BUMP The patch looks good to me and should be merged.
Best,
Luke
On 08.06.2016 03:17, Simon Horman wrote:
> On Tue, Jun 07, 2016 at 08:18:21PM +0200, Willy Tarreau wrote:
>> On Tue, Jun 07, 2016 at 12:01:31PM +0200, Benoit Garnier wrote:
>>> You can always open /dev/null before chrooting and dup() it into FD 0 and 1
>>> after chroot() has been called.
>>
>> I'd be more tempted to simply close those FDs after the fork(). That
>> may improve the ability to detect faulty scripts which try to dump
>> GBs of data.
>>
>> A very long time ago I've seen a health check perform an LDAP search
>> retrieving all the hundreds of thousands of members of a group, and
>> the people in charge for the server were complaining that the health
>> checks were hurting the server... Better have the script fail with a
>> broken pipe in this case.
>>
>> Just a suggestion.
>
> Thanks, I think that is reasonable. I particularly like its simplicity.
>
> Lukas, could you try this?
>
> diff --git a/src/checks.c b/src/checks.c
> index c4ac947b6051..e65d28f7c3c6 100644
> --- a/src/checks.c
> +++ b/src/checks.c
> @@ -1836,6 +1836,12 @@ static int connect_proc_chk(struct task *t)
> if (pid == 0) {
> /* Child */
> extern char **environ;
> +
> + if ((global.mode & MODE_QUIET) && !(global.mode &
> MODE_VERBOSE)) {
> + close(0);
> + close(1);
> + }
> +
> environ = check->envp;
> extchk_setenv(check, EXTCHK_HAPROXY_SERVER_CURCONN,
> ultoa_r(s->cur_sess, buf, sizeof(buf)));
> execvp(px->check_command, check->argv);
>
smime.p7s
Description: S/MIME Cryptographic Signature
