For global fellow storage, use the jail facility to fix ownership/mode

e25cafcd · Nils Goroll · 930492ad · e25cafcd · e25cafcd · e25cafcd
Unverified Commit e25cafcd authored Mar 01, 2024 by Nils Goroll
8 changed files
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -18,6 +18,9 @@ Version 1.0.0-rc3 (NEXT RELEASE)
 fellow
 ======

+* Storage files of global fellow storage now have their ownership and
+  permissions changed using the varnish-cache jail facility.
+
 .. _#60: https://gitlab.com/uplex/varnish/slash/-/issues/60

 * Reduce memory cache usage when adding objects to the cache with

--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -55,6 +55,8 @@ libvmod_slash_la_LDFLAGS = $(VMOD_LDFLAGS)
 libvmod_slash_la_SOURCES = \
 	vmod_slash.c \
 	vmod_slash_loadmasters.c \
+	fellow_mgt.c \
+	fellow_mgt.h \
 	fellow_storage.c \
 	fellow_storage.h \
 	fellow_storage_deref.h \

--- a/src/fellow_log_storage.h
+++ b/src/fellow_log_storage.h
@@ -218,8 +218,6 @@ void fellow_log_dle_submit(struct fellow_fd *ffd,
    struct fellow_dle *entry, unsigned n);
 typedef int fellow_resurrect_f(void *priv, const struct fellow_dle *e);

-int fellow_sane_file_path(const char *path);
-
 struct VSC_fellow;
 struct stvfe_tune;
 struct fellow_fd *

--- a/src/fellow_mgt.c
+++ b/src/fellow_mgt.c
+/*-
+ * SPDX-License-Identifier: LGPL-2.1-only
+ * Copyright 2022,2023,2024 UPLEX Nils Goroll Systemoptimierung.
+ * All rights reserved.
+ * Author: Nils Goroll <nils.goroll@uplex.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301 USA Also add information on how to contact you by
+ * electronic and paper mail.
+ *
+ * This file is a separate compilation unit because of the mgt/cache split in
+ * varnish-cache, but sfe_mgt_tryopen() is also used for storage from vcl
+ */
+
+#include "config.h"
+
+#include <stdlib.h>
+#include <fcntl.h>	// open
+#include <sys/file.h>	// flock
+#include <sys/stat.h>	// stat
+#include <string.h>	// strerror
+#include <stdio.h>	// printf
+#include <unistd.h>	// close
+
+#include "mgt/mgt.h"	// VJ_*
+
+#include "fellow_mgt.h"
+
+// fellow_log.c
+int fellow_sane_file_path(const char *path);
+
+static char errbuf[1024] = "";
+#define STVERR(...) do {					\
+		bprintf(errbuf, __VA_ARGS__);			\
+		return (errbuf);				\
+} while (0)
+
+#define INMGT(x) if (scope == STVFE_GLOBAL) x
+
+const char *
+sfe_mgt_tryopen(const char *path, enum stvfe_scope scope)
+{
+	struct stat st;
+	int fd;
+
+	if (stat(path, &st) != 0 &&
+	    ! fellow_sane_file_path(path)) {
+		STVERR("%s does not exist (stat failed),"
+		    " but the path suggests that it should be an "
+		    "existing block device. Do you have a typo?\n", path);
+	}
+
+	INMGT(VJ_master(JAIL_MASTER_STORAGE));
+	fd = open(path, O_RDWR | O_CREAT | O_LARGEFILE, 0600);
+	if (fd < 0) {
+		INMGT(VJ_master(JAIL_MASTER_LOW));
+		STVERR("open(%s) failed: %s (%d)",
+		    path, strerror(errno), errno);
+	}
+	INMGT(VJ_fix_fd(fd, JAIL_FIXFD_FILE));
+	if (flock(fd, LOCK_EX | LOCK_NB)) {
+		INMGT(VJ_master(JAIL_MASTER_LOW));
+		assert(errno == EWOULDBLOCK);
+		STVERR("flock(%s) failed: %s (%d)"
+		    " - a fellow file can only be used once",
+		    path, strerror(errno), errno);
+	}
+	AZ(flock(fd, LOCK_UN));
+	INMGT(VJ_master(JAIL_MASTER_LOW));
+	AZ(close(fd));
+	return (NULL);
+}
--- a/src/fellow_mgt.h
+++ b/src/fellow_mgt.h
+enum stvfe_scope {
+	STVFE_INVAL = 0,
+	STVFE_GLOBAL,
+	STVFE_VCL_DISCARD,	// discard all objects
+	STVFE_VCL_EMPTY	// fail unless storage is empty
+};
+
+const char *
+sfe_mgt_tryopen(const char *path, enum stvfe_scope scope);
--- a/src/fellow_storage.c
+++ b/src/fellow_storage.c
@@ -23,10 +23,7 @@
 #include "config.h"

