Hello all,
If the 'chroot' keyword is used in the HAProxy configuration file,
HAProxy reports an error when initializing the OpenTracing API
library.
The problem is that HAProxy also executes chdir("/") during chroot
process, so the paths written in the OpenTracing configuration are
no longer correct.
This could be easily solved by writing the absolute path when using
the 'config' and 'plugin' keywords, but the problem remains that the
validity of these paths is also checked before the chroot process.
To allow the use of the absolute path of the specified files after
chroot process, the file existence check is moved from the
configuration parser to the ot_init() function (which is executed
after chroot/chdir process).
To enable the use of the absolute path of the specified files after
the chroot process, the file existence check is moved from the
configuration parser to the ot_init() function (which is executed
after the chroot/chdir process).
This may be a bit problematic because in this case the files from the
file system are retrieved in the HAProxy runtime.
In fact, the only access to these files is achieved only once at the
beginning of the HAProxy process, in the initialization of threads.
After this initialization, no access to the file system is performed.
This resolves GitHub issue #1274.
Best regards,
--
Zaga <miros...@zagorac.name>
What can change the nature of a man?
>From 50dadc20167d5d5dfa214baac031160fa9a6c612 Mon Sep 17 00:00:00 2001
From: Miroslav Zagorac <mzago...@haproxy.com>
Date: Mon, 7 Jun 2021 16:21:31 +0200
Subject: [PATCH] BUG/MINOR: opentracing: fixed files existence check in chroot
mode
If the 'chroot' keyword is used in the HAProxy configuration file,
HAProxy reports an error when initializing the OpenTracing API
library.
The problem is that HAProxy also executes chdir("/") during chroot
process, so the paths written in the OpenTracing configuration are
no longer correct.
This could be easily solved by writing the absolute path when using
the 'config' and 'plugin' keywords, but the problem remains that the
validity of these paths is also checked before the chroot process.
To allow the use of the absolute path of the specified files after
chroot process, the file existence check is moved from the
configuration parser to the ot_init() function (which is executed
after chroot/chdir process).
To enable the use of the absolute path of the specified files after
the chroot process, the file existence check is moved from the
configuration parser to the ot_init() function (which is executed
after the chroot/chdir process).
This may be a bit problematic because in this case the files from the
file system are retrieved in the HAProxy runtime.
In fact, the only access to these files is achieved only once at the
beginning of the HAProxy process, in the initialization of threads.
After this initialization, no access to the file system is performed.
This resolves GitHub issue #1274.
---
addons/ot/src/opentracing.c | 11 +++++++++++
addons/ot/src/parser.c | 2 --
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/addons/ot/src/opentracing.c b/addons/ot/src/opentracing.c
index 58936d122..9dab708d4 100644
--- a/addons/ot/src/opentracing.c
+++ b/addons/ot/src/opentracing.c
@@ -171,6 +171,17 @@ int ot_init(struct otc_tracer **tracer, const char *config, const char *plugin,
FLT_OT_RETURN(retval);
}
+ else if (access(config, R_OK) == -1) {
+ FLT_OT_ERR("'%s' : %s", config, strerror(errno));
+
+ FLT_OT_RETURN(retval);
+ }
+ else if (access(path, R_OK) == -1) {
+ FLT_OT_ERR("'%s' : %s", path, strerror(errno));
+
+ FLT_OT_RETURN(retval);
+ }
+
*tracer = otc_tracer_init(path, config, NULL, errbuf, sizeof(errbuf));
if (*tracer == NULL) {
diff --git a/addons/ot/src/parser.c b/addons/ot/src/parser.c
index 5dec8629d..c515709cf 100644
--- a/addons/ot/src/parser.c
+++ b/addons/ot/src/parser.c
@@ -404,8 +404,6 @@ static int flt_ot_parse_cfg_file(char **ptr, const char *file, int linenum, char
FLT_OT_PARSE_ERR(err, "'%s' : no %s specified", flt_ot_current_tracer->id, err_msg);
else if (alertif_too_many_args(1, file, linenum, args, &retval))
retval |= ERR_ABORT | ERR_ALERT;
- else if (access(args[1], R_OK) == -1)
- FLT_OT_PARSE_ERR(err, "'%s' : %s", args[1], strerror(errno));
else
retval = flt_ot_parse_keyword(ptr, args, 0, 0, err, err_msg);
--
2.30.1
