From: William Lallemand Date: Wed, 13 Mar 2024 10:08:50 +0000 (+0100) Subject: MINOR: debug: enable insecure fork on the command line X-Git-Tag: v3.0-dev6~95 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=70be894e417711ffb2af49b1007a2a4c1eb6dcdb;p=thirdparty%2Fhaproxy.git MINOR: debug: enable insecure fork on the command line -dI allow to enable "insure-fork-wanted" directly from the command line, which is useful when you want to run ASAN with addr2line with a lot of configuration files without editing them. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 6f78d77238..d3329f4d1c 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -1975,7 +1975,8 @@ insecure-fork-wanted highly recommended that this option is never used and that any workload requiring such a fork be reconsidered and moved to a safer solution (such as agents instead of external checks). This option supports the "no" prefix to - disable it. + disable it. This can also be activated with "-dI" on the haproxy command + line. insecure-setuid-wanted HAProxy doesn't need to call executables at run time (except when using diff --git a/doc/management.txt b/doc/management.txt index 83c4c1dc70..0c7b2e4932 100644 --- a/doc/management.txt +++ b/doc/management.txt @@ -230,6 +230,11 @@ list of options is : getaddrinfo() exist on various systems and cause anomalies that are difficult to troubleshoot. + -dI : enable the insecure fork. This is the equivalent of the + "insecure-fork-wanted" in the global section. It can be useful when running + all the reg-tests with ASAN which need to fork addr2line to resolve the + addresses. + -dK : dumps the list of registered keywords in each class. The list of classes is available with "-dKhelp". All classes may be dumped using "-dKall", otherwise a selection of those shown in the help can be diff --git a/src/haproxy.c b/src/haproxy.c index a9b0190a51..b83c20eb8b 100644 --- a/src/haproxy.c +++ b/src/haproxy.c @@ -659,6 +659,7 @@ static void usage(char *name) " -dW fails if any warning is emitted\n" " -dD diagnostic mode : warn about suspicious configuration statements\n" " -dF disable fast-forward\n" + " -dI enable insecure fork\n" " -dZ disable zero-copy forwarding\n" " -sf/-st [pid ]* finishes/terminates old pids.\n" " -x get listening sockets from a unix socket\n" @@ -1679,6 +1680,8 @@ static void init_args(int argc, char **argv) #endif else if (*flag == 'd' && flag[1] == 'F') global.tune.options &= ~GTUNE_USE_FAST_FWD; + else if (*flag == 'd' && flag[1] == 'I') + global.tune.options |= GTUNE_INSECURE_FORK; else if (*flag == 'd' && flag[1] == 'V') global.ssl_server_verify = SSL_SERVER_VERIFY_NONE; else if (*flag == 'd' && flag[1] == 'Z')