Jail, outstanding details
Poul-Henning Kamp
phk at phk.freebsd.dk
Wed Feb 18 20:19:58 CET 2015
In message <E1YOA12-0001ej-54 at project.varnish-software.com>, Poul-Henning Kamp
writes:
> Move creation of workdir into jail code, and use the master HIGH/LOW
> around socket operations which may be on reserved ports.
This is all presuming jail=unix which means Varnish was started as root.
I am uncertain if creating/opening the storage files should be done
at "MASTER_HIGH" (= root) or "MASTER_LOW" (= varnish user) privilege
level.
I'm sort of leaning "MASTER_HIGH" on general principles, but if anybody
has input, I'd like to hear it...
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-dev
mailing list