2c0888f69c
With NXT_HAVE_PIVOT_ROOT, we had issues in MacOS. Headers should normally be included unconditionally, except of course if they don't exist. This fixes part of the #737 issue on GitHub.
184 lines
4.1 KiB
Text
184 lines
4.1 KiB
Text
# Copyright (C) Igor Sysoev
|
|
# Copyright (C) NGINX, Inc.
|
|
|
|
# Linux clone syscall.
|
|
|
|
NXT_ISOLATION=NO
|
|
NXT_HAVE_CLONE=NO
|
|
NXT_HAVE_CLONE_NEWUSER=NO
|
|
NXT_HAVE_MOUNT=NO
|
|
NXT_HAVE_UNMOUNT=NO
|
|
NXT_HAVE_ROOTFS=NO
|
|
|
|
nsflags="USER NS PID NET UTS CGROUP"
|
|
|
|
nxt_feature="clone(2)"
|
|
nxt_feature_name=NXT_HAVE_CLONE
|
|
nxt_feature_run=no
|
|
nxt_feature_incs=
|
|
nxt_feature_libs=
|
|
nxt_feature_test="#include <sys/wait.h>
|
|
#include <sys/syscall.h>
|
|
|
|
int main() {
|
|
return SYS_clone | SIGCHLD;
|
|
}"
|
|
. auto/feature
|
|
|
|
if [ $nxt_found = yes ]; then
|
|
NXT_HAVE_CLONE=YES
|
|
|
|
# Test all isolation flags
|
|
for flag in $nsflags; do
|
|
nxt_feature="CLONE_NEW${flag}"
|
|
nxt_feature_name=NXT_HAVE_CLONE_NEW${flag}
|
|
nxt_feature_run=no
|
|
nxt_feature_incs=
|
|
nxt_feature_libs=
|
|
nxt_feature_test="#define _GNU_SOURCE
|
|
#include <sys/wait.h>
|
|
#include <sys/syscall.h>
|
|
#include <sched.h>
|
|
|
|
int main() {
|
|
return CLONE_NEW$flag;
|
|
}"
|
|
. auto/feature
|
|
|
|
if [ $nxt_found = yes ]; then
|
|
if [ $flag = "USER" ]; then
|
|
NXT_HAVE_CLONE_NEWUSER=YES
|
|
fi
|
|
|
|
if [ "$NXT_ISOLATION" = "NO" ]; then
|
|
NXT_ISOLATION=$flag
|
|
else
|
|
NXT_ISOLATION="$NXT_ISOLATION $flag"
|
|
fi
|
|
fi
|
|
done
|
|
fi
|
|
|
|
|
|
nxt_feature="Linux pivot_root()"
|
|
nxt_feature_name=NXT_HAVE_PIVOT_ROOT
|
|
nxt_feature_run=no
|
|
nxt_feature_incs=
|
|
nxt_feature_libs=
|
|
nxt_feature_test="#include <sys/syscall.h>
|
|
|
|
int main() {
|
|
return SYS_pivot_root;
|
|
}"
|
|
. auto/feature
|
|
|
|
|
|
nxt_feature="<mntent.h>"
|
|
nxt_feature_name=NXT_HAVE_MNTENT_H
|
|
nxt_feature_run=no
|
|
nxt_feature_incs=
|
|
nxt_feature_libs=
|
|
nxt_feature_test="#include <mntent.h>
|
|
|
|
int main(void) {
|
|
return 0;
|
|
}"
|
|
. auto/feature
|
|
|
|
|
|
nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)"
|
|
nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0
|
|
nxt_feature_run=no
|
|
nxt_feature_incs=
|
|
nxt_feature_libs=
|
|
nxt_feature_test="#include <sys/prctl.h>
|
|
|
|
int main() {
|
|
return PR_SET_NO_NEW_PRIVS;
|
|
}"
|
|
. auto/feature
|
|
|
|
|
|
nxt_feature="Linux mount()"
|
|
nxt_feature_name=NXT_HAVE_LINUX_MOUNT
|
|
nxt_feature_run=no
|
|
nxt_feature_incs=
|
|
nxt_feature_libs=
|
|
nxt_feature_test="#include <sys/mount.h>
|
|
|
|
int main() {
|
|
return mount(\"/\", \"/\", \"bind\",
|
|
MS_BIND | MS_REC, \"\");
|
|
}"
|
|
. auto/feature
|
|
|
|
if [ $nxt_found = yes ]; then
|
|
NXT_HAVE_MOUNT=YES
|
|
fi
|
|
|
|
|
|
if [ $nxt_found = no ]; then
|
|
nxt_feature="FreeBSD nmount()"
|
|
nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT
|
|
nxt_feature_run=no
|
|
nxt_feature_incs=
|
|
nxt_feature_libs=
|
|
nxt_feature_test="#include <sys/mount.h>
|
|
|
|
int main() {
|
|
return nmount((void *)0, 0, 0);
|
|
}"
|
|
. auto/feature
|
|
|
|
if [ $nxt_found = yes ]; then
|
|
NXT_HAVE_MOUNT=YES
|
|
fi
|
|
fi
|
|
|
|
|
|
nxt_feature="Linux umount2()"
|
|
nxt_feature_name=NXT_HAVE_LINUX_UMOUNT2
|
|
nxt_feature_run=no
|
|
nxt_feature_incs=
|
|
nxt_feature_libs=
|
|
nxt_feature_test="#include <sys/mount.h>
|
|
|
|
int main() {
|
|
return umount2((void *)0, 0);
|
|
}"
|
|
. auto/feature
|
|
|
|
if [ $nxt_found = yes ]; then
|
|
NXT_HAVE_UNMOUNT=YES
|
|
fi
|
|
|
|
if [ $nxt_found = no ]; then
|
|
nxt_feature="unmount()"
|
|
nxt_feature_name=NXT_HAVE_UNMOUNT
|
|
nxt_feature_run=no
|
|
nxt_feature_incs=
|
|
nxt_feature_libs=
|
|
nxt_feature_test="#include <sys/mount.h>
|
|
|
|
int main() {
|
|
return unmount((void *)0, 0);
|
|
}"
|
|
. auto/feature
|
|
|
|
if [ $nxt_found = yes ]; then
|
|
NXT_HAVE_UNMOUNT=YES
|
|
fi
|
|
fi
|
|
|
|
if [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then
|
|
NXT_HAVE_ROOTFS=YES
|
|
|
|
cat << END >> $NXT_AUTO_CONFIG_H
|
|
|
|
#ifndef NXT_HAVE_ISOLATION_ROOTFS
|
|
#define NXT_HAVE_ISOLATION_ROOTFS 1
|
|
#endif
|
|
|
|
END
|
|
|
|
fi
|