Make the new VSM code work with VJails

0712a4a3 · Poul-Henning Kamp · 546a3cc1 · 0712a4a3 · 0712a4a3 · 0712a4a3
Commit 0712a4a3 authored Aug 29, 2017 by Poul-Henning Kamp
7 changed files
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -125,7 +125,7 @@ void VJ_master(enum jail_master_e jme);
 void VJ_subproc(enum jail_subproc_e jse);
 int VJ_make_workdir(const char *dname);
 int VJ_make_vcldir(const char *dname);
-void VJ_fix_vsm_file(int fd);
+void VJ_fix_vsm_dir(int fd);
 void VJ_fix_storage_file(int fd);

 extern const struct jail_tech jail_tech_unix;

--- a/bin/varnishd/mgt/mgt_child.c
+++ b/bin/varnishd/mgt/mgt_child.c
@@ -279,7 +279,7 @@ child_signal_handler(int s, siginfo_t *si, void *c)
 		 __FILE__,
 		 __LINE__,
 		 buf,
-		 VAS_ASSERT);
+		 VAS_WRONG);
 }

 /*=====================================================================
@@ -331,8 +331,6 @@ mgt_launch_child(struct cli *cli)
 	}
 	if (pid == 0) {

-		proc_vsmw = VSMW_New(heritage.vsm_fd, 0640, "_.index");
-		AN(proc_vsmw);

 		/* Redirect stdin/out/err */
 		VFIL_null_fd(STDIN_FILENO);
@@ -386,6 +384,9 @@ mgt_launch_child(struct cli *cli)

 		VJ_subproc(JAIL_SUBPROC_WORKER);

+		proc_vsmw = VSMW_New(heritage.vsm_fd, 0640, "_.index");
+		AN(proc_vsmw);
+
 		child_main();

 		exit(0);

--- a/bin/varnishd/mgt/mgt_cli.c
+++ b/bin/varnishd/mgt/mgt_cli.c
@@ -503,9 +503,9 @@ mgt_cli_secret(const char *S_arg)
 	char buf[BUFSIZ];

 	/* Save in shmem */
+	VJ_master(JAIL_MASTER_FILE);
 	mgt_SHM_static_alloc(S_arg, strlen(S_arg) + 1L, "Arg", "-S");

-	VJ_master(JAIL_MASTER_FILE);
 	fd = open(S_arg, O_RDONLY);
 	if (fd < 0) {
 		fprintf(stderr, "Can not open secret-file \"%s\"\n", S_arg);
@@ -573,7 +573,9 @@ mgt_cli_telnet(const char *T_arg)
 	if (VSB_len(vsb) == 0)
 		ARGV_ERR("-T %s could not be listened on.\n", T_arg);
 	/* Save in shmem */
+	VJ_master(JAIL_MASTER_FILE);
 	mgt_SHM_static_alloc(VSB_data(vsb), VSB_len(vsb) + 1, "Arg", "-T");
+	VJ_master(JAIL_MASTER_LOW);
 	VSB_destroy(&vsb);
 }


--- a/bin/varnishd/mgt/mgt_jail.c
+++ b/bin/varnishd/mgt/mgt_jail.c
@@ -189,7 +189,7 @@ VJ_fix_storage_file(int fd)
 }

 void
-VJ_fix_vsm_file(int fd)
+VJ_fix_vsm_dir(int fd)
 {

 	CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);

--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -252,12 +252,12 @@ vju_make_vcldir(const char *dname)


 static void __match_proto__(jail_fixfile_f)
-vju_vsm_file(int fd)
+vju_vsm_dir(int fd)
 {
 	/* Called under JAIL_MASTER_FILE */

-	AZ(fchmod(fd, 0640));
-	AZ(fchown(fd, 0, vju_gid));
+	AZ(fchmod(fd, 0750));
+	AZ(fchown(fd, vju_wrkuid, vju_gid));
 }

 static void __match_proto__(jail_fixfile_f)
@@ -275,7 +275,7 @@ const struct jail_tech jail_tech_unix = {
 	.init =		vju_init,
 	.master =	vju_master,
 	.make_vcldir =	vju_make_vcldir,
-	.vsm_file =	vju_vsm_file,
+	.vsm_file =	vju_vsm_dir,
 	.storage_file =	vju_storage_file,
 	.subproc =	vju_subproc,
 };
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -838,8 +838,10 @@ main(int argc, char * const *argv)

 	mgt_SHM_Init();

