https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223327
--- Comment #12 from commit-h...@freebsd.org --- A commit references this bug: Author: markj Date: Mon Aug 6 16:22:02 UTC 2018 New revision: 337382 URL: https://svnweb.freebsd.org/changeset/base/337382 Log: dhclient: Don't chroot if we are in capability mode. The main dhclient process is Capsicumized but also chroots to restrict filesystem access. With r322369, pidfile(3) maintains a directory descriptor for the pidfile, which can cause the chroot to fail in certain cases. To minimize the problem, only chroot if we fail to enter capability mode, and store dhclient pidfiles in a subdirectory of /var/run, thus restricting access via pidfile(3)'s directory descriptor. PR: 223327 Reviewed by: cem, oshogbo Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D16584 Changes: head/etc/mtree/BSD.var.dist head/sbin/dhclient/dhclient.8 head/sbin/dhclient/dhclient.c head/sbin/init/rc.d/dhclient -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ freebsd-bugs@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
