Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
varnish-cache
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Commits
Open sidebar
varnishcache
varnish-cache
Commits
3d0030db
Commit
3d0030db
authored
Mar 13, 2015
by
Nils Goroll
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
document jails
parent
68fcec15
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
43 additions
and
1 deletion
+43
-1
mgt_main.c
bin/varnishd/mgt/mgt_main.c
+4
-0
varnishd.rst
doc/sphinx/reference/varnishd.rst
+39
-1
No files found.
bin/varnishd/mgt/mgt_main.c
View file @
3d0030db
...
...
@@ -154,6 +154,10 @@ usage(void)
fprintf
(
stderr
,
FMT
,
""
,
" -h classic,<buckets>"
);
fprintf
(
stderr
,
FMT
,
"-i identity"
,
"Identity of varnish instance"
);
fprintf
(
stderr
,
FMT
,
"-j jail[,jailoptions]"
,
"Jail specification"
);
#ifdef HAVE_SETPPRIV
fprintf
(
stderr
,
FMT
,
""
,
" -j solaris"
);
#endif
fprintf
(
stderr
,
FMT
,
""
,
" -j unix[,user=<user>][,ccgroup=<group>]"
);
fprintf
(
stderr
,
FMT
,
""
,
" -j none"
);
fprintf
(
stderr
,
FMT
,
"-l shl,free,fill"
,
"Size of shared memory file"
);
fprintf
(
stderr
,
FMT
,
""
,
" shl: space for SHL records [80m]"
);
...
...
doc/sphinx/reference/varnishd.rst
View file @
3d0030db
...
...
@@ -70,6 +70,44 @@ OPTIONS
Specify the identity of the Varnish server. This can be accessed using server.identity
from VCL
-j jail[,jailoptions]
Specify the jailing technology to use.
Jails generalize over various options to reduce the
privileges of varnish sub-processes. They may have
specific options and may be platform specific. Available
jails are:
* -j solaris
Reduce privileges(5) for varnishd and sub-process to the
minimally required set. Only available on platforms
which have the setppriv(2) call.
* -j unix[,user=<user>][,ccgroup=<group>]
Default on all other platforms if `varnishd` is either
started with an effective uid of 0 (e.g. as root) or as
user ``varnish``.
With the ``unix`` jail technology activated, varnish
will switch to an alternative user for subprocesses and
change the effective uid of the master process whenever
possible.
The optional `user` argument specifies which alternative
user to use. It defauls to ``varnish``
The optional `ccgroup` argument specifies a group to add
to varnish subprocesses requiring access to a
c-compiler. There is no default.
* -j none
last resort jail choice: With jail technology ``none``,
varnish will run all processes with the privileges it
was started with.
-l shl[,free[,fill]]
Specifies size of shmlog file. shl is the store for the
shared memory log records [80M], free is the store for other
...
...
@@ -293,7 +331,7 @@ The varnishd daemon was developed by Poul-Henning Kamp in cooperation
with Verdens Gang AS and Varnish Software.
This manual page was written by Dag-Erling Smørgrav with updates by
Stig Sandbeck Mathisen <ssm@debian.org>.
Stig Sandbeck Mathisen <ssm@debian.org>
and others
.
COPYRIGHT
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment