11182St.nateldemoura@f5.com# Copyright (C) Igor Sysoev 21182St.nateldemoura@f5.com# Copyright (C) NGINX, Inc. 31182St.nateldemoura@f5.com 41182St.nateldemoura@f5.com# Linux clone syscall. 51182St.nateldemoura@f5.com 61182St.nateldemoura@f5.comNXT_ISOLATION=NO 71182St.nateldemoura@f5.comNXT_HAVE_CLONE=NO 81306St.nateldemoura@f5.comNXT_HAVE_CLONE_NEWUSER=NO 91489St.nateldemoura@f5.comNXT_HAVE_MOUNT=NO 101489St.nateldemoura@f5.comNXT_HAVE_UNMOUNT=NO 111489St.nateldemoura@f5.comNXT_HAVE_ROOTFS=NO 121182St.nateldemoura@f5.com 131182St.nateldemoura@f5.comnsflags="USER NS PID NET UTS CGROUP" 141182St.nateldemoura@f5.com 151182St.nateldemoura@f5.comnxt_feature="clone(2)" 161182St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_CLONE 171182St.nateldemoura@f5.comnxt_feature_run=no 181182St.nateldemoura@f5.comnxt_feature_incs= 191182St.nateldemoura@f5.comnxt_feature_libs= 201182St.nateldemoura@f5.comnxt_feature_test="#include <sys/wait.h> 211182St.nateldemoura@f5.com #include <sys/syscall.h> 221182St.nateldemoura@f5.com 232228Sa.clayton@nginx.com int main(void) { 242153Salx.manpages@gmail.com return SYS_clone | SIGCHLD; 251182St.nateldemoura@f5.com }" 261182St.nateldemoura@f5.com. auto/feature 271182St.nateldemoura@f5.com 281182St.nateldemoura@f5.comif [ $nxt_found = yes ]; then 291182St.nateldemoura@f5.com NXT_HAVE_CLONE=YES 301182St.nateldemoura@f5.com 311182St.nateldemoura@f5.com # Test all isolation flags 321182St.nateldemoura@f5.com for flag in $nsflags; do 331182St.nateldemoura@f5.com nxt_feature="CLONE_NEW${flag}" 341182St.nateldemoura@f5.com nxt_feature_name=NXT_HAVE_CLONE_NEW${flag} 351182St.nateldemoura@f5.com nxt_feature_run=no 361182St.nateldemoura@f5.com nxt_feature_incs= 371182St.nateldemoura@f5.com nxt_feature_libs= 381182St.nateldemoura@f5.com nxt_feature_test="#define _GNU_SOURCE 391182St.nateldemoura@f5.com #include <sys/wait.h> 401182St.nateldemoura@f5.com #include <sys/syscall.h> 411182St.nateldemoura@f5.com #include <sched.h> 421182St.nateldemoura@f5.com 432228Sa.clayton@nginx.com int main(void) { 441182St.nateldemoura@f5.com return CLONE_NEW$flag; 451182St.nateldemoura@f5.com }" 461182St.nateldemoura@f5.com . auto/feature 471182St.nateldemoura@f5.com 481182St.nateldemoura@f5.com if [ $nxt_found = yes ]; then 491306St.nateldemoura@f5.com if [ $flag = "USER" ]; then 501306St.nateldemoura@f5.com NXT_HAVE_CLONE_NEWUSER=YES 511306St.nateldemoura@f5.com fi 521306St.nateldemoura@f5.com 531182St.nateldemoura@f5.com if [ "$NXT_ISOLATION" = "NO" ]; then 541182St.nateldemoura@f5.com NXT_ISOLATION=$flag 551182St.nateldemoura@f5.com else 561182St.nateldemoura@f5.com NXT_ISOLATION="$NXT_ISOLATION $flag" 571182St.nateldemoura@f5.com fi 581182St.nateldemoura@f5.com fi 591182St.nateldemoura@f5.com done 601182St.nateldemoura@f5.comfi 611489St.nateldemoura@f5.com 621489St.nateldemoura@f5.com 631489St.nateldemoura@f5.comnxt_feature="Linux pivot_root()" 