From 2e641cfa4e1a3afcbddb3368857cc2553e0d7ad8 Mon Sep 17 00:00:00 2001
From: Manus Freedom <manus@manusfreedom.com>
Date: Sun, 12 Jun 2016 19:21:30 +0200
Subject: [PATCH] Add run as root option

---
 .../mvc/app/controllers/OPNsense/HAProxy/forms/main.xml    | 7 +++++++
 .../opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml   | 4 ++++
 .../service/templates/OPNsense/HAProxy/haproxy.conf        | 5 ++++-
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
index c3f131a9a..efb2117e8 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/main.xml
@@ -17,6 +17,13 @@
                 <label>NOTE: Define global parameters for the HAProxy service. They cannot be overriden.</label>
                 <type>info</type>
             </field>
+            <field>
+                <id>haproxy.general.tuning.root</id>
+                <label>Run as root</label>
+                <type>checkbox</type>
+                <help><![CDATA[Enable or disable HAProxy running as root.<br/><div class="text-info"><b>NOTE:</b> Enabling root could be a security issue but it's required by some feature.</div>]]></help>
+                <advanced>true</advanced>
+            </field>
             <field>
                 <id>haproxy.general.tuning.chroot</id>
                 <label>Secure mode (chroot)</label>
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index de0949104..d98297607 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -10,6 +10,10 @@
                 <Required>Y</Required>
             </enabled>
             <tuning>
+                <root type="BooleanField">
+                    <default>0</default>
+                    <Required>Y</Required>
+                </root>
                 <chroot type="BooleanField">
                     <default>0</default>
                     <Required>Y</Required>
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index 4f1fe8e63..37b30e3c2 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -441,7 +441,10 @@
 {# ############################### #}
 
 global
-    #uid                         80
+{% if OPNsense.HAProxy.general.tuning.root != "1" %}
+    # NOTE: Could be a security issue, but required for some feature.
+    uid                         80
+{% endif %}
     gid                         80
 {% if OPNsense.HAProxy.general.tuning.chroot == "1" %}
     # NOTE: chroot prevents (most) local logging, you need to enable remote