solaris jail: two more privileges for unix domain sockets

When varnishd is started as root (or otherwise will a full privilege set), the user will rightly expect that whatever permissions and mode bits are set for a socket, varnishd will fix them to the specification from the -a argument.

solaris jail: two more privileges for unix domain sockets
When varnishd is started as root (or otherwise will a full privilege set), the user will rightly expect that whatever permissions and mode bits are set for a socket, varnishd will fix them to the specification from the -a argument.
77aba96e · Nils Goroll · adb48856 · 77aba96e
Unverified Commit 77aba96e authored Jul 24, 2020 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

mgt_jail_solaris_tbl.h bin/varnishd/mgt/mgt_jail_solaris_tbl.h +3 -1

No files found.
--- a/bin/varnishd/mgt/mgt_jail_solaris_tbl.h
+++ b/bin/varnishd/mgt/mgt_jail_solaris_tbl.h
@@ -59,7 +59,9 @@ PRIV(MASTER_FILE,	E	, "file_write")
 PRIV(MASTER_STORAGE,	E	, "file_read")
 PRIV(MASTER_STORAGE,	E	, "file_write")

-PRIV(MASTER_PRIVPORT,	E	, "file_write")	// bind(AF_UNIX)
+PRIV(MASTER_PRIVPORT,	E	, "file_write")		// bind(AF_UNIX)
+PRIV(MASTER_PRIVPORT,	E	, PRIV_FILE_CHOWN)	// user=
+PRIV(MASTER_PRIVPORT,	E	, PRIV_FILE_OWNER)	// mode=
 PRIV(MASTER_PRIVPORT,	E	, "net_access")
 PRIV(MASTER_PRIVPORT,	E	, PRIV_NET_PRIVADDR)