#
2015:4570130dd183 |
| 24-Nov-2021 |
Max Romanov |
Fixing alerts on router restart.
Splitting the process type connectivity matrix to 'keep ports' and 'send ports'; the 'keep ports' matrix is used to clean up unnecessary ports after forking a new pr
Fixing alerts on router restart.
Splitting the process type connectivity matrix to 'keep ports' and 'send ports'; the 'keep ports' matrix is used to clean up unnecessary ports after forking a new process, and the 'send ports' matrix determines which process types expect to get created process ports.
Unfortunately, the original single connectivity matrix no longer works because of an application stop delay caused by prototypes. Existing applications should not get the new router port at the moment.
show more ...
|
Revision tags: 1.26.0-1, 1.26.0 |
|
#
1998:c8790d2a89bb |
| 09-Nov-2021 |
Tiago Natel de Moura |
Introducing application prototype processes.
|
#
1997:a8a3f1d243ee |
| 09-Nov-2021 |
Tiago Natel de Moura |
Changed nxt_process_* for reuse.
This enables the reuse of process creation functions.
|
Revision tags: 1.25.0-1, 1.25.0, 1.24.0-1, 1.24.0, 1.23.0-1, 1.23.0, 1.22.0-1, 1.22.0, 1.21.0-1, 1.21.0 |
|
#
1668:03fa2be97871 |
| 27-Oct-2020 |
Max Romanov |
Preserving the app port write socket.
The socket is required for intercontextual communication in multithreaded apps.
|
Revision tags: 1.20.0-1, 1.20.0 |
|
#
1579:c80e692dc644 |
| 20-Aug-2020 |
Tiago Natel de Moura |
Moved isolation related code to "nxt_isolation.c".
|
Revision tags: 1.19.0-1, 1.19.0 |
|
#
1548:a745db447e56 |
| 11-Aug-2020 |
Max Romanov |
Process structures refactoring in runtime and libunit.
Generic process-to-process shared memory exchange is no more required. Here, it is transformed into a router-to-application pattern. The outg
Process structures refactoring in runtime and libunit.
Generic process-to-process shared memory exchange is no more required. Here, it is transformed into a router-to-application pattern. The outgoing shared memory segments collection is now the property of the application structure. The applications connect to the router only, and the process only needs to group the ports.
show more ...
|
#
1545:78836321a126 |
| 11-Aug-2020 |
Max Romanov |
Changing router to application port exchange protocol.
The application process needs to request the port from the router instead of the latter pushing the port before sending a request to the applic
Changing router to application port exchange protocol.
The application process needs to request the port from the router instead of the latter pushing the port before sending a request to the application. This is required to simplify the communication between the router and the application and to prepare the router to use the application shared port and then the queue.
show more ...
|
#
1543:42f27153db91 |
| 11-Aug-2020 |
Max Romanov |
Libunit refactoring: port management.
- Changed the port management callbacks to notifications, which e. g. avoids the need to call the libunit function - Added context and library instance referenc
Libunit refactoring: port management.
- Changed the port management callbacks to notifications, which e. g. avoids the need to call the libunit function - Added context and library instance reference counts for a safer resource release - Added the router main port initialization
show more ...
|
#
1503:c21230ef5a0e |
| 22-Jun-2020 |
Tiago Natel de Moura |
Isolation: fixed build when features aren't detected.
|
Revision tags: 1.18.0-1, 1.18.0 |
|
#
1489:4a3ec07f4b19 |
| 28-May-2020 |
Tiago Natel de Moura |
Added "rootfs" feature.
|
#
1488:6976d36be926 |
| 09-Mar-2020 |
Tiago Natel de Moura |
Refactor of process management.
The process abstraction has changed to:
setup(task, process) start(task, process_data) prefork(task, process, mp)
The prefork() occurs in the main process rig
Refactor of process management.
The process abstraction has changed to:
setup(task, process) start(task, process_data) prefork(task, process, mp)
The prefork() occurs in the main process right before fork.
The file src/nxt_main_process.c is completely free of process specific logic.
The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container).
The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away.
In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process.
The module API has changed to:
setup(task, process, conf) start(task, data)
As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
show more ...
|
Revision tags: 1.17.0-1, 1.17.0 |
|
#
1452:e95c10330013 |
| 10-Apr-2020 |
Max Romanov |
Resolving a racing condition while adding ports on the app's side.
An earlier attempt (ad6265786871) to resolve this condition on the router's side added a new issue: the app could get a request bef
Resolving a racing condition while adding ports on the app's side.
An earlier attempt (ad6265786871) to resolve this condition on the router's side added a new issue: the app could get a request before acquiring a port.
show more ...
|
#
1446:ad6265786871 |
| 06-Apr-2020 |
Max Romanov |
Fixing 'find & add' racing condition in connected ports hash.
Missing error log messages added.
|
Revision tags: 1.16.0-1, 1.16.0, 1.15.0-1, 1.15.0, 1.14.0-1, 1.14.0 |
|
#
1306:3604d05e48be |
| 06-Dec-2019 |
Tiago Natel |
Isolation: allowed the use of credentials with unpriv userns.
