Skip to content

V
varnish-cache
Commit fac01a55 authored by Nils Goroll's avatar Nils Goroll
Browse files
Options

differenciate JAIL_MASTER_HIGH into _PRIVPORT and _STORAGE

parent 6d039769
Hide whitespace changes
Inline Side-by-side
Showing with 10 additions and 7 deletions
bin/varnishd/mgt/mgt.h
View file @ fac01a55
...@@ -73,7 +73,8 @@ enum jail_subproc_e { ...@@ -73,7 +73,8 @@ enum jail_subproc_e {
enum jail_master_e { enum jail_master_e {
JAIL_MASTER_LOW, JAIL_MASTER_LOW,
JAIL_MASTER_HIGH, JAIL_MASTER_STORAGE,
JAIL_MASTER_PRIVPORT,
}; };
typedef int jail_init_f(char **); typedef int jail_init_f(char **);
......
bin/varnishd/mgt/mgt_acceptor.c
View file @ fac01a55
...@@ -62,7 +62,7 @@ MAC_open_sockets(void) ...@@ -62,7 +62,7 @@ MAC_open_sockets(void)
struct listen_sock *ls; struct listen_sock *ls;
int good = 0; int good = 0;
VJ_master(JAIL_MASTER_HIGH); VJ_master(JAIL_MASTER_PRIVPORT);
VTAILQ_FOREACH(ls, &heritage.socks, list) { VTAILQ_FOREACH(ls, &heritage.socks, list) {
if (ls->sock >= 0) { if (ls->sock >= 0) {
good++; good++;
......
bin/varnishd/mgt/mgt_cli.c
View file @ fac01a55
...@@ -522,7 +522,7 @@ mct_callback(void *priv, const struct suckaddr *sa) ...@@ -522,7 +522,7 @@ mct_callback(void *priv, const struct suckaddr *sa)
char pbuf[VTCP_PORTBUFSIZE]; char pbuf[VTCP_PORTBUFSIZE];
struct telnet *tn; struct telnet *tn;
VJ_master(JAIL_MASTER_HIGH); VJ_master(JAIL_MASTER_PRIVPORT);
sock = VTCP_listen(sa, 10, &err); sock = VTCP_listen(sa, 10, &err);
VJ_master(JAIL_MASTER_LOW); VJ_master(JAIL_MASTER_LOW);
assert(sock != 0); // We know where stdin is assert(sock != 0); // We know where stdin is
......
bin/varnishd/mgt/mgt_jail_solaris.c
View file @ fac01a55
...@@ -236,7 +236,8 @@ enum jail_gen_e { ...@@ -236,7 +236,8 @@ enum jail_gen_e {
JAILG_SUBPROC_WORKER = JAIL_SUBPROC_WORKER, JAILG_SUBPROC_WORKER = JAIL_SUBPROC_WORKER,
JAILG_MASTER_LOW = JAIL_MASTER_LOW << JAILG_SHIFT, JAILG_MASTER_LOW = JAIL_MASTER_LOW << JAILG_SHIFT,
JAILG_MASTER_HIGH = JAIL_MASTER_HIGH << JAILG_SHIFT JAILG_MASTER_STORAGE = JAIL_MASTER_STORAGE << JAILG_SHIFT
JAILG_MASTER_PRIVPORT = JAIL_MASTER_PRIVPORT << JAILG_SHIFT
}; };
static inline enum jail_gen_e static inline enum jail_gen_e
......
bin/varnishd/mgt/mgt_jail_unix.c
View file @ fac01a55
...@@ -138,7 +138,8 @@ vju_init(char **args) ...@@ -138,7 +138,8 @@ vju_init(char **args)
static void __match_proto__(jail_master_f) static void __match_proto__(jail_master_f)
vju_master(enum jail_master_e jme) vju_master(enum jail_master_e jme)
{ {
if (jme == JAIL_MASTER_HIGH) if (jme == JAIL_MASTER_STORAGE ||
jme == JAIL_MASTER_PRIVPORT)
AZ(seteuid(0)); AZ(seteuid(0));
else else
AZ(seteuid(vju_uid)); AZ(seteuid(vju_uid));
...@@ -209,7 +210,7 @@ vju_make_workdir(const char *dname) ...@@ -209,7 +210,7 @@ vju_make_workdir(const char *dname)
static void static void
vju_storage_file(int fd) vju_storage_file(int fd)
{ {
/* Called under JAIL_MASTER_HIGH */ /* Called under JAIL_MASTER_STORAGE */
AZ(fchmod(fd, 0600)); AZ(fchmod(fd, 0600));
AZ(fchown(fd, vju_uid, vju_gid)); AZ(fchown(fd, vju_uid, vju_gid));
......
bin/varnishd/storage/stevedore_utils.c
View file @ fac01a55
...@@ -91,7 +91,7 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx) ...@@ -91,7 +91,7 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx)
*fdp = -1; *fdp = -1;
/* try to create a new file of this name */ /* try to create a new file of this name */
VJ_master(JAIL_MASTER_HIGH); VJ_master(JAIL_MASTER_STORAGE);
fd = open(fn, O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE, 0600); fd = open(fn, O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE, 0600);
if (fd >= 0) { if (fd >= 0) {
VJ_storage_file(fd); VJ_storage_file(fd);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment