[master] 8736d67 we need to re-iterate over the semantics of SANDBOX_TESTING
Nils Goroll
nils.goroll at uplex.de
Thu Feb 12 10:35:31 CET 2015
commit 8736d676f7b659f82412296af6c9eef97bf92628
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Thu Feb 12 10:35:27 2015 +0100
we need to re-iterate over the semantics of SANDBOX_TESTING
diff --git a/bin/varnishd/mgt/mgt_sandbox_solaris.c b/bin/varnishd/mgt/mgt_sandbox_solaris.c
index 1d1bb06..6e5b4ec 100644
--- a/bin/varnishd/mgt/mgt_sandbox_solaris.c
+++ b/bin/varnishd/mgt/mgt_sandbox_solaris.c
@@ -420,6 +420,15 @@ mgt_sandbox_solaris_waive(enum sandbox_e who)
void __match_proto__(mgt_sandbox_f)
mgt_sandbox_solaris(enum sandbox_e who)
{
+ /*
+ * XXX - clarify with phk:
+ * there is no "all-or-nothing" for the solaris sandbox, even
+ * if we cant setuid, we can still do useful things and waive
+ * most privileges.
+ */
+ if (who == SANDBOX_TESTING)
+ exit(0);
+
mgt_sandbox_solaris_init(who);
mgt_sandbox_solaris_privsep(who);
mgt_sandbox_solaris_waive(who);
More information about the varnish-commit
mailing list