• Poul-Henning Kamp's avatar
    Varnishd needs to run the systems C-compiler to compile the VCL code. · ad6bf9c0
    Poul-Henning Kamp authored
    For security reasons, we run the C-compiler in a sandbox process
    which by default uses the same (non-)privileges as the other sandboxes
    (VCL compiler, test-loader process and the worker process).
    
    On some systems access to the C-compiler is limited, also for reasons
    of security, and varnishd will fail to compile VCL code, unless all
    the sandboxes are given access to the C-compiler.
    
    Add a new parameter "group_cc" which adds a single gid to the grouplist
    of the sandbox which executes the cc_command, for the benefit of such
    systems.
    
    Do some slightly related polishing of the docs/help-texts in this area
    while here anyway.
    
    Fixes #1521
    ad6bf9c0
mgt_param.h 2.53 KB