37 int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */  in fpm_unix_resolve_socket_premissions()  argument
39 	struct fpm_worker_pool_config_s *c = wp->config;  in fpm_unix_resolve_socket_premissions()
44 	wp->socket_acl  = NULL;  in fpm_unix_resolve_socket_premissions()
46 	wp->socket_uid = -1;  in fpm_unix_resolve_socket_premissions()
47 	wp->socket_gid = -1;  in fpm_unix_resolve_socket_premissions()
48 	wp->socket_mode = 0660;  in fpm_unix_resolve_socket_premissions()
55 		wp->socket_mode = strtoul(c->listen_mode, 0, 8);  in fpm_unix_resolve_socket_premissions()
84 			zlog(ZLOG_SYSERROR, "[pool %s] cannot allocate ACL", wp->config->name);  in fpm_unix_resolve_socket_premissions()
98 					zlog(ZLOG_DEBUG, "[pool %s] user '%s' have uid=%d", wp->config->name, p, pwd->pw_uid);  in fpm_unix_resolve_socket_premissions()
100 					zlog(ZLOG_SYSERROR, "[pool %s] cannot get uid for user '%s'", wp->config->name, p);  in fpm_unix_resolve_socket_premissions()
112 					zlog(ZLOG_SYSERROR, "[pool %s] cannot create ACL for user '%s'", wp->config->name, p);  in fpm_unix_resolve_socket_premissions()
131 					zlog(ZLOG_DEBUG, "[pool %s] group '%s' have gid=%d", wp->config->name, p, grp->gr_gid);  in fpm_unix_resolve_socket_premissions()
133 					zlog(ZLOG_SYSERROR, "[pool %s] cannot get gid for group '%s'", wp->config->name, p);  in fpm_unix_resolve_socket_premissions()
145 					zlog(ZLOG_SYSERROR, "[pool %s] cannot create ACL for group '%s'", wp->config->name, p);  in fpm_unix_resolve_socket_premissions()
154 …zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.owner = '%s' is ignored", wp->config->name, c->liste…  in fpm_unix_resolve_socket_premissions()
157 …zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.group = '%s' is ignored", wp->config->name, c->liste…  in fpm_unix_resolve_socket_premissions()
159 		wp->socket_acl  = acl;  in fpm_unix_resolve_socket_premissions()
170 			zlog(ZLOG_SYSERROR, "[pool %s] cannot get uid for user '%s'", wp->config->name, c->listen_owner);  in fpm_unix_resolve_socket_premissions()
174 		wp->socket_uid = pwd->pw_uid;  in fpm_unix_resolve_socket_premissions()
175 		wp->socket_gid = pwd->pw_gid;  in fpm_unix_resolve_socket_premissions()
183 …	zlog(ZLOG_SYSERROR, "[pool %s] cannot get gid for group '%s'", wp->config->name, c->listen_group);  in fpm_unix_resolve_socket_premissions()
186 		wp->socket_gid = grp->gr_gid;  in fpm_unix_resolve_socket_premissions()
193 int fpm_unix_set_socket_premissions(struct fpm_worker_pool_s *wp, const char *path) /* {{{ */  in fpm_unix_set_socket_premissions()  argument
196 	if (wp->socket_acl) {  in fpm_unix_set_socket_premissions()
202 		aclconf = wp->socket_acl;  in fpm_unix_set_socket_premissions()
205 …zlog(ZLOG_SYSERROR, "[pool %s] failed to read the ACL of the socket '%s'", wp->config->name, path);  in fpm_unix_set_socket_premissions()
212 …zlog(ZLOG_SYSERROR, "[pool %s] failed to add entry to the ACL of the socket '%s'", wp->config->nam…  in fpm_unix_set_socket_premissions()
221 …zlog(ZLOG_SYSERROR, "[pool %s] failed to write the ACL of the socket '%s'", wp->config->name, path…  in fpm_unix_set_socket_premissions()
225 			zlog(ZLOG_DEBUG, "[pool %s] ACL of the socket '%s' is set", wp->config->name, path);  in fpm_unix_set_socket_premissions()
234 	if (wp->socket_uid != -1 || wp->socket_gid != -1) {  in fpm_unix_set_socket_premissions()
235 		if (0 > chown(path, wp->socket_uid, wp->socket_gid)) {  in fpm_unix_set_socket_premissions()
236 …zlog(ZLOG_SYSERROR, "[pool %s] failed to chown() the socket '%s'", wp->config->name, wp->config->l…  in fpm_unix_set_socket_premissions()
244 int fpm_unix_free_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */  in fpm_unix_free_socket_premissions()  argument
247 	if (wp->socket_acl) {  in fpm_unix_free_socket_premissions()
248 		return acl_free(wp->socket_acl);  in fpm_unix_free_socket_premissions()
255 static int fpm_unix_conf_wp(struct fpm_worker_pool_s *wp) /* {{{ */  in fpm_unix_conf_wp()  argument
261 		if (wp->config->user && *wp->config->user) {  in fpm_unix_conf_wp()
262 			if (strlen(wp->config->user) == strspn(wp->config->user, "0123456789")) {  in fpm_unix_conf_wp()
263 				wp->set_uid = strtoul(wp->config->user, 0, 10);  in fpm_unix_conf_wp()
267 				pwd = getpwnam(wp->config->user);  in fpm_unix_conf_wp()
269 					zlog(ZLOG_ERROR, "[pool %s] cannot get uid for user '%s'", wp->config->name, wp->config->user);  in fpm_unix_conf_wp()
273 				wp->set_uid = pwd->pw_uid;  in fpm_unix_conf_wp()
274 				wp->set_gid = pwd->pw_gid;  in fpm_unix_conf_wp()
276 				wp->user = strdup(pwd->pw_name);  in fpm_unix_conf_wp()
277 				wp->home = strdup(pwd->pw_dir);  in fpm_unix_conf_wp()
281 		if (wp->config->group && *wp->config->group) {  in fpm_unix_conf_wp()
282 			if (strlen(wp->config->group) == strspn(wp->config->group, "0123456789")) {  in fpm_unix_conf_wp()
283 				wp->set_gid = strtoul(wp->config->group, 0, 10);  in fpm_unix_conf_wp()
287 				grp = getgrnam(wp->config->group);  in fpm_unix_conf_wp()
289 …		zlog(ZLOG_ERROR, "[pool %s] cannot get gid for group '%s'", wp->config->name, wp->config->group);  in fpm_unix_conf_wp()
292 				wp->set_gid = grp->gr_gid;  in fpm_unix_conf_wp()
297 			if (wp->set_uid == 0 || wp->set_gid == 0) {  in fpm_unix_conf_wp()
298 				zlog(ZLOG_ERROR, "[pool %s] please specify user and group other than root", wp->config->name);  in fpm_unix_conf_wp()
303 		if (wp->config->user && *wp->config->user) {  in fpm_unix_conf_wp()
304 …zlog(ZLOG_NOTICE, "[pool %s] 'user' directive is ignored when FPM is not running as root", wp->con…  in fpm_unix_conf_wp()
306 		if (wp->config->group && *wp->config->group) {  in fpm_unix_conf_wp()
307 …zlog(ZLOG_NOTICE, "[pool %s] 'group' directive is ignored when FPM is not running as root", wp->co…  in fpm_unix_conf_wp()
309 		if (wp->config->chroot && *wp->config->chroot) {  in fpm_unix_conf_wp()
310 …zlog(ZLOG_NOTICE, "[pool %s] 'chroot' directive is ignored when FPM is not running as root", wp->c…  in fpm_unix_conf_wp()
312 		if (wp->config->process_priority != 64) {  in fpm_unix_conf_wp()
313 …ol %s] 'process.priority' directive is ignored when FPM is not running as root", wp->config->name);  in fpm_unix_conf_wp()
319 			wp->user = strdup(pwd->pw_name);  in fpm_unix_conf_wp()
320 			wp->home = strdup(pwd->pw_dir);  in fpm_unix_conf_wp()
327 int fpm_unix_init_child(struct fpm_worker_pool_s *wp) /* {{{ */  in fpm_unix_init_child()  argument
332 	if (wp->config->rlimit_files) {  in fpm_unix_init_child()
335 		r.rlim_max = r.rlim_cur = (rlim_t) wp->config->rlimit_files;  in fpm_unix_init_child()
338 …m limits or decrease rlimit_files. setrlimit(RLIMIT_NOFILE, %d)", wp->config->name, wp->config->rl…  in fpm_unix_init_child()
342 	if (wp->config->rlimit_core) {  in fpm_unix_init_child()
345 …r.rlim_max = r.rlim_cur = wp->config->rlimit_core == -1 ? (rlim_t) RLIM_INFINITY : (rlim_t) wp->co…  in fpm_unix_init_child()
348 …stem limits or decrease rlimit_core. setrlimit(RLIMIT_CORE, %d)", wp->config->name, wp->config->rl…  in fpm_unix_init_child()
352 	if (is_root && wp->config->chroot && *wp->config->chroot) {  in fpm_unix_init_child()
353 		if (0 > chroot(wp->config->chroot)) {  in fpm_unix_init_child()
354 			zlog(ZLOG_SYSERROR, "[pool %s] failed to chroot(%s)",  wp->config->name, wp->config->chroot);  in fpm_unix_init_child()
360 	if (wp->config->chdir && *wp->config->chdir) {  in fpm_unix_init_child()
361 		if (0 > chdir(wp->config->chdir)) {  in fpm_unix_init_child()
362 			zlog(ZLOG_SYSERROR, "[pool %s] failed to chdir(%s)", wp->config->name, wp->config->chdir);  in fpm_unix_init_child()
367 			zlog(ZLOG_WARNING, "[pool %s] failed to chdir(/)", wp->config->name);  in fpm_unix_init_child()
373 		if (wp->config->process_priority != 64) {  in fpm_unix_init_child()
374 			if (setpriority(PRIO_PROCESS, 0, wp->config->process_priority) < 0) {  in fpm_unix_init_child()
375 				zlog(ZLOG_SYSERROR, "[pool %s] Unable to set priority for this new process", wp->config->name);  in fpm_unix_init_child()
380 		if (wp->set_gid) {  in fpm_unix_init_child()
381 			if (0 > setgid(wp->set_gid)) {  in fpm_unix_init_child()
382 				zlog(ZLOG_SYSERROR, "[pool %s] failed to setgid(%d)", wp->config->name, wp->set_gid);  in fpm_unix_init_child()
386 		if (wp->set_uid) {  in fpm_unix_init_child()
387 			if (0 > initgroups(wp->config->user, wp->set_gid)) {  in fpm_unix_init_child()
388 …ZLOG_SYSERROR, "[pool %s] failed to initgroups(%s, %d)", wp->config->name, wp->config->user, wp->s…  in fpm_unix_init_child()
391 			if (0 > setuid(wp->set_uid)) {  in fpm_unix_init_child()
392 				zlog(ZLOG_SYSERROR, "[pool %s] failed to setuid(%d)", wp->config->name, wp->set_uid);  in fpm_unix_init_child()
399 	if (wp->config->process_dumpable && 0 > prctl(PR_SET_DUMPABLE, 1, 0, 0, 0)) {  in fpm_unix_init_child()
400 		zlog(ZLOG_SYSERROR, "[pool %s] failed to prctl(PR_SET_DUMPABLE)", wp->config->name);  in fpm_unix_init_child()
409 	if (wp->config->apparmor_hat) {  in fpm_unix_init_child()
413 …r confinement. Please check if \"/proc/*/attr/current\" is read and writeable.", wp->config->name);  in fpm_unix_init_child()
417 		new_con = malloc(strlen(con) + strlen(wp->config->apparmor_hat) + 3); // // + 0 Byte  in fpm_unix_init_child()
419 …zlog(ZLOG_SYSERROR, "[pool %s] failed to allocate memory for apparmor hat change.", wp->config->na…  in fpm_unix_init_child()
423 		if (0 > sprintf(new_con, "%s//%s", con, wp->config->apparmor_hat)) {  in fpm_unix_init_child()
424 			zlog(ZLOG_SYSERROR, "[pool %s] failed to construct apparmor confinement.", wp->config->name);  in fpm_unix_init_child()
429 …rent\" is read and writeable and \"change_profile -> %s//*\" is allowed.", wp->config->name, new_c…  in fpm_unix_init_child()
444 	struct fpm_worker_pool_s *wp;  in fpm_unix_init_main()  local
571 	for (wp = fpm_worker_all_pools; wp; wp = wp->next) {  in fpm_unix_init_main()
572 		if (0 > fpm_unix_conf_wp(wp)) {  in fpm_unix_init_main()