Dear Colleagues, After some further investigation I think I have found the solution for the chroot error as well.
In the unit file the syscall filtering is a little bit too strict. Besides the already configured list of '@system-service' for the 'SystemCallFilter' stanza, the 'chroot' syscall has to be added as well. After having a cursory glance over the source code (and mind you, I am not a C developer :-) ) I have found 'src/privsep.c' where the design details are documented in the beginning. Based on that I think it is a fair thing to grant that extra syscall for the service. With that I have managed to reduce the number of errors in the dhcpcd unit logs to one on my machine, namely control_free: No such file or directory which might not fit the scope of this ticket. Regards, János Pásztor
