вт, 19 нояб. 2019 г. в 14:15, William Dauchy <w.dau...@criteo.com>:
> in mworker mode used with uid/gid settings, it was not possible to get
> a coredump despite the set-dumpable option.
> indeed prctl(2) manual page specifies the dumpable attribute is reverted
> to `/proc/sys/fs/suid_dumpable` in a few conditions such as process
> effective user and group are changed.
>
small question.
`/proc/sys/fs/suid_dumpable` is linux specific. will it work under freebsd,
openbsd ? windows ?
also, linux might not mount that filesystem. will it work ?
>
> this patch moves the whole set-dumpable logic before the polling code in
> order to catch all possible cases where we could have changed the
> uid/gid. It however does not cover the possible segfault at startup.
>
> this patch should be backported in 2.0.
>
> Signed-off-by: William Dauchy <w.dau...@criteo.com>
>
> ---
>
> Hi Willy,
>
> Here is the backport for haproxy-20 tree.
>
> Thanks,
>
> William
>
> ---
> src/haproxy.c | 50 +++++++++++++++++++++++++-------------------------
> 1 file changed, 25 insertions(+), 25 deletions(-)
>
> diff --git a/src/haproxy.c b/src/haproxy.c
> index fa3fbad4..a0e630df 100644
> --- a/src/haproxy.c
> +++ b/src/haproxy.c
> @@ -2946,31 +2946,6 @@ int main(int argc, char **argv)
> }
> }
>
> - /* try our best to re-enable core dumps depending on system
> capabilities.
> - * What is addressed here :
> - * - remove file size limits
> - * - remove core size limits
> - * - mark the process dumpable again if it lost it due to
> user/group
> - */
> - if (global.tune.options & GTUNE_SET_DUMPABLE) {
> - limit.rlim_cur = limit.rlim_max = RLIM_INFINITY;
> -
> -#if defined(RLIMIT_FSIZE)
> - if (setrlimit(RLIMIT_FSIZE, &limit) == -1)
> - ha_warning("[%s.main()] Failed to set the raise
> the maximum file size.\n", argv[0]);
> -#endif
> -
> -#if defined(RLIMIT_CORE)
> - if (setrlimit(RLIMIT_CORE, &limit) == -1)
> - ha_warning("[%s.main()] Failed to set the raise
> the core dump size.\n", argv[0]);
> -#endif
> -
> -#if defined(USE_PRCTL)
> - if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1)
> - ha_warning("[%s.main()] Failed to set the dumpable
> flag, no core will be dumped.\n", argv[0]);
> -#endif
> - }
> -
> /* check ulimits */
> limit.rlim_cur = limit.rlim_max = 0;
> getrlimit(RLIMIT_NOFILE, &limit);
> @@ -3253,6 +3228,31 @@ int main(int argc, char **argv)
> fork_poller();
> }
>
> + /* try our best to re-enable core dumps depending on system
> capabilities.
> + * What is addressed here :
> + * - remove file size limits
> + * - remove core size limits
> + * - mark the process dumpable again if it lost it due to
> user/group
> + */
> + if (global.tune.options & GTUNE_SET_DUMPABLE) {
> + limit.rlim_cur = limit.rlim_max = RLIM_INFINITY;
> +
> +#if defined(RLIMIT_FSIZE)
> + if (setrlimit(RLIMIT_FSIZE, &limit) == -1)
> + ha_warning("[%s.main()] Failed to set the raise
> the maximum file size.\n", argv[0]);
> +#endif
> +
> +#if defined(RLIMIT_CORE)
> + if (setrlimit(RLIMIT_CORE, &limit) == -1)
> + ha_warning("[%s.main()] Failed to set the raise
> the core dump size.\n", argv[0]);
> +#endif
> +
> +#if defined(USE_PRCTL)
> + if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1)
> + ha_warning("[%s.main()] Failed to set the dumpable
> flag, no core will be dumped.\n", argv[0]);
> +#endif
> + }
> +
> global.mode &= ~MODE_STARTING;
> /*
> * That's it : the central polling loop. Run until we stop.
> --
> 2.24.0
>
>
>
