[master] 0712a4a Make the new VSM code work with VJails
Poul-Henning Kamp
phk at FreeBSD.org
Tue Aug 29 10:54:06 CEST 2017
commit 0712a4a34e5c4b33fe6233a745586664af790dd0
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Tue Aug 29 08:53:21 2017 +0000
Make the new VSM code work with VJails
diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index 6549d78..3e81817 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -125,7 +125,7 @@ void VJ_master(enum jail_master_e jme);
void VJ_subproc(enum jail_subproc_e jse);
int VJ_make_workdir(const char *dname);
int VJ_make_vcldir(const char *dname);
-void VJ_fix_vsm_file(int fd);
+void VJ_fix_vsm_dir(int fd);
void VJ_fix_storage_file(int fd);
extern const struct jail_tech jail_tech_unix;
diff --git a/bin/varnishd/mgt/mgt_child.c b/bin/varnishd/mgt/mgt_child.c
index 3e30dda..2952a81 100644
--- a/bin/varnishd/mgt/mgt_child.c
+++ b/bin/varnishd/mgt/mgt_child.c
@@ -279,7 +279,7 @@ child_signal_handler(int s, siginfo_t *si, void *c)
__FILE__,
__LINE__,
buf,
- VAS_ASSERT);
+ VAS_WRONG);
}
/*=====================================================================
@@ -331,8 +331,6 @@ mgt_launch_child(struct cli *cli)
}
if (pid == 0) {
- proc_vsmw = VSMW_New(heritage.vsm_fd, 0640, "_.index");
- AN(proc_vsmw);
/* Redirect stdin/out/err */
VFIL_null_fd(STDIN_FILENO);
@@ -386,6 +384,9 @@ mgt_launch_child(struct cli *cli)
VJ_subproc(JAIL_SUBPROC_WORKER);
+ proc_vsmw = VSMW_New(heritage.vsm_fd, 0640, "_.index");
+ AN(proc_vsmw);
+
child_main();
exit(0);
diff --git a/bin/varnishd/mgt/mgt_cli.c b/bin/varnishd/mgt/mgt_cli.c
index 2d6481c..f6aa212 100644
--- a/bin/varnishd/mgt/mgt_cli.c
+++ b/bin/varnishd/mgt/mgt_cli.c
@@ -503,9 +503,9 @@ mgt_cli_secret(const char *S_arg)
char buf[BUFSIZ];
/* Save in shmem */
+ VJ_master(JAIL_MASTER_FILE);
mgt_SHM_static_alloc(S_arg, strlen(S_arg) + 1L, "Arg", "-S");
- VJ_master(JAIL_MASTER_FILE);
fd = open(S_arg, O_RDONLY);
if (fd < 0) {
fprintf(stderr, "Can not open secret-file \"%s\"\n", S_arg);
@@ -573,7 +573,9 @@ mgt_cli_telnet(const char *T_arg)
if (VSB_len(vsb) == 0)
ARGV_ERR("-T %s could not be listened on.\n", T_arg);
/* Save in shmem */
+ VJ_master(JAIL_MASTER_FILE);
mgt_SHM_static_alloc(VSB_data(vsb), VSB_len(vsb) + 1, "Arg", "-T");
+ VJ_master(JAIL_MASTER_LOW);
VSB_destroy(&vsb);
}
diff --git a/bin/varnishd/mgt/mgt_jail.c b/bin/varnishd/mgt/mgt_jail.c
index 85cd840..3b7df19 100644
--- a/bin/varnishd/mgt/mgt_jail.c
+++ b/bin/varnishd/mgt/mgt_jail.c
@@ -189,7 +189,7 @@ VJ_fix_storage_file(int fd)
}
void
-VJ_fix_vsm_file(int fd)
+VJ_fix_vsm_dir(int fd)
{
CHECK_OBJ_NOTNULL(vjt, JAIL_TECH_MAGIC);
diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index 12e25cb..6513f44 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -252,12 +252,12 @@ vju_make_vcldir(const char *dname)
static void __match_proto__(jail_fixfile_f)
