This allows chroot to occur before setsid_early(). In the case where a master process is re-initialised * It will not chroot itself, though if it is already chrooted that will remain in effect. * If it is already chrooted then the path to the configuration file read during reinitialisation will be relative to the chroot. --- src/haproxy.c | 116 ++++++++++++++++++++++++++++---------------------------- 1 files changed, 58 insertions(+), 58 deletions(-)
diff --git a/src/haproxy.c b/src/haproxy.c index 4ee7161..dc2739b 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -1074,6 +1074,64 @@ void run(int argc, char **argv) */ signal_register_fct(SIGPIPE, NULL, 0); + /* open log & pid files before the chroot */ + if (global.mode & MODE_DAEMON && global.pidfile != NULL) { + int pidfd; + unlink(global.pidfile); + pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC, 0644); + if (pidfd < 0) { + Alert("[%s.run()] Cannot create pidfile %s\n", argv[0], global.pidfile); + if (nb_oldpids) + tell_old_pids(SIGTTIN); + protocol_unbind_all(); + exit(1); + } + pidfile = fdopen(pidfd, "w"); + } + +#ifdef CONFIG_HAP_CTTPROXY + if (global.last_checks & LSTCHK_CTTPROXY) { + int ret; + + ret = check_cttproxy_version(); + if (ret < 0) { + Alert("[%s.run()] Cannot enable cttproxy.\n%s", + argv[0], + (ret == -1) ? " Incorrect module version.\n" + : " Make sure you have enough permissions and that the module is loaded.\n"); + protocol_unbind_all(); + exit(1); + } + } +#endif + + if ((global.last_checks & LSTCHK_NETADM) && global.uid) { + Alert("[%s.run()] Some configuration options require full privileges, so global.uid cannot be changed.\n" + "", argv[0]); + protocol_unbind_all(); + exit(1); + } + + /* If the user is not root, we'll still let him try the configuration + * but we inform him that unexpected behaviour may occur. + */ + if ((global.last_checks & LSTCHK_NETADM) && getuid()) + Warning("[%s.run()] Some options which require full privileges" + " might not work well.\n" + "", argv[0]); + + /* chroot if needed */ + if (!is_master && global.chroot != NULL) { + if (chroot(global.chroot) == -1) { + Alert("[%s.run()] Cannot chroot(%s).\n", argv[0], global.chroot); + if (nb_oldpids) + tell_old_pids(SIGTTIN); + protocol_unbind_all(); + exit(1); + } + chdir("/"); + } + setid_early(argv[0]); /* ulimits */ @@ -1176,64 +1234,6 @@ void run(int argc, char **argv) fclose(stdin); fclose(stdout); fclose(stderr); } - /* open log & pid files before the chroot */ - if (global.mode & MODE_DAEMON && global.pidfile != NULL) { - int pidfd; - unlink(global.pidfile); - pidfd = open(global.pidfile, O_CREAT | O_WRONLY | O_TRUNC, 0644); - if (pidfd < 0) { - Alert("[%s.run()] Cannot create pidfile %s\n", argv[0], global.pidfile); - if (nb_oldpids) - tell_old_pids(SIGTTIN); - protocol_unbind_all(); - exit(1); - } - pidfile = fdopen(pidfd, "w"); - } - -#ifdef CONFIG_HAP_CTTPROXY - if (global.last_checks & LSTCHK_CTTPROXY) { - int ret; - - ret = check_cttproxy_version(); - if (ret < 0) { - Alert("[%s.run()] Cannot enable cttproxy.\n%s", - argv[0], - (ret == -1) ? " Incorrect module version.\n" - : " Make sure you have enough permissions and that the module is loaded.\n"); - protocol_unbind_all(); - exit(1); - } - } -#endif - - if ((global.last_checks & LSTCHK_NETADM) && global.uid) { - Alert("[%s.run()] Some configuration options require full privileges, so global.uid cannot be changed.\n" - "", argv[0]); - protocol_unbind_all(); - exit(1); - } - - /* If the user is not root, we'll still let him try the configuration - * but we inform him that unexpected behaviour may occur. - */ - if ((global.last_checks & LSTCHK_NETADM) && getuid()) - Warning("[%s.run()] Some options which require full privileges" - " might not work well.\n" - "", argv[0]); - - /* chroot if needed */ - if (global.chroot != NULL) { - if (chroot(global.chroot) == -1) { - Alert("[%s.run()] Cannot chroot(%s).\n", argv[0], global.chroot); - if (nb_oldpids) - tell_old_pids(SIGTTIN); - protocol_unbind_all(); - exit(1); - } - chdir("/"); - } - if (nb_oldpids) nb_oldpids = tell_old_pids(oldpids_sig); -- 1.7.2.3