MINOR: debug: enable insecure fork on the command line

-dI allow to enable "insure-fork-wanted" directly from the command line, which is useful when you want to run ASAN with addr2line with a lot of configuration files without editing them.
2024-12-26 06:32:13 +00:00 · 2024-03-13 11:08:50 +01:00 · 2024-03-13 11:08:50 +01:00 · 70be894e41
commit 70be894e41
parent 07b2e84bce
3 changed files with 10 additions and 1 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -1975,7 +1975,8 @@ insecure-fork-wanted
  highly recommended that this option is never used and that any workload
  requiring such a fork be reconsidered and moved to a safer solution (such as
  agents instead of external checks). This option supports the "no" prefix to
-  disable it.
+  disable it. This can also be activated with "-dI" on the haproxy command
+  line.

 insecure-setuid-wanted
  HAProxy doesn't need to call executables at run time (except when using
--- a/doc/management.txt
+++ b/doc/management.txt
@ -230,6 +230,11 @@ list of options is :
    getaddrinfo() exist on various systems and cause anomalies that are
    difficult to troubleshoot.

+  -dI : enable the insecure fork. This is the equivalent of the
+    "insecure-fork-wanted" in the global section. It can be useful when running
+    all the reg-tests with ASAN which need to fork addr2line to resolve the
+    addresses.
+
  -dK<class[,class]*> : dumps the list of registered keywords in each class.
    The list of classes is available with "-dKhelp". All classes may be dumped
    using "-dKall", otherwise a selection of those shown in the help can be
--- a/src/haproxy.c
+++ b/src/haproxy.c
@ -659,6 +659,7 @@ static void usage(char *name)
 		"        -dW fails if any warning is emitted\n"
 		"        -dD diagnostic mode : warn about suspicious configuration statements\n"
 		"        -dF disable fast-forward\n"
+		"        -dI enable insecure fork\n"
 		"        -dZ disable zero-copy forwarding\n"
 		"        -sf/-st [pid ]* finishes/terminates old pids.\n"
 		"        -x <unix_socket> get listening sockets from a unix socket\n"
@ -1679,6 +1680,8 @@ static void init_args(int argc, char **argv)
 #endif
 			else if (*flag == 'd' && flag[1] == 'F')
 				global.tune.options &= ~GTUNE_USE_FAST_FWD;
+			else if (*flag == 'd' && flag[1] == 'I')
+				global.tune.options |= GTUNE_INSECURE_FORK;
 			else if (*flag == 'd' && flag[1] == 'V')
 				global.ssl_server_verify = SSL_SERVER_VERIFY_NONE;
 			else if (*flag == 'd' && flag[1] == 'Z')