Jail, outstanding details

Poul-Henning Kamp phk at phk.freebsd.dk
Wed Feb 18 20:19:58 CET 2015

In message <E1YOA12-0001ej-54 at project.varnish-software.com>, Poul-Henning Kamp 

>    Move creation of workdir into jail code, and use the master HIGH/LOW
>    around socket operations which may be on reserved ports.

This is all presuming jail=unix which means Varnish was started as root.

I am uncertain if creating/opening the storage files should be done
at "MASTER_HIGH" (= root) or "MASTER_LOW" (= varnish user) privilege

I'm sort of leaning "MASTER_HIGH" on general principles, but if anybody
has input, I'd like to hear it...

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-dev mailing list