Repository: trafficserver Updated Branches: refs/heads/master 86295176c -> 33f651c90
TS-3103: improve privilege debug logging fix better debugging for DebugCapabilities Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/0f0c1633 Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/0f0c1633 Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/0f0c1633 Branch: refs/heads/master Commit: 0f0c1633beeab24cca6a312a44b0aa4e39fb57cd Parents: c205808 Author: James Peach <jpe...@apache.org> Authored: Fri Sep 26 13:50:12 2014 -0700 Committer: James Peach <jpe...@apache.org> Committed: Thu Oct 2 15:52:38 2014 -0700 ---------------------------------------------------------------------- lib/ts/ink_cap.cc | 74 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 51 insertions(+), 23 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/trafficserver/blob/0f0c1633/lib/ts/ink_cap.cc ---------------------------------------------------------------------- diff --git a/lib/ts/ink_cap.cc b/lib/ts/ink_cap.cc index 90c9c15..2666f61 100644 --- a/lib/ts/ink_cap.cc +++ b/lib/ts/ink_cap.cc @@ -38,37 +38,63 @@ ink_mutex ElevateAccess::lock = INK_MUTEX_INIT; #endif +static const char * +is_dumpable() +{ +#if defined(PR_GET_DUMPABLE) + return (prctl(PR_GET_DUMPABLE) != 1) ? "disabled" : "enabled"; +#else + return "unknown"; +#endif +} + +static int +death_signal() +{ + int signum = -1; + +#if defined(PR_GET_PDEATHSIG) + prctl(PR_GET_PDEATHSIG, &signum, 0, 0, 0); +#endif + + return signum; +} + void -DebugCapabilities(char const* tag) { +DebugCapabilities(char const* tag) +{ if (is_debug_tag_set(tag)) { -# if TS_USE_POSIX_CAP - cap_t caps = cap_get_proc(); - char* caps_text = cap_to_text(caps, 0); -# endif - -# if TS_USE_POSIX_CAP - Debug(tag, "uid=%u, gid=%u, euid=%u, egid=%u, caps %s core=%s thread=0x%llx", - static_cast<unsigned int>(getuid()), - static_cast<unsigned int>(getgid()), - static_cast<unsigned int>(geteuid()), - static_cast<unsigned int>(getegid()), - caps_text, - prctl(PR_GET_DUMPABLE) != 1 ? "disabled" : "enabled", - (unsigned long long)pthread_self() ); +#if TS_USE_POSIX_CAP + cap_t caps = cap_get_proc(); + char* caps_text = cap_to_text(caps, 0); + + Debug(tag, "uid=%u, gid=%u, euid=%u, egid=%u, caps=%s, core=%s, death signal=%d, thread=0x%llx", + static_cast<unsigned int>(getuid()), + static_cast<unsigned int>(getgid()), + static_cast<unsigned int>(geteuid()), + static_cast<unsigned int>(getegid()), + caps_text, + is_dumpable(), + death_signal(), + (unsigned long long)pthread_self() ); cap_free(caps_text); cap_free(caps); #else - Debug(tag, "uid=%u, gid=%u, euid=%u, egid=%u", - static_cast<unsigned int>(getuid()), - static_cast<unsigned int>(getgid()), - static_cast<unsigned int>(geteuid()), - static_cast<unsigned int>(getegid()) ); + Debug(tag, "uid=%u, gid=%u, euid=%u, egid=%u, core=%s, death signal=%d, thread=0x%llx", + static_cast<unsigned int>(getuid()), + static_cast<unsigned int>(getgid()), + static_cast<unsigned int>(geteuid()), + static_cast<unsigned int>(getegid()), + is_dumpable(), + death_signal(), + (unsigned long long)pthread_self() ); #endif } } int -PreserveCapabilities() { +PreserveCapabilities() +{ int zret = 0; # if TS_USE_POSIX_CAP zret = prctl(PR_SET_KEEPCAPS, 1); @@ -79,7 +105,8 @@ PreserveCapabilities() { // Adjust the capabilities to only those needed. int -RestrictCapabilities() { +RestrictCapabilities() +{ int zret = 0; // return value. # if TS_USE_POSIX_CAP cap_t caps = cap_init(); // start with nothing. @@ -99,7 +126,8 @@ RestrictCapabilities() { } int -EnableCoreFile(bool flag) { +EnableCoreFile(bool flag) +{ int zret = 0; # if defined(PR_SET_DUMPABLE)