[master] 7a895f7fb Solaris jail: wrap setppriv(PRIV_ON, ...)

Nils Goroll nils.goroll at uplex.de
Tue Jun 2 12:23:07 UTC 2020


commit 7a895f7fbb40d7bb14164cfb92d74ddee075c28d
Author: Nils Goroll <nils.goroll at uplex.de>
Date:   Tue Jun 2 12:52:52 2020 +0200

    Solaris jail: wrap setppriv(PRIV_ON, ...)

diff --git a/bin/varnishd/mgt/mgt_jail_solaris.c b/bin/varnishd/mgt/mgt_jail_solaris.c
index 437021215..ec3e788b9 100644
--- a/bin/varnishd/mgt/mgt_jail_solaris.c
+++ b/bin/varnishd/mgt/mgt_jail_solaris.c
@@ -263,6 +263,17 @@ priv_setop_check(int a)
 
 #define priv_setop_assert(a) assert(priv_setop_check(a))
 
+/*------------------------------------------------------------*/
+
+static int
+vjs_priv_on(int vs, priv_set_t **set)
+{
+	assert(vs >= 0);
+	assert(vs < VJS_NSET);
+
+	return (setppriv(PRIV_ON, vjs_ptype[vs], set[vs]));
+}
+
 /* ------------------------------------------------------------
  * initialization of privilege sets from mgt_jail_solaris_tbl.h
  * and implicit rules documented therein
@@ -388,8 +399,7 @@ vjs_init(char **args)
 	}
 
 	/* extend inheritable */
-	vs = VJS_INHERITABLE;
-	AZ(setppriv(PRIV_ON, vjs_ptype[vs], vjs_sets[JAIL_MASTER_ANY][vs]));
+	AZ(vjs_priv_on(VJS_INHERITABLE, vjs_sets[JAIL_MASTER_ANY]));
 
 	/* generate inverse */
 	for (vj = 0; vj < JAIL_LIMIT; vj++)
@@ -441,13 +451,8 @@ vjs_setuid(void)
 static void v_matchproto_(jail_subproc_f)
 vjs_subproc(enum jail_subproc_e jse)
 {
-	priv_set_t **sets;
-	int i;
-
-	sets = vjs_sets[jse];
 
-	i = VJS_EFFECTIVE;
-	AZ(setppriv(PRIV_ON, vjs_ptype[i], sets[i]));
+	AZ(vjs_priv_on(VJS_EFFECTIVE, vjs_sets[jse]));
 
 	vjs_setuid();
 	vjs_waive(jse);
@@ -456,15 +461,10 @@ vjs_subproc(enum jail_subproc_e jse)
 static void v_matchproto_(jail_master_f)
 vjs_master(enum jail_master_e jme)
 {
-	priv_set_t **sets;
-	int i;
 
 	assert(jme < JAIL_SUBPROC);
 
-	sets = vjs_sets[jme];
-
-	i = VJS_EFFECTIVE;
-	AZ(setppriv(PRIV_ON, vjs_ptype[i], sets[i]));
+	AZ(vjs_priv_on(VJS_EFFECTIVE, vjs_sets[jme]));
 
 	vjs_waive(jme);
 }


More information about the varnish-commit mailing list