xref: /unit/auto/isolation (revision 2170:8eee6cdafb58)
1# Copyright (C) Igor Sysoev
2# Copyright (C) NGINX, Inc.
3
4# Linux clone syscall.
5
6NXT_ISOLATION=NO
7NXT_HAVE_CLONE=NO
8NXT_HAVE_CLONE_NEWUSER=NO
9NXT_HAVE_MOUNT=NO
10NXT_HAVE_UNMOUNT=NO
11NXT_HAVE_ROOTFS=NO
12
13nsflags="USER NS PID NET UTS CGROUP"
14
15nxt_feature="clone(2)"
16nxt_feature_name=NXT_HAVE_CLONE
17nxt_feature_run=no
18nxt_feature_incs=
19nxt_feature_libs=
20nxt_feature_test="#include <sys/wait.h>
21                  #include <sys/syscall.h>
22
23                  int main() {
24                      return SYS_clone | SIGCHLD;
25                  }"
26. auto/feature
27
28if [ $nxt_found = yes ]; then
29    NXT_HAVE_CLONE=YES
30
31    # Test all isolation flags
32    for flag in $nsflags; do
33        nxt_feature="CLONE_NEW${flag}"
34        nxt_feature_name=NXT_HAVE_CLONE_NEW${flag}
35        nxt_feature_run=no
36        nxt_feature_incs=
37        nxt_feature_libs=
38        nxt_feature_test="#define _GNU_SOURCE
39                          #include <sys/wait.h>
40                          #include <sys/syscall.h>
41                          #include <sched.h>
42
43                          int main() {
44                              return CLONE_NEW$flag;
45                         }"
46        . auto/feature
47
48        if [ $nxt_found = yes ]; then
49            if [ $flag = "USER" ]; then
50                NXT_HAVE_CLONE_NEWUSER=YES
51            fi
52
53            if [ "$NXT_ISOLATION" = "NO" ]; then
54                NXT_ISOLATION=$flag
55            else
56                NXT_ISOLATION="$NXT_ISOLATION $flag"
57            fi
58        fi
59    done
60fi
61
62
63nxt_feature="Linux pivot_root()"
64nxt_feature_name=NXT_HAVE_LINUX_PIVOT_ROOT
65nxt_feature_run=no
66nxt_feature_incs=
67nxt_feature_libs=
68nxt_feature_test="#include <sys/syscall.h>
69                  #if !defined(__linux__)
70                  # error
71                  #endif
72
73                  int main() {
74                      return SYS_pivot_root;
75                  }"
76. auto/feature
77
78
79nxt_feature="<mntent.h>"
80nxt_feature_name=NXT_HAVE_MNTENT_H
81nxt_feature_run=no
82nxt_feature_incs=
83nxt_feature_libs=
84nxt_feature_test="#include <mntent.h>
85
86                  int main(void) {
87                      return 0;
88                  }"
89. auto/feature
90
91
92nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)"
93nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0
94nxt_feature_run=no
95nxt_feature_incs=
96nxt_feature_libs=
97nxt_feature_test="#include <sys/prctl.h>
98
99                  int main() {
100                      return PR_SET_NO_NEW_PRIVS;
101                  }"
102. auto/feature
103
104
105nxt_feature="Linux mount()"
106nxt_feature_name=NXT_HAVE_LINUX_MOUNT
107nxt_feature_run=no
108nxt_feature_incs=
109nxt_feature_libs=
110nxt_feature_test="#include <sys/mount.h>
111
112                  int main() {
113                      return mount(\"/\", \"/\", \"bind\",
114                                   MS_BIND | MS_REC, \"\");
115                  }"
116. auto/feature
117
118if [ $nxt_found = yes ]; then
119    NXT_HAVE_MOUNT=YES
120fi
121
122
123if [ $nxt_found = no ]; then
124    nxt_feature="FreeBSD nmount()"
125    nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT
126    nxt_feature_run=no
127    nxt_feature_incs=
128    nxt_feature_libs=
129    nxt_feature_test="#include <sys/mount.h>
130
131                    int main() {
132                        return nmount((void *)0, 0, 0);
133                    }"
134    . auto/feature
135
136    if [ $nxt_found = yes ]; then
137        NXT_HAVE_MOUNT=YES
138    fi
139fi
140
141
142nxt_feature="Linux umount2()"
143nxt_feature_name=NXT_HAVE_LINUX_UMOUNT2
144nxt_feature_run=no
145nxt_feature_incs=
146nxt_feature_libs=
147nxt_feature_test="#include <sys/mount.h>
148
149                  int main() {
150                      return umount2((void *)0, 0);
151                  }"
152. auto/feature
153
154if [ $nxt_found = yes ]; then
155    NXT_HAVE_UNMOUNT=YES
156fi
157
158if [ $nxt_found = no ]; then
159    nxt_feature="unmount()"
160    nxt_feature_name=NXT_HAVE_UNMOUNT
161    nxt_feature_run=no
162    nxt_feature_incs=
163    nxt_feature_libs=
164    nxt_feature_test="#include <sys/mount.h>
165
166                    int main() {
167                        return unmount((void *)0, 0);
168                    }"
169    . auto/feature
170
171    if [ $nxt_found = yes ]; then
172        NXT_HAVE_UNMOUNT=YES
173    fi
174fi
175
176if [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then
177    NXT_HAVE_ROOTFS=YES
178
179    cat << END >> $NXT_AUTO_CONFIG_H
180
181#ifndef NXT_HAVE_ISOLATION_ROOTFS
182#define NXT_HAVE_ISOLATION_ROOTFS  1
183#endif
184
185END
186
187fi
188