1# Copyright (C) Igor Sysoev 2# Copyright (C) NGINX, Inc. 3 4# Linux clone syscall. 5 6NXT_ISOLATION=NO 7NXT_HAVE_CLONE=NO 8NXT_HAVE_CLONE_NEWUSER=NO 9NXT_HAVE_MOUNT=NO 10NXT_HAVE_UNMOUNT=NO 11NXT_HAVE_ROOTFS=NO 12 13nsflags="USER NS PID NET UTS CGROUP" 14 15nxt_feature="clone(2)" 16nxt_feature_name=NXT_HAVE_CLONE 17nxt_feature_run=no 18nxt_feature_incs= 19nxt_feature_libs= 20nxt_feature_test="#include <sys/wait.h> 21 #include <sys/syscall.h> 22 23 int main() { 24 return __NR_clone | SIGCHLD; 25 }" 26. auto/feature 27 28if [ $nxt_found = yes ]; then 29 NXT_HAVE_CLONE=YES 30 31 # Test all isolation flags 32 for flag in $nsflags; do 33 nxt_feature="CLONE_NEW${flag}" 34 nxt_feature_name=NXT_HAVE_CLONE_NEW${flag} 35 nxt_feature_run=no 36 nxt_feature_incs= 37 nxt_feature_libs= 38 nxt_feature_test="#define _GNU_SOURCE 39 #include <sys/wait.h> 40 #include <sys/syscall.h> 41 #include <sched.h> 42 43 int main() { 44 return CLONE_NEW$flag; 45 }" 46 . auto/feature 47 48 if [ $nxt_found = yes ]; then 49 if [ $flag = "USER" ]; then 50 NXT_HAVE_CLONE_NEWUSER=YES 51 fi 52 53 if [ "$NXT_ISOLATION" = "NO" ]; then 54 NXT_ISOLATION=$flag 55 else 56 NXT_ISOLATION="$NXT_ISOLATION $flag" 57 fi 58 fi 59 done 60fi 61 62 63nxt_feature="Linux pivot_root()" 64nxt_feature_name=NXT_HAVE_PIVOT_ROOT 65nxt_feature_run=no 66nxt_feature_incs= 67nxt_feature_libs= 68nxt_feature_test="#include <sys/syscall.h> 69 70 int main() { 71 return __NR_pivot_root; 72 }" 73. auto/feature 74 75 76nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" 77nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0 78nxt_feature_run=no 79nxt_feature_incs= 80nxt_feature_libs= 81nxt_feature_test="#include <sys/prctl.h> 82 83 int main() { 84 return PR_SET_NO_NEW_PRIVS; 85 }" 86. auto/feature 87 88 89nxt_feature="Linux mount()" 90nxt_feature_name=NXT_HAVE_LINUX_MOUNT 91nxt_feature_run=no 92nxt_feature_incs= 93nxt_feature_libs= 94nxt_feature_test="#include <sys/mount.h> 95 96 int main() { 97 return mount((void*)0, (void*)0, (void*)0, 0, (void*)0); 98 }" 99. auto/feature 100 101if [ $nxt_found = yes ]; then 102 NXT_HAVE_MOUNT=YES 103fi 104 105 106nxt_feature="Bind mount()" 107nxt_feature_name=NXT_HAVE_BIND_MOUNT 108nxt_feature_run=no 109nxt_feature_incs= 110nxt_feature_libs= 111nxt_feature_test="#include <sys/mount.h> 112 113 int main() { 114 return MS_BIND | MS_REC 115 }" 116. auto/feature 117 118if [ $nxt_found = yes ]; then 119 NXT_HAVE_MOUNT=YES 120fi 121 122 123if [ $nxt_found = no ]; then 124 nxt_feature="FreeBSD nmount()" 125 nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT 126 nxt_feature_run=no 127 nxt_feature_incs= 128 nxt_feature_libs= 129 nxt_feature_test="#include <sys/mount.h> 130 131 int main() { 132 return nmount((void *)0, 0, 0); 133 }" 134 . auto/feature 135 136 if [ $nxt_found = yes ]; then 137 NXT_HAVE_MOUNT=YES 138 fi 139fi 140 141 142nxt_feature="Linux umount2()" 143nxt_feature_name=NXT_HAVE_LINUX_UMOUNT2 144nxt_feature_run=no 145nxt_feature_incs= 146nxt_feature_libs= 147nxt_feature_test="#include <sys/mount.h> 148 149 int main() { 150 return umount2((void *)0, 0); 151 }" 152. auto/feature 153 154if [ $nxt_found = yes ]; then 155 NXT_HAVE_UNMOUNT=YES 156fi 157 158if [ $nxt_found = no ]; then 159 nxt_feature="unmount()" 160 nxt_feature_name=NXT_HAVE_UNMOUNT 161 nxt_feature_run=no 162 nxt_feature_incs= 163 nxt_feature_libs= 164 nxt_feature_test="#include <sys/mount.h> 165 166 int main() { 167 return unmount((void *)0, 0); 168 }" 169 . auto/feature 170 171 if [ $nxt_found = yes ]; then 172 NXT_HAVE_UNMOUNT=YES 173 fi 174fi 175 176if [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then 177 NXT_HAVE_ROOTFS=YES 178 179 cat << END >> $NXT_AUTO_CONFIG_H 180 181#ifndef NXT_HAVE_ISOLATION_ROOTFS 182#define NXT_HAVE_ISOLATION_ROOTFS 1 183#endif 184 185END 186 187fi 188