Changes in networking/connect/dhcpcd.xml [f713df3:2115e38]
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
networking/connect/dhcpcd.xml
rf713df3 r2115e38 23 23 <?dbhtml filename="dhcpcd.html"?> 24 24 25 <sect1info>26 <date>$Date$</date>27 </sect1info>28 25 29 26 <title>dhcpcd-&dhcpcd-version;</title> … … 44 41 </para> 45 42 46 &lfs11 0a_checked;43 &lfs112_checked; 47 44 48 45 <bridgehead renderas="sect3">Package Information</bridgehead> … … 95 92 </sect2> 96 93 97 <sect2 role="installation"> 98 <title>Installation of dhcpcd</title> 99 100 <para> 101 Recent releases of <application>dhcpcd</application> implement privilege 102 separation. Additional installation steps are necessary to set up 103 the proper environment, which are performed by issuing the following 104 commands as the <systemitem class="username">root</systemitem> user: 94 <sect2 id='dhcpcd-privsep'> 95 <title>Privilege separation</title> 96 97 <para> 98 Recent releases of <application>dhcpcd</application> optionally support 99 privilege separation. As the practical security benefits of this are 100 unclear for a program like <application>dhcpcd</application> and the 101 setup is more complicated, the book currently defaults to disable it. 102 </para> 103 <para> 104 If you however would like to use privilege separation, additional 105 installation steps are necessary to set up the proper environment. Issue 106 the following commands as the 107 <systemitem class="username">root</systemitem> user: 105 108 </para> 106 109 … … 111 114 -d /var/lib/dhcpcd \ 112 115 -g dhcpcd \ 113 -s /bin/false \116 -s /bin/false \ 114 117 -u 52 dhcpcd && 115 118 chown -v dhcpcd:dhcpcd /var/lib/dhcpcd </userinput></screen> 116 119 117 <para> 118 Install <application>dhcpcd</application> by running the following 119 commands: 120 </sect2> 121 122 <sect2 role="installation"> 123 <title>Installation of dhcpcd</title> 124 125 <para>Fix a runtime error caused by a change in glibc-2.36:</para> 126 127 <screen><userinput>sed '/Deny everything else/i SECCOMP_ALLOW(__NR_getrandom),' \ 128 -i src/privsep-linux.c</userinput></screen> 129 130 <para> 131 Build <application>dhcpcd</application> without privilege separation 132 by running the following command: 133 </para> 134 135 <screen><userinput>./configure --prefix=/usr \ 136 --sysconfdir=/etc \ 137 --libexecdir=/usr/lib/dhcpcd \ 138 --dbdir=/var/lib/dhcpcd \ 139 --runstatedir=/run \ 140 --disable-privsep && 141 make</userinput></screen> 142 143 <para> 144 Build <application>dhcpcd</application> with privilege separation 145 by running the following commands: 120 146 </para> 121 147 … … 178 204 build tree. 179 205 </para> 206 207 <para> 208 <parameter>--disable-privsep</parameter>: Do not use privileg separation, 209 which is the default. 210 </para> 211 212 <para> 213 <parameter>--privsepuser=dhcpcd</parameter>: Use this unpriviled user 214 in a privilege separation setup. 215 </para> 216 217 <para> 218 <option>--with-hook=...</option>: You can optionally install more hooks, 219 for example to install some configuration files such as 220 <filename>ntp.conf</filename>. The set of hooks is in the 221 <filename class="directory">dhcpcd-hooks</filename> directory in the 222 build tree. 223 </para> 180 224 </sect2> 181 225 … … 232 276 modifications to system files are done by hooks which are stored in 233 277 <filename class="directory">/usr/lib/dhcpcd/dhcpcd-hooks</filename>. 234 Set up <command>dhcpcd</command> by removing or adding hooks from/to278 Set up <command>dhcpcd</command> by removing or adding hooks from/to 235 279 that directory. The execution of hooks can be disabled by using 236 280 the <option>--nohook</option> (<option>-C</option>) command line … … 334 378 modifications to system configuration files are done by hooks which 335 379 are stored in <filename class="directory"> 336 /lib/dhcpcd/dhcpcd-hooks</filename>. Set up <command>dhcpcd</command>380 /lib/dhcpcd/dhcpcd-hooks</filename>. Set up <command>dhcpcd</command> 337 381 by removing or adding hooks from/to that directory. The execution 338 382 of hooks can be disabled by using the <option>--nohook</option>
Note:
See TracChangeset
for help on using the changeset viewer.