Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
S
slash
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
slash
Commits
e25cafcd
Unverified
Commit
e25cafcd
authored
Mar 01, 2024
by
Nils Goroll
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
For global fellow storage, use the jail facility to fix ownership/mode
parent
930492ad
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
107 additions
and
42 deletions
+107
-42
CHANGES.rst
CHANGES.rst
+3
-0
Makefile.am
src/Makefile.am
+2
-0
fellow_log_storage.h
src/fellow_log_storage.h
+0
-2
fellow_mgt.c
src/fellow_mgt.c
+84
-0
fellow_mgt.h
src/fellow_mgt.h
+9
-0
fellow_storage.c
src/fellow_storage.c
+3
-40
vmod_slash.man.rst
src/vmod_slash.man.rst
+3
-0
vmod_slash.vcc
src/vmod_slash.vcc
+3
-0
No files found.
CHANGES.rst
View file @
e25cafcd
...
...
@@ -18,6 +18,9 @@ Version 1.0.0-rc3 (NEXT RELEASE)
fellow
======
* Storage files of global fellow storage now have their ownership and
permissions changed using the varnish-cache jail facility.
.. _#60: https://gitlab.com/uplex/varnish/slash/-/issues/60
* Reduce memory cache usage when adding objects to the cache with
...
...
src/Makefile.am
View file @
e25cafcd
...
...
@@ -55,6 +55,8 @@ libvmod_slash_la_LDFLAGS = $(VMOD_LDFLAGS)
libvmod_slash_la_SOURCES
=
\
vmod_slash.c
\
vmod_slash_loadmasters.c
\
fellow_mgt.c
\
fellow_mgt.h
\
fellow_storage.c
\
fellow_storage.h
\
fellow_storage_deref.h
\
...
...
src/fellow_log_storage.h
View file @
e25cafcd
...
...
@@ -218,8 +218,6 @@ void fellow_log_dle_submit(struct fellow_fd *ffd,
struct
fellow_dle
*
entry
,
unsigned
n
);
typedef
int
fellow_resurrect_f
(
void
*
priv
,
const
struct
fellow_dle
*
e
);
int
fellow_sane_file_path
(
const
char
*
path
);
struct
VSC_fellow
;
struct
stvfe_tune
;
struct
fellow_fd
*
...
...
src/fellow_mgt.c
0 → 100644
View file @
e25cafcd
/*-
* SPDX-License-Identifier: LGPL-2.1-only
* Copyright 2022,2023,2024 UPLEX Nils Goroll Systemoptimierung.
* All rights reserved.
* Author: Nils Goroll <nils.goroll@uplex.de>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301 USA Also add information on how to contact you by
* electronic and paper mail.
*
* This file is a separate compilation unit because of the mgt/cache split in
* varnish-cache, but sfe_mgt_tryopen() is also used for storage from vcl
*/
#include "config.h"
#include <stdlib.h>
#include <fcntl.h> // open
#include <sys/file.h> // flock
#include <sys/stat.h> // stat
#include <string.h> // strerror
#include <stdio.h> // printf
#include <unistd.h> // close
#include "mgt/mgt.h" // VJ_*
#include "fellow_mgt.h"
// fellow_log.c
int
fellow_sane_file_path
(
const
char
*
path
);
static
char
errbuf
[
1024
]
=
""
;
#define STVERR(...) do { \
bprintf(errbuf, __VA_ARGS__); \
return (errbuf); \
} while (0)
#define INMGT(x) if (scope == STVFE_GLOBAL) x
const
char
*
sfe_mgt_tryopen
(
const
char
*
path
,
enum
stvfe_scope
scope
)
{
struct
stat
st
;
int
fd
;
if
(
stat
(
path
,
&
st
)
!=
0
&&
!
fellow_sane_file_path
(
path
))
{
STVERR
(
"%s does not exist (stat failed),"
" but the path suggests that it should be an "
"existing block device. Do you have a typo?