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has
Isolation: allowed the use of credentials with unpriv userns.
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has the full set of capabilities in the new namespace, then we can allow setting "user" and "group" in such cases (this is a common security use case).
Tests were added to ensure user gets meaningful error messages for uid/gid mapping misconfigurations.
show more ...
|
#
1305:966d691dab2c |
| 06-Dec-2019 |
Tiago Natel |
Moved credential-related code to nxt_credential.c.
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone struc
Moved credential-related code to nxt_credential.c.
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone structures.
show more ...
|
#
1302:d4c6a91f7091 |
| 26-Nov-2019 |
Tiago Natel |
Refactor of process init.
Introduces the functions nxt_process_init_create() and nxt_process_init_creds_set().
|
#
1297:f04b5f7d6137 |
| 26-Nov-2019 |
Tiago Natel |
Changed the group listing to run unprivileged when possible.
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist()
Changed the group listing to run unprivileged when possible.
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist() supports a method of probing how much groups the user has but the behavior is not consistent. The method used here consists of optimistically trying to get up to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original value, we do a second call. This method can block main's process if LDAP/NDIS+ is in use.
MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the value passed is smaller than the number of groups the user has. Some projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups until it exceeds the number of groups user belongs to or fail when a limit is reached. For performance reasons, this is to be avoided and MacOS is handled in the fallback implementation.
The fallback implementation is the old Unit approach. It saves main's user groups (getgroups(2)) and then calls initgroups(3) to load application's groups in main, then does a second getgroups(2) to store the gids and restore main's groups in the end. Because of initgroups(3)' call to setgroups(2), this method requires root capabilities. In the case of OSX, which has small NGROUPS_MAX by default (16), it's not possible to restore main's groups if it's large; if so, this method fallbacks again: user_cred gids aren't stored, and the worker process calls initgroups() itself and may block for some time if LDAP/NDIS+ is in use.
show more ...
|
Revision tags: 1.13.0-1, 1.13.0 |
|
#
1254:aae6699f4eee |
| 29-Oct-2019 |
Hong Zhi Dao |
Process port refactoring.
- Introduced nxt_runtime_process_port_create(). - Moved nxt_process_use() into nxt_process.c from nxt_runtime.c. - Renamed nxt_runtime_process_remove_pid() as nxt_runtime_p
Process port refactoring.
- Introduced nxt_runtime_process_port_create(). - Moved nxt_process_use() into nxt_process.c from nxt_runtime.c. - Renamed nxt_runtime_process_remove_pid() as nxt_runtime_process_remove(). - Some public functions transformed to static.
This closes #327 issue on GitHub.
show more ...
|
#
1252:a2d7ea9069ea |
| 28-Oct-2019 |
Tiago Natel |
Added clone syscall check for uid/gid mapping.
Now it's possible to pass -DNXT_HAVE_CLONE=0 for debugging.
|
#
1240:656d544a94e5 |
| 22-Oct-2019 |
Tiago Natel |
Improved error logging when uid/gid map is not properly set.
When using "credential: true", the new namespace starts with a completely empty uid and gid ranges. Then, any setuid/setgid/setgroups ca
Improved error logging when uid/gid map is not properly set.
When using "credential: true", the new namespace starts with a completely empty uid and gid ranges. Then, any setuid/setgid/setgroups calls using ids not properly mapped with uidmap and gidmap fields return EINVAL, meaning the id is not valid inside the new namespace.
show more ...
|
Revision tags: 1.12.0-1, 1.12.0 |
|
#
1210:973269f705ba |
| 26-Sep-2019 |
Valentin Bartenev |
Refactored nxt_process_create() for more explicit pipe closing.
|
#
1209:a3dfe6c407b6 |
| 26-Sep-2019 |
Valentin Bartenev |
Fixed descriptors leak on process creation.
The leak has been introduced in 325b315e48c4. This closes #322 issue in GitHub.
|
Revision tags: 1.11.0-2, 1.11.0-1, 1.11.0 |
|
#
1182:325b315e48c4 |
| 19-Sep-2019 |
Tiago de Bem Natel de Moura |
Initial applications isolation support using Linux namespaces.
|
Revision tags: 1.10.0-2, 1.10.0-1, 1.10.0, 1.9.0-1, 1.9.0 |
|
#
1014:8e802fcac511 |
| 22-Mar-2019 |
Max Romanov |
Ignoring EPERM error when changing application process uid/gid.
This closes #228 issue on GitHub.
|
Revision tags: 1.8.0-1, 1.8.0, 1.7.1-1, 1.7.1, 1.7-1, 1.7, 1.6-1, 1.6, 1.5-1, 1.5, 1.4-2, 1.4 |
|
#
769:a8a5eb49a3eb |
| 19-Sep-2018 |
Max Romanov |
Initializing user_cred gids and ngroups for MacOS.
|