPARTED (1ULL << 42) +#define DHCPCD_LAUNCHER (1ULL << 42) #define DHCPCD_HOSTNAME_SHORT (1ULL << 43) #define DHCPCD_EXITING (1ULL << 44) #define DHCPCD_WAITIP4 (1ULL << 45) diff --git a/src/privsep.c b/src/privsep.c index d1c74f4a..771e7317 100644 --- a/src/privsep.c +++ b/src/privsep.c @@ -116,7 +116,7 @@ ps_dropprivs(struct dhcpcd_ctx *ctx) { struct passwd *pw = ctx->ps_user; - if (!(ctx->options & DHCPCD_FORKED)) + if (ctx->options & DHCPCD_LAUNCHER) logdebugx("chrooting as %s to %s", pw->pw_name, pw->pw_dir); if (chroot(pw->pw_dir) == -1 && (errno != EPERM || ctx->options & DHCPCD_FORKED)) @@ -566,7 +566,7 @@ ps_mastersandbox(struct dhcpcd_ctx *ctx, const char *_pledge) } logerr("%s: %s", __func__, sandbox); return -1; - } else if (!forked) + } else if (ctx->options & DHCPCD_LAUNCHER) logdebugx("sandbox: %s", sandbox); return 0; }