BUMP The patch looks good to me and should be merged.
Best, Luke On 08.06.2016 03:17, Simon Horman wrote: > On Tue, Jun 07, 2016 at 08:18:21PM +0200, Willy Tarreau wrote: >> On Tue, Jun 07, 2016 at 12:01:31PM +0200, Benoit Garnier wrote: >>> You can always open /dev/null before chrooting and dup() it into FD 0 and 1 >>> after chroot() has been called. >> >> I'd be more tempted to simply close those FDs after the fork(). That >> may improve the ability to detect faulty scripts which try to dump >> GBs of data. >> >> A very long time ago I've seen a health check perform an LDAP search >> retrieving all the hundreds of thousands of members of a group, and >> the people in charge for the server were complaining that the health >> checks were hurting the server... Better have the script fail with a >> broken pipe in this case. >> >> Just a suggestion. > > Thanks, I think that is reasonable. I particularly like its simplicity. > > Lukas, could you try this? > > diff --git a/src/checks.c b/src/checks.c > index c4ac947b6051..e65d28f7c3c6 100644 > --- a/src/checks.c > +++ b/src/checks.c > @@ -1836,6 +1836,12 @@ static int connect_proc_chk(struct task *t) > if (pid == 0) { > /* Child */ > extern char **environ; > + > + if ((global.mode & MODE_QUIET) && !(global.mode & > MODE_VERBOSE)) { > + close(0); > + close(1); > + } > + > environ = check->envp; > extchk_setenv(check, EXTCHK_HAPROXY_SERVER_CURCONN, > ultoa_r(s->cur_sess, buf, sizeof(buf))); > execvp(px->check_command, check->argv); >
smime.p7s
Description: S/MIME Cryptographic Signature