Lines Matching refs:wp
56 static struct passwd *fpm_unix_get_passwd(struct fpm_worker_pool_s *wp, const char *name, int flags) in fpm_unix_get_passwd() argument
60 zlog(flags, "[pool %s] cannot get uid for user '%s'", wp->config->name, name); in fpm_unix_get_passwd()
67 static inline bool fpm_unix_check_listen_address(struct fpm_worker_pool_s *wp, const char *address,… in fpm_unix_check_listen_address() argument
69 if (wp->listen_address_domain != FPM_AF_UNIX) { in fpm_unix_check_listen_address()
85 wp->config->name, in fpm_unix_check_listen_address()
94 static inline bool fpm_unix_check_passwd(struct fpm_worker_pool_s *wp, const char *name, int flags) in fpm_unix_check_passwd() argument
96 return !name || fpm_unix_is_id(name) || fpm_unix_get_passwd(wp, name, flags); in fpm_unix_check_passwd()
99 static struct group *fpm_unix_get_group(struct fpm_worker_pool_s *wp, const char *name, int flags) in fpm_unix_get_group() argument
103 zlog(flags, "[pool %s] cannot get gid for group '%s'", wp->config->name, name); in fpm_unix_get_group()
110 static inline bool fpm_unix_check_group(struct fpm_worker_pool_s *wp, const char *name, int flags) in fpm_unix_check_group() argument
112 return !name || fpm_unix_is_id(name) || fpm_unix_get_group(wp, name, flags); in fpm_unix_check_group()
115 bool fpm_unix_test_config(struct fpm_worker_pool_s *wp) in fpm_unix_test_config() argument
117 struct fpm_worker_pool_config_s *config = wp->config; in fpm_unix_test_config()
119 fpm_unix_check_passwd(wp, config->user, ZLOG_ERROR) && in fpm_unix_test_config()
120 fpm_unix_check_group(wp, config->group, ZLOG_ERROR) && in fpm_unix_test_config()
121 fpm_unix_check_listen_address(wp, config->listen_address, ZLOG_SYSERROR) && in fpm_unix_test_config()
122 fpm_unix_check_passwd(wp, config->listen_owner, ZLOG_SYSERROR) && in fpm_unix_test_config()
123 fpm_unix_check_group(wp, config->listen_group, ZLOG_SYSERROR) in fpm_unix_test_config()
127 int fpm_unix_resolve_socket_permissions(struct fpm_worker_pool_s *wp) /* {{{ */ in fpm_unix_resolve_socket_permissions() argument
129 struct fpm_worker_pool_config_s *c = wp->config; in fpm_unix_resolve_socket_permissions()
134 wp->socket_acl = NULL; in fpm_unix_resolve_socket_permissions()
136 wp->socket_uid = -1; in fpm_unix_resolve_socket_permissions()
137 wp->socket_gid = -1; in fpm_unix_resolve_socket_permissions()
138 wp->socket_mode = 0660; in fpm_unix_resolve_socket_permissions()
145 wp->socket_mode = strtoul(c->listen_mode, 0, 8); in fpm_unix_resolve_socket_permissions()
174 zlog(ZLOG_SYSERROR, "[pool %s] cannot allocate ACL", wp->config->name); in fpm_unix_resolve_socket_permissions()
186 pwd = fpm_unix_get_passwd(wp, p, ZLOG_SYSERROR); in fpm_unix_resolve_socket_permissions()
188 zlog(ZLOG_DEBUG, "[pool %s] user '%s' have uid=%d", wp->config->name, p, pwd->pw_uid); in fpm_unix_resolve_socket_permissions()
201 zlog(ZLOG_SYSERROR, "[pool %s] cannot create ACL for user '%s'", wp->config->name, p); in fpm_unix_resolve_socket_permissions()
218 grp = fpm_unix_get_group(wp, p, ZLOG_SYSERROR); in fpm_unix_resolve_socket_permissions()
220 zlog(ZLOG_DEBUG, "[pool %s] group '%s' have gid=%d", wp->config->name, p, grp->gr_gid); in fpm_unix_resolve_socket_permissions()
233 zlog(ZLOG_SYSERROR, "[pool %s] cannot create ACL for group '%s'", wp->config->name, p); in fpm_unix_resolve_socket_permissions()
242 …zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.owner = '%s' is ignored", wp->config->name, c->liste… in fpm_unix_resolve_socket_permissions()
245 …zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.group = '%s' is ignored", wp->config->name, c->liste… in fpm_unix_resolve_socket_permissions()
247 wp->socket_acl = acl; in fpm_unix_resolve_socket_permissions()
255 wp->socket_uid = strtoul(c->listen_owner, 0, 10); in fpm_unix_resolve_socket_permissions()
259 pwd = fpm_unix_get_passwd(wp, c->listen_owner, ZLOG_SYSERROR); in fpm_unix_resolve_socket_permissions()
264 wp->socket_uid = pwd->pw_uid; in fpm_unix_resolve_socket_permissions()
