From d6da94c628c979352e67bf7a6cd7acd79974a859 Mon Sep 17 00:00:00 2001
From: Frank Wall <fw@moov.de>
Date: Tue, 14 Jun 2016 11:45:15 +0200
Subject: [PATCH] net/haproxy: change chroot directory

---
 net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc             | 2 +-
 net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/setup.sh    | 4 ++--
 .../opnsense/service/templates/OPNsense/HAProxy/haproxy.conf  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc b/net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc
index 62e08edab..9818defb0 100644
--- a/net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc
+++ b/net/haproxy/src/etc/inc/plugins.inc.d/haproxy.inc
@@ -37,7 +37,7 @@ function haproxy_syslog()
     $syslogconf = array();
 
     $syslogconf['haproxy'] = array(
-        'local' => '/var/run/haproxy/var/run/log',
+        'local' => '/var/haproxy/var/run/log',
         'facility' => array('haproxy'),
         'remote' => 'relayd',
     );
diff --git a/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/setup.sh b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/setup.sh
index 12cde91c0..41ddc07ed 100755
--- a/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/setup.sh
+++ b/net/haproxy/src/opnsense/scripts/OPNsense/HAProxy/setup.sh
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-HAPROXY_DIRS="/var/run/haproxy /var/etc/haproxy/ssl /var/etc/haproxy/lua /var/etc/haproxy/errorfiles"
+HAPROXY_DIRS="/var/haproxy/var/run /var/etc/haproxy/ssl /var/etc/haproxy/lua /var/etc/haproxy/errorfiles"
 
 for directory in ${HAPROXY_DIRS}; do
     mkdir -p ${directory}
@@ -9,7 +9,7 @@ for directory in ${HAPROXY_DIRS}; do
 done
 
 # chroot dir must not be writable
-chmod 550 /var/run/haproxy
+find /var/haproxy -type d -exec chmod 550 {} \;
 
 # export required data to filesystem
 /usr/local/opnsense/scripts/OPNsense/HAProxy/exportCerts.php > /dev/null 2>&1
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index 5c126e054..f62f2c2cd 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -446,7 +446,7 @@ global
     uid                         80
 {% endif %}
     gid                         80
-    chroot                      /var/run/haproxy
+    chroot                      /var/haproxy
     daemon
     stats                       socket /var/run/haproxy.socket level admin
     nbproc                      {{OPNsense.HAProxy.general.tuning.nbproc}}