dpsenner commented on a change in pull request #48: Fixes LOG4NET-587 Mutex ~
UnauthorizedAccessException Access to the path is denied
URL: https://github.com/apache/logging-log4net/pull/48#discussion_r287301157
##########
File path: src/Appender/FileAppender.cs
##########
@@ -876,6 +886,57 @@ public override void OnClose()
}
#endif
+ /// <summary>
+ /// Method for secure open or create Mutex with Synchronize and
Modify rights.
+ /// Using this method allows different users run processes
which can open or create a shared mutex without experiencing
UnauthorizedAccessException.
+ /// </summary>
+ /// <param name="mutexId">The mutex Id. Here we use a mutex
freindly name.</param>
+ /// <param name="errorHandler">Optional error handler, to log
potentialy occuring errors.</param>
+ /// <returns></returns>
+ protected static Mutex SecureCreateMutex(string mutexId,
IErrorHandler errorHandler)
+ {
+ // Using this mehotd to avoid the issue:
+ // Mutex ~ Access to the path is denied in
log4net.Appender.RollingFileAppender.ActivateOptions()
+ // https://jira.apache.org/jira/browse/LOG4NET-587
+ // Solution implemented according to:
+ // UnauthorizedAccessException when trying to open a
mutex
+ //
https://stackoverflow.com/questions/19536697/unauthorizedaccessexception-when-trying-to-open-a-mutex
+ //NOTE: there are several other jira issues reporting
this problem.
+ if (string.IsNullOrWhiteSpace(mutexId))
+ {
+ return null;
+ }
+
+ try
+ {
+ bool createdNew;
+ MutexSecurity mutexSecurity = new
MutexSecurity();
+ mutexSecurity.AddAccessRule(
+ new MutexAccessRule(
+ new
SecurityIdentifier(WellKnownSidType.WorldSid, null),
+ MutexRights.Synchronize |
MutexRights.Modify,
+ AccessControlType.Allow
+ )
+ );
+
+ // attempt to create the mutex, with the
desired DACL..
+ Mutex createdMutex = new Mutex(false, mutexId,
out createdNew, mutexSecurity);
+ return createdMutex;
+ }
+ catch (WaitHandleCannotBeOpenedException ex)
+ {
+ // the mutex cannot be opened, probably because
a Win32 object of a different type with the same name already exists.
+ errorHandler?.Error($"The mutex '{mutexId}'
cannot be opened, probably because a Win32 object of a different type with the
same name already exists.", ex);
+ }
+ catch (UnauthorizedAccessException ex)
+ {
+ // the mutex exists, but the current process or
thread token does not have permission to open the mutex with SYNCHRONIZE |
MUTEX_MODIFY rights.
+ errorHandler?.Error($"The mutex '{mutexId}'
exists, but the current process or thread token does not have permission to
open the mutex with SYNCHRONIZE | MUTEX_MODIFY rights", ex);
Review comment:
What can be done to fix the situation when this happens? It would be great
if the log message included one or more hints what a user of the logging
framework could do to fix this situation.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
