1# Copyright (C) Igor Sysoev 2# Copyright (C) NGINX, Inc. 3 4# Linux clone syscall. 5 6NXT_ISOLATION=NO 7NXT_HAVE_CLONE=NO 8NXT_HAVE_CLONE_NEWUSER=NO 9NXT_HAVE_MOUNT=NO 10NXT_HAVE_UNMOUNT=NO 11NXT_HAVE_ROOTFS=NO 12 13nsflags="USER NS PID NET UTS CGROUP" 14 15nxt_feature="clone(2)" 16nxt_feature_name=NXT_HAVE_CLONE 17nxt_feature_run=no 18nxt_feature_incs= 19nxt_feature_libs= 20nxt_feature_test="#include <sys/wait.h> 21 #include <sys/syscall.h> 22 23 int main() { 24 return SYS_clone | SIGCHLD; 25 }" 26. auto/feature 27 28if [ $nxt_found = yes ]; then 29 NXT_HAVE_CLONE=YES 30 31 # Test all isolation flags 32 for flag in $nsflags; do 33 nxt_feature="CLONE_NEW${flag}" 34 nxt_feature_name=NXT_HAVE_CLONE_NEW${flag} 35 nxt_feature_run=no 36 nxt_feature_incs= 37 nxt_feature_libs= 38 nxt_feature_test="#define _GNU_SOURCE 39 #include <sys/wait.h> 40 #include <sys/syscall.h> 41 #include <sched.h> 42 43 int main() { 44 return CLONE_NEW$flag; 45 }" 46 . auto/feature 47 48 if [ $nxt_found = yes ]; then 49 if [ $flag = "USER" ]; then 50 NXT_HAVE_CLONE_NEWUSER=YES 51 fi 52 53 if [ "$NXT_ISOLATION" = "NO" ]; then 54 NXT_ISOLATION=$flag 55 else 56 NXT_ISOLATION="$NXT_ISOLATION $flag" 57 fi 58 fi 59 done 60fi 61 62 63nxt_feature="Linux pivot_root()" 64nxt_feature_name=NXT_HAVE_PIVOT_ROOT 65nxt_feature_run=no 66nxt_feature_incs= 67nxt_feature_libs= 68nxt_feature_test="#include <sys/syscall.h> 69 70 int main() { 71 return SYS_pivot_root; 72 }" 73. auto/feature 74 75 76nxt_feature="<mntent.h>" 77nxt_feature_name=NXT_HAVE_MNTENT_H 78nxt_feature_run=no 79nxt_feature_incs= 80nxt_feature_libs= 81nxt_feature_test="#include <mntent.h> 82 83 int main(void) { 84 return 0; 85 }" 86. auto/feature 87 88 89nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" 90nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0 91nxt_feature_run=no 92nxt_feature_incs= 93nxt_feature_libs= 94nxt_feature_test="#include <sys/prctl.h> 95 96 int main() { 97 return PR_SET_NO_NEW_PRIVS; 98 }" 99. auto/feature 100 101 102nxt_feature="Linux mount()" 103nxt_feature_name=NXT_HAVE_LINUX_MOUNT 104nxt_feature_run=no 105nxt_feature_incs= 106nxt_feature_libs= 107nxt_feature_test="#include <sys/mount.h> 108 109 int main() { 110 return mount(\"/\", \"/\", \"bind\", 111 MS_BIND | MS_REC, \"\"); 112 }" 113. auto/feature 114 115if [ $nxt_found = yes ]; then 116 NXT_HAVE_MOUNT=YES 117fi 118 119 120if [ $nxt_found = no ]; then 121 nxt_feature="FreeBSD nmount()" 122 nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT 123 nxt_feature_run=no 124 nxt_feature_incs= 125 nxt_feature_libs= 126 nxt_feature_test="#include <sys/mount.h> 127 128 int main() { 129 return nmount((void *)0, 0, 0); 130 }" 131 . auto/feature 132 133 if [ $nxt_found = yes ]; then 134 NXT_HAVE_MOUNT=YES 135 fi 136fi 137 138 139nxt_feature="Linux umount2()" 140nxt_feature_name=NXT_HAVE_LINUX_UMOUNT2 141nxt_feature_run=no 142nxt_feature_incs= 143nxt_feature_libs= 144nxt_feature_test="#include <sys/mount.h> 145 146 int main() { 147 return umount2((void *)0, 0); 148 }" 149. auto/feature 150 151if [ $nxt_found = yes ]; then 152 NXT_HAVE_UNMOUNT=YES 153fi 154 155if [ $nxt_found = no ]; then 156 nxt_feature="unmount()" 157 nxt_feature_name=NXT_HAVE_UNMOUNT 158 nxt_feature_run=no 159 nxt_feature_incs= 160 nxt_feature_libs= 161 nxt_feature_test="#include <sys/mount.h> 162 163 int main() { 164 return unmount((void *)0, 0); 165 }" 166 . auto/feature 167 168 if [ $nxt_found = yes ]; then 169 NXT_HAVE_UNMOUNT=YES 170 fi 171fi 172 173if [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then 174 NXT_HAVE_ROOTFS=YES 175 176 cat << END >> $NXT_AUTO_CONFIG_H 177 178#ifndef NXT_HAVE_ISOLATION_ROOTFS 179#define NXT_HAVE_ISOLATION_ROOTFS 1 180#endif 181 182END 183 184fi 185