[master] 81868df Adopt Dridi's suggestion to call the worker process uid "vcache".

Poul-Henning Kamp phk at FreeBSD.org
Thu Apr 16 00:04:12 CEST 2015


commit 81868df7651b31e04d6935d7ad8ca42b5e52f6a5
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Wed Apr 15 22:03:44 2015 +0000

    Adopt Dridi's suggestion to call the worker process uid "vcache".
    
    Also look for it automatically.

diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index f800ffd..3b3ce12 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -59,8 +59,12 @@ static const char *vju_wrkuser;
 static gid_t vju_cc_gid;
 static int vju_cc_gid_set;
 
-#ifndef JAIL_USER
-#define JAIL_USER "varnish"
+#ifndef VARNISH_USER
+#define VARNISH_USER "varnish"
+#endif
+
+#ifndef VCACHE_USER
+#define VCACHE_USER "vcache"
 #endif
 
 #ifndef NGID
@@ -123,46 +127,54 @@ vju_init(char **args)
 		/* Autoconfig */
 		if (geteuid() != 0)
 			return (1);
-		if (vju_getuid(JAIL_USER))
+		if (vju_getuid(VARNISH_USER))
 			return (1);
-		AZ(setegid(vju_gid));
-		AZ(seteuid(vju_uid));
-		return (0);
+	} else {
+
+		if (geteuid() != 0)
+			ARGV_ERR("Unix Jail: Must be root.\n");
+
+		for (;*args != NULL; args++) {
+			if (!strncmp(*args, "user=", 5)) {
+				if (vju_getuid((*args) + 5))
+					ARGV_ERR(
+					    "Unix jail: %s user not found.\n",
+					    (*args) + 5);
+				continue;
+			}
+			if (!strncmp(*args, "workuser=", 9)) {
+				if (vju_getwrkuid((*args) + 9))
+					ARGV_ERR(
+					    "Unix jail: %s user not found.\n",
+					    (*args) + 9);
+				continue;
+			}
+			if (!strncmp(*args, "ccgroup=", 8)) {
+				if (vju_getccgid((*args) + 8))
+					ARGV_ERR(
+					    "Unix jail: %s group not found.\n",
+					    (*args) + 8);
+				continue;
+			}
+			ARGV_ERR("Unix jail: unknown sub-argument '%s'\n",
+			    *args);
+		}
+
+		if (vju_user == NULL && vju_getuid(VARNISH_USER))
+			ARGV_ERR("Unix jail: %s user not found.\n",
+			    VARNISH_USER);
 	}
 
-	if (geteuid() != 0)
-		ARGV_ERR("Unix Jail: Must be root.\n");
+	AN(vju_user);
 
 	vju_mgr_gid = getgid();
 
-	for (;*args != NULL; args++) {
-		if (!strncmp(*args, "user=", 5)) {
-			if (vju_getuid((*args) + 5))
-				ARGV_ERR("Unix jail: %s user not found.\n",
-				    (*args) + 5);
-			continue;
-		}
-		if (!strncmp(*args, "workuser=", 9)) {
-			if (vju_getwrkuid((*args) + 9))
-				ARGV_ERR("Unix jail: %s user not found.\n",
-				    (*args) + 5);
-			continue;
-		}
-		if (!strncmp(*args, "ccgroup=", 8)) {
-			if (vju_getccgid((*args) + 8))
-				ARGV_ERR("Unix jail: %s group not found.\n",
-				    (*args) + 8);
-			continue;
-		}
-		ARGV_ERR("Unix jail: unknown sub-argument '%s'\n", *args);
-	}
-
-	if (vju_user == NULL && vju_getuid(JAIL_USER))
-		ARGV_ERR("Unix jail: %s user not found.\n", JAIL_USER);
+	if (vju_wrkuser == NULL)
+		(void)vju_getwrkuid(VCACHE_USER);
 
 	if (vju_wrkuser != NULL && vju_wrkgid != vju_gid)
-		ARGV_ERR("Unix jail: %s and %s have different login groups\n",
-		    vju_user, vju_wrkuser);
+		ARGV_ERR("Unix jail: user %s and %s have "
+		    "different login groups\n", vju_user, vju_wrkuser);
 
 	/* Do an explicit JAIL_MASTER_LOW */
 	AZ(setegid(vju_gid));
diff --git a/bin/varnishtest/tests/j00001.vtc b/bin/varnishtest/tests/j00001.vtc
index 25e6f3b..dc53e56 100644
--- a/bin/varnishtest/tests/j00001.vtc
+++ b/bin/varnishtest/tests/j00001.vtc
@@ -3,7 +3,7 @@ varnishtest "Run worker with different uid in UNIX jail"
 # The "vrun" user must have login group "varnish"
 
 feature user_varnish
-feature user_vrun
+feature user_vcache
 feature group_varnish
 feature root
 
@@ -13,7 +13,7 @@ server s1 {
 } -start
 
 varnish v1 \
-	-jail "-junix,user=varnish,ccgroup=varnish,workuser=vrun" \
+	-jail "-junix,user=varnish,ccgroup=varnish,workuser=vcache" \
 	-vcl+backend {
 } -start
 
diff --git a/bin/varnishtest/vtc.c b/bin/varnishtest/vtc.c
index 89719e8..ad93240 100644
--- a/bin/varnishtest/vtc.c
+++ b/bin/varnishtest/vtc.c
@@ -573,8 +573,8 @@ cmd_feature(CMD_ARGS)
 		    getpwnam("varnish") != NULL)
 			continue;
 
-		if (!strcmp(av[i], "user_vrun") &&
-		    getpwnam("vrun") != NULL)
+		if (!strcmp(av[i], "user_vcache") &&
+		    getpwnam("vcache") != NULL)
 			continue;
 
 		if (!strcmp(av[i], "group_varnish") &&



More information about the varnish-commit mailing list