[master] f03486b Raise jail privs around initial socket opening.
Poul-Henning Kamp
phk at FreeBSD.org
Mon Apr 13 08:59:57 CEST 2015
commit f03486b7e19ac45f60191b05f2e8562625f7a189
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Mon Apr 13 06:35:35 2015 +0000
Raise jail privs around initial socket opening.
Fixes #1699
diff --git a/bin/varnishd/mgt/mgt_acceptor.c b/bin/varnishd/mgt/mgt_acceptor.c
index 404d3e7..6d3c240 100644
--- a/bin/varnishd/mgt/mgt_acceptor.c
+++ b/bin/varnishd/mgt/mgt_acceptor.c
@@ -136,7 +136,9 @@ mac_callback(void *priv, const struct suckaddr *sa)
ls->addr = sa;
ls->proto_name = mh->proto_name;
ls->first_step = mh->first_step;
+ VJ_master(JAIL_MASTER_PRIVPORT);
fail = mac_opensocket(ls, NULL);
+ VJ_master(JAIL_MASTER_LOW);
if (ls->sock < 0) {
*(mh->err) = strerror(fail);
FREE_OBJ(ls);
More information about the varnish-commit
mailing list