[Bug 223327] dhclient: close the pidfile before calling chroot(2)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Aug 6 16:22:21 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223327
--- Comment #12 from commit-hook at freebsd.org ---
A commit references this bug:
Author: markj
Date: Mon Aug 6 16:22:02 UTC 2018
New revision: 337382
URL: https://svnweb.freebsd.org/changeset/base/337382
Log:
dhclient: Don't chroot if we are in capability mode.
The main dhclient process is Capsicumized but also chroots to
restrict filesystem access. With r322369, pidfile(3) maintains a
directory descriptor for the pidfile, which can cause the chroot
to fail in certain cases. To minimize the problem, only chroot
if we fail to enter capability mode, and store dhclient pidfiles
in a subdirectory of /var/run, thus restricting access via
pidfile(3)'s directory descriptor.
PR: 223327
Reviewed by: cem, oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D16584
Changes:
head/etc/mtree/BSD.var.dist
head/sbin/dhclient/dhclient.8
head/sbin/dhclient/dhclient.c
head/sbin/init/rc.d/dhclient
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list