 #include <stdlib.h>
-#include <stdio.h>	// vsl.h needs
-#include <fcntl.h>	// open in tryopen
-#include <sys/file.h>	// flock in tryopen
-#include <sys/stat.h>	// stat in tryopen
+#include <stdio.h>	// close

 #include "cache/cache_varnishd.h"

@@ -53,6 +50,7 @@
 #include "fellow_io.h"	// XXX disk region
 #include "fellow_log_storage.h"
 #include "fellow_cache_storage.h"
+#include "fellow_mgt.h"
 #include "fellow_pri.h"
 #include "fellow_tune.h"
 #include "pow2_units.h"
@@ -255,13 +253,6 @@ stvfe_wait_signal(struct stvfe_wait_entry *e, uint64_t priv)

 /* Stevedore ---------------------------------------------------------*/

-enum stvfe_scope {
-	STVFE_INVAL = 0,
-	STVFE_GLOBAL,
-	STVFE_VCL_DISCARD,	// discard all objects
-	STVFE_VCL_EMPTY	// fail unless storage is empty
-};
-
 BUDDY_REQS(ban_reqs_s, DLE_BAN_REG_NREGION);

 struct stvfe {
@@ -1410,34 +1401,6 @@ sfe_taskrun(fellow_task_func_t func, void *priv, fellow_task_privstate *state)
 	return (0);
 }

-static const char *
-sfe_tryopen(const char *path)
-{
-	struct stat st;
-	int fd;
-
-	if (stat(path, &st) != 0 &&
-	    ! fellow_sane_file_path(path)) {
-		STVERR("%s does not exist (stat failed),"
-		    " but the path suggests that it should be an "
-		    "existing block device. Do you have a typo?\n", path);
-	}
-
-	fd = open(path, O_RDWR | O_CREAT | O_LARGEFILE, 0600);
-	if (fd < 0)
-		STVERR("open(%s) failed: %s (%d)",
-		    path, strerror(errno), errno);
-	if (flock(fd, LOCK_EX | LOCK_NB)) {
-		assert(errno == EWOULDBLOCK);
-		STVERR("flock(%s) failed: %s (%d)"
-		    " - a fellow file can only be used once",
-		    path, strerror(errno), errno);
-	}
-	AZ(flock(fd, LOCK_UN));
-	AZ(close(fd));
-	return (NULL);
-}
-
 static const char *
 sfe_init(struct stevedore *memstv, enum stvfe_scope scope,
    const char *filename, size_t dsksz, size_t memsz, size_t objsize_hint,
@@ -1458,7 +1421,7 @@ sfe_init(struct stevedore *memstv, enum stvfe_scope scope,
 		memsz = 1;
 	AN(objsize_hint);

-	err = sfe_tryopen(filename);
+	err = sfe_mgt_tryopen(filename, scope);
 	if (err != NULL)
 		return (err);


--- a/src/vmod_slash.man.rst
+++ b/src/vmod_slash.man.rst
@@ -216,6 +216,9 @@ with

 * *<path>* being the path to the storage file or device,

+  Permissions and ownership of *path* are changed during startup using
+  the Varnish-Cache `jail`_ facility.
+
 * *<dsksize>* being a size expression like ``100m`` or ``5g`` for
  the storage size to be configured,


--- a/src/vmod_slash.vcc
+++ b/src/vmod_slash.vcc
@@ -201,6 +201,9 @@ with

 * *<path>* being the path to the storage file or device,

+  Permissions and ownership of *path* are changed during startup using
+  the Varnish-Cache `jail`_ facility.
+
 * *<dsksize>* being a size expression like ``100m`` or ``5g`` for
  the storage size to be configured,