d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/sbin/init/rc.d/dhclient
markj f571872c4d dhclient: Don't chroot if we are in capability mode. 
The main dhclient process is Capsicumized but also chroots to
restrict filesystem access.  With r322369, pidfile(3) maintains a
directory descriptor for the pidfile, which can cause the chroot
to fail in certain cases.  To minimize the problem, only chroot
if we fail to enter capability mode, and store dhclient pidfiles
in a subdirectory of /var/run, thus restricting access via
pidfile(3)'s directory descriptor.

PR:		223327
Reviewed by:	cem, oshogbo
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D16584
2018-08-06 16:22:01 +00:00

66 lines
1.2 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: dhclient
# KEYWORD: nojailvnet nostart
. /etc/rc.subr
. /etc/network.subr
ifn="$2"
name="dhclient"
desc="Dynamic Host Configuration Protocol (DHCP) client"
rcvar=
pidfile="/var/run/dhclient/${name}.${ifn}.pid"
start_precmd="dhclient_prestart"
stop_precmd="dhclient_pre_check"
# rc_force check can only be done at the run_rc_command
# time, so we're testing it in the pre* hooks.
dhclient_pre_check()
{
if [ -z "${rc_force}" ] && ! dhcpif $ifn; then
local msg
msg="'$ifn' is not a DHCP-enabled interface"
if [ -z "${rc_quiet}" ]; then
echo "$msg"
else
debug "$msg"
fi
exit 1
fi
}
dhclient_prestart()
{
dhclient_pre_check
# Interface-specific flags (see rc.subr for $flags setting)
specific=$(get_if_var $ifn dhclient_flags_IF)
if [ -z "$flags" -a -n "$specific" ]; then
rc_flags=$specific
fi
background_dhclient=$(get_if_var $ifn background_dhclient_IF $background_dhclient)
if checkyesno background_dhclient; then
rc_flags="${rc_flags} -b"
fi
rc_flags="${rc_flags} ${ifn}"
}
load_rc_config $name
load_rc_config network
if [ -z $ifn ] ; then
# only complain if a command was specified but no interface
if [ -n "$1" ] ; then
err 1 "$0: no interface specified"
fi
fi
run_rc_command "$1"
Reference in New Issue View Git Blame Copy Permalink