+	VJ_master(JAIL_MASTER_FILE);
 	mgt_SHM_static_alloc(i_arg, strlen(i_arg) + 1L, "Arg", "-i");
 	VSC_C_mgt = VSC_mgt_New("");
+	VJ_master(JAIL_MASTER_LOW);

 	if (M_arg != NULL)
 		mgt_cli_master(M_arg);

--- a/bin/varnishd/mgt/mgt_shmem.c
+++ b/bin/varnishd/mgt/mgt_shmem.c
@@ -73,11 +73,13 @@ mgt_shm_atexit(void)
 	/* Do not let VCC kill our VSM */
 	if (getpid() != mgt_pid)
 		return;
+	VJ_master(JAIL_MASTER_FILE);
 	VSMW_Destroy(&mgt_vsmw);
 	if (!MGT_DO_DEBUG(DBG_VTC_MODE)) {
 		AZ(system("rm -rf " VSM_MGT_DIRNAME));
 		AZ(system("rm -rf " VSM_CHILD_DIRNAME));
 	}
+	VJ_master(JAIL_MASTER_LOW);
 }

 /*--------------------------------------------------------------------
@@ -88,11 +90,12 @@ void
 mgt_SHM_Init(void)
 {

-	// XXX: VJ/mode/owner/group
+	VJ_master(JAIL_MASTER_FILE);
 	AZ(system("rm -rf " VSM_MGT_DIRNAME));
 	AZ(mkdir(VSM_MGT_DIRNAME, 0755));
 	mgt_vsmw = VSMW_New(open(VSM_MGT_DIRNAME, O_RDONLY), 0640, "_.index");
 	AN(mgt_vsmw);
+	VJ_master(JAIL_MASTER_LOW);

 	proc_vsmw = mgt_vsmw;

@@ -104,13 +107,18 @@ void
 mgt_SHM_ChildNew(void)
 {

+	VJ_master(JAIL_MASTER_FILE);
 	AZ(system("rm -rf " VSM_CHILD_DIRNAME));
-	AZ(mkdir(VSM_CHILD_DIRNAME, 0755));
+	AZ(mkdir(VSM_CHILD_DIRNAME, 0750));

 	heritage.vsm_fd = open(VSM_CHILD_DIRNAME, O_RDONLY);
 	assert(heritage.vsm_fd >= 0);
+	VJ_fix_vsm_dir(heritage.vsm_fd);
+	VJ_master(JAIL_MASTER_LOW);
+
 	MCH_Fd_Inherit(heritage.vsm_fd, "VSMW");

+	VJ_master(JAIL_MASTER_FILE);
 	heritage.param = VSMW_Allocf(mgt_vsmw, VSM_CLASS_PARAM,
 	    sizeof *heritage.param, "");
 	AN(heritage.param);
@@ -120,6 +128,7 @@ mgt_SHM_ChildNew(void)
 	heritage.panic_str = VSMW_Allocf(mgt_vsmw, "Panic",
 	    heritage.panic_str_len, "");
 	AN(heritage.panic_str);
+	VJ_master(JAIL_MASTER_LOW);
 }

 void
@@ -127,8 +136,11 @@ mgt_SHM_ChildDestroy(void)
 {

 	closefd(&heritage.vsm_fd);
-	if (!MGT_DO_DEBUG(DBG_VTC_MODE))
+	if (!MGT_DO_DEBUG(DBG_VTC_MODE)) {
+		VJ_master(JAIL_MASTER_FILE);
 		AZ(system("rm -rf " VSM_CHILD_DIRNAME));
+		VJ_master(JAIL_MASTER_LOW);
+	}
 	heritage.panic_str = NULL;
 	heritage.param = NULL;
 }