[master] 770d369 Try to get the VSM ownership right.

Thu Sep 7 22:07:05 UTC 2017

commit 770d3699cdea2cec2a29122349f683b44efdfcd6
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Thu Sep 7 22:05:41 2017 +0000

    Try to get the VSM ownership right.
    
    The general rule is that if varnishd is started as root, you need
    to be root or in group "varnish" to access the shared memory.
    
    Fixes	#2419

diff --git a/bin/varnishd/mgt/mgt.h b/bin/varnishd/mgt/mgt.h
index 8695803..ad6abe7 100644
--- a/bin/varnishd/mgt/mgt.h
+++ b/bin/varnishd/mgt/mgt.h
@@ -166,7 +166,6 @@ void mgt_SHM_static_alloc(const void *, ssize_t size,
 void mgt_SHM_Create(void);
 void mgt_SHM_Destroy(int keep);
 
-extern struct vsmw *mgt_vsmw;
 void mgt_SHM_ChildNew(void);
 void mgt_SHM_ChildDestroy(void);
 
diff --git a/bin/varnishd/mgt/mgt_cli.c b/bin/varnishd/mgt/mgt_cli.c
index e845c63..d7fa6a6 100644
--- a/bin/varnishd/mgt/mgt_cli.c
+++ b/bin/varnishd/mgt/mgt_cli.c
@@ -504,9 +504,9 @@ mgt_cli_secret(const char *S_arg)
 	char buf[BUFSIZ];
 
 	/* Save in shmem */
-	VJ_master(JAIL_MASTER_FILE);
 	mgt_SHM_static_alloc(S_arg, strlen(S_arg) + 1L, "Arg", "-S");
 
+	VJ_master(JAIL_MASTER_FILE);
 	fd = open(S_arg, O_RDONLY);
 	if (fd < 0) {
 		fprintf(stderr, "Can not open secret-file \"%s\"\n", S_arg);
@@ -574,9 +574,7 @@ mgt_cli_telnet(const char *T_arg)
 	if (VSB_len(vsb) == 0)
 		ARGV_ERR("-T %s could not be listened on.\n", T_arg);
 	/* Save in shmem */
-	VJ_master(JAIL_MASTER_FILE);
 	mgt_SHM_static_alloc(VSB_data(vsb), VSB_len(vsb) + 1, "Arg", "-T");
-	VJ_master(JAIL_MASTER_LOW);
 	VSB_destroy(&vsb);
 }
 
diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index 53db1ee..67492d6 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -839,10 +839,8 @@ main(int argc, char * const *argv)
 
 	mgt_SHM_Init();
 
-	VJ_master(JAIL_MASTER_FILE);
 	mgt_SHM_static_alloc(i_arg, strlen(i_arg) + 1L, "Arg", "-i");
 	VSC_C_mgt = VSC_mgt_New("");
-	VJ_master(JAIL_MASTER_LOW);
 
 	if (M_arg != NULL)
 		mgt_cli_master(M_arg);
diff --git a/bin/varnishd/mgt/mgt_shmem.c b/bin/varnishd/mgt/mgt_shmem.c
index 2b9741e..b81c8a5 100644
--- a/bin/varnishd/mgt/mgt_shmem.c
+++ b/bin/varnishd/mgt/mgt_shmem.c
@@ -47,7 +47,7 @@
 #include "vsm_priv.h"
 #include "vsmw.h"
 
-struct vsmw	*mgt_vsmw;
+static struct vsmw *mgt_vsmw;
 
 /*--------------------------------------------------------------------
  */
@@ -90,13 +90,16 @@ mgt_shm_atexit(void)
 void
 mgt_SHM_Init(void)
 {
+	int fd;
 
 	VJ_master(JAIL_MASTER_FILE);
 	AZ(system("rm -rf " VSM_MGT_DIRNAME));
 	AZ(mkdir(VSM_MGT_DIRNAME, 0755));
-	mgt_vsmw = VSMW_New(open(VSM_MGT_DIRNAME, O_RDONLY), 0640, "_.index");
-	AN(mgt_vsmw);
+	fd = open(VSM_MGT_DIRNAME, O_RDONLY);
+	VJ_fix_vsm_dir(fd);
 	VJ_master(JAIL_MASTER_LOW);
+	mgt_vsmw = VSMW_New(fd, 0640, "_.index");
+	AN(mgt_vsmw);
 
 	proc_vsmw = mgt_vsmw;
 
@@ -119,7 +122,6 @@ mgt_SHM_ChildNew(void)
 
 	MCH_Fd_Inherit(heritage.vsm_fd, "VSMW");
 
-	VJ_master(JAIL_MASTER_FILE);
 	heritage.param = VSMW_Allocf(mgt_vsmw, VSM_CLASS_PARAM,
 	    sizeof *heritage.param, "");
 	AN(heritage.param);
@@ -129,7 +131,6 @@ mgt_SHM_ChildNew(void)
 	heritage.panic_str = VSMW_Allocf(mgt_vsmw, "Panic",
 	    heritage.panic_str_len, "");
 	AN(heritage.panic_str);
-	VJ_master(JAIL_MASTER_LOW);
 }
 
 void
