[master] e83269d Fix typos, reword
Nils Goroll
nils.goroll at uplex.de
Mon Feb 16 16:09:14 CET 2015
commit e83269dc29a4b658618d31ed43978bf5755330ce
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Mon Feb 16 16:08:30 2015 +0100
Fix typos, reword
Thanks to Dridi Boukelmoune <dridi.boukelmoune at zenika.com> for spotting typos
diff --git a/bin/varnishd/mgt/mgt_jail_solaris.c b/bin/varnishd/mgt/mgt_jail_solaris.c
index ce610d1..d5538a1 100644
--- a/bin/varnishd/mgt/mgt_jail_solaris.c
+++ b/bin/varnishd/mgt/mgt_jail_solaris.c
@@ -1,6 +1,6 @@
/*-
* Copyright (c) 2006-2011 Varnish Software AS
- * Copyright (c) 2011-2012 UPLEX - Nils Goroll Systemoptimierung
+ * Copyright (c) 2011-2015 UPLEX - Nils Goroll Systemoptimierung
* All rights reserved.
*
* Author: Poul-Henning Kamp <phk at phk.freebsd.dk>
@@ -27,8 +27,17 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * Sandboxing child processes on Solaris
- * =====================================
+ * "Jailing" *1) child processes on Solaris and Solaris-derivates *2)
+ * ==================================================================
+ *
+ * *1) The name is motivated by the availability of the -j command line
+ * option. Jailing Varnish is not to be confused with BSD Jails or
+ * Solaris Zones.
+ *
+ * In Solaris parlour, jail == least privileges
+ *
+ * *2) e.g. illumos, SmartOS, OmniOS etc.
+ *
*
* Note on use of symbolic PRIV_* constants
* ----------------------------------------
@@ -48,7 +57,7 @@
* Note on introduction of new privileges (or: lack of forward compatibility)
* --------------------------------------------------------------------------
*
- * For optimal build and binary forward comatibility, we could use subtractive
+ * For optimal build and binary forward compatibility, we could use subtractive
* set specs like
*
* basic,!file_link_any,!proc_exec,!proc_fork,!proc_info,!proc_session
@@ -57,7 +66,7 @@
* set.
*
* But we have a preference for making an informed decision about which
- * privileges varnish sandboxes should have, so we prefer to risk breaking
+ * privileges varnish subprocesses should have, so we prefer to risk breaking
* varnish temporarily on newer kernels and be notified of missing privileges
* through bug reports.
*
@@ -69,11 +78,11 @@
* dumps unless explicitly allowed using coreadm (see below). There is no
* equivalent to Linux PR_SET_DUMPABLE. The only way to clear the flag is a call
* to some form of exec(). The presence of the SNOCD flag also prevents many
- * process manipulations from other processes with the same uid/gid unless they
- * have the proc_owner privilege.
+ * process manipulations from other processes with the same uid/gid unless the
+ * latter have the proc_owner privilege.
*
- * Thus, if we want to run sandboxes with a different uid/gid than the master
- * process, we cannot avoid the SNOCD flag for those sandboxes not exec'ing
+ * Thus, if we want to run subprocesses with a different uid/gid than the master
+ * process, we cannot avoid the SNOCD flag for those subprocesses not exec'ing
* (VCC, VCLLOAD, WORKER).
*
*
@@ -101,13 +110,13 @@
* / -g command line option and elevated privileges but without proc_setid,
* e.g.:
*
- * pfexec ppriv -e -s A=basic,net_privaddr,sys_resource varnish ...
+ * pfexec ppriv -e -s A=basic,net_privaddr,sys_resource varnishd ...
*
* - allow coredumps of setid processes (ignoring SNOCD)
*
* See coreadm(1M) - global-setid / proc-setid
*
- * brief histroy of privileges introduced since OpenSolaris Launch
+ * brief history of privileges introduced since OpenSolaris Launch
* ---------------------------------------------------------------
*
* (from hg log -gp usr/src/uts/common/os/priv_defs
@@ -117,7 +126,7 @@
*
* privileges used here marked with *
*
- * ILlumos ticket
+ * Illumos ticket
* ARC case hg/git commit first release
*
* PSARC/2006/155? 37f4a3e2bd99 onnv_37
@@ -372,7 +381,7 @@ vjs_setup(enum jail_subproc_e jse)
if (! (priv_all = priv_allocset())) {
REPORT(LOG_ERR,
- "Sandbox warning: "
+ "Solaris Jail warning: "
" vjs_setup - priv_allocset failed: errno=%d (%s)",
errno, strerror(errno));
return;
@@ -435,8 +444,8 @@ vjs_waive(enum jail_subproc_e jse)
!(inheritable = priv_allocset()) ||
!(permitted = priv_allocset())) {
REPORT(LOG_ERR,
- "Sandbox warning: "
- " mgt_sandbox_waive - priv_allocset failed: errno=%d (%s)",
+ "Solaris Jail warning: "
+ " vjs_waive - priv_allocset failed: errno=%d (%s)",
errno, strerror(errno));
return;
}
More information about the varnish-commit
mailing list