MINOR: debug: enable insecure fork on the command line

-dI allow to enable "insure-fork-wanted" directly from the command line,
which is useful when you want to run ASAN with addr2line with a lot of
configuration files without editing them.
This commit is contained in:
William Lallemand 2024-03-13 11:08:50 +01:00
parent 07b2e84bce
commit 70be894e41
3 changed files with 10 additions and 1 deletions

View File

@ -1975,7 +1975,8 @@ insecure-fork-wanted
highly recommended that this option is never used and that any workload highly recommended that this option is never used and that any workload
requiring such a fork be reconsidered and moved to a safer solution (such as requiring such a fork be reconsidered and moved to a safer solution (such as
agents instead of external checks). This option supports the "no" prefix to agents instead of external checks). This option supports the "no" prefix to
disable it. disable it. This can also be activated with "-dI" on the haproxy command
line.
insecure-setuid-wanted insecure-setuid-wanted
HAProxy doesn't need to call executables at run time (except when using HAProxy doesn't need to call executables at run time (except when using

View File

@ -230,6 +230,11 @@ list of options is :
getaddrinfo() exist on various systems and cause anomalies that are getaddrinfo() exist on various systems and cause anomalies that are
difficult to troubleshoot. difficult to troubleshoot.
-dI : enable the insecure fork. This is the equivalent of the
"insecure-fork-wanted" in the global section. It can be useful when running
all the reg-tests with ASAN which need to fork addr2line to resolve the
addresses.
-dK<class[,class]*> : dumps the list of registered keywords in each class. -dK<class[,class]*> : dumps the list of registered keywords in each class.
The list of classes is available with "-dKhelp". All classes may be dumped The list of classes is available with "-dKhelp". All classes may be dumped
using "-dKall", otherwise a selection of those shown in the help can be using "-dKall", otherwise a selection of those shown in the help can be

View File

@ -659,6 +659,7 @@ static void usage(char *name)
" -dW fails if any warning is emitted\n" " -dW fails if any warning is emitted\n"
" -dD diagnostic mode : warn about suspicious configuration statements\n" " -dD diagnostic mode : warn about suspicious configuration statements\n"
" -dF disable fast-forward\n" " -dF disable fast-forward\n"
" -dI enable insecure fork\n"
" -dZ disable zero-copy forwarding\n" " -dZ disable zero-copy forwarding\n"
" -sf/-st [pid ]* finishes/terminates old pids.\n" " -sf/-st [pid ]* finishes/terminates old pids.\n"
" -x <unix_socket> get listening sockets from a unix socket\n" " -x <unix_socket> get listening sockets from a unix socket\n"
@ -1679,6 +1680,8 @@ static void init_args(int argc, char **argv)
#endif #endif
else if (*flag == 'd' && flag[1] == 'F') else if (*flag == 'd' && flag[1] == 'F')
global.tune.options &= ~GTUNE_USE_FAST_FWD; global.tune.options &= ~GTUNE_USE_FAST_FWD;
else if (*flag == 'd' && flag[1] == 'I')
global.tune.options |= GTUNE_INSECURE_FORK;
else if (*flag == 'd' && flag[1] == 'V') else if (*flag == 'd' && flag[1] == 'V')
global.ssl_server_verify = SSL_SERVER_VERIFY_NONE; global.ssl_server_verify = SSL_SERVER_VERIFY_NONE;
else if (*flag == 'd' && flag[1] == 'Z') else if (*flag == 'd' && flag[1] == 'Z')