Submitted by:	Nils Goroll

Fixes #1032

Submitted by:	Nils Goroll

Conflicts:

	bin/varnishd/mgt_sandbox_solaris.c

patch received from Nils Goroll <nils.goroll@uplex.de>

- [e0ee2a2e69654a9df74aaf3dcadc9639659cf42b] adds the file_read
  privilege needed for onnv_140 and newer (see #912), but we also need
  the file_write privilege for stevedore access.

- If available, keep sys_resource in the permitted/limited set to
  allow cache_waiter_ports to raise the process.max-port-events
  resource control (feature to be added later).

- When starting varnish with euid 0 on Solaris, privilege seperation
  prohibited preserving additional privileges (in excess of the basic
  set) in the child, because, for a non privilege aware process,
  setuid() resets the effective, inheritable and permitted sets to the
  basic set.

  To achieve interoperability between solaris privileges and
  setuid()/setgid(), we now make the varnish child privilege aware
  before calling setuid() by trying to add all privileges we will need
  plus proc_setid.

- On solaris, check for proc_setid rather than checking the euid as a
  prerequisite for changing the uid/gid and only change the uid/gid if
  we need to (for a privilege aware process, [ers]uid 0 loose their
  magic powers).

  Note that setuid() will always set SNOCD on Solaris, which will
  prevent core dumps from being written, unless setuid core dumps are
  explicitly enabled using coreadm(1M).

  To avoid setuid() (and the SNOCD flag, consequently), start varnish
  as the user you intend to run the child as, but with additional
  privileges, e.g. using

  ppriv -e -s A=basic,net_privaddr,sys_resource varnishd ...

- setppriv(PRIV_SET, ...) failed when the privileges to be applied
  were not available in the permitted set.

  We change the logic to only clear the privileges which are not
  needed by inverting the sets and removing all unneeded privileges
  using setppriv(PRIV_OFF, ...).

  So the child might end up with less privileges than given initially,

Allow %r format to log incomplete records too.
Update docs to reflect new defaults

Fixes #1028

Fixes: #1024

Tighten it up with use of semaphores and collapse s1/s2/s3 using
"accept" keyword.

The intent is that they should be mined and dumped into the
documentation.

Feel free to add (or send patches with descriptions, preferably
only one line or paragraph for each.

Conflicts:

	bin/varnishd/cache_wrk.c
	include/vsc_fields.h

Fixes: #912

Solaris puts the ncurses header in /usr/include/ncurses, and we need
that to compile with -Werror.

Fixes: #889

It used to be that we'd call http processing on a filedescriptor and
then that was that.  Then we added keywords to do new accepts in the
server and suddenly the calling code closes a wrong filedesc which
belongs to somebody else and things get really inconvenient fast.

This made all test-cases which use the "accept" server directive flakey.

test failures seems to be timeouts on stressed machines.

Teport timeouts more clearly.

two separate timestamps just happen to be the same, just make them
the same.

the same address again, even with hinting.