MINOR: sock: add EPERM case in sock_handle_system_err

setns() may return EPERM if thread, that tries to move into different
namespace, do not have CAP_SYS_ADMIN capability in its Effective set.
So, extending sock_handle_system_err() with this error allows to send
appropriate log message and set SF_ERR_PRXCOND (SC termination
flag in log) as stream termination error code. This error code can be
simply checked with SF_ERR_MASK at protocol layer.

diff --git a/src/sock.c b/src/sock.c
index a134505918ca5fac4b59e88ddfeba21ecebb55c3..4f2ba1a761ab9a099458c73ebf4413f7f71a57ec 100644 (file)
--- a/src/sock.c
+++ b/src/sock.c
@@ -236,6 +236,13 @@ static int sock_handle_system_err(struct connection *conn, struct proxy *be)
                        conn->err_code = CO_ER_NOPROTO;
                        break;
 
+               case EPERM:
+                       send_log(be, LOG_EMERG,
+                                "Proxy %s has insufficient permissions to open server socket.\n",
+                                be->id);
+
+                       return SF_ERR_PRXCOND;
+
                default:
                        send_log(be, LOG_EMERG,
                                 "Proxy %s cannot create a server socket: %s\n",