38 int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */  in fpm_unix_resolve_socket_premissions()  argument
40 	struct fpm_worker_pool_config_s *c = wp->config;  in fpm_unix_resolve_socket_premissions()
45 	wp->socket_acl  = NULL;  in fpm_unix_resolve_socket_premissions()
47 	wp->socket_uid = -1;  in fpm_unix_resolve_socket_premissions()
48 	wp->socket_gid = -1;  in fpm_unix_resolve_socket_premissions()
49 	wp->socket_mode = 0660;  in fpm_unix_resolve_socket_premissions()
56 		wp->socket_mode = strtoul(c->listen_mode, 0, 8);  in fpm_unix_resolve_socket_premissions()
85 			zlog(ZLOG_SYSERROR, "[pool %s] cannot allocate ACL", wp->config->name);  in fpm_unix_resolve_socket_premissions()
99 					zlog(ZLOG_DEBUG, "[pool %s] user '%s' have uid=%d", wp->config->name, p, pwd->pw_uid);  in fpm_unix_resolve_socket_premissions()
101 					zlog(ZLOG_SYSERROR, "[pool %s] cannot get uid for user '%s'", wp->config->name, p);  in fpm_unix_resolve_socket_premissions()
113 					zlog(ZLOG_SYSERROR, "[pool %s] cannot create ACL for user '%s'", wp->config->name, p);  in fpm_unix_resolve_socket_premissions()
132 					zlog(ZLOG_DEBUG, "[pool %s] group '%s' have gid=%d", wp->config->name, p, grp->gr_gid);  in fpm_unix_resolve_socket_premissions()
134 					zlog(ZLOG_SYSERROR, "[pool %s] cannot get gid for group '%s'", wp->config->name, p);  in fpm_unix_resolve_socket_premissions()
146 					zlog(ZLOG_SYSERROR, "[pool %s] cannot create ACL for group '%s'", wp->config->name, p);  in fpm_unix_resolve_socket_premissions()
155 …zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.owner = '%s' is ignored", wp->config->name, c->liste…  in fpm_unix_resolve_socket_premissions()
158 …zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.group = '%s' is ignored", wp->config->name, c->liste…  in fpm_unix_resolve_socket_premissions()
160 		wp->socket_acl  = acl;  in fpm_unix_resolve_socket_premissions()
171 			zlog(ZLOG_SYSERROR, "[pool %s] cannot get uid for user '%s'", wp->config->name, c->listen_owner);  in fpm_unix_resolve_socket_premissions()
175 		wp->socket_uid = pwd->pw_uid;  in fpm_unix_resolve_socket_premissions()
176 		wp->socket_gid = pwd->pw_gid;  in fpm_unix_resolve_socket_premissions()
184 …	zlog(ZLOG_SYSERROR, "[pool %s] cannot get gid for group '%s'", wp->config->name, c->listen_group);  in fpm_unix_resolve_socket_premissions()
187 		wp->socket_gid = grp->gr_gid;  in fpm_unix_resolve_socket_premissions()
194 int fpm_unix_set_socket_premissions(struct fpm_worker_pool_s *wp, const char *path) /* {{{ */  in fpm_unix_set_socket_premissions()  argument
197 	if (wp->socket_acl) {  in fpm_unix_set_socket_premissions()
203 		aclconf = wp->socket_acl;  in fpm_unix_set_socket_premissions()
206 …zlog(ZLOG_SYSERROR, "[pool %s] failed to read the ACL of the socket '%s'", wp->config->name, path);  in fpm_unix_set_socket_premissions()
213 …zlog(ZLOG_SYSERROR, "[pool %s] failed to add entry to the ACL of the socket '%s'", wp->config->nam…  in fpm_unix_set_socket_premissions()
222 …zlog(ZLOG_SYSERROR, "[pool %s] failed to write the ACL of the socket '%s'", wp->config->name, path…  in fpm_unix_set_socket_premissions()
226 			zlog(ZLOG_DEBUG, "[pool %s] ACL of the socket '%s' is set", wp->config->name, path);  in fpm_unix_set_socket_premissions()
