11182St.nateldemoura@f5.com# Copyright (C) Igor Sysoev 21182St.nateldemoura@f5.com# Copyright (C) NGINX, Inc. 31182St.nateldemoura@f5.com 41182St.nateldemoura@f5.com# Linux clone syscall. 51182St.nateldemoura@f5.com 61182St.nateldemoura@f5.comNXT_ISOLATION=NO 71182St.nateldemoura@f5.comNXT_HAVE_CLONE=NO 81306St.nateldemoura@f5.comNXT_HAVE_CLONE_NEWUSER=NO 91489St.nateldemoura@f5.comNXT_HAVE_MOUNT=NO 101489St.nateldemoura@f5.comNXT_HAVE_UNMOUNT=NO 111489St.nateldemoura@f5.comNXT_HAVE_ROOTFS=NO 121182St.nateldemoura@f5.com 131182St.nateldemoura@f5.comnsflags="USER NS PID NET UTS CGROUP" 141182St.nateldemoura@f5.com 151182St.nateldemoura@f5.comnxt_feature="clone(2)" 161182St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_CLONE 171182St.nateldemoura@f5.comnxt_feature_run=no 181182St.nateldemoura@f5.comnxt_feature_incs= 191182St.nateldemoura@f5.comnxt_feature_libs= 201182St.nateldemoura@f5.comnxt_feature_test="#include <sys/wait.h> 211182St.nateldemoura@f5.com #include <sys/syscall.h> 221182St.nateldemoura@f5.com 231182St.nateldemoura@f5.com int main() { 241182St.nateldemoura@f5.com return __NR_clone | SIGCHLD; 251182St.nateldemoura@f5.com }" 261182St.nateldemoura@f5.com. auto/feature 271182St.nateldemoura@f5.com 281182St.nateldemoura@f5.comif [ $nxt_found = yes ]; then 291182St.nateldemoura@f5.com NXT_HAVE_CLONE=YES 301182St.nateldemoura@f5.com 311182St.nateldemoura@f5.com # Test all isolation flags 321182St.nateldemoura@f5.com for flag in $nsflags; do 331182St.nateldemoura@f5.com nxt_feature="CLONE_NEW${flag}" 341182St.nateldemoura@f5.com nxt_feature_name=NXT_HAVE_CLONE_NEW${flag} 351182St.nateldemoura@f5.com nxt_feature_run=no 361182St.nateldemoura@f5.com nxt_feature_incs= 371182St.nateldemoura@f5.com nxt_feature_libs= 381182St.nateldemoura@f5.com nxt_feature_test="#define _GNU_SOURCE 391182St.nateldemoura@f5.com #include <sys/wait.h> 401182St.nateldemoura@f5.com #include <sys/syscall.h> 411182St.nateldemoura@f5.com #include <sched.h> 421182St.nateldemoura@f5.com 431182St.nateldemoura@f5.com int main() { 441182St.nateldemoura@f5.com return CLONE_NEW$flag; 451182St.nateldemoura@f5.com }" 461182St.nateldemoura@f5.com . auto/feature 471182St.nateldemoura@f5.com 481182St.nateldemoura@f5.com if [ $nxt_found = yes ]; then 491306St.nateldemoura@f5.com if [ $flag = "USER" ]; then 501306St.nateldemoura@f5.com NXT_HAVE_CLONE_NEWUSER=YES 511306St.nateldemoura@f5.com fi 521306St.nateldemoura@f5.com 531182St.nateldemoura@f5.com if [ "$NXT_ISOLATION" = "NO" ]; then 541182St.nateldemoura@f5.com NXT_ISOLATION=$flag 551182St.nateldemoura@f5.com else 561182St.nateldemoura@f5.com NXT_ISOLATION="$NXT_ISOLATION $flag" 571182St.nateldemoura@f5.com fi 581182St.nateldemoura@f5.com fi 591182St.nateldemoura@f5.com done 601182St.nateldemoura@f5.comfi 611489St.nateldemoura@f5.com 621489St.nateldemoura@f5.com 631489St.nateldemoura@f5.comnxt_feature="Linux pivot_root()" 641489St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_PIVOT_ROOT 651489St.nateldemoura@f5.comnxt_feature_run=no 661489St.nateldemoura@f5.comnxt_feature_incs= 671489St.nateldemoura@f5.comnxt_feature_libs= 681489St.nateldemoura@f5.comnxt_feature_test="#include <sys/syscall.h> 691489St.nateldemoura@f5.com 701489St.nateldemoura@f5.com int main() { 711489St.nateldemoura@f5.com return __NR_pivot_root; 721489St.nateldemoura@f5.com }" 731489St.nateldemoura@f5.com. auto/feature 741489St.nateldemoura@f5.com 751489St.nateldemoura@f5.com 761489St.nateldemoura@f5.comnxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" 771489St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0 781489St.nateldemoura@f5.comnxt_feature_run=no 791489St.nateldemoura@f5.comnxt_feature_incs= 801489St.nateldemoura@f5.comnxt_feature_libs= 811489St.nateldemoura@f5.comnxt_feature_test="#include <sys/prctl.h> 821489St.nateldemoura@f5.com 831489St.nateldemoura@f5.com int main() { 841489St.nateldemoura@f5.com return PR_SET_NO_NEW_PRIVS; 851489St.nateldemoura@f5.com }" 