265 wp->socket_gid = pwd->pw_gid; in fpm_unix_resolve_socket_permissions()
271 wp->socket_gid = strtoul(c->listen_group, 0, 10); in fpm_unix_resolve_socket_permissions()
275 grp = fpm_unix_get_group(wp, c->listen_group, ZLOG_SYSERROR); in fpm_unix_resolve_socket_permissions()
279 wp->socket_gid = grp->gr_gid; in fpm_unix_resolve_socket_permissions()
287 int fpm_unix_set_socket_permissions(struct fpm_worker_pool_s *wp, const char *path) /* {{{ */ in fpm_unix_set_socket_permissions() argument
290 if (wp->socket_acl) { in fpm_unix_set_socket_permissions()
296 aclconf = wp->socket_acl; in fpm_unix_set_socket_permissions()
299 …zlog(ZLOG_SYSERROR, "[pool %s] failed to read the ACL of the socket '%s'", wp->config->name, path); in fpm_unix_set_socket_permissions()
306 …zlog(ZLOG_SYSERROR, "[pool %s] failed to add entry to the ACL of the socket '%s'", wp->config->nam… in fpm_unix_set_socket_permissions()
315 …zlog(ZLOG_SYSERROR, "[pool %s] failed to write the ACL of the socket '%s'", wp->config->name, path… in fpm_unix_set_socket_permissions()
319 zlog(ZLOG_DEBUG, "[pool %s] ACL of the socket '%s' is set", wp->config->name, path); in fpm_unix_set_socket_permissions()
328 if (wp->socket_uid != -1 || wp->socket_gid != -1) { in fpm_unix_set_socket_permissions()
329 if (0 > chown(path, wp->socket_uid, wp->socket_gid)) { in fpm_unix_set_socket_permissions()
330 …zlog(ZLOG_SYSERROR, "[pool %s] failed to chown() the socket '%s'", wp->config->name, wp->config->l… in fpm_unix_set_socket_permissions()
338 int fpm_unix_free_socket_permissions(struct fpm_worker_pool_s *wp) /* {{{ */ in fpm_unix_free_socket_permissions() argument
341 if (wp->socket_acl) { in fpm_unix_free_socket_permissions()
342 return acl_free(wp->socket_acl); in fpm_unix_free_socket_permissions()
349 static int fpm_unix_conf_wp(struct fpm_worker_pool_s *wp) /* {{{ */ in fpm_unix_conf_wp() argument
355 if (wp->config->user && *wp->config->user) { in fpm_unix_conf_wp()
356 if (fpm_unix_is_id(wp->config->user)) { in fpm_unix_conf_wp()
357 wp->set_uid = strtoul(wp->config->user, 0, 10); in fpm_unix_conf_wp()
358 pwd = getpwuid(wp->set_uid); in fpm_unix_conf_wp()
360 wp->set_gid = pwd->pw_gid; in fpm_unix_conf_wp()
361 wp->set_user = strdup(pwd->pw_name); in fpm_unix_conf_wp()
366 pwd = fpm_unix_get_passwd(wp, wp->config->user, ZLOG_ERROR); in fpm_unix_conf_wp()
371 wp->set_uid = pwd->pw_uid; in fpm_unix_conf_wp()
372 wp->set_gid = pwd->pw_gid; in fpm_unix_conf_wp()
374 wp->user = strdup(pwd->pw_name); in fpm_unix_conf_wp()
375 wp->home = strdup(pwd->pw_dir); in fpm_unix_conf_wp()
379 if (wp->config->group && *wp->config->group) { in fpm_unix_conf_wp()
380 if (fpm_unix_is_id(wp->config->group)) { in fpm_unix_conf_wp()
381 wp->set_gid = strtoul(wp->config->group, 0, 10); in fpm_unix_conf_wp()
385 grp = fpm_unix_get_group(wp, wp->config->group, ZLOG_ERROR); in fpm_unix_conf_wp()
389 wp->set_gid = grp->gr_gid; in fpm_unix_conf_wp()
394 if (wp->set_uid == 0 || wp->set_gid == 0) { in fpm_unix_conf_wp()
395 zlog(ZLOG_ERROR, "[pool %s] please specify user and group other than root", wp->config->name); in fpm_unix_conf_wp()
400 if (wp->config->user && *wp->config->user) { in fpm_unix_conf_wp()
401 …zlog(ZLOG_NOTICE, "[pool %s] 'user' directive is ignored when FPM is not running as root", wp->con… in fpm_unix_conf_wp()
403 if (wp->config->group && *wp->config->group) { in fpm_unix_conf_wp()
404 …zlog(ZLOG_NOTICE, "[pool %s] 'group' directive is ignored when FPM is not running as root", wp->co… in fpm_unix_conf_wp()
406 if (wp->config->chroot && *wp->config->chroot) { in fpm_unix_conf_wp()
407 …zlog(ZLOG_NOTICE, "[pool %s] 'chroot' directive is ignored when FPM is not running as root", wp->c… in fpm_unix_conf_wp()
409 if (wp->config->process_priority != 64) { in fpm_unix_conf_wp()
410 …ol %s] 'process.priority' directive is ignored when FPM is not running as root", wp->config->name); in fpm_unix_conf_wp()
416 wp->user = strdup(pwd->pw_name); in fpm_unix_conf_wp()
