mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-02-13 21:31:07 +01:00
Code Issues Projects Releases Wiki Activity

MINOR: cfgparse-global: add more checks for "chroot" argument

Browse Source 
If directory provided as a "chroot" keyword argument does not exist or
inaccessible, this is reported only at the latest initialization stage, when
haproxy tries to perform chroot. Sometimes it's not very convenient, as the
process is already bound to listen sockets.

This was done explicitly in order not to break the case, when haproxy is
launched with "-c" option in some specific environment, where it's not possible
to create or to modify chroot directory, provided in the configuration.

So, let's add more checks for "chroot" directory during the parsing
stage and let's show diagnostic warnings, if this directory has become
non-accesible or was deleted. Like this, users, who wants to catch errors
related to misconfigured chroot before starting the process, can launch haproxy
with -dW and -dD. zero-warning mode will stop the process with error, if any
warning was emitted during initialization stage.
This commit is contained in:
Valentine Krasnobaeva 2024-11-20 16:37:02 +01:00 committed by Willy Tarreau
parent c853502cc6
commit d1c3cd8974
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/cfgparse-global.c
View File

@ -1607,6 +1607,8 @@ static int cfg_parse_global_chroot(char **args, int section_type, struct proxy *
const struct proxy *defpx, const char *file, int line,
char **err)
{
struct stat dir_stat;
if (too_many_args(1, args, err, NULL))
return -1;
@ -1620,6 +1622,25 @@ static int cfg_parse_global_chroot(char **args, int section_type, struct proxy *
}
global.chroot = strdup(args[1]);
/* some additional test for chroot dir, warn messages might be
* handy to catch misconfiguration errors more quickly
*/
if (stat(args[1], &dir_stat) != 0) {
if (errno == ENOENT)
ha_diag_warning("parsing [%s:%d]: '%s': '%s': %s.\n",
file, line, args[0], args[1], strerror(errno));
else if (errno == EACCES)
ha_diag_warning("parsing [%s:%d]: '%s': '%s': %s "
"(process is need to be started with root priviledges to be able to chroot).\n",
file, line, args[0], args[1], strerror(errno));
else
ha_diag_warning("parsing [%s:%d]: '%s': '%s': stat() is failed: %s.\n",
file, line, args[0], args[1], strerror(errno));
} else if ((dir_stat.st_mode & S_IFMT) != S_IFDIR) {
ha_diag_warning("parsing [%s:%d]: '%s': '%s' is not a directory.\n",
file, line, args[0], args[1]);
}
return 0;
}