static void
rspamd_worker_drop_priv (struct rspamd_main *rspamd_main)
{
if (rspamd_main->is_privilleged) {
if (setgid (rspamd_main->workers_gid) == -1) {
msg_err_main ("cannot setgid to %d (%s), aborting",
(gint) rspamd_main->workers_gid,
strerror (errno));
exit (-errno);
}
if (rspamd_main->cfg->rspamd_user &&
initgroups (rspamd_main->cfg->rspamd_user, rspamd_main->workers_gid) ==
-1) {
msg_err_main ("initgroups failed (%s), aborting", strerror (errno));
exit (-errno);
}
if (setuid (rspamd_main->workers_uid) == -1) {
msg_err_main ("cannot setuid to %d (%s), aborting",
(gint) rspamd_main->workers_uid,
strerror (errno));
exit (-errno);
}
}
}
struct rspamd_worker *
rspamd_fork_worker (struct rspamd_main *rspamd_main,
struct rspamd_worker_conf *cf,
guint index,
struct event_base *ev_base)
{
struct rspamd_worker *wrk;
gint rc;
struct rlimit rlim;
/* Starting worker process */
wrk = (struct rspamd_worker *) g_malloc0 (sizeof (struct rspamd_worker));
if (!rspamd_socketpair (wrk->control_pipe)) {
msg_err ("socketpair failure: %s", strerror (errno));
exit (-errno);
}
if (!rspamd_socketpair (wrk->srv_pipe)) {
msg_err ("socketpair failure: %s", strerror (errno));
exit (-errno);
}
wrk->srv = rspamd_main;
wrk->type = cf->type;
wrk->cf = cf;
REF_RETAIN (cf);
wrk->index = index;
wrk->ctx = cf->ctx;
wrk->finish_actions = g_ptr_array_new ();
wrk->pid = fork ();
switch (wrk->pid) {
case 0:
/* Update pid for logging */
rspamd_log_update_pid (cf->type, rspamd_main->logger);
/* Init PRNG after fork */
rc = ottery_init (rspamd_main->cfg->libs_ctx->ottery_cfg);
if (rc != OTTERY_ERR_NONE) {
msg_err_main ("cannot initialize PRNG: %d", rc);
abort ();
}
rspamd_random_seed_fast ();
#ifdef HAVE_EVUTIL_RNG_INIT
evutil_secure_rng_init ();
#endif
/* Remove the inherited event base */
event_reinit (rspamd_main->ev_base);
event_base_free (rspamd_main->ev_base);
/* Drop privilleges */
rspamd_worker_drop_priv (rspamd_main);
/* Set limits */
rspamd_worker_set_limits (rspamd_main, cf);
/* Re-set stack limit */
getrlimit (RLIMIT_STACK, &rlim);
rlim.rlim_cur = 100 * 1024 * 1024;
rlim.rlim_max = rlim.rlim_cur;
setrlimit (RLIMIT_STACK, &rlim);
setproctitle ("%s process", cf->worker->name);
rspamd_pidfile_close (rspamd_main->pfh);
/* Do silent log reopen to avoid collisions */
rspamd_log_close (rspamd_main->logger);
rspamd_log_open (rspamd_main->logger);
wrk->start_time = rspamd_get_calendar_ticks ();
#if ((GLIB_MAJOR_VERSION == 2) && (GLIB_MINOR_VERSION <= 30))
# if (GLIB_MINOR_VERSION > 20)
/* Ugly hack for old glib */
if (!g_thread_get_initialized ()) {
g_thread_init (NULL);
}
# else
g_thread_init (NULL);
# endif
#endif
msg_info_main ("starting %s process %P (%d)", cf->worker->name,
getpid (), index);
/* Close parent part of socketpair */
close (wrk->control_pipe[0]);
close (wrk->srv_pipe[0]);
rspamd_socket_nonblocking (wrk->control_pipe[1]);
rspamd_socket_nonblocking (wrk->srv_pipe[1]);
/* Execute worker */
cf->worker->worker_start_func (wrk);
exit (EXIT_FAILURE);
break;
case -1:
msg_err_main ("cannot fork main process. %s", strerror (errno));
rspamd_pidfile_remove (rspamd_main->pfh);
exit (-errno);
break;
default:
/* Close worker part of socketpair */
close (wrk->control_pipe[1]);
close (wrk->srv_pipe[1]);
rspamd_socket_nonblocking (wrk->control_pipe[0]);
rspamd_socket_nonblocking (wrk->srv_pipe[0]);
rspamd_srv_start_watching (wrk, ev_base);
/* Insert worker into worker's table, pid is index */
g_hash_table_insert (rspamd_main->workers, GSIZE_TO_POINTER (
wrk->pid), wrk);
break;
}
return wrk;
}
struct rspamd_worker *
rspamd_fork_worker (struct rspamd_main *rspamd_main,
struct rspamd_worker_conf *cf,
guint index)
{
struct rspamd_worker *cur;
/* Starting worker process */
cur = (struct rspamd_worker *) g_malloc0 (sizeof (struct rspamd_worker));
if (!rspamd_socketpair (cur->control_pipe)) {
msg_err ("socketpair failure: %s", strerror (errno));
exit (-errno);
}
cur->srv = rspamd_main;
cur->type = cf->type;
cur->cf = g_malloc (sizeof (struct rspamd_worker_conf));
memcpy (cur->cf, cf, sizeof (struct rspamd_worker_conf));
cur->index = index;
cur->ctx = cf->ctx;
cur->pid = fork ();
switch (cur->pid) {
case 0:
/* Update pid for logging */
rspamd_log_update_pid (cf->type, rspamd_main->logger);
/* Lock statfile pool if possible XXX */
/* Init PRNG after fork */
ottery_init (NULL);
g_random_set_seed (ottery_rand_uint32 ());
/* Drop privilleges */
rspamd_worker_drop_priv (rspamd_main);
/* Set limits */
rspamd_worker_set_limits (rspamd_main, cf);
setproctitle ("%s process", cf->worker->name);
rspamd_pidfile_close (rspamd_main->pfh);
/* Do silent log reopen to avoid collisions */
rspamd_log_close (rspamd_main->logger);
rspamd_log_open (rspamd_main->logger);
cur->start_time = rspamd_get_calendar_ticks ();
#if ((GLIB_MAJOR_VERSION == 2) && (GLIB_MINOR_VERSION <= 30))
# if (GLIB_MINOR_VERSION > 20)
/* Ugly hack for old glib */
if (!g_thread_get_initialized ()) {
g_thread_init (NULL);
}
# else
g_thread_init (NULL);
# endif
#endif
msg_info_main ("starting %s process %P", cf->worker->name, getpid ());
/* Close parent part of socketpair */
close (cur->control_pipe[0]);
rspamd_socket_nonblocking (cur->control_pipe[1]);
/* Execute worker */
cf->worker->worker_start_func (cur);
break;
case -1:
msg_err_main ("cannot fork main process. %s", strerror (errno));
rspamd_pidfile_remove (rspamd_main->pfh);
exit (-errno);
break;
default:
/* Close worker part of socketpair */
close (cur->control_pipe[1]);
rspamd_socket_nonblocking (cur->control_pipe[0]);
/* Insert worker into worker's table, pid is index */
g_hash_table_insert (rspamd_main->workers, GSIZE_TO_POINTER (
cur->pid), cur);
break;
}
return cur;
}
