From: Valentine Krasnobaeva Date: Tue, 23 Apr 2024 21:42:47 +0000 (+0200) Subject: MINOR: sock: add EPERM case in sock_handle_system_err X-Git-Tag: v3.0-dev10~27 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=13ef5524888faf47936ce54a0164dac2689ff7b5;p=thirdparty%2Fhaproxy.git MINOR: sock: add EPERM case in sock_handle_system_err setns() may return EPERM if thread, that tries to move into different namespace, do not have CAP_SYS_ADMIN capability in its Effective set. So, extending sock_handle_system_err() with this error allows to send appropriate log message and set SF_ERR_PRXCOND (SC termination flag in log) as stream termination error code. This error code can be simply checked with SF_ERR_MASK at protocol layer. --- diff --git a/src/sock.c b/src/sock.c index a134505918..4f2ba1a761 100644 --- a/src/sock.c +++ b/src/sock.c @@ -236,6 +236,13 @@ static int sock_handle_system_err(struct connection *conn, struct proxy *be) conn->err_code = CO_ER_NOPROTO; break; + case EPERM: + send_log(be, LOG_EMERG, + "Proxy %s has insufficient permissions to open server socket.\n", + be->id); + + return SF_ERR_PRXCOND; + default: send_log(be, LOG_EMERG, "Proxy %s cannot create a server socket: %s\n",