From lapo@mail.lapo.it  Tue Nov 11 13:16:10 2008
Return-Path: <lapo@mail.lapo.it>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 11FED106564A
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Nov 2008 13:16:10 +0000 (UTC)
	(envelope-from lapo@mail.lapo.it)
Received: from mail.lapo.it (motoko.lapo.it [88.198.0.105])
	by mx1.freebsd.org (Postfix) with ESMTP id 52EDB8FC25
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 11 Nov 2008 13:16:08 +0000 (UTC)
	(envelope-from lapo@mail.lapo.it)
Received: (qmail 94885 invoked by uid 1001); 11 Nov 2008 13:16:06 -0000
Message-Id: <20081111131606.94884.qmail@mail.lapo.it>
Date: 11 Nov 2008 13:16:06 -0000
From: Lapo Luchini <lapo@lapo.it>
Reply-To: Lapo Luchini <lapo@lapo.it>
To: FreeBSD-gnats-submit@freebsd.org
Cc: des@FreeBSD.org, Lapo Luchini <lapo@lapo.it>
Subject: newest www/varnish doesn't work by default (mlock not permitted)
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         128786
>Category:       ports
>Synopsis:       newest www/varnish doesn't work by default (mlock not permitted)
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Nov 11 13:20:00 UTC 2008
>Closed-Date:    Wed Nov 12 09:43:59 UTC 2008
>Last-Modified:  Wed Nov 12 09:43:59 UTC 2008
>Originator:     Lapo Luchini
>Release:        FreeBSD 6.3-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD motoko.lapo.it 6.3-PRERELEASE FreeBSD 6.3-PRERELEASE #8: Thu Dec 13 09:33:49 CET 2007 root@motoko.lapo.it:/usr/obj/usr/src/sys/MOTOKO amd64

>Description:

It seems to me that varnish drops root priviledges before attempting an mlock(2), thus failing it.

>How-To-Repeat:

# cd /usr/ports/www/varnish
# make install clean
# echo 'varnishd_storage="file,data,100M"' >>/etc/rc.conf
# /usr/local/etc/rc.d/varnishd forcestart
Starting varnishd.
storage_file: filename: /usr/local/varnish/$HOST/data size 100 MB.
Using old SHMFILE
Notice: locking SHMFILE in core failed: Operation not permitted

>Fix:

Work-around is:
# echo 'varnishd_user="root"' >>/etc/rc.conf

Host with the problem is a:
FreeBSD $HOST 7.0-STABLE FreeBSD 7.0-STABLE #2: Sat May 31 09:57:05 CEST 2008     root@$HOST:/usr/obj/usr/src/sys/GENERIC  amd64
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->des 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Tue Nov 11 13:20:10 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=128786 

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: freebsd-gnats-submit@freebsd.org 
Cc:  
Subject: Re: ports/128786: newest www/varnish doesn't work by default (mlock not permitted)
Date: Tue, 11 Nov 2008 15:53:08 +0100

 I need to know which version of the port you tried to install.
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no

From: Lapo Luchini <lapo@lapo.it>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/128786: newest www/varnish doesn't work by default (mlock
 not permitted)
Date: Tue, 11 Nov 2008 23:03:34 +0100

 Latest from yesterday's ports: varnish-2.0.1.
 Whoops. Freshports says me indeed it was not yesterday's, as 2.0.1_1 has
 8 days already.
 Strange, I do a portsnap nightly... well, that's my problem, not
 yours... 2.0.1_1 doesn't have that problem (of course it removes the
 run-as-a-different-user option altogether?).

From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: freebsd-gnats-submit@freebsd.org
Cc:  
Subject: Re: ports/128786: newest www/varnish doesn't work by default (mlock not permitted)
Date: Wed, 12 Nov 2008 10:22:18 +0100

 Lapo Luchini <lapo@lapo.it> writes:
 > 2.0.1_1 doesn't have that problem (of course it removes the
 > run-as-a-different-user option altogether?).
 
 It removes the ability to specify which user to run as (which the 1.x
 ports didn't have either).  By default, the varnish child (which does
 the actual work) will run as nobody:nogroup, while the parent (which
 opens the listening sockets and supervises the child) continues to run
 as root.
 
 DES
 --=20
 Dag-Erling Sm=C3=B8rgrav - des@des.no
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Wed Nov 12 09:43:59 UTC 2008 
State-Changed-Why:  
already fixed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=128786 
>Unformatted:
