|
@@ -26,6 +26,7 @@ import (
|
|
|
"io"
|
|
"io"
|
|
|
"io/ioutil"
|
|
"io/ioutil"
|
|
|
"os"
|
|
"os"
|
|
|
|
|
+ "runtime/debug"
|
|
|
"strconv"
|
|
"strconv"
|
|
|
"strings"
|
|
"strings"
|
|
|
"syscall"
|
|
"syscall"
|
|
@@ -248,6 +249,16 @@ func main() {
|
|
|
}
|
|
}
|
|
|
// Else, this is the child process.
|
|
// Else, this is the child process.
|
|
|
|
|
|
|
|
|
|
+ // As of Go 1.19.10, programs with Linux capabilities or setuid do not
|
|
|
|
|
+ // dump panic stacks by default. See:
|
|
|
|
|
+ // https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb.
|
|
|
|
|
+ // To restore panic stacks, we call SetTraceback("single"), restoring
|
|
|
|
|
+ // the default GOTRACKBACK value. The server program is run as a
|
|
|
|
|
+ // non-privileged user and with CAP_NET capabilities; neither the
|
|
|
|
|
+ // panic stack traces nor register dumps are expected to expose any
|
|
|
|
|
+ // unexpected sensitive information.
|
|
|
|
|
+ debug.SetTraceback("single")
|
|
|
|
|
+
|
|
|
err = server.RunServices(configJSON)
|
|
err = server.RunServices(configJSON)
|
|
|
if err != nil {
|
|
if err != nil {
|
|
|
fmt.Printf("run failed: %s\n", err)
|
|
fmt.Printf("run failed: %s\n", err)
|
Rod Hynes