-vju_vsm_file(int fd)
+vju_vsm_dir(int fd)
{
/* Called under JAIL_MASTER_FILE */
- AZ(fchmod(fd, 0640));
- AZ(fchown(fd, 0, vju_gid));
+ AZ(fchmod(fd, 0750));
+ AZ(fchown(fd, vju_wrkuid, vju_gid));
}
static void __match_proto__(jail_fixfile_f)
@@ -275,7 +275,7 @@ const struct jail_tech jail_tech_unix = {
.init = vju_init,
.master = vju_master,
.make_vcldir = vju_make_vcldir,
- .vsm_file = vju_vsm_file,
+ .vsm_file = vju_vsm_dir,
.storage_file = vju_storage_file,
.subproc = vju_subproc,
};
diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index abd4445..37d9297 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -838,8 +838,10 @@ main(int argc, char * const *argv)
mgt_SHM_Init();
+ VJ_master(JAIL_MASTER_FILE);
mgt_SHM_static_alloc(i_arg, strlen(i_arg) + 1L, "Arg", "-i");
VSC_C_mgt = VSC_mgt_New("");
+ VJ_master(JAIL_MASTER_LOW);
if (M_arg != NULL)
mgt_cli_master(M_arg);
diff --git a/bin/varnishd/mgt/mgt_shmem.c b/bin/varnishd/mgt/mgt_shmem.c
index f0832b1..ea1c2d5 100644
--- a/bin/varnishd/mgt/mgt_shmem.c
+++ b/bin/varnishd/mgt/mgt_shmem.c
@@ -73,11 +73,13 @@ mgt_shm_atexit(void)
/* Do not let VCC kill our VSM */
if (getpid() != mgt_pid)
return;
+ VJ_master(JAIL_MASTER_FILE);
VSMW_Destroy(&mgt_vsmw);
if (!MGT_DO_DEBUG(DBG_VTC_MODE)) {
AZ(system("rm -rf " VSM_MGT_DIRNAME));
AZ(system("rm -rf " VSM_CHILD_DIRNAME));
}
+ VJ_master(JAIL_MASTER_LOW);
}
/*--------------------------------------------------------------------
@@ -88,11 +90,12 @@ void
mgt_SHM_Init(void)
{
- // XXX: VJ/mode/owner/group
+ VJ_master(JAIL_MASTER_FILE);
AZ(system("rm -rf " VSM_MGT_DIRNAME));
AZ(mkdir(VSM_MGT_DIRNAME, 0755));
mgt_vsmw = VSMW_New(open(VSM_MGT_DIRNAME, O_RDONLY), 0640, "_.index");
AN(mgt_vsmw);
+ VJ_master(JAIL_MASTER_LOW);
proc_vsmw = mgt_vsmw;
@@ -104,13 +107,18 @@ void
mgt_SHM_ChildNew(void)
{
+ VJ_master(JAIL_MASTER_FILE);
AZ(system("rm -rf " VSM_CHILD_DIRNAME));
- AZ(mkdir(VSM_CHILD_DIRNAME, 0755));
+ AZ(mkdir(VSM_CHILD_DIRNAME, 0750));
heritage.vsm_fd = open(VSM_CHILD_DIRNAME, O_RDONLY);
assert(heritage.vsm_fd >= 0);
+ VJ_fix_vsm_dir(heritage.vsm_fd);
+ VJ_master(JAIL_MASTER_LOW);
+
MCH_Fd_Inherit(heritage.vsm_fd, "VSMW");
+ VJ_master(JAIL_MASTER_FILE);
heritage.param = VSMW_Allocf(mgt_vsmw, VSM_CLASS_PARAM,
sizeof *heritage.param, "");
AN(heritage.param);
@@ -120,6 +128,7 @@ mgt_SHM_ChildNew(void)
heritage.panic_str = VSMW_Allocf(mgt_vsmw, "Panic",
heritage.panic_str_len, "");
AN(heritage.panic_str);
+ VJ_master(JAIL_MASTER_LOW);
}
void
@@ -127,8 +136,11 @@ mgt_SHM_ChildDestroy(void)
{
closefd(&heritage.vsm_fd);
- if (!MGT_DO_DEBUG(DBG_VTC_MODE))
+ if (!MGT_DO_DEBUG(DBG_VTC_MODE)) {
+ VJ_master(JAIL_MASTER_FILE);
AZ(system("rm -rf " VSM_CHILD_DIRNAME));
+ VJ_master(JAIL_MASTER_LOW);
+ }
heritage.panic_str = NULL;
heritage.param = NULL;
}
More information about the varnish-commit
mailing list