[master] dbf414c Add a JAIL_MASTER_FILE privilege for accessing files with full privs.
Poul-Henning Kamp
phk at FreeBSD.org
Mon Apr 13 08:59:57 CEST 2015
commit dbf414c832b17e9cf640729a06c2299dcdbc4bf3
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Mon Apr 13 06:59:39 2015 +0000
Add a JAIL_MASTER_FILE privilege for accessing files with full privs.
diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index 7f42f87..ae65533 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -77,6 +77,7 @@ enum jail_subproc_e {
enum jail_master_e {
JAIL_MASTER_LOW,
+ JAIL_MASTER_FILE,
JAIL_MASTER_STORAGE,
JAIL_MASTER_PRIVPORT,
};
diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index 7611365..d7a88d7 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -139,11 +139,10 @@ vju_init(char **args)
static void __match_proto__(jail_master_f)
vju_master(enum jail_master_e jme)
{
- if (jme == JAIL_MASTER_STORAGE ||
- jme == JAIL_MASTER_PRIVPORT)
- AZ(seteuid(0));
- else
+ if (jme == JAIL_MASTER_LOW)
AZ(seteuid(vju_uid));
+ else
+ AZ(seteuid(0));
}
static void __match_proto__(jail_subproc_f)
More information about the varnish-commit
mailing list