Revision tags: 1.21.0-1, 1.21.0, 1.20.0-1, 1.20.0, 1.19.0-1, 1.19.0, 1.18.0-1, 1.18.0, 1.17.0-1, 1.17.0, 1.16.0-1, 1.16.0, 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0 |
|
#
1297:f04b5f7d6137 |
| 26-Nov-2019 |
Tiago Natel |
Changed the group listing to run unprivileged when possible.
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist()
Changed the group listing to run unprivileged when possible.
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist() supports a method of probing how much groups the user has but the behavior is not consistent. The method used here consists of optimistically trying to get up to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original value, we do a second call. This method can block main's process if LDAP/NDIS+ is in use.
MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the value passed is smaller than the number of groups the user has. Some projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups until it exceeds the number of groups user belongs to or fail when a limit is reached. For performance reasons, this is to be avoided and MacOS is handled in the fallback implementation.
The fallback implementation is the old Unit approach. It saves main's user groups (getgroups(2)) and then calls initgroups(3) to load application's groups in main, then does a second getgroups(2) to store the gids and restore main's groups in the end. Because of initgroups(3)' call to setgroups(2), this method requires root capabilities. In the case of OSX, which has small NGROUPS_MAX by default (16), it's not possible to restore main's groups if it's large; if so, this method fallbacks again: user_cred gids aren't stored, and the worker process calls initgroups() itself and may block for some time if LDAP/NDIS+ is in use.
show more ...
|
#
1292:ed99894c6b17 |
| 22-Nov-2019 |
Sergey Kandaurov |
Configure: fixed posix_spawn() detection with glic 2.30.
In particular, it was previously broken on Ubuntu 19.10 and Fedora 31. See for details: https://sourceware.org/git/?p=glibc.git;a=commitdiff;
Configure: fixed posix_spawn() detection with glic 2.30.
In particular, it was previously broken on Ubuntu 19.10 and Fedora 31. See for details: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=2ab5741
show more ...
|
Revision tags: 1.13.0-1, 1.13.0, 1.12.0-1, 1.12.0, 1.11.0-2, 1.11.0-1, 1.11.0, 1.10.0-2, 1.10.0-1, 1.10.0, 1.9.0-1, 1.9.0, 1.8.0-1, 1.8.0, 1.7.1-1, 1.7.1, 1.7-1, 1.7, 1.6-1, 1.6, 1.5-1, 1.5, 1.4-2, 1.4 |
|
#
733:d8656b9d7293 |
| 16-Jul-2018 |
Sergey Kandaurov |
Added getentropy() support.
Prodded by David Carlier.
|
#
732:ab017ff0ee67 |
| 16-Jul-2018 |
Sergey Kandaurov |
Supplied getrandom() test with commentary about supported OSes.
|
Revision tags: 1.3, 1.2 |
|
#
676:24e245cc1d4e |
| 24-May-2018 |
Sergey Kandaurov |
Using getrandom() libc interface, SYS_getrandom fixes.
The interface is available since Glibc 2.25, and FreeBSD 12.0.
|
Revision tags: 1.1, 1.0, 0.7, 0.6, 0.5, 0.4, 0.3, 0.2, 0.1 |
|
#
216:07257705cd64 |
| 17-Aug-2017 |
Igor Sysoev |
The new module configuration interface.
Configuration and building example:
./configure ./configure python ./configure php ./configure go make all
or
./configure make nginext ./co
The new module configuration interface.
Configuration and building example:
./configure ./configure python ./configure php ./configure go make all
or
./configure make nginext ./configure python make python ./configure php make php ./configure go make go
Modules configuration options and building examples:
./configure python --module=python2 --config=python2.7-config make python2
./configure php --module=php7 --config=php7.0-config --lib-path=/usr/local/php7.0 make php7
./configure go --go=go1.6 --go-path=${HOME}/go1.6 make go1.6
show more ...
|
#
158:6a2d50321e16 |
| 14-Jul-2017 |
Ruslan Ermilov |
Restored arc4random unit test after 59fc46dd5e1d.
|
#
0:a63ceefd6ab0 |
| 17-Jan-2017 |
Igor Sysoev |
Initial version.
|