[master] 64b3e63bb Use setrlimit(2) to disable core dumps.

Poul-Henning Kamp phk at FreeBSD.org
Tue Jun 9 08:59:06 UTC 2020 

commit 64b3e63bbb45339abbc03bba9fc4a575f7e527b0
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Tue Jun 9 08:13:50 2020 +0000

    Use setrlimit(2) to disable core dumps.
    
    VTC's change because the exit-instead-of-abort-hack goes away.

diff --git a/bin/varnishd/cache/cache_panic.c b/bin/varnishd/cache/cache_panic.c
index 05d229227..407b8eacf 100644
--- a/bin/varnishd/cache/cache_panic.c
+++ b/bin/varnishd/cache/cache_panic.c
@@ -811,10 +811,7 @@ pan_ic(const char *func, const char *file, int line, const char *cond,
 	VSB_cat(pan_vsb, "\n");
 	VSB_putc(pan_vsb, '\0');	/* NUL termination */
 
-	if (FEATURE(FEATURE_NO_COREDUMP))
-		exit(4);
-	else
-		abort();
+	abort();
 }
 
 /*--------------------------------------------------------------------*/
diff --git a/bin/varnishd/mgt/mgt_child.c b/bin/varnishd/mgt/mgt_child.c
index 5b1b82b57..9d01f0f03 100644
--- a/bin/varnishd/mgt/mgt_child.c
+++ b/bin/varnishd/mgt/mgt_child.c
@@ -43,6 +43,9 @@
 #include <string.h>
 #include <syslog.h>
 #include <unistd.h>
+#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
 
 #include "mgt.h"
 
@@ -295,6 +298,7 @@ mgt_launch_child(struct cli *cli)
 	char *p;
 	struct vev *e;
 	int i, cp[2];
+	struct rlimit rl[1];
 
 	if (child_state != CH_STOPPED && child_state != CH_DIED)
 		return;
@@ -335,6 +339,12 @@ mgt_launch_child(struct cli *cli)
 	}
 	if (pid == 0) {
 
+		if (MGT_FEATURE(FEATURE_NO_COREDUMP)) {
+			memset(rl, 0, sizeof *rl);
+			rl->rlim_cur = 0;
+			AZ(setrlimit(RLIMIT_CORE, rl));
+		}
+
 		/* Redirect stdin/out/err */
 		VFIL_null_fd(STDIN_FILENO);
 		assert(dup2(heritage.std_fd, STDOUT_FILENO) == STDOUT_FILENO);
@@ -463,10 +473,7 @@ kill_child(void)
 	int i, error;
 
 	VJ_master(JAIL_MASTER_KILL);
-	if (MGT_FEATURE(FEATURE_NO_COREDUMP))
-		i = kill(child_pid, SIGKILL);
-	else
-		i = kill(child_pid, SIGQUIT);
+	i = kill(child_pid, SIGQUIT);
 	error = errno;
 	VJ_master(JAIL_MASTER_LOW);
 	errno = error;
diff --git a/bin/varnishtest/tests/c00057.vtc b/bin/varnishtest/tests/c00057.vtc
index 65951be6b..280cc3711 100644
--- a/bin/varnishtest/tests/c00057.vtc
+++ b/bin/varnishtest/tests/c00057.vtc
@@ -60,7 +60,7 @@ client c1 {
 	rxresp
 } -run
 
-varnish v1 -expectexit 0x20
+varnish v1 -expectexit 0x40
 
 ####################
 
@@ -91,4 +91,4 @@ varnish v2 -clijson "panic.show -j"
 
 varnish v2 -cliok "panic.clear"
 
-varnish v2 -expectexit 0x20
+varnish v2 -expectexit 0x40
diff --git a/bin/varnishtest/tests/p00007.vtc b/bin/varnishtest/tests/p00007.vtc
index 08c5c27b1..67d00444e 100644
--- a/bin/varnishtest/tests/p00007.vtc
+++ b/bin/varnishtest/tests/p00007.vtc
@@ -80,4 +80,4 @@ client c1 {
 	expect resp.bodylen == 48
 } -run
 
-varnish v1 -expectexit 0x20
+varnish v1 -expectexit 0x40
diff --git a/bin/varnishtest/tests/t02004.vtc b/bin/varnishtest/tests/t02004.vtc
index 709fff70c..2cc33717b 100644
--- a/bin/varnishtest/tests/t02004.vtc
+++ b/bin/varnishtest/tests/t02004.vtc
@@ -5,6 +5,10 @@ server s1 {
 	txresp
 } -start
 
+varnish v1 -cliok "param.set feature +http2"
+varnish v1 -cliok "param.set feature +no_coredump"
+varnish v1 -cliok "param.set debug +syncvsl"
+
 varnish v1 -vcl+backend {
 	import vtc;
 
@@ -13,10 +17,6 @@ varnish v1 -vcl+backend {
 	}
 } -start
 
-varnish v1 -cliok "param.set feature +http2"
-varnish v1 -cliok "param.set feature +no_coredump"
-varnish v1 -cliok "param.set debug +syncvsl"
-
 client c1 {
 	stream 1 {
 		txreq -hdr :authority foo.bar -pad cotton
@@ -28,4 +28,4 @@ delay 2
 
 varnish v1 -cliok "panic.clear"
 
-varnish v1 -expectexit 0x20
+varnish v1 -expectexit 0x40
diff --git a/bin/varnishtest/tests/v00010.vtc b/bin/varnishtest/tests/v00010.vtc
index 89d3c298e..bbfa927fb 100644
--- a/bin/varnishtest/tests/v00010.vtc
+++ b/bin/varnishtest/tests/v00010.vtc
@@ -24,7 +24,10 @@ server s1 {
 	txresp -hdr "Foo: foo" -body "abcdef\n"
 } -start
 
-varnish v1 -arg "-sdefault,1m" -vcl+backend {
+varnish v1 -arg "-sdefault,1m"
+varnish v1 -cliok "param.set feature +no_coredump"
+
+varnish v1 -vcl+backend {
 	import vtc;
 	import debug;
 
@@ -49,7 +52,6 @@ varnish v1 -cliok "stop"
 varnish v1 -cliok "start"
 varnish v1 -wait-running
 varnish v1 -expect MGT.child_panic == 0
-varnish v1 -cliok "param.set feature +no_coredump"
 
 client c1 {
 	txreq -url "/"
@@ -92,4 +94,4 @@ client c1 {
 } -run
 
 varnish v1 -cliok "panic.clear -z"
-varnish v1 -expectexit 0x20
+varnish v1 -expectexit 0x40
diff --git a/bin/varnishtest/tests/v00063.vtc b/bin/varnishtest/tests/v00063.vtc
index c36ff1aa4..c5984ccd9 100644
--- a/bin/varnishtest/tests/v00063.vtc
+++ b/bin/varnishtest/tests/v00063.vtc
@@ -3,7 +3,7 @@ varnishtest "Create a backend after a COLD event"
 server s1 -start
 
 varnish v1 -cliok "param.set feature +no_coredump"
-varnish v1 -expectexit 0x20
+varnish v1 -expectexit 0x40
 varnish v1 -vcl+backend {
 	import debug;
 	sub vcl_init {

More information about the varnish-commit mailing list