php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login | |
Patch posix-acl.patch for FPM related Bug #68526Patch version 2014-11-30 08:35 UTC Return to Bug #68526 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions: 2014-11-30 17:34 UTC | 2014-11-30 16:50 UTC | 2014-11-30 10:31 UTC | 2014-11-30 09:56 UTC | 2014-11-30 09:44 UTC | 2014-11-30 09:21 UTC | 2014-11-30 08:35 UTCDeveloper: remi@php.netstruct ini_value_parser_s { diff -ru /home/php/php-src/sapi/fpm/fpm/fpm_unix.c sapi/fpm/fpm/fpm_unix.c --- /home/php/php-src/sapi/fpm/fpm/fpm_unix.c 2014-11-29 16:52:25.000000000 +0100 +++ sapi/fpm/fpm/fpm_unix.c 2014-11-30 10:44:03.491192568 +0100 +++ sapi/fpm/fpm/fpm_unix.c 2014-11-30 09:29:28.072318768 +0100 @@ -21,6 +21,10 @@ #include <sys/apparmor.h> #endif +#endif wp->socket_uid = -1; wp->socket_gid = -1; wp->socket_mode = 0660; @@ -45,6 +53,113 @@ @@ -45,6 +53,107 @@ return 0; } +#ifdef HAVE_FPM_ACL Line 200 (now 200), was 14 lines, now 8 lines + return -1; + } + } + efree(tmp); + } + if (c->listen_owner && *c->listen_owner) { + zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.owner = '%s' is ignored", wp->config->name, c->listen_owner); + } + if (c->listen_group && *c->listen_group) { + zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.group = '%s' is ignored", wp->config->name, c->listen_group); + } + wp->socket_acl = acl; + return 0; + } +#endif + if (c->listen_owner && *c->listen_owner) { struct passwd *pwd; @@ -78,15 +193,65 @@ @@ -78,9 +187,49 @@ int fpm_unix_set_socket_premissions(struct fpm_worker_pool_s *wp, const char *path) /* {{{ */ { +#ifdef HAVE_FPM_ACL + if (wp->socket_acl) { + acl_t aclfile, aclconf; + acl_entry_t entryfile, entryconf; + int i; + + + /* Read the socket ACL */ + aclconf = wp->socket_acl; + aclfile = acl_get_file (path, ACL_TYPE_ACCESS); + if (!aclfile) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to read the ACL of the socket '%s'", wp->config->name, path); + acl_free(aclfile); + return -1; + } + /* Copy the new ACL entry from config */ + for (i=ACL_FIRST_ENTRY ; acl_get_entry(aclconf, i, &entryconf) ; i=ACL_NEXT_ENTRY) { + zlog(ZLOG_SYSERROR, "[pool %s] failed to chown() the socket '%s'", wp->config->name, wp->config->listen_address); return -1; } } return 0; @@ -88,6 +237,16 @@ } /* }}} */ + +int fpm_unix_free_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */ +{ +#ifdef HAVE_FPM_ACL + if (wp->socket_acl) { + return acl_free(wp->socket_acl); + acl_free(wp->socket_acl); + } +#endif + return 0; +} +/* }}} */ + static int fpm_unix_conf_wp(struct fpm_worker_pool_s *wp) /* {{{ */ { struct passwd *pwd; diff -ru /home/php/php-src/sapi/fpm/fpm/fpm_unix.h sapi/fpm/fpm/fpm_unix.h --- /home/php/php-src/sapi/fpm/fpm/fpm_unix.h 2014-11-29 16:52:25.000000000 +0100 +++ sapi/fpm/fpm/fpm_unix.h 2014-11-30 08:26:06.904956526 +0100 @@ -9,6 +9,8 @@ Line 310 (now 305), was 19 lines, now 4 lines +#endif }; struct fpm_worker_pool_s *fpm_worker_pool_alloc(); diff -ru /home/php/php-src/sapi/fpm/php-fpm.conf.in sapi/fpm/php-fpm.conf.in --- /home/php/php-src/sapi/fpm/php-fpm.conf.in 2014-11-29 17:28:25.000000000 +0100 +++ sapi/fpm/php-fpm.conf.in 2014-11-30 10:17:52.769567922 +0100 @@ -175,6 +175,11 @@ ;listen.owner = @php_fpm_user@ ;listen.group = @php_fpm_group@ ;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a coma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.users = +;listen.groups = ; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original |
Copyright © 2001-2024 The PHP Group All rights reserved. |
Last updated: Fri Apr 26 16:01:29 2024 UTC |