[master] 81868df Adopt Dridi's suggestion to call the worker process uid "vcache".
Poul-Henning Kamp
phk at FreeBSD.org
Thu Apr 16 00:04:12 CEST 2015
commit 81868df7651b31e04d6935d7ad8ca42b5e52f6a5
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Wed Apr 15 22:03:44 2015 +0000
Adopt Dridi's suggestion to call the worker process uid "vcache".
Also look for it automatically.
diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index f800ffd..3b3ce12 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -59,8 +59,12 @@ static const char *vju_wrkuser;
static gid_t vju_cc_gid;
static int vju_cc_gid_set;
-#ifndef JAIL_USER
-#define JAIL_USER "varnish"
+#ifndef VARNISH_USER
+#define VARNISH_USER "varnish"
+#endif
+
+#ifndef VCACHE_USER
+#define VCACHE_USER "vcache"
#endif
#ifndef NGID
@@ -123,46 +127,54 @@ vju_init(char **args)
/* Autoconfig */
if (geteuid() != 0)
return (1);
- if (vju_getuid(JAIL_USER))
+ if (vju_getuid(VARNISH_USER))
return (1);
- AZ(setegid(vju_gid));
- AZ(seteuid(vju_uid));
- return (0);
+ } else {
+
+ if (geteuid() != 0)
+ ARGV_ERR("Unix Jail: Must be root.\n");
+
+ for (;*args != NULL; args++) {
+ if (!strncmp(*args, "user=", 5)) {
+ if (vju_getuid((*args) + 5))
+ ARGV_ERR(
+ "Unix jail: %s user not found.\n",
+ (*args) + 5);
+ continue;
+ }
+ if (!strncmp(*args, "workuser=", 9)) {
+ if (vju_getwrkuid((*args) + 9))
+ ARGV_ERR(
+ "Unix jail: %s user not found.\n",
+ (*args) + 9);
+ continue;
+ }
+ if (!strncmp(*args, "ccgroup=", 8)) {
+ if (vju_getccgid((*args) + 8))
+ ARGV_ERR(
+ "Unix jail: %s group not found.\n",
+ (*args) + 8);
+ continue;
+ }
+ ARGV_ERR("Unix jail: unknown sub-argument '%s'\n",
+ *args);
+ }
+
+ if (vju_user == NULL && vju_getuid(VARNISH_USER))
+ ARGV_ERR("Unix jail: %s user not found.\n",
+ VARNISH_USER);
}
- if (geteuid() != 0)
- ARGV_ERR("Unix Jail: Must be root.\n");
+ AN(vju_user);
vju_mgr_gid = getgid();
- for (;*args != NULL; args++) {
- if (!strncmp(*args, "user=", 5)) {
- if (vju_getuid((*args) + 5))
- ARGV_ERR("Unix jail: %s user not found.\n",
- (*args) + 5);
- continue;
- }
- if (!strncmp(*args, "workuser=", 9)) {
- if (vju_getwrkuid((*args) + 9))
- ARGV_ERR("Unix jail: %s user not found.\n",
- (*args) + 5);
- continue;
- }
- if (!strncmp(*args, "ccgroup=", 8)) {
- if (vju_getccgid((*args) + 8))
- ARGV_ERR("Unix jail: %s group not found.\n",
- (*args) + 8);
- continue;
- }
- ARGV_ERR("Unix jail: unknown sub-argument '%s'\n", *args);
- }
-
- if (vju_user == NULL && vju_getuid(JAIL_USER))
- ARGV_ERR("Unix jail: %s user not found.\n", JAIL_USER);
+ if (vju_wrkuser == NULL)
+ (void)vju_getwrkuid(VCACHE_USER);
if (vju_wrkuser != NULL && vju_wrkgid != vju_gid)
- ARGV_ERR("Unix jail: %s and %s have different login groups\n",
- vju_user, vju_wrkuser);
+ ARGV_ERR("Unix jail: user %s and %s have "
+ "different login groups\n", vju_user, vju_wrkuser);
/* Do an explicit JAIL_MASTER_LOW */
AZ(setegid(vju_gid));
diff --git a/bin/varnishtest/tests/j00001.vtc b/bin/varnishtest/tests/j00001.vtc
index 25e6f3b..dc53e56 100644
--- a/bin/varnishtest/tests/j00001.vtc
+++ b/bin/varnishtest/tests/j00001.vtc
@@ -3,7 +3,7 @@ varnishtest "Run worker with different uid in UNIX jail"
# The "vrun" user must have login group "varnish"
feature user_varnish
-feature user_vrun
+feature user_vcache
feature group_varnish
feature root
@@ -13,7 +13,7 @@ server s1 {
} -start
varnish v1 \
- -jail "-junix,user=varnish,ccgroup=varnish,workuser=vrun" \
+ -jail "-junix,user=varnish,ccgroup=varnish,workuser=vcache" \
-vcl+backend {
} -start
diff --git a/bin/varnishtest/vtc.c b/bin/varnishtest/vtc.c
index 89719e8..ad93240 100644
--- a/bin/varnishtest/vtc.c
+++ b/bin/varnishtest/vtc.c
@@ -573,8 +573,8 @@ cmd_feature(CMD_ARGS)
getpwnam("varnish") != NULL)
continue;
- if (!strcmp(av[i], "user_vrun") &&
- getpwnam("vrun") != NULL)
+ if (!strcmp(av[i], "user_vcache") &&
+ getpwnam("vcache") != NULL)
continue;
if (!strcmp(av[i], "group_varnish") &&
More information about the varnish-commit
mailing list