HomeFreeBSD

dhclient: Don't chroot if we are in capability mode.

Description

dhclient: Don't chroot if we are in capability mode.

The main dhclient process is Capsicumized but also chroots to
restrict filesystem access. With r322369, pidfile(3) maintains a
directory descriptor for the pidfile, which can cause the chroot
to fail in certain cases. To minimize the problem, only chroot
if we fail to enter capability mode, and store dhclient pidfiles
in a subdirectory of /var/run, thus restricting access via
pidfile(3)'s directory descriptor.

PR: 223327
Reviewed by: cem, oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D16584

Details

Provenance
markjAuthored on
Reviewer
cem
Differential Revision
D16584: Remove chroot(2) call from dhclient.
Parents
rS337381: Increase timeout for timedmutex_test:mutex2, timedmutex_test:mutex3
Branches
Unknown
Tags
Unknown