github graygnuorg/pound v4.7
on GitHub

latest releases: v4.14, v4.13, v4.12...
19 months ago

Default include directory

Configuration directives that take filenames as their argument search for files in the include directory (unless the filename is absolute). Initial value of the include directory is set to the system configuration directory, as configured at compile time. It can be changed:

  1. From the command line, using the -Winclude-dir=DIR or -Wno-include-dir options.
    The latter form resets it to the current working directory.
  2. From the configuration file, using the IncludeDir configuration statement.

The Include directive

The Include directive can appear not only at the topmost level, but also in any sections (ListenHTTP, Service, ACL, etc.). In short - anyplace where a statement is allowed.

Reading patterns from file

All request matching directives (Header, Host, URL, etc.) take an additional option -file. When this option is specified, the argument to the directive is treated as the name of a file to read patterns from. If the filename is relative, it is looked up in the include directory (see above). For example: 

   Service
      Host -file "pound/webhosts"
      ...
   End

Patterns are read from the file line by line, empty lines and comments are ignored.

Early pthread_cancel probe

Pound calls pthread_cancel(3p) during its shutdown sequence. In GNU libc, a call to this function involves loading the libgcc_s.so.1 shared library. In previous versions of pound, this would fail if pound was running in chrooted environment (RootJail), unless that library had previously been copied to the chroot directory. The following diagnostics would be printed 

   libgcc_s.so.1 must be installed for pthread_cancel to work

and the program would abort. That means that normal pound shutdown sequence would not be performed properly. Starting with this version, pound will create and cancel a dummy thread right before doing chroot. This ensures that libgcc_s.so.1 is loaded early, so that pthread_cancel will run successfully even when chrooted later.

This early probe is enabled if pound is linked with GNU libc. The --enable-pthread-cancel-probe configure option is available to forcefully enable or disable it, if the need be.

PID file and control socket are properly removed when in RootJail mode.

This doesn't cover the case where the privileges of the user the program runs at (as set by the User and Group configuration statements) forbid to remove the file.

Control socket ownership and mode

The Control configuration directive has two forms: inline and section. The inline form is the same as in previous versions. The Control section allows you to manage file mode and ownership of the socket file. Its syntax is: 

  Control
    Socket "FILE"
    Mode OCTAL
    ChangeOwner BOOL
  End

The Socket statement sets the name of the UNIX socket file. This is the only mandatory statement in the Control section. The Mode statement sets the mode of the socket file (default is 600). Finally, if ChangeOwner is true, the ownership of the socket file will be changed to the user defined by the User and/or Group statements in global scope.

Check out latest releases or
releases around graygnuorg/pound v4.7

Don't miss a new pound release

NewReleases is sending notifications on new releases.

Get notifications