[master] c613b13 Try to make the sandboxing work on omnitios

Thu Sep 6 14:41:35 CEST 2012

commit c613b135570f87535839e3a94630880d16910f4f
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Thu Sep 6 12:40:58 2012 +0000

    Try to make the sandboxing work on omnitios

diff --git a/bin/varnishd/mgt/mgt_sandbox_solaris.c b/bin/varnishd/mgt/mgt_sandbox_solaris.c
index d443cc0..728eca0 100644
--- a/bin/varnishd/mgt/mgt_sandbox_solaris.c
+++ b/bin/varnishd/mgt/mgt_sandbox_solaris.c
@@ -102,13 +102,15 @@ mgt_sandbox_solaris_add_inheritable(priv_set_t *pset, enum sandbox_e who)
 {
 	switch (who) {
 	case SANDBOX_VCC:
+		/* for /etc/resolv.conf and /etc/hosts */
+		AZ(priv_addset(pset, "file_read"));
 		break;
 	case SANDBOX_CC:
-		priv_addset(pset, "proc_exec");
-		priv_addset(pset, "proc_fork");
+		AZ(priv_addset(pset, "proc_exec"));
+		AZ(priv_addset(pset, "proc_fork"));
 		/* PSARC/2009/378 - 63678502e95e - onnv_140 */
-		priv_addset(pset, "file_read");
-		priv_addset(pset, "file_write");
+		AZ(priv_addset(pset, "file_read"));
+		AZ(priv_addset(pset, "file_write"));
 		break;
 	case SANDBOX_VCLLOAD:
 		break;
@@ -131,19 +133,19 @@ mgt_sandbox_solaris_add_effective(priv_set_t *pset, enum sandbox_e who)
 	switch (who) {
 	case SANDBOX_VCC:
 		/* PSARC/2009/378 - 63678502e95e - onnv_140 */
-		priv_addset(pset, "file_write");
+		AZ(priv_addset(pset, "file_write"));
 		break;
 	case SANDBOX_CC:
 		break;
 	case SANDBOX_VCLLOAD:
 		/* PSARC/2009/378 - 63678502e95e - onnv_140 */
-		priv_addset(pset, "file_read");
+		AZ(priv_addset(pset, "file_read"));
 	case SANDBOX_WORKER:
 		/* PSARC/2009/685 - 8eca52188202 - onnv_132 */
-		priv_addset(pset, "net_access");
+		AZ(priv_addset(pset, "net_access"));
 		/* PSARC/2009/378 - 63678502e95e - onnv_140 */
-		priv_addset(pset, "file_read");
-		priv_addset(pset, "file_write");
+		AZ(priv_addset(pset, "file_read"));
+		AZ(priv_addset(pset, "file_write"));
 		break;
 	default:
 		REPORT(LOG_ERR, "INCOMPLETE AT: %s(%d)\n", __func__, __LINE__);
@@ -166,7 +168,7 @@ mgt_sandbox_solaris_add_permitted(priv_set_t *pset, enum sandbox_e who)
 		break;
 	case SANDBOX_WORKER:
 		/* for raising limits in cache_waiter_ports.c */
-		priv_addset(pset, PRIV_SYS_RESOURCE);
+		AZ(priv_addset(pset, PRIV_SYS_RESOURCE));
 		break;
 	default:
 		REPORT(LOG_ERR, "INCOMPLETE AT: %s(%d)\n", __func__, __LINE__);
@@ -184,7 +186,7 @@ mgt_sandbox_solaris_add_initial(priv_set_t *pset, enum sandbox_e who)
 	(void)who;
 
 	/* for setgid/setuid */
-	priv_addset(pset, PRIV_PROC_SETID);
+	AZ(priv_addset(pset, PRIV_PROC_SETID));
 }
 
 /*
diff --git a/bin/varnishd/waiter/cache_waiter_ports.c b/bin/varnishd/waiter/cache_waiter_ports.c
index af5d965..aa3d766 100644
--- a/bin/varnishd/waiter/cache_waiter_ports.c
+++ b/bin/varnishd/waiter/cache_waiter_ports.c
@@ -154,7 +154,8 @@ vws_thread(void *priv)
 
 	while (1) {
 		port_event_t ev[MAX_EVENTS];
-		int nevents, ei, ret;
+		u_int nevents;
+		int ei, ret;
 		double now, deadline;
 
 		/*
@@ -239,6 +240,7 @@ vws_thread(void *priv)
 			timeout = &max_ts;
 		}
 	}
+	return(0);
 }
 
 /*--------------------------------------------------------------------*/

