Chapter 42. Running dhclient exit hooks using NetworkManager a dispatcher script

You can use a NetworkManager dispatcher script to execute dhclient exit hooks.

42.1. The concept of NetworkManager dispatcher scripts

The NetworkManager-dispatcher service executes user-provided scripts in alphabetical order when network events happen. These scripts are typically shell scripts, but can be any executable script or application. You can use dispatcher scripts, for example, to adjust network-related settings that you cannot manage with NetworkManager.

You can store dispatcher scripts in the following directories:

  • /etc/NetworkManager/dispatcher.d/: The general location for dispatcher scripts the root user can edit.
  • /usr/lib/NetworkManager/dispatcher.d/: For pre-deployed immutable dispatcher scripts.

For security reasons, the NetworkManager-dispatcher service executes scripts only if the following conditions met:

  • The script is owned by the root user.
  • The script is only readable and writable by root.
  • The setuid bit is not set on the script.

The NetworkManager-dispatcher service runs each script with two arguments:

  1. The interface name of the device the operation happened on.
  2. The action, such as up, when the interface has been activated.

The Dispatcher scripts section in the NetworkManager(8) man page provides an overview of actions and environment variables you can use in scripts.

The NetworkManager-dispatcher service runs one script at a time, but asynchronously from the main NetworkManager process. Note that, if a script is queued, the service will always run it, even if a later event makes it obsolete. However, the NetworkManager-dispatcher service runs scripts that are symbolic links referring to files in /etc/NetworkManager/dispatcher.d/no-wait.d/ immediately, without waiting for the termination of previous scripts, and in parallel.

Additional resources

  • The Dispatcher scripts section in the NetworkManager(8) man page

42.2. Creating a NetworkManager dispatcher script that runs dhclient exit hooks

This section explains how to write a NetworkManager dispatcher script that runs dhclient exit hooks stored in the /etc/dhcp/dhclient-exit-hooks.d/ directory when an IPv4 address is assigned or updated from a DHCP server.

Prerequisites

  • The dhclient exit hooks are stored in the /etc/dhcp/dhclient-exit-hooks.d/ directory.

Procedure

  1. Create the /etc/NetworkManager/dispatcher.d/12-dhclient-down file with the following content:

    #!/bin/bash
    # Run dhclient.exit-hooks.d scripts
    
    if [ -n "$DHCP4_DHCP_LEASE_TIME" ] ; then
      if [ "$2" = "dhcp4-change" ] || [ "$2" = "up" ] ; then
        if [ -d /etc/dhcp/dhclient-exit-hooks.d ] ; then
          for f in /etc/dhcp/dhclient-exit-hooks.d/*.sh ; do
            if [ -x "${f}" ]; then
              . "${f}"
            fi
          done
        fi
      fi
    fi
  2. Set the root user as owner of the file:

    # chown root:root /etc/NetworkManager/dispatcher.d/12-dhclient-down
  3. Set the permissions so that only the root user can execute it:

    # chmod 0700 /etc/NetworkManager/dispatcher.d/12-dhclient-down
  4. Restore the SELinux context:

    # restorecon /etc/NetworkManager/dispatcher.d/12-dhclient-down

Additional resources

  • The Dispatcher scripts section in the NetworkManager(8) man page.