diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix
index 9b3269e965f5..97b9680ed951 100644
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@@ -206,22 +206,6 @@ in
 
   config = lib.mkIf enableDHCP {
 
-    assertions = [ {
-      # dhcpcd doesn't start properly with malloc ∉ [ libc scudo ]
-      # see https://github.com/NixOS/nixpkgs/issues/151696
-      assertion =
-        dhcpcd.enablePrivSep
-          -> lib.elem config.environment.memoryAllocator.provider [ "libc" "scudo" ];
-      message = ''
-        dhcpcd with privilege separation is incompatible with chosen system malloc.
-          Currently only the `libc` and `scudo` allocators are known to work.
-          To disable dhcpcd's privilege separation, overlay Nixpkgs and override dhcpcd
-          to set `enablePrivSep = false`.
-      '';
-    } ];
-
-    environment.etc."dhcpcd.conf".source = dhcpcdConf;
-
     systemd.services.dhcpcd = let
       cfgN = config.networking;
       hasDefaultGatewaySet = (cfgN.defaultGateway != null && cfgN.defaultGateway.address != "")
diff --git a/nixos/tests/chrony.nix b/nixos/tests/chrony.nix
index 2dcc363728be..9582ab14bb8f 100644
--- a/nixos/tests/chrony.nix
+++ b/nixos/tests/chrony.nix
@@ -13,8 +13,6 @@ import ./make-test-python.nix ({ lib, ... }:
       specialisation.hardened.configuration = {
         services.chrony.enableMemoryLocking = true;
         environment.memoryAllocator.provider = "graphene-hardened";
-        # dhcpcd privsep is incompatible with graphene-hardened
-        networking.useNetworkd = true;
       };
     };
   };
diff --git a/nixos/tests/hardened.nix b/nixos/tests/hardened.nix
index e38834961e13..0c43e3523dac 100644
--- a/nixos/tests/hardened.nix
+++ b/nixos/tests/hardened.nix
@@ -11,11 +11,6 @@ import ./make-test-python.nix ({ pkgs, ... } : {
       imports = [ ../modules/profiles/hardened.nix ];
       environment.memoryAllocator.provider = "graphene-hardened";
       nix.settings.sandbox = false;
-      nixpkgs.overlays = [
-        (final: super: {
-          dhcpcd = super.dhcpcd.override { enablePrivSep = false; };
-        })
-      ];
       virtualisation.emptyDiskImages = [ 4096 ];
       boot.initrd.postDeviceCommands = ''
         ${pkgs.dosfstools}/bin/mkfs.vfat -n EFISYS /dev/vdb
diff --git a/pkgs/tools/networking/dhcpcd/default.nix b/pkgs/tools/networking/dhcpcd/default.nix
index 6221034dc285..368319195df2 100644
--- a/pkgs/tools/networking/dhcpcd/default.nix
+++ b/pkgs/tools/networking/dhcpcd/default.nix
@@ -7,7 +7,6 @@
 , runtimeShellPackage
 , runtimeShell
 , nixosTests
-, enablePrivSep ? true
 }:
 
 stdenv.mkDerivation rec {
@@ -38,17 +37,8 @@ stdenv.mkDerivation rec {
   configureFlags = [
     "--sysconfdir=/etc"
     "--localstatedir=/var"
-  ]
-  ++ (
-    if ! enablePrivSep
-    then [ "--disable-privsep" ]
-    else [
-      "--enable-privsep"
-      # dhcpcd disables privsep if it can't find the default user,
-      # so we explicitly specify a user.
-      "--privsepuser=dhcpcd"
-    ]
-  );
+    "--disable-privsep"
+  ];
 
   makeFlags = [ "PREFIX=${placeholder "out"}" ];
 
@@ -59,9 +49,8 @@ stdenv.mkDerivation rec {
   # Check that the udev plugin got built.
   postInstall = lib.optionalString (udev != null && stdenv.isLinux) "[ -e ${placeholder "out"}/lib/dhcpcd/dev/udev.so ]";
 
-  passthru = {
-    inherit enablePrivSep;
-    tests = { inherit (nixosTests.networking.scripted) macvlan dhcpSimple dhcpOneIf; };
+  passthru.tests = {
+    inherit (nixosTests.networking.scripted) macvlan dhcpSimple dhcpOneIf;
   };
 
   meta = with lib; {