You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@trafficserver.apache.org by am...@apache.org on 2015/11/05 07:57:49 UTC

trafficserver git commit: TS-306: Fix file open permission / elevation logic to accomodate CI build procedures.

Repository: trafficserver
Updated Branches:
  refs/heads/master 30ad08309 -> a4b33c664


TS-306: Fix file open permission / elevation logic to accomodate CI build procedures.


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/a4b33c66
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/a4b33c66
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/a4b33c66

Branch: refs/heads/master
Commit: a4b33c664b3e5d7917ba5fd94d1683ee340efee0
Parents: 30ad083
Author: Alan M. Carroll <am...@apache.org>
Authored: Thu Nov 5 00:57:19 2015 -0600
Committer: Alan M. Carroll <am...@apache.org>
Committed: Thu Nov 5 00:57:19 2015 -0600

----------------------------------------------------------------------
 proxy/Main.cc | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/a4b33c66/proxy/Main.cc
----------------------------------------------------------------------
diff --git a/proxy/Main.cc b/proxy/Main.cc
index 759a6c3..2b6d39f 100644
--- a/proxy/Main.cc
+++ b/proxy/Main.cc
@@ -1409,23 +1409,41 @@ change_uid_gid(const char *user)
 #endif
 }
 
+/** Open a file, elevating privilege only if needed.
+
+    @internal This is necessary because the CI machines run the regression tests
+    as a normal user, not as root, so attempts to get privilege fail even though
+    the @c open would succeed without elevation. So, try that first and ask for
+    elevation only on an explicit permission failure.
+*/
+static int
+elevating_open(char const* path, unsigned int flags, unsigned int fperms)
+{
+  int fd = open(path, flags, fperms);
+  if (fd < 0 && EPERM == errno) {
+    ElevateAccess access;
+    fd = open(path, flags, fperms);
+  }
+  return fd;
+}
+
 /*
  * Binds stdout and stderr to files specified by the parameters
  *
  * On failure to bind, emits a warning and whatever is being bound
  * just isn't bound
  *
- * This depends on being called before the switch to the ATS user occurs so that it
- * has elevated file access.
+ * This must work without the ability to elevate privilege if the files are accessible without.
  */
 void
 bind_outputs(const char *bind_stdout, const char *bind_stderr)
 {
   int log_fd;
-  ElevateAccess access;
+  unsigned int flags = O_WRONLY | O_APPEND | O_CREAT | O_SYNC;
+
   if (*bind_stdout != 0) {
     Debug("log", "binding stdout to %s", bind_stdout);
-    log_fd = open(bind_stdout, O_WRONLY | O_APPEND | O_CREAT | O_SYNC, 0644);
+    log_fd = elevating_open(bind_stdout, flags, 0644);
     if (log_fd < 0) {
       fprintf(stdout, "[Warning]: TS unable to open log file \"%s\" [%d '%s']\n", bind_stdout, errno, strerror(errno));
     } else {
@@ -1436,7 +1454,7 @@ bind_outputs(const char *bind_stdout, const char *bind_stderr)
   }
   if (*bind_stderr != 0) {
     Debug("log", "binding stderr to %s", bind_stderr);
-    log_fd = open(bind_stderr, O_WRONLY | O_APPEND | O_CREAT | O_SYNC, 0644);
+    log_fd = elevating_open(bind_stderr, O_WRONLY | O_APPEND | O_CREAT | O_SYNC, 0644);
     if (log_fd < 0) {
       fprintf(stdout, "[Warning]: TS unable to open log file \"%s\" [%d '%s']\n", bind_stderr, errno, strerror(errno));
     } else {