diff --git a/srcpkgs/dhcpcd/files/dhcpcd-unprivileged/run b/srcpkgs/dhcpcd/files/dhcpcd-unprivileged/run
new file mode 100644
index 00000000000000..7ca1c5ba2b14ee
--- /dev/null
+++ b/srcpkgs/dhcpcd/files/dhcpcd-unprivileged/run
@@ -0,0 +1,16 @@
+#!/bin/sh
+exec 2>&1
+[ -r conf ] && . ./conf
+
+# automigrate
+chown root:_dhcpcd /etc/dhcpcd.conf
+chmod 640 /etc/dhcpcd.conf
+
+! [ -d /run/dhcpcd ] && install -m 700 -g _dhcpcd -o _dhcpcd -d /run/dhcpcd
+chown -R _dhcpcd:_dhcpcd /run/dhcpcd
+
+exec setpriv --reuid _dhcpcd --regid _dhcpcd --clear-groups \
+  --ambient-caps -all,+net_admin,+net_raw,+net_bind_service \
+  --inh-caps -all,+net_admin,+net_raw,+net_bind_service \
+  --bounding-set -all,+net_admin,+net_raw,+net_bind_service \
+  --no-new-privs -- dhcpcd -B ${OPTS:=-M}
diff --git a/srcpkgs/dhcpcd/template b/srcpkgs/dhcpcd/template
index b558c7b6dc82dd..fc1be5d687cbc3 100644
--- a/srcpkgs/dhcpcd/template
+++ b/srcpkgs/dhcpcd/template
@@ -1,7 +1,7 @@
 # Template file for 'dhcpcd'
 pkgname=dhcpcd
 version=10.3.1
-revision=1
+revision=2
 build_style=configure
 make_check_target=test
 configure_args="
@@ -21,6 +21,7 @@ conf_files=/etc/dhcpcd.conf
 
 system_accounts="_dhcpcd"
 _dhcpcd_homedir="/var/db/dhcpcd"
+make_dirs="/var/db/dhcpcd 0770 root _dhcpcd"
 
 build_options="privsep"
 desc_option_privsep="Enable privilege separation mode for the daemon"
@@ -28,6 +29,7 @@ desc_option_privsep="Enable privilege separation mode for the daemon"
 post_install() {
 	vsv dhcpcd
 	vsv dhcpcd-eth0
+	vsv dhcpcd-unprivileged
 
 	# Enable controlgroup by default, to make dhcpcd-ui work.
 	vsed -e 's,^#\(controlgroup.*\),\1,' -i ${DESTDIR}/etc/dhcpcd.conf