[master] f674929 When running with the unix jail, the work dir should be owned by the jail group
Nils Goroll
nils.goroll at uplex.de
Fri Feb 16 16:29:07 UTC 2018
commit f674929a5ade02e8e84dd6e554c0e555c9cabeed
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Fri Feb 16 17:23:04 2018 +0100
When running with the unix jail, the work dir should be owned by the jail group
Fixes #2570
diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index c4ba4c5..4257347 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -254,6 +254,20 @@ vju_make_vcldir(const char *dname)
return (0);
}
+static int v_matchproto_(jail_make_dir_f)
+vju_make_workdir(const char *dname)
+{
+ AZ(seteuid(0));
+
+ if (mkdir(dname, 0755) < 0 && errno != EEXIST) {
+ MGT_Complain(C_ERR, "Cannot create working directory '%s': %s",
+ dname, strerror(errno));
+ return (1);
+ }
+ AZ(chown(dname, -1, vju_gid));
+ AZ(seteuid(vju_uid));
+ return (0);
+}
static void v_matchproto_(jail_fixfd_f)
vju_fixfd(int fd, enum jail_fixfd_e what)
@@ -284,6 +298,7 @@ const struct jail_tech jail_tech_unix = {
.init = vju_init,
.master = vju_master,
.make_vcldir = vju_make_vcldir,
+ .make_workdir = vju_make_workdir,
.fixfd = vju_fixfd,
.subproc = vju_subproc,
};
More information about the varnish-commit
mailing list