[master] 77aba96ea solaris jail: two more privileges for unix domain sockets
Nils Goroll
nils.goroll at uplex.de
Fri Jul 24 10:46:06 UTC 2020
commit 77aba96eaa9156150125ab8db21657eb46c3da88
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Fri Jul 24 12:43:16 2020 +0200
solaris jail: two more privileges for unix domain sockets
When varnishd is started as root (or otherwise will a full privilege
set), the user will rightly expect that whatever permissions and mode
bits are set for a socket, varnishd will fix them to the specification
from the -a argument.
diff --git a/bin/varnishd/mgt/mgt_jail_solaris_tbl.h b/bin/varnishd/mgt/mgt_jail_solaris_tbl.h
index f13d81331..062f25bb6 100644
--- a/bin/varnishd/mgt/mgt_jail_solaris_tbl.h
+++ b/bin/varnishd/mgt/mgt_jail_solaris_tbl.h
@@ -59,7 +59,9 @@ PRIV(MASTER_FILE, E , "file_write")
PRIV(MASTER_STORAGE, E , "file_read")
PRIV(MASTER_STORAGE, E , "file_write")
-PRIV(MASTER_PRIVPORT, E , "file_write") // bind(AF_UNIX)
+PRIV(MASTER_PRIVPORT, E , "file_write") // bind(AF_UNIX)
+PRIV(MASTER_PRIVPORT, E , PRIV_FILE_CHOWN) // user=
+PRIV(MASTER_PRIVPORT, E , PRIV_FILE_OWNER) // mode=
PRIV(MASTER_PRIVPORT, E , "net_access")
PRIV(MASTER_PRIVPORT, E , PRIV_NET_PRIVADDR)
More information about the varnish-commit
mailing list