861489St.nateldemoura@f5.com. auto/feature 871489St.nateldemoura@f5.com 881489St.nateldemoura@f5.com 891489St.nateldemoura@f5.comnxt_feature="Linux mount()" 901489St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_LINUX_MOUNT 911489St.nateldemoura@f5.comnxt_feature_run=no 921489St.nateldemoura@f5.comnxt_feature_incs= 931489St.nateldemoura@f5.comnxt_feature_libs= 941489St.nateldemoura@f5.comnxt_feature_test="#include <sys/mount.h> 951489St.nateldemoura@f5.com 961489St.nateldemoura@f5.com int main() { 97*1503St.nateldemoura@f5.com return mount(\"/\", \"/\", \"bind\", 98*1503St.nateldemoura@f5.com MS_BIND | MS_REC, \"\"); 991489St.nateldemoura@f5.com }" 1001489St.nateldemoura@f5.com. auto/feature 1011489St.nateldemoura@f5.com 1021489St.nateldemoura@f5.comif [ $nxt_found = yes ]; then 1031489St.nateldemoura@f5.com NXT_HAVE_MOUNT=YES 1041489St.nateldemoura@f5.comfi 1051489St.nateldemoura@f5.com 1061489St.nateldemoura@f5.com 1071489St.nateldemoura@f5.comif [ $nxt_found = no ]; then 1081489St.nateldemoura@f5.com nxt_feature="FreeBSD nmount()" 1091489St.nateldemoura@f5.com nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT 1101489St.nateldemoura@f5.com nxt_feature_run=no 1111489St.nateldemoura@f5.com nxt_feature_incs= 1121489St.nateldemoura@f5.com nxt_feature_libs= 1131489St.nateldemoura@f5.com nxt_feature_test="#include <sys/mount.h> 1141489St.nateldemoura@f5.com 1151489St.nateldemoura@f5.com int main() { 1161489St.nateldemoura@f5.com return nmount((void *)0, 0, 0); 1171489St.nateldemoura@f5.com }" 1181489St.nateldemoura@f5.com . auto/feature 1191489St.nateldemoura@f5.com 1201489St.nateldemoura@f5.com if [ $nxt_found = yes ]; then 1211489St.nateldemoura@f5.com NXT_HAVE_MOUNT=YES 1221489St.nateldemoura@f5.com fi 1231489St.nateldemoura@f5.comfi 1241489St.nateldemoura@f5.com 1251489St.nateldemoura@f5.com 1261489St.nateldemoura@f5.comnxt_feature="Linux umount2()" 1271489St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_LINUX_UMOUNT2 1281489St.nateldemoura@f5.comnxt_feature_run=no 1291489St.nateldemoura@f5.comnxt_feature_incs= 1301489St.nateldemoura@f5.comnxt_feature_libs= 1311489St.nateldemoura@f5.comnxt_feature_test="#include <sys/mount.h> 1321489St.nateldemoura@f5.com 1331489St.nateldemoura@f5.com int main() { 1341489St.nateldemoura@f5.com return umount2((void *)0, 0); 1351489St.nateldemoura@f5.com }" 1361489St.nateldemoura@f5.com. auto/feature 1371489St.nateldemoura@f5.com 1381489St.nateldemoura@f5.comif [ $nxt_found = yes ]; then 1391489St.nateldemoura@f5.com NXT_HAVE_UNMOUNT=YES 1401489St.nateldemoura@f5.comfi 1411489St.nateldemoura@f5.com 1421489St.nateldemoura@f5.comif [ $nxt_found = no ]; then 1431489St.nateldemoura@f5.com nxt_feature="unmount()" 1441489St.nateldemoura@f5.com nxt_feature_name=NXT_HAVE_UNMOUNT 1451489St.nateldemoura@f5.com nxt_feature_run=no 1461489St.nateldemoura@f5.com nxt_feature_incs= 1471489St.nateldemoura@f5.com nxt_feature_libs= 1481489St.nateldemoura@f5.com nxt_feature_test="#include <sys/mount.h> 1491489St.nateldemoura@f5.com 1501489St.nateldemoura@f5.com int main() { 1511489St.nateldemoura@f5.com return unmount((void *)0, 0); 1521489St.nateldemoura@f5.com }" 1531489St.nateldemoura@f5.com . auto/feature 1541489St.nateldemoura@f5.com 1551489St.nateldemoura@f5.com if [ $nxt_found = yes ]; then 1561489St.nateldemoura@f5.com NXT_HAVE_UNMOUNT=YES 1571489St.nateldemoura@f5.com fi 1581489St.nateldemoura@f5.comfi 1591489St.nateldemoura@f5.com 1601489St.nateldemoura@f5.comif [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then 1611489St.nateldemoura@f5.com NXT_HAVE_ROOTFS=YES 1621489St.nateldemoura@f5.com 1631489St.nateldemoura@f5.com cat << END >> $NXT_AUTO_CONFIG_H 1641489St.nateldemoura@f5.com 1651489St.nateldemoura@f5.com#ifndef NXT_HAVE_ISOLATION_ROOTFS 1661489St.nateldemoura@f5.com#define NXT_HAVE_ISOLATION_ROOTFS 1 1671489St.nateldemoura@f5.com#endif 1681489St.nateldemoura@f5.com 1691489St.nateldemoura@f5.comEND 1701489St.nateldemoura@f5.com 1711489St.nateldemoura@f5.comfi 172