pidfile: Import new pidfile from NetBSD

compat/pidfile.h

@@ -1,6 +1,6 @@
 /*-
  * SPDX-License-Identifier: BSD-2-Clause
- * Copyright (c) 1999, 2016 The NetBSD Foundation, Inc.
+ * Copyright (c) 1999, 2016, 2026 The NetBSD Foundation, Inc.
  * All rights reserved.
  *
  * This code is derived from software contributed to The NetBSD Foundation
@@ -31,10 +31,18 @@
 #ifndef PIDFILE_H
 #define PIDFILE_H
 
-#include <unistd.h>
+#include <sys/types.h>
 
+#include "config.h"
+
+int		pidfile(const char *);
 int		pidfile_clean(void);
 pid_t		pidfile_lock(const char *);
 pid_t		pidfile_read(const char *);
+int		pidfile_unlock(void);
+
+int		pidfile_fd(void);
+const char *	pidfile_path(void);
+void		pidfile_unremoveable(void);
 
 #endif

configure

@@ -1039,12 +1039,12 @@ elif [ "$PRIVSEP" = yes ]; then
 fi
 
 if [ -z "$PIDFILE_LOCK" ]; then
-	printf "Testing for pidfile_lock ... "
+	printf "Testing for pidfile_unlock ... "
 	cat <<EOF >_pidfile.c
 #include <stdlib.h>
 #include <util.h>
 int main(void) {
-	return (int)pidfile_lock(NULL);
+	return (int)pidfile_unlock();
 }
 EOF
 	# We only want to link to libutil if it exists in /lib
@@ -1065,8 +1065,9 @@ EOF
 	rm -rf _pidfile.* _pidfile
 fi
 if [ "$PIDFILE_LOCK" = no ]; then
-	echo "COMPAT_SRCS+=	compat/pidfile.c" >>$CONFIG_MK
+	echo "CPPFLAGS+=	-DPIDFILE_LOCAL" >>$CONFIG_MK
 	echo "#include			\"compat/pidfile.h\"" >>$CONFIG_H
+	echo "COMPAT_SRCS+=	compat/pidfile.c" >>$CONFIG_MK
 else
 	echo "#define	HAVE_UTIL_H" >>$CONFIG_H
 	if [ -n "$LIBUTIL" ]; then

src/bpf-bsd.c

@@ -36,6 +36,7 @@
 #include <stddef.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #include "bpf.h"
 #ifdef __sun

src/bpf-linux.c

@@ -35,6 +35,7 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #include "bpf.h"
 

src/common.c

@@ -35,6 +35,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #include "common.h"
 #include "dhcpcd.h"

src/dhcpcd.c

@@ -2289,11 +2289,15 @@ main(int argc, char **argv, char **envp)
 			default:
 				per = "";
 			}
-			snprintf(ctx.pidfile, sizeof(ctx.pidfile), PIDFILE,
-			    ifname, per, ".");
+			if (asprintf(&ctx.pidfile, PIDFILE, ifname, per, ".") == -1) {
+				logerr("%s: asprintf", __func__);
+				goto exit_failure;
+			}
 		} else {
-			snprintf(ctx.pidfile, sizeof(ctx.pidfile), PIDFILE, "",
-			    "", "");
+			if (asprintf(&ctx.pidfile, PIDFILE, "", "", "") == -1) {
+				logerr("%s: asprintf", __func__);
+				goto exit_failure;
+			}
 			ctx.options |= DHCPCD_MANAGER;
 
 			/*
@@ -2582,6 +2586,18 @@ main(int argc, char **argv, char **envp)
 #endif
 		goto exit_failure;
 	}
+#ifdef PRIVSEP_RIGHTS
+	{
+		cap_rights_t rights;
+
+		cap_rights_init(&rights, CAP_READ, CAP_SEEK, CAP_FTRUNCATE);
+		if (cap_rights_limit(pidfile_fd(), &rights) == -1 &&
+		    errno != ENOSYS) {
+			logerr("%s: cap_rights_limit", __func__);
+			goto exit_failure;
+		}
+	}
+#endif
 #endif
 
 	os_init();
@@ -2817,6 +2833,7 @@ main(int argc, char **argv, char **envp)
 	}
 #endif
 
+	free(ctx.pidfile);
 	eloop_free(ctx.eloop);
 	logclose();
 	free(ctx.logfile);
@@ -2826,9 +2843,5 @@ main(int argc, char **argv, char **envp)
 	setproctitle_fini();
 #endif
 
-#ifdef USE_SIGNALS
-	if (ctx.options & (DHCPCD_FORKED | DHCPCD_PRIVSEP))
-		_exit(i); /* so atexit won't remove our pidfile */
-#endif
 	return i;
 }

src/dhcpcd.h

@@ -116,7 +116,7 @@ TAILQ_HEAD(if_head, interface);
 struct passwd;
 
 struct dhcpcd_ctx {
-	char pidfile[sizeof(PIDFILE) + IF_NAMESIZE + 1];
+	char *pidfile;
 	char vendor[256];
 	int fork_fd; /* FD for the fork init signal pipe */
 	const char *cffile;

src/privsep-control.c

@@ -29,6 +29,7 @@
 #include <errno.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #include "control.h"
 #include "dhcpcd.h"

src/privsep-linux.c

@@ -337,6 +337,9 @@ static struct sock_filter ps_seccomp_filter[] = {
 #ifdef __NR_fstat64
 	SECCOMP_ALLOW(__NR_fstat64),
 #endif
+#ifdef __NR_ftruncate
+	SECCOMP_ALLOW(__NR_ftruncate),
+#endif
 #ifdef __NR_gettimeofday
 	SECCOMP_ALLOW(__NR_gettimeofday),
 #endif
@@ -364,6 +367,9 @@ static struct sock_filter ps_seccomp_filter[] = {
 /* SECCOMP BPF is newer than nl80211 so we don't need SIOCGIWESSID
  * which lives in the impossible to include linux/wireless.h header */
 #endif
+#ifdef __NR_lseek
+	SECCOMP_ALLOW(__NR_lseek),
+#endif
 #ifdef __NR_madvise /* needed for musl */
 	SECCOMP_ALLOW(__NR_madvise),
 #endif

src/privsep.c

@@ -392,8 +392,11 @@ ps_startprocess(struct ps_process *psp,
 		return pid;
 	}
 
-	/* If we are not the root process, close un-needed stuff. */
+	/* Close things we no longer need */
+	pidfile_unlock();
 	eloop_closefdwaiter(ctx->eloop);
+
+	/* Close more if we are not root */
 	if (ctx->ps_root != psp) {
 		ps_root_close(ctx);
 #ifdef PLUGIN_DEV
@@ -420,7 +423,6 @@ ps_startprocess(struct ps_process *psp,
 		goto errexit;
 	}
 
-	pidfile_clean();
 	ps_freeprocesses(ctx, psp);
 
 	if (ctx->ps_root != psp) {
@@ -622,6 +624,9 @@ ps_managersandbox(struct dhcpcd_ctx *ctx, const char *_pledge)
 		return -1;
 	}
 
+	/* We can no longer unlink the pidfile. */
+	pidfile_unremoveable();
+
 #ifdef PRIVSEP_RIGHTS
 	if ((ctx->pf_inet_fd != -1 &&
 		ps_rights_limit_ioctl(ctx->pf_inet_fd) == -1) ||