<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On 18 February 2015 at 20:19, Poul-Henning Kamp <span dir="ltr"><<a href="mailto:phk@phk.freebsd.dk" target="_blank">phk@phk.freebsd.dk</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">In message <<a href="mailto:E1YOA12-0001ej-54@project.varnish-software.com">E1YOA12-0001ej-54@project.varnish-software.com</a>>, Poul-Henning Kamp<br>
writes:<br>
<br>
> Move creation of workdir into jail code, and use the master HIGH/LOW<br>
> around socket operations which may be on reserved ports.<br>
<br>
This is all presuming jail=unix which means Varnish was started as root.<br>
<br>
I am uncertain if creating/opening the storage files should be done<br>
at "MASTER_HIGH" (= root) or "MASTER_LOW" (= varnish user) privilege<br>
level.<br></blockquote><div><br></div><div>We've been looking at the option of having block device as storage instead of going through the filesystem. These devices usually have special rules setting up the permissions and such on each boot, making it useful to be root to avoid permission problems when opening the device. (Changing the rules to assign the device to the specified user is probably the "right" way of doing things though).</div><div><br></div><div>Martin</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
I'm sort of leaning "MASTER_HIGH" on general principles, but if anybody<br>
has input, I'd like to hear it...<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20<br>
phk@FreeBSD.ORG | TCP/IP since RFC 956<br>
FreeBSD committer | BSD since 4.3-tahoe<br>
Never attribute to malice what can adequately be explained by incompetence.<br>
<br>
_______________________________________________<br>
varnish-dev mailing list<br>
<a href="mailto:varnish-dev@varnish-cache.org">varnish-dev@varnish-cache.org</a><br>
<a href="https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev" target="_blank">https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev</a><br>
</font></span></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature"><div dir="ltr"><div><div><table border="0" cellpadding="0" cellspacing="0" style="font-size:12px;line-height:1.5em;font-family:'Helvetica Neue',Arial,sans-serif;color:rgb(102,102,102);width:550px;border-top-width:1px;border-top-style:solid;border-top-color:rgb(238,238,238);border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);margin-top:20px;padding-top:5px;padding-bottom:5px"><tbody><tr><td width="100"><a href="http://varnish-software.com" target="_blank"><img src="http://www.varnish-software.com/static/media/logo-email.png"></a><span></span><span></span></td><td><strong style="font-size:14px;color:rgb(34,34,34)">Martin Blix Grydeland</strong><br>Senior Developer | Varnish Software AS<br>Mobile: +47 992 74 756<br><span style="font-weight:bold">We Make Websites Fly!</span></td></tr></tbody></table></div></div></div></div>
</div></div>