I removed elevation on delete and new instance. It is needed in dlopen because the libraries that we link with in our plugins need root privileges when they statically initialize things.
-Bryan >> Am 23 yan, 2014 um 22:00 schrieb "James Peach" <jpe...@apache.org>: >> >>> On Jan 23, 2014, at 6:50 AM, bc...@apache.org wrote: >>> >>> Updated Branches: >>> refs/heads/master 00897775d -> cd86569e9 >>> >>> >>> TS-2425: Update to TS-2261 for loading plugins as root >> [snip] >>> http://git-wip-us.apache.org/repos/asf/trafficserver/blob/cd86569e/proxy/http/remap/UrlMapping.cc >>> ---------------------------------------------------------------------- >>> diff --git a/proxy/http/remap/UrlMapping.cc b/proxy/http/remap/UrlMapping.cc >>> index d5b00d1..58739c1 100644 >>> --- a/proxy/http/remap/UrlMapping.cc >>> +++ b/proxy/http/remap/UrlMapping.cc >>> @@ -79,13 +79,8 @@ url_mapping::delete_instance(unsigned int index) >>> remap_plugin_info* p = get_plugin(index); >>> >>> if (ih && p && p->fp_tsremap_delete_instance) { >>> - // elevate the access to read files as root if compiled with >>> capabilities, if not >>> - // change the effective user to root >>> - uint32_t elevate_access = 0; >>> - REC_ReadConfigInteger(elevate_access, >>> "proxy.config.plugin.load_elevated"); >>> - ElevateAccess access(elevate_access != 0); >>> p->fp_tsremap_delete_instance(ih); >>> - } // done elevating access >>> + } >>> } >> >> The delete is no longer elevated? That seems inconsistent. Why did you >> remove that? Also, why is it necessary to perform the dlopen() with >> privilege? >> >> J
