[squid-users] Weird problem while using enter_suid from Pranav Desai on 2008-10-10 (squid-users)

From: Pranav Desai <pranavadesai_at_gmail.com>
Date: Fri, 10 Oct 2008 18:14:09 -0700

Hello All,

I am running
Squid Cache: Version 2.6.STABLE12
configure options: '--prefix=/usr/squid' '--exec-prefix=/usr/squid'
'--sysconfdir=/usr/squid/etc' '--enable-snmp'
'--enable-err-languages=English' '--enable-underscores'
'--enable-linux-netfilter' '--enable-storeio=ufs,aufs,coss'
'--with-pthreads' '--enable-coss-aio-ops' '--with-aufs-threads=24'
'--enable-linux-tproxy' '--enable-removal-policies=lru,heap'
'--enable-internal-dns' '--with-maxfd=65535' '--enable-allowdot'

The cache is at ~500req/s load.

I need to bind the outgoing data to a particular interface so I have
added the following code in comm_connect_addr

    //Bind outgoing connections except those going internally
    if ( Config.bind_iface && (address->sin_addr.s_addr !=
local_addr.s_addr) ) {
        strncpy(interface.ifr_ifrn.ifrn_name, Config.bind_iface, 8);

        enter_suid();
        setsock_err = setsockopt (sock, SOL_SOCKET, SO_BINDTODEVICE,
(char *)&interface, sizeof(interface));
        leave_suid();

        if(setsock_err < 0) {
            debug(5, 1) ("comm_connect_addr FD %d: %s\n", sock, xstrerror());
        }
    }
    errno = 0;

The problem we are having is that as soon as this is on, there are a
lot of these messages. (I have just the uid, errflag and fd values to
the output)

2008/10/10 18:08:55| storeAufsOpenDone: (1) Operation not permitted:
uid 1002 errflag 1 fd -1
2008/10/10 18:08:55| /var/cache/squid/03/F8/0013F823
2008/10/10 18:08:55| storeAufsOpenDone: (13) Permission denied: uid
1002 errflag 13 fd -1
2008/10/10 18:08:55| /var/cache/squid/09/3F/00193F5D
2008/10/10 18:08:55| storeSwapOutFileClosed: dirno 0, swapfile
00193F5D, errflag=-1
(13) Permission denied
2008/10/10 18:08:55| storeAufsOpenDone: (13) Permission denied: uid
1002 errflag 13 fd -1
2008/10/10 18:08:55| /var/cache/squid/09/3F/00193F6F

Any ideas why this could be happening and how I could solve it ? Is is
related to threading ?

Also, adding
debug_options 5,0
seems to stop those messages.

And interestingly
debug_options 79,0
doesnt stop these messages.

Let me know if you need any other information.

Thanks for your time and I would appreciate any help.

-- Pranav
Received on Sat Oct 11 2008 - 01:14:12 MDT

This archive was generated by hypermail 2.2.0 : Sat Oct 11 2008 - 12:00:01 MDT