|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
Patch posix-acl.patch for FPM related Bug #68526Patch version 2014-11-30 08:35 UTC Return to Bug #68526 | Download this patchThis patch is obsolete Obsoleted by patches: Patch Revisions: 2014-11-30 17:34 UTC | 2014-11-30 16:50 UTC | 2014-11-30 10:31 UTC | 2014-11-30 09:56 UTC | 2014-11-30 09:44 UTC | 2014-11-30 09:21 UTC | 2014-11-30 08:35 UTCDeveloper: remi@php.net
struct ini_value_parser_s {
diff -ru /home/php/php-src/sapi/fpm/fpm/fpm_unix.c sapi/fpm/fpm/fpm_unix.c
--- /home/php/php-src/sapi/fpm/fpm/fpm_unix.c 2014-11-29 16:52:25.000000000 +0100
+++ sapi/fpm/fpm/fpm_unix.c 2014-11-30 10:44:03.491192568 +0100
+++ sapi/fpm/fpm/fpm_unix.c 2014-11-30 09:29:28.072318768 +0100
@@ -21,6 +21,10 @@
#include <sys/apparmor.h>
#endif
+#endif
wp->socket_uid = -1;
wp->socket_gid = -1;
wp->socket_mode = 0660;
@@ -45,6 +53,113 @@
@@ -45,6 +53,107 @@
return 0;
}
+#ifdef HAVE_FPM_ACL
Line 200 (now 200), was 14 lines, now 8 lines
+ return -1;
+ }
+ }
+ efree(tmp);
+ }
+ if (c->listen_owner && *c->listen_owner) {
+ zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.owner = '%s' is ignored", wp->config->name, c->listen_owner);
+ }
+ if (c->listen_group && *c->listen_group) {
+ zlog(ZLOG_WARNING, "[pool %s] ACL set, listen.group = '%s' is ignored", wp->config->name, c->listen_group);
+ }
+ wp->socket_acl = acl;
+ return 0;
+ }
+#endif
+
if (c->listen_owner && *c->listen_owner) {
struct passwd *pwd;
@@ -78,15 +193,65 @@
@@ -78,9 +187,49 @@
int fpm_unix_set_socket_premissions(struct fpm_worker_pool_s *wp, const char *path) /* {{{ */
{
+#ifdef HAVE_FPM_ACL
+ if (wp->socket_acl) {
+ acl_t aclfile, aclconf;
+ acl_entry_t entryfile, entryconf;
+ int i;
+
+
+ /* Read the socket ACL */
+ aclconf = wp->socket_acl;
+ aclfile = acl_get_file (path, ACL_TYPE_ACCESS);
+ if (!aclfile) {
+ zlog(ZLOG_SYSERROR, "[pool %s] failed to read the ACL of the socket '%s'", wp->config->name, path);
+ acl_free(aclfile);
+ return -1;
+ }
+ /* Copy the new ACL entry from config */
+ for (i=ACL_FIRST_ENTRY ; acl_get_entry(aclconf, i, &entryconf) ; i=ACL_NEXT_ENTRY) {
+ zlog(ZLOG_SYSERROR, "[pool %s] failed to chown() the socket '%s'", wp->config->name, wp->config->listen_address);
return -1;
}
}
return 0;
@@ -88,6 +237,16 @@
}
/* }}} */
+
+int fpm_unix_free_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */
+{
+#ifdef HAVE_FPM_ACL
+ if (wp->socket_acl) {
+ return acl_free(wp->socket_acl);
+ acl_free(wp->socket_acl);
+ }
+#endif
+ return 0;
+}
+/* }}} */
+
static int fpm_unix_conf_wp(struct fpm_worker_pool_s *wp) /* {{{ */
{
struct passwd *pwd;
diff -ru /home/php/php-src/sapi/fpm/fpm/fpm_unix.h sapi/fpm/fpm/fpm_unix.h
--- /home/php/php-src/sapi/fpm/fpm/fpm_unix.h 2014-11-29 16:52:25.000000000 +0100
+++ sapi/fpm/fpm/fpm_unix.h 2014-11-30 08:26:06.904956526 +0100
@@ -9,6 +9,8 @@
Line 310 (now 305), was 19 lines, now 4 lines
+#endif
};
struct fpm_worker_pool_s *fpm_worker_pool_alloc();
diff -ru /home/php/php-src/sapi/fpm/php-fpm.conf.in sapi/fpm/php-fpm.conf.in
--- /home/php/php-src/sapi/fpm/php-fpm.conf.in 2014-11-29 17:28:25.000000000 +0100
+++ sapi/fpm/php-fpm.conf.in 2014-11-30 10:17:52.769567922 +0100
@@ -175,6 +175,11 @@
;listen.owner = @php_fpm_user@
;listen.group = @php_fpm_group@
;listen.mode = 0660
+; When POSIX Access Control Lists are supported you can set them using
+; these options, value is a coma separated list of user/group names.
+; When set, listen.owner and listen.group are ignored
+;listen.users =
+;listen.groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
|
Copyright © 2001-2024 The PHP GroupAll rights reserved. |
Last updated: Fri Apr 26 16:01:29 2024 UTC |