\n
"
,
path
);
}
INMGT
(
VJ_master
(
JAIL_MASTER_STORAGE
));
fd
=
open
(
path
,
O_RDWR
|
O_CREAT
|
O_LARGEFILE
,
0600
);
if
(
fd
<
0
)
{
INMGT
(
VJ_master
(
JAIL_MASTER_LOW
));
STVERR
(
"open(%s) failed: %s (%d)"
,
path
,
strerror
(
errno
),
errno
);
}
INMGT
(
VJ_fix_fd
(
fd
,
JAIL_FIXFD_FILE
));
if
(
flock
(
fd
,
LOCK_EX
|
LOCK_NB
))
{
INMGT
(
VJ_master
(
JAIL_MASTER_LOW
));
assert
(
errno
==
EWOULDBLOCK
);
STVERR
(
"flock(%s) failed: %s (%d)"
" - a fellow file can only be used once"
,
path
,
strerror
(
errno
),
errno
);
}
AZ
(
flock
(
fd
,
LOCK_UN
));
INMGT
(
VJ_master
(
JAIL_MASTER_LOW
));
AZ
(
close
(
fd
));
return
(
NULL
);
}
src/fellow_mgt.h
0 → 100644
View file @
e25cafcd
enum
stvfe_scope
{
STVFE_INVAL
=
0
,
STVFE_GLOBAL
,
STVFE_VCL_DISCARD
,
// discard all objects
STVFE_VCL_EMPTY
// fail unless storage is empty
};
const
char
*
sfe_mgt_tryopen
(
const
char
*
path
,
enum
stvfe_scope
scope
);
src/fellow_storage.c
View file @
e25cafcd
...
...
@@ -23,10 +23,7 @@
#include "config.h"
#include <stdlib.h>
#include <stdio.h> // vsl.h needs
#include <fcntl.h> // open in tryopen
#include <sys/file.h> // flock in tryopen
#include <sys/stat.h> // stat in tryopen
#include <stdio.h> // close
#include "cache/cache_varnishd.h"
...
...
@@ -53,6 +50,7 @@
#include "fellow_io.h" // XXX disk region
#include "fellow_log_storage.h"
#include "fellow_cache_storage.h"
#include "fellow_mgt.h"
#include "fellow_pri.h"
#include "fellow_tune.h"
#include "pow2_units.h"
...
...
@@ -255,13 +253,6 @@ stvfe_wait_signal(struct stvfe_wait_entry *e, uint64_t priv)
/* Stevedore ---------------------------------------------------------*/
enum
stvfe_scope
{
STVFE_INVAL
=
0
,
STVFE_GLOBAL
,
STVFE_VCL_DISCARD
,
// discard all objects
STVFE_VCL_EMPTY
// fail unless storage is empty
};
BUDDY_REQS
(
ban_reqs_s
,
DLE_BAN_REG_NREGION
);
struct
stvfe
{
...
...
@@ -1410,34 +1401,6 @@ sfe_taskrun(fellow_task_func_t func, void *priv, fellow_task_privstate *state)
return
(
0
);
}
static
const
char
*
sfe_tryopen
(
const
char
*
path
)
{
struct
stat
st
;
int
fd
;
if
(
stat
(
path
,
&
st
)
!=
0
&&
!
fellow_sane_file_path
(
path
))
{
STVERR
(
"%s does not exist (stat failed),"
" but the path suggests that it should be an "
"existing block device. Do you have a typo?
\n
"
,
path
);
}
fd
=
open
(
path
,
O_RDWR
|
O_CREAT
|
O_LARGEFILE
,
0600
);
if
(
fd
<
0
)
STVERR
(
"open(%s) failed: %s (%d)"
,
path
,
strerror
(
errno
),
errno
);
if
(
flock
(
fd
,
LOCK_EX
|
LOCK_NB
))
{
assert
(
errno
==
EWOULDBLOCK
);
STVERR
(
"flock(%s) failed: %s (%d)"
" - a fellow file can only be used once"
,
path
,
strerror
(
errno
),
errno
);
}
AZ
(
flock
(
fd
,
LOCK_UN
));
AZ
(
close
(
fd
));
return
(
NULL
);
}
static
const
char
*
sfe_init
(
struct
stevedore
*
memstv
,
enum
stvfe_scope
scope
,
const
char
*
filename
,
size_t
dsksz
,
size_t
memsz
,
size_t
objsize_hint
,
...
...
@@ -1458,7 +1421,7 @@ sfe_init(struct stevedore *memstv, enum stvfe_scope scope,
memsz
=
1
;
AN
(
objsize_hint
);
err
=
sfe_
tryopen
(
filenam
e
);
err
=
sfe_
mgt_tryopen
(
filename
,
scop
e
);
if
(
err
!=
NULL
)
return
(
err
);
...
...
src/vmod_slash.man.rst
View file @
e25cafcd
...
...
@@ -216,6 +216,9 @@ with
* *<path>* being the path to the storage file or device,
Permissions and ownership of *path* are changed during startup using
the Varnish-Cache `jail`_ facility.
* *<dsksize>* being a size expression like ``100m`` or ``5g`` for
the storage size to be configured,
...
...
src/vmod_slash.vcc
View file @
e25cafcd
...
...
@@ -201,6 +201,9 @@ with
* *<path>* being the path to the storage file or device,
Permissions and ownership of *path* are changed during startup using
the Varnish-Cache `jail`_ facility.
* *<dsksize>* being a size expression like ``100m`` or ``5g`` for
the storage size to be configured,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment