SUBPROC_VCC doesn't fork, so why should it have anything in (I)nheritable?

559ebaa0 · Nils Goroll · c7c23d97 · 559ebaa0
Commit 559ebaa0 authored Mar 13, 2015 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 2 deletions

mgt_jail_solaris.c bin/varnishd/mgt/mgt_jail_solaris.c +3 -2

No files found.
--- a/bin/varnishd/mgt/mgt_jail_solaris.c
+++ b/bin/varnishd/mgt/mgt_jail_solaris.c
@@ -295,8 +295,6 @@ vjs_add_inheritable(priv_set_t *pset, enum jail_gen_e jge)
 {
 	switch (jge) {
 	case JAILG_SUBPROC_VCC:
-		/* for /etc/resolv.conf and /etc/hosts */
-		priv_setop_assert(priv_addset(pset, "file_read"));
 		break;
 	case JAILG_SUBPROC_CC:
 		priv_setop_assert(priv_addset(pset, PRIV_PROC_EXEC));
@@ -323,6 +321,9 @@ vjs_add_effective(priv_set_t *pset, enum jail_gen_e jge)
 {
 	switch (jge) {
 	case JAILG_SUBPROC_VCC:
+		// open vmods
+		priv_setop_assert(priv_addset(pset, "file_read"));
+		// write .c output
 		priv_setop_assert(priv_addset(pset, "file_write"));
 		break;
 	case JAILG_SUBPROC_CC: