[master] a0f16286f jail_unix: Improve error reporting of failed chown()
Nils Goroll
nils.goroll at uplex.de
Thu Feb 13 20:02:07 UTC 2025
commit a0f16286fa859d534eb073d9fe550de6532c0b61
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Thu Feb 13 20:57:11 2025 +0100
jail_unix: Improve error reporting of failed chown()
Before this patch, configuring an existing read only directory as the working
directory would result in an assertion failure:
$ mount | grep /tmp/ro
swap on /tmp/ro type tmpfs (ro,relatime,inode64)
$ sudo /tmp/sbin/varnishd -j unix -n /tmp/ro -a @a -b @b
Assert error in vju_make_workdir(), mgt/mgt_jail_unix.c line 277:
Condition((chown(dname, -1, vju_gid)) == 0) not true.
errno = 30 (Read-only file system)
This is now changed to:
$ sudo /tmp/sbin/varnishd -j unix -n /tmp/ro -a @a -b @b
Error: Cannot change group of working directory '/tmp/ro': Read-only file system
(-? gives usage)
Note: There are more {f,}chown calls in AZ(), but under the traditional model of
a super cow powered uid 0, they should, I think, succeed once chown() of the
working directory itself succeeded.
diff --git a/bin/varnishd/mgt/mgt_jail_unix.c b/bin/varnishd/mgt/mgt_jail_unix.c
index 9ca2f234b..18e2fcb0f 100644
--- a/bin/varnishd/mgt/mgt_jail_unix.c
+++ b/bin/varnishd/mgt/mgt_jail_unix.c
@@ -274,7 +274,11 @@ vju_make_workdir(const char *dname, const char *what, struct vsb *vsb)
return (1);
}
//lint -e{570}
- AZ(chown(dname, -1, vju_gid));
+ if (chown(dname, -1, vju_gid)) {
+ MGT_Complain(C_ERR, "Cannot change group of working directory '%s': %s",
+ dname, VAS_errtxt(errno));
+ return (1);
+ }
AZ(seteuid(vju_uid));
return (0);
}
More information about the varnish-commit
mailing list