417 wp->home = strdup(pwd->pw_dir); in fpm_unix_conf_wp()
424 int fpm_unix_init_child(struct fpm_worker_pool_s *wp) /* {{{ */ in fpm_unix_init_child() argument
429 if (wp->config->rlimit_files) { in fpm_unix_init_child()
432 r.rlim_max = r.rlim_cur = (rlim_t) wp->config->rlimit_files; in fpm_unix_init_child()
435 …m limits or decrease rlimit_files. setrlimit(RLIMIT_NOFILE, %d)", wp->config->name, wp->config->rl… in fpm_unix_init_child()
439 if (wp->config->rlimit_core) { in fpm_unix_init_child()
442 …r.rlim_max = r.rlim_cur = wp->config->rlimit_core == -1 ? (rlim_t) RLIM_INFINITY : (rlim_t) wp->co… in fpm_unix_init_child()
445 …stem limits or decrease rlimit_core. setrlimit(RLIMIT_CORE, %d)", wp->config->name, wp->config->rl… in fpm_unix_init_child()
449 if (is_root && wp->config->chroot && *wp->config->chroot) { in fpm_unix_init_child()
450 if (0 > chroot(wp->config->chroot)) { in fpm_unix_init_child()
451 zlog(ZLOG_SYSERROR, "[pool %s] failed to chroot(%s)", wp->config->name, wp->config->chroot); in fpm_unix_init_child()
457 if (wp->config->chdir && *wp->config->chdir) { in fpm_unix_init_child()
458 if (0 > chdir(wp->config->chdir)) { in fpm_unix_init_child()
459 zlog(ZLOG_SYSERROR, "[pool %s] failed to chdir(%s)", wp->config->name, wp->config->chdir); in fpm_unix_init_child()
464 zlog(ZLOG_WARNING, "[pool %s] failed to chdir(/)", wp->config->name); in fpm_unix_init_child()
470 if (wp->config->process_priority != 64) { in fpm_unix_init_child()
471 if (setpriority(PRIO_PROCESS, 0, wp->config->process_priority) < 0) { in fpm_unix_init_child()
472 zlog(ZLOG_SYSERROR, "[pool %s] Unable to set priority for this new process", wp->config->name); in fpm_unix_init_child()
477 if (wp->set_gid) { in fpm_unix_init_child()
478 if (0 > setgid(wp->set_gid)) { in fpm_unix_init_child()
479 zlog(ZLOG_SYSERROR, "[pool %s] failed to setgid(%d)", wp->config->name, wp->set_gid); in fpm_unix_init_child()
483 if (wp->set_uid) { in fpm_unix_init_child()
484 if (0 > initgroups(wp->set_user ? wp->set_user : wp->config->user, wp->set_gid)) { in fpm_unix_init_child()
485 …ZLOG_SYSERROR, "[pool %s] failed to initgroups(%s, %d)", wp->config->name, wp->config->user, wp->s… in fpm_unix_init_child()
488 if (0 > setuid(wp->set_uid)) { in fpm_unix_init_child()
489 zlog(ZLOG_SYSERROR, "[pool %s] failed to setuid(%d)", wp->config->name, wp->set_uid); in fpm_unix_init_child()
496 if (wp->config->process_dumpable) { in fpm_unix_init_child()
500 zlog(ZLOG_SYSERROR, "[pool %s] ptrace is denied", wp->config->name); in fpm_unix_init_child()
505 zlog(ZLOG_SYSERROR, "[pool %s] failed to prctl(PR_SET_DUMPABLE)", wp->config->name); in fpm_unix_init_child()
512 if (wp->config->process_dumpable && -1 == procctl(P_PID, getpid(), PROC_TRACE_CTL, &dumpable)) { in fpm_unix_init_child()
513 zlog(ZLOG_SYSERROR, "[pool %s] failed to procctl(PROC_TRACE_CTL)", wp->config->name); in fpm_unix_init_child()
518 if (wp->config->process_dumpable && 0 > setpflags(__PROC_PROTECT, 0)) { in fpm_unix_init_child()
519 zlog(ZLOG_SYSERROR, "[pool %s] failed to setpflags(__PROC_PROTECT)", wp->config->name); in fpm_unix_init_child()
528 if (wp->config->apparmor_hat) { in fpm_unix_init_child()
532 …r confinement. Please check if \"/proc/*/attr/current\" is read and writeable.", wp->config->name); in fpm_unix_init_child()
536 new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte in fpm_unix_init_child()
538 …zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->na… in fpm_unix_init_child()
543 if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) { in fpm_unix_init_child()
544 zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name); in fpm_unix_init_child()
551 …rent\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_c… in fpm_unix_init_child()
568 struct fpm_worker_pool_s *wp; in fpm_unix_init_main() local
695 for (wp = fpm_worker_all_pools; wp; wp = wp->next) { in fpm_unix_init_main()
696 if (0 > fpm_unix_conf_wp(wp)) { in fpm_unix_init_main()
