This allows chroot to occur before setsid_early().
In the case where a master process is re-initialised
* It will not chroot itself, though if it is already chrooted that will
remain in effect.
* If it is already chrooted then the path to the configuration file
read during reinitialisation will be relative to the chroot.
---
src/haproxy.c | 116 ++++++++++++++++++++++++++++----------------------------
1 files changed, 58 insertions(+), 58 deletions(-)
diff --git a/src/haproxy.c b/src/haproxy.c
index 4ee7161..dc2739b 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -1074,6 +1074,64 @@ void run(int argc, char **argv)
*/
signal_register_fct(SIGPIPE, NULL, 0);
+ /* open log & pid files before the chroot */
+ if (global.mode & MODE_DAEMON && global.pidfile != NULL) {
+ int pidfd;
+ unlink(global.pidfile);
+ pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC,
0644);
+ if (pidfd < 0) {
+ Alert("[%s.run()] Cannot create pidfile %s\n", argv[0],
global.pidfile);
+ if (nb_oldpids)
+ tell_old_pids(SIGTTIN);
+ protocol_unbind_all();
+ exit(1);
+ }
+ pidfile = fdopen(pidfd, "w");
+ }
+
+#ifdef CONFIG_HAP_CTTPROXY
+ if (global.last_checks & LSTCHK_CTTPROXY) {
+ int ret;
+
+ ret = check_cttproxy_version();
+ if (ret < 0) {
+ Alert("[%s.run()] Cannot enable cttproxy.\n%s",
+ argv[0],
+ (ret == -1) ? " Incorrect module version.\n"
+ : " Make sure you have enough permissions and
that the module is loaded.\n");
+ protocol_unbind_all();
+ exit(1);
+ }
+ }
+#endif
+
+ if ((global.last_checks & LSTCHK_NETADM) && global.uid) {
+ Alert("[%s.run()] Some configuration options require full
privileges, so global.uid cannot be changed.\n"
+ "", argv[0]);
+ protocol_unbind_all();
+ exit(1);
+ }
+
+ /* If the user is not root, we'll still let him try the configuration
+ * but we inform him that unexpected behaviour may occur.
+ */
+ if ((global.last_checks & LSTCHK_NETADM) && getuid())
+ Warning("[%s.run()] Some options which require full privileges"
+ " might not work well.\n"
+ "", argv[0]);
+
+ /* chroot if needed */
+ if (!is_master && global.chroot != NULL) {
+ if (chroot(global.chroot) == -1) {
+ Alert("[%s.run()] Cannot chroot(%s).\n", argv[0],
global.chroot);
+ if (nb_oldpids)
+ tell_old_pids(SIGTTIN);
+ protocol_unbind_all();
+ exit(1);
+ }
+ chdir("/");
+ }
+
setid_early(argv[0]);
/* ulimits */
@@ -1176,64 +1234,6 @@ void run(int argc, char **argv)
fclose(stdin); fclose(stdout); fclose(stderr);
}
- /* open log & pid files before the chroot */
- if (global.mode & MODE_DAEMON && global.pidfile != NULL) {
- int pidfd;
- unlink(global.pidfile);
- pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC,
0644);
- if (pidfd < 0) {
- Alert("[%s.run()] Cannot create pidfile %s\n", argv[0],
global.pidfile);
- if (nb_oldpids)
- tell_old_pids(SIGTTIN);
- protocol_unbind_all();
- exit(1);
- }
- pidfile = fdopen(pidfd, "w");
- }
-
-#ifdef CONFIG_HAP_CTTPROXY
- if (global.last_checks & LSTCHK_CTTPROXY) {
- int ret;
-
- ret = check_cttproxy_version();
- if (ret < 0) {
- Alert("[%s.run()] Cannot enable cttproxy.\n%s",
- argv[0],
- (ret == -1) ? " Incorrect module version.\n"
- : " Make sure you have enough permissions and
that the module is loaded.\n");
- protocol_unbind_all();
- exit(1);
- }
- }
-#endif
-
- if ((global.last_checks & LSTCHK_NETADM) && global.uid) {
- Alert("[%s.run()] Some configuration options require full
privileges, so global.uid cannot be changed.\n"
- "", argv[0]);
- protocol_unbind_all();
- exit(1);
- }
-
- /* If the user is not root, we'll still let him try the configuration
- * but we inform him that unexpected behaviour may occur.
- */
- if ((global.last_checks & LSTCHK_NETADM) && getuid())
- Warning("[%s.run()] Some options which require full privileges"
- " might not work well.\n"
- "", argv[0]);
-
- /* chroot if needed */
- if (global.chroot != NULL) {
- if (chroot(global.chroot) == -1) {
- Alert("[%s.run()] Cannot chroot(%s).\n", argv[0],
global.chroot);
- if (nb_oldpids)
- tell_old_pids(SIGTTIN);
- protocol_unbind_all();
- exit(1);
- }
- chdir("/");
- }
-
if (nb_oldpids)
nb_oldpids = tell_old_pids(oldpids_sig);
--
1.7.2.3
