Hello all,
If the 'chroot' keyword is used in the HAProxy configuration file, HAProxy reports an error when initializing the OpenTracing API library. The problem is that HAProxy also executes chdir("/") during chroot process, so the paths written in the OpenTracing configuration are no longer correct. This could be easily solved by writing the absolute path when using the 'config' and 'plugin' keywords, but the problem remains that the validity of these paths is also checked before the chroot process. To allow the use of the absolute path of the specified files after chroot process, the file existence check is moved from the configuration parser to the ot_init() function (which is executed after chroot/chdir process). To enable the use of the absolute path of the specified files after the chroot process, the file existence check is moved from the configuration parser to the ot_init() function (which is executed after the chroot/chdir process). This may be a bit problematic because in this case the files from the file system are retrieved in the HAProxy runtime. In fact, the only access to these files is achieved only once at the beginning of the HAProxy process, in the initialization of threads. After this initialization, no access to the file system is performed. This resolves GitHub issue #1274. Best regards, -- Zaga <miros...@zagorac.name> What can change the nature of a man?
>From 50dadc20167d5d5dfa214baac031160fa9a6c612 Mon Sep 17 00:00:00 2001 From: Miroslav Zagorac <mzago...@haproxy.com> Date: Mon, 7 Jun 2021 16:21:31 +0200 Subject: [PATCH] BUG/MINOR: opentracing: fixed files existence check in chroot mode If the 'chroot' keyword is used in the HAProxy configuration file, HAProxy reports an error when initializing the OpenTracing API library. The problem is that HAProxy also executes chdir("/") during chroot process, so the paths written in the OpenTracing configuration are no longer correct. This could be easily solved by writing the absolute path when using the 'config' and 'plugin' keywords, but the problem remains that the validity of these paths is also checked before the chroot process. To allow the use of the absolute path of the specified files after chroot process, the file existence check is moved from the configuration parser to the ot_init() function (which is executed after chroot/chdir process). To enable the use of the absolute path of the specified files after the chroot process, the file existence check is moved from the configuration parser to the ot_init() function (which is executed after the chroot/chdir process). This may be a bit problematic because in this case the files from the file system are retrieved in the HAProxy runtime. In fact, the only access to these files is achieved only once at the beginning of the HAProxy process, in the initialization of threads. After this initialization, no access to the file system is performed. This resolves GitHub issue #1274. --- addons/ot/src/opentracing.c | 11 +++++++++++ addons/ot/src/parser.c | 2 -- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/addons/ot/src/opentracing.c b/addons/ot/src/opentracing.c index 58936d122..9dab708d4 100644 --- a/addons/ot/src/opentracing.c +++ b/addons/ot/src/opentracing.c @@ -171,6 +171,17 @@ int ot_init(struct otc_tracer **tracer, const char *config, const char *plugin, FLT_OT_RETURN(retval); } + else if (access(config, R_OK) == -1) { + FLT_OT_ERR("'%s' : %s", config, strerror(errno)); + + FLT_OT_RETURN(retval); + } + else if (access(path, R_OK) == -1) { + FLT_OT_ERR("'%s' : %s", path, strerror(errno)); + + FLT_OT_RETURN(retval); + } + *tracer = otc_tracer_init(path, config, NULL, errbuf, sizeof(errbuf)); if (*tracer == NULL) { diff --git a/addons/ot/src/parser.c b/addons/ot/src/parser.c index 5dec8629d..c515709cf 100644 --- a/addons/ot/src/parser.c +++ b/addons/ot/src/parser.c @@ -404,8 +404,6 @@ static int flt_ot_parse_cfg_file(char **ptr, const char *file, int linenum, char FLT_OT_PARSE_ERR(err, "'%s' : no %s specified", flt_ot_current_tracer->id, err_msg); else if (alertif_too_many_args(1, file, linenum, args, &retval)) retval |= ERR_ABORT | ERR_ALERT; - else if (access(args[1], R_OK) == -1) - FLT_OT_PARSE_ERR(err, "'%s' : %s", args[1], strerror(errno)); else retval = flt_ot_parse_keyword(ptr, args, 0, 0, err, err_msg); -- 2.30.1