xref: /unit/auto/isolation (revision 1503:c21230ef5a0e)
1# Copyright (C) Igor Sysoev
2# Copyright (C) NGINX, Inc.
3
4# Linux clone syscall.
5
6NXT_ISOLATION=NO
7NXT_HAVE_CLONE=NO
8NXT_HAVE_CLONE_NEWUSER=NO
9NXT_HAVE_MOUNT=NO
10NXT_HAVE_UNMOUNT=NO
11NXT_HAVE_ROOTFS=NO
12
13nsflags="USER NS PID NET UTS CGROUP"
14
15nxt_feature="clone(2)"
16nxt_feature_name=NXT_HAVE_CLONE
17nxt_feature_run=no
18nxt_feature_incs=
19nxt_feature_libs=
20nxt_feature_test="#include <sys/wait.h>
21                  #include <sys/syscall.h>
22
23                  int main() {
24                      return __NR_clone | SIGCHLD;
25                  }"
26. auto/feature
27
28if [ $nxt_found = yes ]; then
29    NXT_HAVE_CLONE=YES
30
31    # Test all isolation flags
32    for flag in $nsflags; do
33        nxt_feature="CLONE_NEW${flag}"
34        nxt_feature_name=NXT_HAVE_CLONE_NEW${flag}
35        nxt_feature_run=no
36        nxt_feature_incs=
37        nxt_feature_libs=
38        nxt_feature_test="#define _GNU_SOURCE
39                          #include <sys/wait.h>
40                          #include <sys/syscall.h>
41                          #include <sched.h>
42
43                          int main() {
44                              return CLONE_NEW$flag;
45                         }"
46        . auto/feature
47
48        if [ $nxt_found = yes ]; then
49            if [ $flag = "USER" ]; then
50                NXT_HAVE_CLONE_NEWUSER=YES
51            fi
52
53            if [ "$NXT_ISOLATION" = "NO" ]; then
54                NXT_ISOLATION=$flag
55            else
56                NXT_ISOLATION="$NXT_ISOLATION $flag"
57            fi
58        fi
59    done
60fi
61
62
63nxt_feature="Linux pivot_root()"
64nxt_feature_name=NXT_HAVE_PIVOT_ROOT
65nxt_feature_run=no
66nxt_feature_incs=
67nxt_feature_libs=
68nxt_feature_test="#include <sys/syscall.h>
69
70                  int main() {
71                      return __NR_pivot_root;
72                  }"
73. auto/feature
74
75
76nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)"
77nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0
78nxt_feature_run=no
79nxt_feature_incs=
80nxt_feature_libs=
81nxt_feature_test="#include <sys/prctl.h>
82
83                  int main() {
84                      return PR_SET_NO_NEW_PRIVS;
85                  }"
86. auto/feature
87
88
89nxt_feature="Linux mount()"
90nxt_feature_name=NXT_HAVE_LINUX_MOUNT
91nxt_feature_run=no
92nxt_feature_incs=
93nxt_feature_libs=
94nxt_feature_test="#include <sys/mount.h>
95
96                  int main() {
97                      return mount(\"/\", \"/\", \"bind\",
98                                   MS_BIND | MS_REC, \"\");
99                  }"
100. auto/feature
101
102if [ $nxt_found = yes ]; then
103    NXT_HAVE_MOUNT=YES
104fi
105
106
107if [ $nxt_found = no ]; then
108    nxt_feature="FreeBSD nmount()"
109    nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT
110    nxt_feature_run=no
111    nxt_feature_incs=
112    nxt_feature_libs=
113    nxt_feature_test="#include <sys/mount.h>
114
115                    int main() {
116                        return nmount((void *)0, 0, 0);
117                    }"
118    . auto/feature
119
120    if [ $nxt_found = yes ]; then
121        NXT_HAVE_MOUNT=YES
122    fi
123fi
124
125
126nxt_feature="Linux umount2()"
127nxt_feature_name=NXT_HAVE_LINUX_UMOUNT2
128nxt_feature_run=no
129nxt_feature_incs=
130nxt_feature_libs=
131nxt_feature_test="#include <sys/mount.h>
132
133                  int main() {
134                      return umount2((void *)0, 0);
135                  }"
136. auto/feature
137
138if [ $nxt_found = yes ]; then
139    NXT_HAVE_UNMOUNT=YES
140fi
141
142if [ $nxt_found = no ]; then
143    nxt_feature="unmount()"
144    nxt_feature_name=NXT_HAVE_UNMOUNT
145    nxt_feature_run=no
146    nxt_feature_incs=
147    nxt_feature_libs=
148    nxt_feature_test="#include <sys/mount.h>
149
150                    int main() {
151                        return unmount((void *)0, 0);
152                    }"
153    . auto/feature
154
155    if [ $nxt_found = yes ]; then
156        NXT_HAVE_UNMOUNT=YES
157    fi
158fi
159
160if [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then
161    NXT_HAVE_ROOTFS=YES
162
163    cat << END >> $NXT_AUTO_CONFIG_H
164
165#ifndef NXT_HAVE_ISOLATION_ROOTFS
166#define NXT_HAVE_ISOLATION_ROOTFS  1
167#endif
168
169END
170
171fi
172