Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
U
unique-xids
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
uplex-varnish
unique-xids
Commits
c613b135
Commit
c613b135
authored
Sep 06, 2012
by
Poul-Henning Kamp
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Try to make the sandboxing work on omnitios
parent
12a475d9
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
16 additions
and
12 deletions
+16
-12
mgt_sandbox_solaris.c
bin/varnishd/mgt/mgt_sandbox_solaris.c
+13
-11
cache_waiter_ports.c
bin/varnishd/waiter/cache_waiter_ports.c
+3
-1
No files found.
bin/varnishd/mgt/mgt_sandbox_solaris.c
View file @
c613b135
...
...
@@ -102,13 +102,15 @@ mgt_sandbox_solaris_add_inheritable(priv_set_t *pset, enum sandbox_e who)
{
switch
(
who
)
{
case
SANDBOX_VCC
:
/* for /etc/resolv.conf and /etc/hosts */
AZ
(
priv_addset
(
pset
,
"file_read"
));
break
;
case
SANDBOX_CC
:
priv_addset
(
pset
,
"proc_exec"
);
priv_addset
(
pset
,
"proc_fork"
);
AZ
(
priv_addset
(
pset
,
"proc_exec"
)
);
AZ
(
priv_addset
(
pset
,
"proc_fork"
)
);
/* PSARC/2009/378 - 63678502e95e - onnv_140 */
priv_addset
(
pset
,
"file_read"
);
priv_addset
(
pset
,
"file_write"
);
AZ
(
priv_addset
(
pset
,
"file_read"
)
);
AZ
(
priv_addset
(
pset
,
"file_write"
)
);
break
;
case
SANDBOX_VCLLOAD
:
break
;
...
...
@@ -131,19 +133,19 @@ mgt_sandbox_solaris_add_effective(priv_set_t *pset, enum sandbox_e who)
switch
(
who
)
{
case
SANDBOX_VCC
:
/* PSARC/2009/378 - 63678502e95e - onnv_140 */
priv_addset
(
pset
,
"file_write"
);
AZ
(
priv_addset
(
pset
,
"file_write"
)
);
break
;
case
SANDBOX_CC
:
break
;
case
SANDBOX_VCLLOAD
:
/* PSARC/2009/378 - 63678502e95e - onnv_140 */
priv_addset
(
pset
,
"file_read"
);
AZ
(
priv_addset
(
pset
,
"file_read"
)
);
case
SANDBOX_WORKER
:
/* PSARC/2009/685 - 8eca52188202 - onnv_132 */
priv_addset
(
pset
,
"net_access"
);
AZ
(
priv_addset
(
pset
,
"net_access"
)
);
/* PSARC/2009/378 - 63678502e95e - onnv_140 */
priv_addset
(
pset
,
"file_read"
);
priv_addset
(
pset
,
"file_write"
);
AZ
(
priv_addset
(
pset
,
"file_read"
)
);
AZ
(
priv_addset
(
pset
,
"file_write"
)
);
break
;
default:
REPORT
(
LOG_ERR
,
"INCOMPLETE AT: %s(%d)
\n
"
,
__func__
,
__LINE__
);
...
...
@@ -166,7 +168,7 @@ mgt_sandbox_solaris_add_permitted(priv_set_t *pset, enum sandbox_e who)
break
;
case
SANDBOX_WORKER
:
/* for raising limits in cache_waiter_ports.c */
priv_addset
(
pset
,
PRIV_SYS_RESOURCE
);
AZ
(
priv_addset
(
pset
,
PRIV_SYS_RESOURCE
)
);
break
;
default:
REPORT
(
LOG_ERR
,
"INCOMPLETE AT: %s(%d)
\n
"
,
__func__
,
__LINE__
);
...
...
@@ -184,7 +186,7 @@ mgt_sandbox_solaris_add_initial(priv_set_t *pset, enum sandbox_e who)
(
void
)
who
;
/* for setgid/setuid */
priv_addset
(
pset
,
PRIV_PROC_SETID
);
AZ
(
priv_addset
(
pset
,
PRIV_PROC_SETID
)
);
}
/*
...
...
bin/varnishd/waiter/cache_waiter_ports.c
View file @
c613b135
...
...
@@ -154,7 +154,8 @@ vws_thread(void *priv)
while
(
1
)
{
port_event_t
ev
[
MAX_EVENTS
];
int
nevents
,
ei
,
ret
;
u_int
nevents
;
int
ei
,
ret
;
double
now
,
deadline
;
/*
...
...
@@ -239,6 +240,7 @@ vws_thread(void *priv)
timeout
=
&
max_ts
;
}
}
return
(
0
);
}
/*--------------------------------------------------------------------*/
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment