git.kaiwu.me - haproxy.git/commit

author	Valentine Krasnobaeva <vkrasnobaeva@haproxy.com>
	Thu, 4 Jul 2024 16:06:01 +0000 (18:06 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Wed, 16 Oct 2024 20:02:39 +0000 (22:02 +0200)
commit	fe04c2ad37d0b34323f7e8afaa39543f173c713b
tree	d1fb70b22958daa56d919a1372355556f684d45f	tree \| snapshot
parent	02af1fe067f73cece99cf92386b3551b3932b665	commit \| diff

MEDIUM: startup: do set_identity() if needed in one place

There are two set_identity() calls, both under quite same:

'if ((global.mode & (MODE_MWORKER|MODE_DAEMON...)...'

The first call serves to change uid/gid and set some needed Linux capabilities
only for process in the foreground mode. The second comes after master-worker
fork and allows to do the same in daemon and in worker modes.

Due to moving the master-worker fork in init() in some previous commit, the
second set_identity() now is no longer under the 'if'. So, it is executed
for all modes, except MODE_MWORKER. Now in MODE_MWORKER process enters in its
wait polling loop just after forking a worker and it terminates almost
immediately, if it exits this loop.

Worker, daemon and process in a foreground mode will perform set_identity() as
before, but now it will be called in a one place at main().

global.last_checks should be verified just after set_identity() call. As it's
stated in comments some configuration options may require full privileges or
some Linux capabilities need to be granted to process. set_identity() via
prepare_caps_for_setuid() may put configured capabilities in process Effective
set and, hence, remove respective flag from global.last_checks.