Try to get the VSM ownership right.

The general rule is that if varnishd is started as root, you need to be root or in group "varnish" to access the shared memory. Fixes #2419

Try to get the VSM ownership right.
The general rule is that if varnishd is started as root, you need to be root or in group "varnish" to access the shared memory. Fixes #2419
770d3699 · Poul-Henning Kamp · 2aeca565 · 770d3699 · 770d3699 · 770d3699
Commit 770d3699 authored Sep 07, 2017 by Poul-Henning Kamp
Showing with 7 additions and 11 deletions

mgt.h bin/varnishd/mgt/mgt.h +0 -1

mgt_cli.c bin/varnishd/mgt/mgt_cli.c +1 -3

mgt_main.c bin/varnishd/mgt/mgt_main.c +0 -2

mgt_shmem.c bin/varnishd/mgt/mgt_shmem.c +6 -5

No files found.
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -166,7 +166,6 @@ void mgt_SHM_static_alloc(const void *, ssize_t size,
 void mgt_SHM_Create(void);
 void mgt_SHM_Destroy(int keep);

-extern struct vsmw *mgt_vsmw;
 void mgt_SHM_ChildNew(void);
 void mgt_SHM_ChildDestroy(void);


--- a/bin/varnishd/mgt/mgt_cli.c
+++ b/bin/varnishd/mgt/mgt_cli.c
@@ -504,9 +504,9 @@ mgt_cli_secret(const char *S_arg)
 	char buf[BUFSIZ];

 	/* Save in shmem */
-	VJ_master(JAIL_MASTER_FILE);
 	mgt_SHM_static_alloc(S_arg, strlen(S_arg) + 1L, "Arg", "-S");

+	VJ_master(JAIL_MASTER_FILE);
 	fd = open(S_arg, O_RDONLY);
 	if (fd < 0) {
 		fprintf(stderr, "Can not open secret-file \"%s\"\n", S_arg);
@@ -574,9 +574,7 @@ mgt_cli_telnet(const char *T_arg)
 	if (VSB_len(vsb) == 0)
 		ARGV_ERR("-T %s could not be listened on.\n", T_arg);
 	/* Save in shmem */
-	VJ_master(JAIL_MASTER_FILE);
 	mgt_SHM_static_alloc(VSB_data(vsb), VSB_len(vsb) + 1, "Arg", "-T");
-	VJ_master(JAIL_MASTER_LOW);
 	VSB_destroy(&vsb);
 }


--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -839,10 +839,8 @@ main(int argc, char * const *argv)

 	mgt_SHM_Init();

-	VJ_master(JAIL_MASTER_FILE);
 	mgt_SHM_static_alloc(i_arg, strlen(i_arg) + 1L, "Arg", "-i");
 	VSC_C_mgt = VSC_mgt_New("");
-	VJ_master(JAIL_MASTER_LOW);

 	if (M_arg != NULL)
 		mgt_cli_master(M_arg);

--- a/bin/varnishd/mgt/mgt_shmem.c
+++ b/bin/varnishd/mgt/mgt_shmem.c
@@ -47,7 +47,7 @@
 #include "vsm_priv.h"
 #include "vsmw.h"

-struct vsmw	*mgt_vsmw;
+static struct vsmw *mgt_vsmw;

 /*--------------------------------------------------------------------
 */
@@ -90,13 +90,16 @@ mgt_shm_atexit(void)
 void
 mgt_SHM_Init(void)
 {
+	int fd;

 	VJ_master(JAIL_MASTER_FILE);
 	AZ(system("rm -rf " VSM_MGT_DIRNAME));
 	AZ(mkdir(VSM_MGT_DIRNAME, 0755));
-	mgt_vsmw = VSMW_New(open(VSM_MGT_DIRNAME, O_RDONLY), 0640, "_.index");
-	AN(mgt_vsmw);
+	fd = open(VSM_MGT_DIRNAME, O_RDONLY);
+	VJ_fix_vsm_dir(fd);
 	VJ_master(JAIL_MASTER_LOW);
+	mgt_vsmw = VSMW_New(fd, 0640, "_.index");
+	AN(mgt_vsmw);

 	proc_vsmw = mgt_vsmw;

@@ -119,7 +122,6 @@ mgt_SHM_ChildNew(void)

 	MCH_Fd_Inherit(heritage.vsm_fd, "VSMW");

-	VJ_master(JAIL_MASTER_FILE);
 	heritage.param = VSMW_Allocf(mgt_vsmw, VSM_CLASS_PARAM,
 	    sizeof *heritage.param, "");
 	AN(heritage.param);
@@ -129,7 +131,6 @@ mgt_SHM_ChildNew(void)
 	heritage.panic_str = VSMW_Allocf(mgt_vsmw, "Panic",
 	    heritage.panic_str_len, "");
 	AN(heritage.panic_str);
-	VJ_master(JAIL_MASTER_LOW);
 }

 void