Skip to content

Commit

Permalink
MINOR: sock: add EPERM case in sock_handle_system_err
Browse files Browse the repository at this point in the history 
setns() may return EPERM if thread, that tries to move into different
namespace, do not have CAP_SYS_ADMIN capability in its Effective set.
So, extending sock_handle_system_err() with this error allows to send
appropriate log message and set SF_ERR_PRXCOND (SC termination
flag in log) as stream termination error code. This error code can be
simply checked with SF_ERR_MASK at protocol layer.
  • Loading branch information
@vkssv @wtarreau
vkssv authored and wtarreau committed Apr 30, 2024
1 parent d3fc982 commit 13ef552
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions src/sock.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -236,6 +236,13 @@ static int sock_handle_system_err(struct connection *conn, struct proxy *be)
conn->err_code = CO_ER_NOPROTO;
break;

case EPERM:
send_log(be, LOG_EMERG,
"Proxy %s has insufficient permissions to open server socket.\n",
be->id);

return SF_ERR_PRXCOND;

default:
send_log(be, LOG_EMERG,
"Proxy %s cannot create a server socket: %s\n",
Expand Down

0 comments on commit 13ef552

Please sign in to comment.