DHCPv6 client in base

Ben Woods woodsb02 at gmail.com
Sat Nov 30 02:52:20 UTC 2019 

On Fri, 29 Nov 2019 at 09:40, Roy Marples <roy at marples.name> wrote:

> On 28/11/2019 22:50, Ben Woods wrote:
> > It is not yet enabled by default until he gets more feedback from others
> > that it is working ok. I intend to update the FreeBSD port to enable
> > this feature (perhaps with a “-devel” port) to allow it to be tested
> > more easily on FreeBSD.
>
> Please add it as a new port - don't want to affect any current dhcpcd
> users with privsep issues.
>
> I've already fixed a few issues based some initial feedback, but there
> is an outstanding issue where dhcpcd will occasionally hang when exiting.
>
> Roy
>

Hi Roy,

I have just added the new port net/dhcpcd-devel which uses the latest
commit (273915d), and enables privilege separation.

So far it seems to be working ok for me!

Couple of comments / questions:
1. I have setup the low privileged user to be the existing FreeBSD user
"_dhcp" [1]. Using a global CFLAG for this seems a bit clunky - it might be
nicer if this could either be a configure option or a runtime option.
2. I have configured both /var/db/dhcpcd/ and /var/run/dhcpcd/ to have
owner:group as _dhcp:_dhcp (the low privilege processes will have both read
and write access to these folders). Is that correct? I note that the commit
message referenced below [2] states read access is required to
/var/db/dhcpcd/, but the text added to README.md states write access is
required.
3. Can you please confirm the output below [3] looks right / matches your
privilege separation design?

[1]
https://svnweb.freebsd.org/ports/head/net/dhcpcd-devel/Makefile?revision=518697&view=markup#l26
[2]
https://roy.marples.name/cgit/dhcpcd.git/commit/?id=0e5bfa4eb22f7b6412d23b9548bf157f9fea88c2
[3] privilege separation output:

# ps auxwwd | grep dhcpcd
_dhcp       7652    0.0  0.0    12232   3012  -  S    10:25      0:00.00
|-- dhcpcd: [master] [ip4] [ip6] (dhcpcd)
root        7878    0.0  0.0    11724   2852  -  S    10:25      0:00.00 |
|-- dhcpcd: [privileged actioneer] (dhcpcd)
_dhcp      10455    0.0  0.0    11724   2852  -  S    10:25      0:00.00 |
| `-- dhcpcd: [BPF ARP] wlan0 (dhcpcd)
_dhcp       7903    0.0  0.0    11696   2844  -  S    10:25      0:00.00 |
`-- dhcpcd: [network proxy] (dhcpcd)

# ls -lah /var/db/dhcpcd/
drwxr-xr-x   2 _dhcp  _dhcp     3B Nov 30 10:28 .
drwxr-xr-x  19 root   wheel    34B Nov 30 10:28 ..
-rw-r--r--   1 _dhcp  _dhcp   300B Nov 30 10:28 wlan0-mySSIDname.lease

# ls -lah /var/run/dhcpcd/
drwxr-xr-x   3 _dhcp  _dhcp     6B Nov 30 10:28 .
drwxr-xr-x  20 root   wheel    48B Nov 30 10:28 ..
drwxr-xr-x   3 root   _dhcp     3B Nov 30 10:28 hook-state
-rw-r--r--   1 _dhcp  _dhcp     6B Nov 30 10:28 pid
srw-rw----   1 _dhcp  _dhcp     0B Nov 30 10:28 sock
srw-rw-rw-   1 _dhcp  _dhcp     0B Nov 30 10:28 unpriv.sock

# ls -lah /var/run/dhcpcd/hook-state/
drwxr-xr-x  3 root   _dhcp     3B Nov 30 10:28 .
drwxr-xr-x  3 _dhcp  _dhcp     6B Nov 30 10:28 ..
drwxr-xr-x  2 root   _dhcp     2B Nov 30 10:28 ntp.conf

# ls -lah /var/run/dhcpcd/hook-state/ntp.conf/
drwxr-xr-x  2 root  _dhcp     2B Nov 30 10:28 .
drwxr-xr-x  3 root  _dhcp     3B Nov 30 10:28 ..

Regards,
Ben

More information about the freebsd-net mailing list