xref: /unit/auto/isolation (revision 2169:b8afbff114fc)
1# Copyright (C) Igor Sysoev
2# Copyright (C) NGINX, Inc.
3
4# Linux clone syscall.
5
6NXT_ISOLATION=NO
7NXT_HAVE_CLONE=NO
8NXT_HAVE_CLONE_NEWUSER=NO
9NXT_HAVE_MOUNT=NO
10NXT_HAVE_UNMOUNT=NO
11NXT_HAVE_ROOTFS=NO
12
13nsflags="USER NS PID NET UTS CGROUP"
14
15nxt_feature="clone(2)"
16nxt_feature_name=NXT_HAVE_CLONE
17nxt_feature_run=no
18nxt_feature_incs=
19nxt_feature_libs=
20nxt_feature_test="#include <sys/wait.h>
21                  #include <sys/syscall.h>
22
23                  int main() {
24                      return SYS_clone | SIGCHLD;
25                  }"
26. auto/feature
27
28if [ $nxt_found = yes ]; then
29    NXT_HAVE_CLONE=YES
30
31    # Test all isolation flags
32    for flag in $nsflags; do
33        nxt_feature="CLONE_NEW${flag}"
34        nxt_feature_name=NXT_HAVE_CLONE_NEW${flag}
35        nxt_feature_run=no
36        nxt_feature_incs=
37        nxt_feature_libs=
38        nxt_feature_test="#define _GNU_SOURCE
39                          #include <sys/wait.h>
40                          #include <sys/syscall.h>
41                          #include <sched.h>
42
43                          int main() {
44                              return CLONE_NEW$flag;
45                         }"
46        . auto/feature
47
48        if [ $nxt_found = yes ]; then
49            if [ $flag = "USER" ]; then
50                NXT_HAVE_CLONE_NEWUSER=YES
51            fi
52
53            if [ "$NXT_ISOLATION" = "NO" ]; then
54                NXT_ISOLATION=$flag
55            else
56                NXT_ISOLATION="$NXT_ISOLATION $flag"
57            fi
58        fi
59    done
60fi
61
62
63nxt_feature="Linux pivot_root()"
64nxt_feature_name=NXT_HAVE_PIVOT_ROOT
65nxt_feature_run=no
66nxt_feature_incs=
67nxt_feature_libs=
68nxt_feature_test="#include <sys/syscall.h>
69
70                  int main() {
71                      return SYS_pivot_root;
72                  }"
73. auto/feature
74
75
76nxt_feature="<mntent.h>"
77nxt_feature_name=NXT_HAVE_MNTENT_H
78nxt_feature_run=no
79nxt_feature_incs=
80nxt_feature_libs=
81nxt_feature_test="#include <mntent.h>
82
83                  int main(void) {
84                      return 0;
85                  }"
86. auto/feature
87
88
89nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)"
90nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0
91nxt_feature_run=no
92nxt_feature_incs=
93nxt_feature_libs=
94nxt_feature_test="#include <sys/prctl.h>
95
96                  int main() {
97                      return PR_SET_NO_NEW_PRIVS;
98                  }"
99. auto/feature
100
101
102nxt_feature="Linux mount()"
103nxt_feature_name=NXT_HAVE_LINUX_MOUNT
104nxt_feature_run=no
105nxt_feature_incs=
106nxt_feature_libs=
107nxt_feature_test="#include <sys/mount.h>
108
109                  int main() {
110                      return mount(\"/\", \"/\", \"bind\",
111                                   MS_BIND | MS_REC, \"\");
112                  }"
113. auto/feature
114
115if [ $nxt_found = yes ]; then
116    NXT_HAVE_MOUNT=YES
117fi
118
119
120if [ $nxt_found = no ]; then
121    nxt_feature="FreeBSD nmount()"
122    nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT
123    nxt_feature_run=no
124    nxt_feature_incs=
125    nxt_feature_libs=
126    nxt_feature_test="#include <sys/mount.h>
127
128                    int main() {
129                        return nmount((void *)0, 0, 0);
130                    }"
131    . auto/feature
132
133    if [ $nxt_found = yes ]; then
134        NXT_HAVE_MOUNT=YES
135    fi
136fi
137
138
139nxt_feature="Linux umount2()"
140nxt_feature_name=NXT_HAVE_LINUX_UMOUNT2
141nxt_feature_run=no
142nxt_feature_incs=
143nxt_feature_libs=
144nxt_feature_test="#include <sys/mount.h>
145
146                  int main() {
147                      return umount2((void *)0, 0);
148                  }"
149. auto/feature
150
151if [ $nxt_found = yes ]; then
152    NXT_HAVE_UNMOUNT=YES
153fi
154
155if [ $nxt_found = no ]; then
156    nxt_feature="unmount()"
157    nxt_feature_name=NXT_HAVE_UNMOUNT
158    nxt_feature_run=no
159    nxt_feature_incs=
160    nxt_feature_libs=
161    nxt_feature_test="#include <sys/mount.h>
162
163                    int main() {
164                        return unmount((void *)0, 0);
165                    }"
166    . auto/feature
167
168    if [ $nxt_found = yes ]; then
169        NXT_HAVE_UNMOUNT=YES
170    fi
171fi
172
173if [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then
174    NXT_HAVE_ROOTFS=YES
175
176    cat << END >> $NXT_AUTO_CONFIG_H
177
178#ifndef NXT_HAVE_ISOLATION_ROOTFS
179#define NXT_HAVE_ISOLATION_ROOTFS  1
180#endif
181
182END
183
184fi
185