From: Valentine Krasnobaeva Date: Wed, 20 Nov 2024 15:37:02 +0000 (+0100) Subject: MINOR: cfgparse-global: add more checks for "chroot" argument X-Git-Tag: v3.1-dev14~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d1c3cd89743861e655ee52c031c8f92486fe96a8;p=thirdparty%2Fhaproxy.git MINOR: cfgparse-global: add more checks for "chroot" argument If directory provided as a "chroot" keyword argument does not exist or inaccessible, this is reported only at the latest initialization stage, when haproxy tries to perform chroot. Sometimes it's not very convenient, as the process is already bound to listen sockets. This was done explicitly in order not to break the case, when haproxy is launched with "-c" option in some specific environment, where it's not possible to create or to modify chroot directory, provided in the configuration. So, let's add more checks for "chroot" directory during the parsing stage and let's show diagnostic warnings, if this directory has become non-accesible or was deleted. Like this, users, who wants to catch errors related to misconfigured chroot before starting the process, can launch haproxy with -dW and -dD. zero-warning mode will stop the process with error, if any warning was emitted during initialization stage. --- diff --git a/src/cfgparse-global.c b/src/cfgparse-global.c index 45f06ab039..c604d67279 100644 --- a/src/cfgparse-global.c +++ b/src/cfgparse-global.c @@ -1607,6 +1607,8 @@ static int cfg_parse_global_chroot(char **args, int section_type, struct proxy * const struct proxy *defpx, const char *file, int line, char **err) { + struct stat dir_stat; + if (too_many_args(1, args, err, NULL)) return -1; @@ -1620,6 +1622,25 @@ static int cfg_parse_global_chroot(char **args, int section_type, struct proxy * } global.chroot = strdup(args[1]); + /* some additional test for chroot dir, warn messages might be + * handy to catch misconfiguration errors more quickly + */ + if (stat(args[1], &dir_stat) != 0) { + if (errno == ENOENT) + ha_diag_warning("parsing [%s:%d]: '%s': '%s': %s.\n", + file, line, args[0], args[1], strerror(errno)); + else if (errno == EACCES) + ha_diag_warning("parsing [%s:%d]: '%s': '%s': %s " + "(process is need to be started with root priviledges to be able to chroot).\n", + file, line, args[0], args[1], strerror(errno)); + else + ha_diag_warning("parsing [%s:%d]: '%s': '%s': stat() is failed: %s.\n", + file, line, args[0], args[1], strerror(errno)); + } else if ((dir_stat.st_mode & S_IFMT) != S_IFDIR) { + ha_diag_warning("parsing [%s:%d]: '%s': '%s' is not a directory.\n", + file, line, args[0], args[1]); + } + return 0; }