642170Salx.manpages@gmail.comnxt_feature_name=NXT_HAVE_LINUX_PIVOT_ROOT 651489St.nateldemoura@f5.comnxt_feature_run=no 661489St.nateldemoura@f5.comnxt_feature_incs= 671489St.nateldemoura@f5.comnxt_feature_libs= 681489St.nateldemoura@f5.comnxt_feature_test="#include <sys/syscall.h> 692170Salx.manpages@gmail.com #if !defined(__linux__) 702170Salx.manpages@gmail.com # error 712170Salx.manpages@gmail.com #endif 721489St.nateldemoura@f5.com 732228Sa.clayton@nginx.com int main(void) { 742153Salx.manpages@gmail.com return SYS_pivot_root; 751489St.nateldemoura@f5.com }" 761489St.nateldemoura@f5.com. auto/feature 771489St.nateldemoura@f5.com 781489St.nateldemoura@f5.com 792169Salx.manpages@gmail.comnxt_feature="<mntent.h>" 802169Salx.manpages@gmail.comnxt_feature_name=NXT_HAVE_MNTENT_H 812169Salx.manpages@gmail.comnxt_feature_run=no 822169Salx.manpages@gmail.comnxt_feature_incs= 832169Salx.manpages@gmail.comnxt_feature_libs= 842169Salx.manpages@gmail.comnxt_feature_test="#include <mntent.h> 852169Salx.manpages@gmail.com 862169Salx.manpages@gmail.com int main(void) { 872169Salx.manpages@gmail.com return 0; 882169Salx.manpages@gmail.com }" 892169Salx.manpages@gmail.com. auto/feature 902169Salx.manpages@gmail.com 912169Salx.manpages@gmail.com 921489St.nateldemoura@f5.comnxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" 93*2320Sa.clayton@nginx.comnxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS 941489St.nateldemoura@f5.comnxt_feature_run=no 951489St.nateldemoura@f5.comnxt_feature_incs= 961489St.nateldemoura@f5.comnxt_feature_libs= 971489St.nateldemoura@f5.comnxt_feature_test="#include <sys/prctl.h> 981489St.nateldemoura@f5.com 992228Sa.clayton@nginx.com int main(void) { 1001489St.nateldemoura@f5.com return PR_SET_NO_NEW_PRIVS; 1011489St.nateldemoura@f5.com }" 1021489St.nateldemoura@f5.com. auto/feature 1031489St.nateldemoura@f5.com 1041489St.nateldemoura@f5.com 1051489St.nateldemoura@f5.comnxt_feature="Linux mount()" 1061489St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_LINUX_MOUNT 1071489St.nateldemoura@f5.comnxt_feature_run=no 1081489St.nateldemoura@f5.comnxt_feature_incs= 1091489St.nateldemoura@f5.comnxt_feature_libs= 1101489St.nateldemoura@f5.comnxt_feature_test="#include <sys/mount.h> 1111489St.nateldemoura@f5.com 1122228Sa.clayton@nginx.com int main(void) { 1131503St.nateldemoura@f5.com return mount(\"/\", \"/\", \"bind\", 1141503St.nateldemoura@f5.com MS_BIND | MS_REC, \"\"); 1151489St.nateldemoura@f5.com }" 1161489St.nateldemoura@f5.com. auto/feature 1171489St.nateldemoura@f5.com 1181489St.nateldemoura@f5.comif [ $nxt_found = yes ]; then 1191489St.nateldemoura@f5.com NXT_HAVE_MOUNT=YES 1201489St.nateldemoura@f5.comfi 1211489St.nateldemoura@f5.com 1221489St.nateldemoura@f5.com 1231489St.nateldemoura@f5.comif [ $nxt_found = no ]; then 1241489St.nateldemoura@f5.com nxt_feature="FreeBSD nmount()" 1251489St.nateldemoura@f5.com nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT 1261489St.nateldemoura@f5.com nxt_feature_run=no 1271489St.nateldemoura@f5.com nxt_feature_incs= 1281489St.nateldemoura@f5.com nxt_feature_libs= 1291489St.nateldemoura@f5.com nxt_feature_test="#include <sys/mount.h> 1301489St.nateldemoura@f5.com 1312228Sa.clayton@nginx.com int main(void) { 1321489St.nateldemoura@f5.com return nmount((void *)0, 0, 0); 1331489St.nateldemoura@f5.com }" 1341489St.nateldemoura@f5.com . auto/feature 1351489St.nateldemoura@f5.com 1361489St.nateldemoura@f5.com if [ $nxt_found = yes ]; then 1371489St.nateldemoura@f5.com NXT_HAVE_MOUNT=YES 1381489St.nateldemoura@f5.com fi 1391489St.nateldemoura@f5.comfi 1401489St.nateldemoura@f5.com 1411489St.nateldemoura@f5.com 1421489St.nateldemoura@f5.comnxt_feature="Linux umount2()" 1431489St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_LINUX_UMOUNT2 1441489St.nateldemoura@f5.comnxt_feature_run=no 1451489St.nateldemoura@f5.comnxt_feature_incs= 1461489St.nateldemoura@f5.comnxt_feature_libs= 1471489St.nateldemoura@f5.comnxt_feature_test="#include <sys/mount.h> 1481489St.nateldemoura@f5.com 1492228Sa.clayton@nginx.com int main(void) { 1501489St.nateldemoura@f5.com return umount2((void *)0, 0); 1511489St.nateldemoura@f5.com }" 1521489St.nateldemoura@f5.com. auto/feature 1531489St.nateldemoura@f5.com 1541489St.nateldemoura@f5.comif [ $nxt_found = yes ]; then 1551489St.nateldemoura@f5.com NXT_HAVE_UNMOUNT=YES 1561489St.nateldemoura@f5.comfi 1571489St.nateldemoura@f5.com 1581489St.nateldemoura@f5.comif [ $nxt_found = no ]; then 1591489St.nateldemoura@f5.com nxt_feature="unmount()" 1601489St.nateldemoura@f5.com nxt_feature_name=NXT_HAVE_UNMOUNT 1611489St.nateldemoura@f5.com nxt_feature_run=no 1621489St.nateldemoura@f5.com nxt_feature_incs= 1631489St.nateldemoura@f5.com nxt_feature_libs= 1641489St.nateldemoura@f5.com nxt_feature_test="#include <sys/mount.h> 1651489St.nateldemoura@f5.com 1662228Sa.clayton@nginx.com int main(void) { 1671489St.nateldemoura@f5.com return unmount((void *)0, 0); 1681489St.nateldemoura@f5.com }" 1691489St.nateldemoura@f5.com . auto/feature 1701489St.nateldemoura@f5.com 1711489St.nateldemoura@f5.com if [ $nxt_found = yes ]; then 1721489St.nateldemoura@f5.com NXT_HAVE_UNMOUNT=YES 1731489St.nateldemoura@f5.com fi 1741489St.nateldemoura@f5.comfi 1751489St.nateldemoura@f5.com 1761489St.nateldemoura@f5.comif [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then 1771489St.nateldemoura@f5.com NXT_HAVE_ROOTFS=YES 1781489St.nateldemoura@f5.com 1791489St.nateldemoura@f5.com cat << END >> $NXT_AUTO_CONFIG_H 1801489St.nateldemoura@f5.com 1811489St.nateldemoura@f5.com#ifndef NXT_HAVE_ISOLATION_ROOTFS 1821489St.nateldemoura@f5.com#define NXT_HAVE_ISOLATION_ROOTFS 1 1831489St.nateldemoura@f5.com#endif 1841489St.nateldemoura@f5.com 1851489St.nateldemoura@f5.comEND 1861489St.nateldemoura@f5.com 1871489St.nateldemoura@f5.comfi 188