mirror of https://git.kore.io/kore.git
Do not add keymgr its msg fd if not started.
Reshuffles the keymgr_active flag to keymgr.c and let it be figured out from inside kore_server_start() instead of the worker init code.
This commit is contained in:
parent
7209a67d47
commit
0eb11794f5
|
@ -559,6 +559,7 @@ extern volatile sig_atomic_t sig_recv;
|
|||
extern int tls_version;
|
||||
extern DH *tls_dhparam;
|
||||
extern char *rand_file;
|
||||
extern int keymgr_active;
|
||||
extern char *keymgr_runas_user;
|
||||
extern char *keymgr_root_path;
|
||||
|
||||
|
|
|
@ -123,6 +123,7 @@ static void keymgr_rsa_encrypt(struct kore_msg *, const void *,
|
|||
static void keymgr_ecdsa_sign(struct kore_msg *, const void *,
|
||||
struct key *);
|
||||
|
||||
int keymgr_active = 0;
|
||||
char *keymgr_root_path = NULL;
|
||||
char *keymgr_runas_user = NULL;
|
||||
|
||||
|
@ -132,6 +133,9 @@ kore_keymgr_run(void)
|
|||
int quit;
|
||||
u_int64_t now, last_seed;
|
||||
|
||||
if (keymgr_active == 0)
|
||||
fatal("%s: called with keymgr_active == 0", __func__);
|
||||
|
||||
quit = 0;
|
||||
|
||||
kore_server_closeall();
|
||||
|
|
12
src/kore.c
12
src/kore.c
|
@ -806,6 +806,7 @@ static void
|
|||
kore_server_start(int argc, char *argv[])
|
||||
{
|
||||
u_int32_t tmp;
|
||||
struct kore_server *srv;
|
||||
u_int64_t netwait;
|
||||
int quit, last_sig;
|
||||
#if defined(KORE_SINGLE_BINARY)
|
||||
|
@ -829,6 +830,9 @@ kore_server_start(int argc, char *argv[])
|
|||
|
||||
if (!kore_quiet) {
|
||||
kore_log(LOG_NOTICE, "%s is starting up", __progname);
|
||||
#if defined(__linux__)
|
||||
kore_log(LOG_NOTICE, "seccomp sandbox enabled");
|
||||
#endif
|
||||
#if defined(KORE_USE_PGSQL)
|
||||
kore_log(LOG_NOTICE, "pgsql built-in enabled");
|
||||
#endif
|
||||
|
@ -852,6 +856,14 @@ kore_server_start(int argc, char *argv[])
|
|||
kore_call_parent_configure(argc, argv);
|
||||
#endif
|
||||
|
||||
/* Check if keymgr will be active. */
|
||||
LIST_FOREACH(srv, &kore_servers, list) {
|
||||
if (srv->tls) {
|
||||
keymgr_active = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
kore_platform_proctitle("[parent]");
|
||||
kore_msg_init();
|
||||
kore_worker_init();
|
||||
|
|
|
@ -54,6 +54,8 @@ kore_msg_parent_init(void)
|
|||
struct kore_worker *kw;
|
||||
|
||||
for (i = 0; i < worker_count; i++) {
|
||||
if (keymgr_active == 0 && i == KORE_WORKER_KEYMGR)
|
||||
continue;
|
||||
kw = kore_worker_data(i);
|
||||
kore_msg_parent_add(kw);
|
||||
}
|
||||
|
|
|
@ -260,9 +260,6 @@ kore_seccomp_enable(void)
|
|||
if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog) == -1)
|
||||
fatalx("prctl: %s", errno_s);
|
||||
|
||||
if (!kore_quiet)
|
||||
kore_log(LOG_INFO, "seccomp sandbox activated");
|
||||
|
||||
#if defined(KORE_USE_PYTHON)
|
||||
kore_python_seccomp_cleanup();
|
||||
#endif
|
||||
|
|
10
src/worker.c
10
src/worker.c
|
@ -83,7 +83,6 @@ static struct kore_worker *kore_workers;
|
|||
static int worker_no_lock;
|
||||
static int shm_accept_key;
|
||||
static struct wlock *accept_lock;
|
||||
static int keymgr_active = 0;
|
||||
|
||||
struct kore_worker *worker = NULL;
|
||||
u_int8_t worker_set_affinity = 1;
|
||||
|
@ -98,7 +97,6 @@ kore_worker_init(void)
|
|||
{
|
||||
size_t len;
|
||||
struct kore_worker *kw;
|
||||
struct kore_server *srv;
|
||||
u_int16_t i, cpu;
|
||||
|
||||
worker_no_lock = 0;
|
||||
|
@ -106,14 +104,6 @@ kore_worker_init(void)
|
|||
if (worker_count == 0)
|
||||
worker_count = cpu_count;
|
||||
|
||||
/* Check if keymgr will be active. */
|
||||
LIST_FOREACH(srv, &kore_servers, list) {
|
||||
if (srv->tls) {
|
||||
keymgr_active = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
/* Account for the keymgr even if we don't end up starting it. */
|
||||
worker_count += 1;
|
||||
|
||||
|
|
Loading…
Reference in New Issue