235 	if (wp->socket_uid != -1 || wp->socket_gid != -1) {  in fpm_unix_set_socket_premissions()
236 		if (0 > chown(path, wp->socket_uid, wp->socket_gid)) {  in fpm_unix_set_socket_premissions()
237 …zlog(ZLOG_SYSERROR, "[pool %s] failed to chown() the socket '%s'", wp->config->name, wp->config->l…  in fpm_unix_set_socket_premissions()
245 int fpm_unix_free_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */  in fpm_unix_free_socket_premissions()  argument
248 	if (wp->socket_acl) {  in fpm_unix_free_socket_premissions()
249 		return acl_free(wp->socket_acl);  in fpm_unix_free_socket_premissions()
256 static int fpm_unix_conf_wp(struct fpm_worker_pool_s *wp) /* {{{ */  in fpm_unix_conf_wp()  argument
262 		if (wp->config->user && *wp->config->user) {  in fpm_unix_conf_wp()
263 			if (strlen(wp->config->user) == strspn(wp->config->user, "0123456789")) {  in fpm_unix_conf_wp()
264 				wp->set_uid = strtoul(wp->config->user, 0, 10);  in fpm_unix_conf_wp()
268 				pwd = getpwnam(wp->config->user);  in fpm_unix_conf_wp()
270 					zlog(ZLOG_ERROR, "[pool %s] cannot get uid for user '%s'", wp->config->name, wp->config->user);  in fpm_unix_conf_wp()
274 				wp->set_uid = pwd->pw_uid;  in fpm_unix_conf_wp()
275 				wp->set_gid = pwd->pw_gid;  in fpm_unix_conf_wp()
277 				wp->user = strdup(pwd->pw_name);  in fpm_unix_conf_wp()
278 				wp->home = strdup(pwd->pw_dir);  in fpm_unix_conf_wp()
282 		if (wp->config->group && *wp->config->group) {  in fpm_unix_conf_wp()
283 			if (strlen(wp->config->group) == strspn(wp->config->group, "0123456789")) {  in fpm_unix_conf_wp()
284 				wp->set_gid = strtoul(wp->config->group, 0, 10);  in fpm_unix_conf_wp()
288 				grp = getgrnam(wp->config->group);  in fpm_unix_conf_wp()
290 …		zlog(ZLOG_ERROR, "[pool %s] cannot get gid for group '%s'", wp->config->name, wp->config->group);  in fpm_unix_conf_wp()
293 				wp->set_gid = grp->gr_gid;  in fpm_unix_conf_wp()
298 			if (wp->set_uid == 0 || wp->set_gid == 0) {  in fpm_unix_conf_wp()
299 				zlog(ZLOG_ERROR, "[pool %s] please specify user and group other than root", wp->config->name);  in fpm_unix_conf_wp()
304 		if (wp->config->user && *wp->config->user) {  in fpm_unix_conf_wp()
305 …zlog(ZLOG_NOTICE, "[pool %s] 'user' directive is ignored when FPM is not running as root", wp->con…  in fpm_unix_conf_wp()
307 		if (wp->config->group && *wp->config->group) {  in fpm_unix_conf_wp()
308 …zlog(ZLOG_NOTICE, "[pool %s] 'group' directive is ignored when FPM is not running as root", wp->co…  in fpm_unix_conf_wp()
310 		if (wp->config->chroot && *wp->config->chroot) {  in fpm_unix_conf_wp()
311 …zlog(ZLOG_NOTICE, "[pool %s] 'chroot' directive is ignored when FPM is not running as root", wp->c…  in fpm_unix_conf_wp()
313 		if (wp->config->process_priority != 64) {  in fpm_unix_conf_wp()
314 …ol %s] 'process.priority' directive is ignored when FPM is not running as root", wp->config->name);  in fpm_unix_conf_wp()
320 			wp->user = strdup(pwd->pw_name);  in fpm_unix_conf_wp()
321 			wp->home = strdup(pwd->pw_dir);  in fpm_unix_conf_wp()
328 int fpm_unix_init_child(struct fpm_worker_pool_s *wp) /* {{{ */  in fpm_unix_init_child()  argument
333 	if (wp->config->rlimit_files) {  in fpm_unix_init_child()
336 		r.rlim_max = r.rlim_cur = (rlim_t) wp->config->rlimit_files;  in fpm_unix_init_child()
