-
Improvement
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
This is a harvester proposal. Current versions of `dhcpcd` support building with privilege separation, so that the executable produced can run happily as an unprivileged user. We nominally have support for it in our ebuild with the `privsep` flag. The maintainer of `dhcpcd` has stated that at some point in the future, privsep will become the default and eventually only option (https://github.com/NetworkConfiguration/dhcpcd/discussions/279).
The Linux From Scratch notes about it here: https://www.linuxfromscratch.org/blfs/view/svn/basicnet/dhcpcd.html describe what the additional footprint needed on the system (just a `dhcpcd` user and group).
I propose that we turn on the `privsep` flag by default in `harvester` and see what happens...