mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-06 07:07:04 +02:00
Code Issues Projects Releases Wiki Activity

MINOR: sock: add EPERM case in sock_handle_system_err

Browse Source 
setns() may return EPERM if thread, that tries to move into different
namespace, do not have CAP_SYS_ADMIN capability in its Effective set.
So, extending sock_handle_system_err() with this error allows to send
appropriate log message and set SF_ERR_PRXCOND (SC termination
flag in log) as stream termination error code. This error code can be
simply checked with SF_ERR_MASK at protocol layer.
This commit is contained in:
Valentine Krasnobaeva 2024-04-23 23:42:47 +02:00 committed by Willy Tarreau
parent d3fc982cd7
commit 13ef552488
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/sock.c
View File

@ -236,6 +236,13 @@ static int sock_handle_system_err(struct connection *conn, struct proxy *be)
conn->err_code = CO_ER_NOPROTO; conn->err_code = CO_ER_NOPROTO;
break; break;
case EPERM:
send_log(be, LOG_EMERG,
"Proxy %s has insufficient permissions to open server socket.\n",
be->id);
return SF_ERR_PRXCOND;
default: default:
send_log(be, LOG_EMERG, send_log(be, LOG_EMERG,
"Proxy %s cannot create a server socket: %s\n", "Proxy %s cannot create a server socket: %s\n",