httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug McMahon <dmcma...@us.oracle.com>
Subject Apache event points and shared resources
Date Thu, 19 Oct 2000 17:15:04 GMT
I have a vexing problem with Apache callback/event points that I'm
hoping someone reading this can help me solve.

For various reasons, I need to create a shared memory segment and
an associated semaphore to latch access to it.  I need to do this
in such a way that all Apache child processes have access to it.
I also need to destroy both the shared segment and the semaphore
when Apache exits.

Creation

I have found that I can create the shared resources in the so-called
"module initializer".  It seems to be called once, then forked
processes get any objects it creates.  There is an annoying problem,
however; it's actually called twice, once in some sort of starter
or manager process, and once more in some sort of manager or
template process that the children are forked from.  The issue
is that the first call is superfluous; it occurs in another process
that's uninvolved with the workers, and so the created resources
are unused during the time Apache's running.  Worse still, there's
no event point to tell you when this process exits, so the resources
are never cleaned up.  The main problem is that there does not appear
to be any way to distinguish these two processes in code.

A related problem is the security of any shared resources.  The
module initializer seems to be called at a point in time prior to
the "setuid" operation, so it doesn't seem possible to create
resources with the 0600 protection mask reliably.  What's needed
is an event point that occurs (a) once on behalf of all worker
processes, (b) after the "setuid" has been performed.

Destruction

There is a similar problem when destroying the shared resources; there
does not seem to be an event where this can be done!  There is a
child-exit event, kludgey on 2.0 but still serviceable, but this
isn't useful for destroying global resources.  For one thing, what
if this is just a worker shutting down?  You don't want to destroy
a shared object if that's the case.

There's a related problem that by the time child exit is called, Apache
has "setuid" to some other user and the destroy typically can't work
anyway (OSes seem to insist that objects be destroyed by the super-user
or the user who created them).  This wouldn't be a problem if, in
the case of the creation problem, the resources could be created after
the "setuid" had been performed.

Mime
View raw message