339 …m limits or decrease rlimit_files. setrlimit(RLIMIT_NOFILE, %d)", wp->config->name, wp->config->rl…  in fpm_unix_init_child()
343 	if (wp->config->rlimit_core) {  in fpm_unix_init_child()
346 …r.rlim_max = r.rlim_cur = wp->config->rlimit_core == -1 ? (rlim_t) RLIM_INFINITY : (rlim_t) wp->co…  in fpm_unix_init_child()
349 …stem limits or decrease rlimit_core. setrlimit(RLIMIT_CORE, %d)", wp->config->name, wp->config->rl…  in fpm_unix_init_child()
353 	if (is_root && wp->config->chroot && *wp->config->chroot) {  in fpm_unix_init_child()
354 		if (0 > chroot(wp->config->chroot)) {  in fpm_unix_init_child()
355 			zlog(ZLOG_SYSERROR, "[pool %s] failed to chroot(%s)",  wp->config->name, wp->config->chroot);  in fpm_unix_init_child()
361 	if (wp->config->chdir && *wp->config->chdir) {  in fpm_unix_init_child()
362 		if (0 > chdir(wp->config->chdir)) {  in fpm_unix_init_child()
363 			zlog(ZLOG_SYSERROR, "[pool %s] failed to chdir(%s)", wp->config->name, wp->config->chdir);  in fpm_unix_init_child()
368 			zlog(ZLOG_WARNING, "[pool %s] failed to chdir(/)", wp->config->name);  in fpm_unix_init_child()
374 		if (wp->config->process_priority != 64) {  in fpm_unix_init_child()
375 			if (setpriority(PRIO_PROCESS, 0, wp->config->process_priority) < 0) {  in fpm_unix_init_child()
376 				zlog(ZLOG_SYSERROR, "[pool %s] Unable to set priority for this new process", wp->config->name);  in fpm_unix_init_child()
381 		if (wp->set_gid) {  in fpm_unix_init_child()
382 			if (0 > setgid(wp->set_gid)) {  in fpm_unix_init_child()
383 				zlog(ZLOG_SYSERROR, "[pool %s] failed to setgid(%d)", wp->config->name, wp->set_gid);  in fpm_unix_init_child()
387 		if (wp->set_uid) {  in fpm_unix_init_child()
388 			if (0 > initgroups(wp->config->user, wp->set_gid)) {  in fpm_unix_init_child()
389 …ZLOG_SYSERROR, "[pool %s] failed to initgroups(%s, %d)", wp->config->name, wp->config->user, wp->s…  in fpm_unix_init_child()
392 			if (0 > setuid(wp->set_uid)) {  in fpm_unix_init_child()
393 				zlog(ZLOG_SYSERROR, "[pool %s] failed to setuid(%d)", wp->config->name, wp->set_uid);  in fpm_unix_init_child()
400 	if (wp->config->process_dumpable && 0 > prctl(PR_SET_DUMPABLE, 1, 0, 0, 0)) {  in fpm_unix_init_child()
401 		zlog(ZLOG_SYSERROR, "[pool %s] failed to prctl(PR_SET_DUMPABLE)", wp->config->name);  in fpm_unix_init_child()
410 	if (wp->config->apparmor_hat) {  in fpm_unix_init_child()
414 …r confinement. Please check if \"/proc/*/attr/current\" is read and writeable.", wp->config->name);  in fpm_unix_init_child()
418 		new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte  in fpm_unix_init_child()
420 …zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->na…  in fpm_unix_init_child()
424 		if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) {  in fpm_unix_init_child()
425 			zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name);  in fpm_unix_init_child()
430 …rent\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_c…  in fpm_unix_init_child()
445 	struct fpm_worker_pool_s *wp;  in fpm_unix_init_main()  local
572 	for (wp = fpm_worker_all_pools; wp; wp = wp->next) {  in fpm_unix_init_main()
573 		if (0 > fpm_unix_conf_wp(wp)) {  in fpm_unix_init_main()

Last Index update Wed Sep 25 00:05:58 UTC 2024

Dedicated to & Maintained by Room-11