Lines Matching refs:isolation

17     nxt_conf_value_t *isolation, nxt_process_t *process);
21 nxt_conf_value_t *isolation, nxt_process_t *process);
26 nxt_conf_value_t *isolation, nxt_process_t *process);
33 nxt_conf_value_t *isolation, nxt_process_t *process);
43 nxt_conf_value_t *isolation, nxt_process_t *process);
45 nxt_conf_value_t *isolation, nxt_process_t *process);
66 nxt_conf_value_t *isolation, nxt_process_t *process);
84 process->isolation.new_privs = 1; in nxt_isolation_main_prefork()
87 if (app_conf->isolation != NULL) { in nxt_isolation_main_prefork()
88 ret = nxt_isolation_set(task, app_conf->isolation, process); in nxt_isolation_main_prefork()
95 if (nxt_is_clone_flag_set(process->isolation.clone.flags, NEWUSER)) { in nxt_isolation_main_prefork()
131 if (process->isolation.rootfs != NULL) { in nxt_isolation_main_prefork()
140 has_mnt = nxt_is_clone_flag_set(process->isolation.clone.flags, NEWNS); in nxt_isolation_main_prefork()
165 nxt_isolation_set(nxt_task_t *task, nxt_conf_value_t *isolation, in nxt_isolation_set() argument
169 if (nxt_slow_path(nxt_isolation_set_cgroup(task, isolation, process) in nxt_isolation_set()
177 if (nxt_slow_path(nxt_isolation_set_namespaces(task, isolation, process) in nxt_isolation_set()
185 if (nxt_slow_path(nxt_isolation_set_creds(task, isolation, process) in nxt_isolation_set()
193 if (nxt_slow_path(nxt_isolation_set_rootfs(task, isolation, process) in nxt_isolation_set()
199 if (nxt_slow_path(nxt_isolation_set_automount(task, isolation, process) in nxt_isolation_set()
207 if (nxt_slow_path(nxt_isolation_set_new_privs(task, isolation, process) in nxt_isolation_set()
221 nxt_isolation_set_cgroup(nxt_task_t *task, nxt_conf_value_t *isolation, in nxt_isolation_set_cgroup() argument
230 obj = nxt_conf_get_object_member(isolation, &cgname, NULL); in nxt_isolation_set_cgroup()
241 process->isolation.cgroup.path = nxt_mp_alloc(process->mem_pool, in nxt_isolation_set_cgroup()
243 nxt_memcpy(process->isolation.cgroup.path, str.start, str.length); in nxt_isolation_set_cgroup()
244 process->isolation.cgroup.path[str.length] = '\0'; in nxt_isolation_set_cgroup()
246 process->isolation.cgroup_cleanup = nxt_cgroup_cleanup; in nxt_isolation_set_cgroup()
257 nxt_isolation_set_namespaces(nxt_task_t *task, nxt_conf_value_t *isolation, in nxt_isolation_set_namespaces() argument
265 obj = nxt_conf_get_object_member(isolation, &nsname, NULL); in nxt_isolation_set_namespaces()
267 ret = nxt_isolation_clone_flags(task, obj, &process->isolation.clone); in nxt_isolation_set_namespaces()
282 nxt_isolation_set_creds(nxt_task_t *task, nxt_conf_value_t *isolation, in nxt_isolation_set_creds() argument
292 clone = &process->isolation.clone; in nxt_isolation_set_creds()
294 array = nxt_conf_get_object_member(isolation, &uidname, NULL); in nxt_isolation_set_creds()
304 array = nxt_conf_get_object_member(isolation, &gidname, NULL); in nxt_isolation_set_creds()
380 clone = &process->isolation.clone; in nxt_isolation_vldt_creds()
493 nxt_isolation_set_rootfs(nxt_task_t *task, nxt_conf_value_t *isolation, in nxt_isolation_set_rootfs() argument
501 obj = nxt_conf_get_object_member(isolation, &rootfs_name, NULL); in nxt_isolation_set_rootfs()
516 process->isolation.rootfs = nxt_mp_alloc(process->mem_pool, in nxt_isolation_set_rootfs()
519 if (nxt_slow_path(process->isolation.rootfs == NULL)) { in nxt_isolation_set_rootfs()
523 nxt_memcpy(process->isolation.rootfs, str.start, str.length); in nxt_isolation_set_rootfs()
525 process->isolation.rootfs[str.length] = '\0'; in nxt_isolation_set_rootfs()
533 nxt_isolation_set_automount(nxt_task_t *task, nxt_conf_value_t *isolation, in nxt_isolation_set_automount() argument
544 automount = &process->isolation.automount; in nxt_isolation_set_automount()
550 conf = nxt_conf_get_object_member(isolation, &automount_name, NULL); in nxt_isolation_set_automount()
587 if (nxt_is_clone_flag_set(process->isolation.clone.flags, NEWUSER)) { in nxt_isolation_set_mounts()
602 process->isolation.cleanup = nxt_isolation_unmount_all; in nxt_isolation_set_mounts()
631 rootfs = process->isolation.rootfs; in nxt_isolation_set_lang_mounts()
647 if (process->isolation.automount.tmpfs) { in nxt_isolation_set_lang_mounts()
673 if (process->isolation.automount.procfs) { in nxt_isolation_set_lang_mounts()
700 process->isolation.mounts = mounts; in nxt_isolation_set_lang_mounts()
735 automount = &process->isolation.automount; in nxt_isolation_unmount_all()
736 mounts = process->isolation.mounts; in nxt_isolation_unmount_all()
763 automount = &process->isolation.automount; in nxt_isolation_prepare_rootfs()
764 mounts = process->isolation.mounts; in nxt_isolation_prepare_rootfs()
817 rootfs = (char *) process->isolation.rootfs; in nxt_isolation_change_root()
821 if (nxt_is_clone_flag_set(process->isolation.clone.flags, NEWNS)) { in nxt_isolation_change_root()
1072 rootfs = (char *) process->isolation.rootfs; in nxt_isolation_change_root()
1108 nxt_isolation_set_new_privs(nxt_task_t *task, nxt_conf_value_t *isolation, in nxt_isolation_set_new_privs() argument
1115 obj = nxt_conf_get_object_member(isolation, &new_privs_name, NULL); in nxt_isolation_set_new_privs()
1117 process->isolation.new_privs = nxt_conf_get_boolean(obj); in nxt_isolation_set_new_privs()