Changeset 2115e38

Timestamp:

01/02/2023 11:59:06 PM (16 months ago)

Author:

Tim Tassonis <stuff@…>

Branches:

11.3, 12.0, 12.1, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, lazarus, lxqt, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, trunk, xry111/llvm18, xry111/xf86-video-removal

Children:

e8e00904

Parents:

0433493

Message:

Describe how to build and setup dhcpcd with or without privilege separation.

Files:

• introduction/welcome/changelog.xml (modified) (1 diff)
• networking/connect/dhcpcd.xml (modified) (4 diffs)

introduction/welcome/changelog.xml

@@ -43 +43 @@
       <itemizedlist>
         <listitem>
+          <para>[timtas] - Describe how to build and setup dhcpcd with or
+          without privilege separation.</para>
+        </listitem>
+        <listitem>
           <para>[bdubbs] - Update to fontforge-20230101. Fixes
           <ulink url="&blfs-ticket-root;17465">#17465</ulink>.</para>

networking/connect/dhcpcd.xml

@@ -92 +92 @@
   </sect2>
 
-  <sect2 role="installation">
-    <title>Installation of dhcpcd</title>
-
-    <para>
-      Recent releases of <application>dhcpcd</application> implement privilege
-      separation. Additional installation steps are necessary to set up
-      the proper environment, which are performed by issuing the following
-      commands as the <systemitem class="username">root</systemitem> user:
+  <sect2 id='dhcpcd-privsep'>
+    <title>Privilege separation</title>
+
+    <para>
+      Recent releases of <application>dhcpcd</application> optionally support
+      privilege separation. As the practical security benefits of this are
+      unclear for a program like <application>dhcpcd</application> and the
+      setup is more complicated, the book currently defaults to disable it.
+    </para>
+    <para>
+      If you however would like to use privilege separation, additional
+      installation steps are necessary to set up the proper environment. Issue
+      the following commands as the
+      <systemitem class="username">root</systemitem> user:
     </para>
 
@@ -112 +118 @@
 chown    -v dhcpcd:dhcpcd /var/lib/dhcpcd </userinput></screen>
 
+  </sect2>
+
+  <sect2 role="installation">
+    <title>Installation of dhcpcd</title>
+
     <para>Fix a runtime error caused by a change in glibc-2.36:</para>
 
@@ -118 +129 @@
 
     <para>
-      Install <application>dhcpcd</application> by running the following
-      commands:
+      Build <application>dhcpcd</application> without privilege separation
+      by running the following command:
+    </para>
+
+<screen><userinput>./configure --prefix=/usr                \
+            --sysconfdir=/etc            \
+            --libexecdir=/usr/lib/dhcpcd \
+            --dbdir=/var/lib/dhcpcd      \
+            --runstatedir=/run           \
+            --disable-privsep         &amp;&amp;
+make</userinput></screen>
+
+    <para>
+      Build <application>dhcpcd</application> with privilege separation
+      by running the following commands:
     </para>
 
@@ -171 +195 @@
       <filename class="directory">/var/run</filename> is a symbolic
       link to <filename class="directory">/run</filename>.
+    </para>
+
+    <para>
+      <option>--with-hook=...</option>: You can optionally install more hooks,
+      for example to install some configuration files such as
+      <filename>ntp.conf</filename>. The set of hooks is in the
+      <filename class="directory">dhcpcd-hooks</filename> directory in the
+      build tree.
+    </para>
+
+    <para>
+      <parameter>--disable-privsep</parameter>: Do not use privileg separation,
+      which is the default.
+    </para>
+
+    <para>
+      <parameter>--privsepuser=dhcpcd</parameter>: Use this unpriviled user
+      in a privilege separation setup.
     </para>