/unit/test/ |
H A D | test_go_isolation.py | 90 isolation={ 150 isolation={ 166 isolation={ 230 client.load('ns_inspect', isolation=isolation) 287 isolation['namespaces'] = { 293 client.load('ns_inspect', isolation=isolation) 306 isolation = { 311 client.load('ns_inspect', isolation=isolation) 344 isolation['namespaces'] = { 352 client.load('ns_inspect', isolation=isolation) [all …]
|
H A D | test_python_isolation.py | 35 isolation = {'rootfs': temp_dir} 51 isolation['namespaces'] = { 57 client.load('ns_inspect', isolation=isolation) 84 client.load('empty', isolation=isolation) 92 isolation['automount']['language_deps'] = True 94 client.load('empty', isolation=isolation) 110 client.load('ns_inspect', isolation=isolation) 116 isolation['automount']['procfs'] = True 118 client.load('ns_inspect', isolation=isolation) 129 isolation = {'cgroup': {'path': path}} [all …]
|
H A D | test_php_isolation.py | 9 isolation = {'rootfs': temp_dir} 25 isolation['namespaces'] = { 31 client.load('phpinfo', isolation=isolation) 44 isolation = {'rootfs': temp_dir} 60 isolation['namespaces'] = { 66 client.load('list-extensions', isolation=isolation)
|
H A D | test_ruby_isolation.py | 9 isolation = {'rootfs': temp_dir} 25 isolation['namespaces'] = { 31 client.load('status_int', isolation=isolation)
|
H A D | test_go_isolation_rootfs.py | 13 client.load('ns_inspect', isolation={'rootfs': temp_dir})
|
H A D | test_python_isolation_chroot.py | 9 client.load('ns_inspect', isolation={'rootfs': temp_dir})
|
H A D | test_java_isolation_rootfs.py | 55 client.load('empty_war', isolation={'rootfs': temp_dir})
|
/unit/src/ |
H A D | nxt_isolation.c | 84 process->isolation.new_privs = 1; in nxt_isolation_main_prefork() 87 if (app_conf->isolation != NULL) { in nxt_isolation_main_prefork() 131 if (process->isolation.rootfs != NULL) { in nxt_isolation_main_prefork() 292 clone = &process->isolation.clone; in nxt_isolation_set_creds() 380 clone = &process->isolation.clone; in nxt_isolation_vldt_creds() 544 automount = &process->isolation.automount; in nxt_isolation_set_automount() 631 rootfs = process->isolation.rootfs; in nxt_isolation_set_lang_mounts() 647 if (process->isolation.automount.tmpfs) { in nxt_isolation_set_lang_mounts() 700 process->isolation.mounts = mounts; in nxt_isolation_set_lang_mounts() 736 mounts = process->isolation.mounts; in nxt_isolation_unmount_all() [all …]
|
H A D | nxt_cgroup.c | 27 || process->isolation.cgroup.path == NULL) in nxt_cgroup_proc_add() 32 ret = nxt_mk_cgpath(task, process->isolation.cgroup.path, cgprocs); in nxt_cgroup_proc_add() 79 ret = nxt_mk_cgpath(task, process->isolation.cgroup.path, cgpath); in nxt_cgroup_cleanup()
|
H A D | nxt_application.h | 127 nxt_conf_value_t *isolation; member
|
H A D | nxt_process.c | 25 nxt_is_clone_flag_set(process->isolation.clone.flags, NEWPID) 448 if (process->isolation.clone.flags == 0) { in nxt_process_unshare() 452 ret = unshare(process->isolation.clone.flags); in nxt_process_unshare() 626 process->name, process->isolation.cgroup.path, nxt_errno); in nxt_process_create() 1030 && nxt_is_clone_flag_set(process->isolation.clone.flags, NEWUSER)) in nxt_process_apply_creds() 1049 if (nxt_slow_path(process->isolation.new_privs == 0 in nxt_process_apply_creds()
|
H A D | nxt_main_process.c | 153 offsetof(nxt_common_app_conf_t, isolation), 647 if (nxt_is_clone_flag_set(process->isolation.clone.flags, NEWUSER)) { in nxt_main_process_created_handler() 650 &process->isolation.clone) in nxt_main_process_created_handler() 1099 if (process->isolation.cleanup != NULL) { in nxt_main_process_cleanup() 1100 process->isolation.cleanup(task, process); in nxt_main_process_cleanup() 1103 if (process->isolation.cgroup_cleanup != NULL) { in nxt_main_process_cleanup() 1104 process->isolation.cgroup_cleanup(task, process); in nxt_main_process_cleanup()
|
H A D | nxt_process.h | 128 nxt_process_isolation_t isolation; member
|
H A D | nxt_java.c | 85 rootfs = (char *) process->isolation.rootfs; in nxt_java_setup() 112 p = nxt_cpymem(path, process->isolation.rootfs, rootfs_len); in nxt_java_setup()
|
H A D | nxt_application.c | 551 if (process->isolation.rootfs != NULL) { in nxt_proto_setup() 552 if (process->isolation.mounts != NULL) { in nxt_proto_setup()
|
/unit/test/unit/check/ |
H A D | isolation.py | 146 isolation = {'user': userns} 153 isolation['unprivileged_userns_clone'] = True 158 isolation[ns] = ns_value 160 return isolation
|
H A D | discover_available.py | 6 from unit.check.isolation import check_isolation
|
/unit/auto/ |
H A D | summary | 34 process isolation: ......... $NXT_ISOLATION
|
H A D | isolation | 31 # Test all isolation flags
|
/unit/ |
H A D | configure | 136 . auto/isolation
|
H A D | CHANGES | 27 *) Bugfix: "uidmap" and "gidmap" isolation options validation. 451 isolation was used; the bug had appeared in 1.21.0. 463 isolation is used. 491 *) Feature: the "procfs" and "tmpfs" automount isolation options to 498 "rootfs" isolation. 503 applications that use "rootfs" isolation. 534 *) Feature: the "automount" option in the "isolation" object allows to 593 *) Feature: the "rootfs" isolation option for changing root filesystem 701 *) Bugfix: explicit setting a namespaces isolation option to false might 723 *) Feature: isolation of application processes with Linux namespaces.
|
/unit/docs/ |
H A D | unit-openapi.yaml | 4623 isolation: 4704 isolation: 4730 isolation: 5341 isolation: 5343 description: "Manages the isolation of an application process."
|