[5.2] 41b557f Change the jail-API so we can get the vsm dir permissions right.
PÃ¥l Hermunn Johansen
hermunn at varnish-software.com
Fri Sep 15 11:17:13 UTC 2017
commit 41b557f57bdef25b58bc5179cd487f7107c89339
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Fri Sep 8 09:58:51 2017 +0000
Change the jail-API so we can get the vsm dir permissions right.
Fixes #2419
diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index ad6abe7..f5ba1e3 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -99,11 +99,17 @@ enum jail_master_e {
JAIL_MASTER_KILL,
};
+enum jail_fixfd_e {
+ JAIL_FIXFD_FILE,
+ JAIL_FIXFD_VSMMGT,
+ JAIL_FIXFD_VSMWRK,
+};
+
typedef int jail_init_f(char **);
typedef void jail_master_f(enum jail_master_e);
typedef void jail_subproc_f(enum jail_subproc_e);
typedef int jail_make_dir_f(const char *dname);
-typedef void jail_fixfile_f(int fd);
+typedef void jail_fixfd_f(int fd, enum jail_fixfd_e);
struct jail_tech {
unsigned magic;
@@ -114,8 +120,7 @@ struct jail_tech {
jail_subproc_f *subproc;
jail_make_dir_f *make_workdir;
jail_make_dir_f *make_vcldir;
- jail_fixfile_f *vsm_file;
- jail_fixfile_f *storage_file;
+ jail_fixfd_f *fixfd;
};
void VJ_Init(const char *j_arg);
@@ -123,8 +128,7 @@ void VJ_master(enum jail_master_e jme);
void VJ_subproc(enum jail_subproc_e jse);
int VJ_make_workdir(const char *dname);
int VJ_make_vcldir(const char *dname);
-void VJ_fix_vsm_dir(int fd);
-void VJ_fix_storage_file(int fd);
+void VJ_fix_fd(int fd, enum jail_fixfd_e);
extern const struct jail_tech jail_tech_unix;
extern const struct jail_tech jail_tech_solaris;
diff --git a/bin/varnishd/mgt/mgt_jail.c b/bin/varnishd/mgt/mgt_jail.c
index ea5fff2..d241cf7 100644
--- a/bin/varnishd/mgt/mgt_jail.c
+++ b/bin/varnishd/mgt/mgt_jail.c
@@ -181,19 +181,10 @@ VJ_make_vcldir(const char *dname)
}
void
-VJ_fix_storage_file(int fd)
+VJ_fix_fd(int fd, enum jail_fixfd_e what)
{
CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
- if (vjt->storage_file != NULL)
- vjt->storage_file(fd);
-}
-
-void
-VJ_fix_vsm_dir(int fd)
-{
-
- CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
- if (vjt->vsm_file != NULL)
- vjt->vsm_file(fd);
+ if (vjt->fixfd != NULL)
+ vjt->fixfd(fd, what);
}
diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index f4097d0..4d4c56d 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -254,22 +254,27 @@ vju_make_vcldir(const char *dname)
}
-static void __match_proto__(jail_fixfile_f)
-vju_vsm_dir(int fd)
+static void __match_proto__(jail_fixfd_f)
+vju_fixfd(int fd, enum jail_fixfd_e what)
{
/* Called under JAIL_MASTER_FILE */
- AZ(fchmod(fd, 0750));
- AZ(fchown(fd, vju_wrkuid, vju_wrkgid));
-}
-
-static void __match_proto__(jail_fixfile_f)
-vju_storage_file(int fd)
-{
- /* Called under JAIL_MASTER_STORAGE */
-
- AZ(fchmod(fd, 0600));
- AZ(fchown(fd, vju_uid, vju_gid));
+ switch (what) {
+ case JAIL_FIXFD_FILE:
+ AZ(fchmod(fd, 0750));
+ AZ(fchown(fd, vju_wrkuid, vju_wrkgid));
+ break;
+ case JAIL_FIXFD_VSMMGT:
+ AZ(fchmod(fd, 0750));
+ AZ(fchown(fd, vju_uid, vju_gid));
+ break;
+ case JAIL_FIXFD_VSMWRK:
+ AZ(fchmod(fd, 0750));
+ AZ(fchown(fd, vju_wrkuid, vju_wrkgid));
+ break;
+ default:
+ WRONG("Ain't Fixin'");
+ }
}
const struct jail_tech jail_tech_unix = {
@@ -278,7 +283,6 @@ const struct jail_tech jail_tech_unix = {
.init = vju_init,
.master = vju_master,
.make_vcldir = vju_make_vcldir,
- .vsm_file = vju_vsm_dir,
- .storage_file = vju_storage_file,
+ .fixfd = vju_fixfd,
.subproc = vju_subproc,
};
diff --git a/bin/varnishd/mgt/mgt_shmem.c b/bin/varnishd/mgt/mgt_shmem.c
index b81c8a5..6853a1f 100644
--- a/bin/varnishd/mgt/mgt_shmem.c
+++ b/bin/varnishd/mgt/mgt_shmem.c
@@ -96,7 +96,7 @@ mgt_SHM_Init(void)
AZ(system("rm -rf " VSM_MGT_DIRNAME));
AZ(mkdir(VSM_MGT_DIRNAME, 0755));
fd = open(VSM_MGT_DIRNAME, O_RDONLY);
- VJ_fix_vsm_dir(fd);
+ VJ_fix_fd(fd, JAIL_FIXFD_VSMMGT);
VJ_master(JAIL_MASTER_LOW);
mgt_vsmw = VSMW_New(fd, 0640, "_.index");
AN(mgt_vsmw);
@@ -117,7 +117,7 @@ mgt_SHM_ChildNew(void)
heritage.vsm_fd = open(VSM_CHILD_DIRNAME, O_RDONLY);
assert(heritage.vsm_fd >= 0);
- VJ_fix_vsm_dir(heritage.vsm_fd);
+ VJ_fix_fd(heritage.vsm_fd, JAIL_FIXFD_VSMWRK);
VJ_master(JAIL_MASTER_LOW);
MCH_Fd_Inherit(heritage.vsm_fd, "VSMW");
diff --git a/bin/varnishd/storage/stevedore_utils.c b/bin/varnishd/storage/stevedore_utils.c
index 5ee2ada..d620447 100644
--- a/bin/varnishd/storage/stevedore_utils.c
+++ b/bin/varnishd/storage/stevedore_utils.c
@@ -84,7 +84,7 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx)
VJ_master(JAIL_MASTER_STORAGE);
fd = open(fn, O_RDWR | O_CREAT | O_EXCL | O_LARGEFILE, 0600);
if (fd >= 0) {
- VJ_fix_storage_file(fd);
+ VJ_fix_fd(fd, JAIL_FIXFD_FILE);
*fdp = fd;
*fnp = fn;
VJ_master(JAIL_MASTER_LOW);
@@ -123,7 +123,7 @@ STV_GetFile(const char *fn, int *fdp, const char **fnp, const char *ctx)
ctx, fn);
*fdp = fd;
- VJ_fix_storage_file(fd);
+ VJ_fix_fd(fd, JAIL_FIXFD_FILE);
VJ_master(JAIL_MASTER_LOW);
return (retval);
}
More information about the varnish-commit
mailing list