aboutsummaryrefslogtreecommitdiff
path: root/release/tools
diff options
context:
space:
mode:
authorMark Johnston <markj@FreeBSD.org>2018-08-06 16:22:01 +0000
committerMark Johnston <markj@FreeBSD.org>2018-08-06 16:22:01 +0000
commit976e100378844d5668810067ed07748f151c5ea2 (patch)
tree66c644fc86089cc600fbe06d58a7fae9efdb2f53 /release/tools
parent7db2360401dc8e8ff7f44efc8218bb82015f6f89 (diff)
downloadsrc-976e100378844d5668810067ed07748f151c5ea2.tar.gz
src-976e100378844d5668810067ed07748f151c5ea2.zip
dhclient: Don't chroot if we are in capability mode.
The main dhclient process is Capsicumized but also chroots to restrict filesystem access. With r322369, pidfile(3) maintains a directory descriptor for the pidfile, which can cause the chroot to fail in certain cases. To minimize the problem, only chroot if we fail to enter capability mode, and store dhclient pidfiles in a subdirectory of /var/run, thus restricting access via pidfile(3)'s directory descriptor. PR: 223327 Reviewed by: cem, oshogbo Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D16584
Notes
Notes: svn path=/head/; revision=337382
Diffstat (limited to 'release/tools')
0 files changed, 0 insertions, 0 deletions