11182St.nateldemoura@f5.com# Copyright (C) Igor Sysoev 21182St.nateldemoura@f5.com# Copyright (C) NGINX, Inc. 31182St.nateldemoura@f5.com 41182St.nateldemoura@f5.com# Linux clone syscall. 51182St.nateldemoura@f5.com 61182St.nateldemoura@f5.comNXT_ISOLATION=NO 72321Sa.clayton@nginx.comNXT_HAVE_LINUX_NS=NO 81306St.nateldemoura@f5.comNXT_HAVE_CLONE_NEWUSER=NO 91489St.nateldemoura@f5.comNXT_HAVE_MOUNT=NO 101489St.nateldemoura@f5.comNXT_HAVE_UNMOUNT=NO 111489St.nateldemoura@f5.comNXT_HAVE_ROOTFS=NO 121182St.nateldemoura@f5.com 131182St.nateldemoura@f5.comnsflags="USER NS PID NET UTS CGROUP" 141182St.nateldemoura@f5.com 152321Sa.clayton@nginx.comnxt_feature="Linux unshare()" 162321Sa.clayton@nginx.comnxt_feature_name=NXT_HAVE_LINUX_NS 171182St.nateldemoura@f5.comnxt_feature_run=no 181182St.nateldemoura@f5.comnxt_feature_incs= 191182St.nateldemoura@f5.comnxt_feature_libs= 202321Sa.clayton@nginx.comnxt_feature_test="#define _GNU_SOURCE 212321Sa.clayton@nginx.com #include <sched.h> 221182St.nateldemoura@f5.com 232228Sa.clayton@nginx.com int main(void) { 242321Sa.clayton@nginx.com return unshare(0); 251182St.nateldemoura@f5.com }" 261182St.nateldemoura@f5.com. auto/feature 271182St.nateldemoura@f5.com 281182St.nateldemoura@f5.comif [ $nxt_found = yes ]; then 292321Sa.clayton@nginx.com NXT_HAVE_LINUX_NS=YES 301182St.nateldemoura@f5.com 311182St.nateldemoura@f5.com # Test all isolation flags 321182St.nateldemoura@f5.com for flag in $nsflags; do 331182St.nateldemoura@f5.com nxt_feature="CLONE_NEW${flag}" 341182St.nateldemoura@f5.com nxt_feature_name=NXT_HAVE_CLONE_NEW${flag} 351182St.nateldemoura@f5.com nxt_feature_run=no 361182St.nateldemoura@f5.com nxt_feature_incs= 371182St.nateldemoura@f5.com nxt_feature_libs= 381182St.nateldemoura@f5.com nxt_feature_test="#define _GNU_SOURCE 391182St.nateldemoura@f5.com #include <sys/wait.h> 401182St.nateldemoura@f5.com #include <sys/syscall.h> 411182St.nateldemoura@f5.com #include <sched.h> 421182St.nateldemoura@f5.com 432228Sa.clayton@nginx.com int main(void) { 441182St.nateldemoura@f5.com return CLONE_NEW$flag; 451182St.nateldemoura@f5.com }" 461182St.nateldemoura@f5.com . auto/feature 471182St.nateldemoura@f5.com 481182St.nateldemoura@f5.com if [ $nxt_found = yes ]; then 491306St.nateldemoura@f5.com if [ $flag = "USER" ]; then 501306St.nateldemoura@f5.com NXT_HAVE_CLONE_NEWUSER=YES 511306St.nateldemoura@f5.com fi 521306St.nateldemoura@f5.com 531182St.nateldemoura@f5.com if [ "$NXT_ISOLATION" = "NO" ]; then 541182St.nateldemoura@f5.com NXT_ISOLATION=$flag 551182St.nateldemoura@f5.com else 561182St.nateldemoura@f5.com NXT_ISOLATION="$NXT_ISOLATION $flag" 571182St.nateldemoura@f5.com fi 581182St.nateldemoura@f5.com fi 591182St.nateldemoura@f5.com done 601182St.nateldemoura@f5.comfi 611489St.nateldemoura@f5.com 621489St.nateldemoura@f5.com 631489St.nateldemoura@f5.comnxt_feature="Linux pivot_root()" 642170Salx.manpages@gmail.comnxt_feature_name=NXT_HAVE_LINUX_PIVOT_ROOT 651489St.nateldemoura@f5.comnxt_feature_run=no 661489St.nateldemoura@f5.comnxt_feature_incs= 671489St.nateldemoura@f5.comnxt_feature_libs= 681489St.nateldemoura@f5.comnxt_feature_test="#include <sys/syscall.h> 692170Salx.manpages@gmail.com #if !defined(__linux__) 702170Salx.manpages@gmail.com # error 712170Salx.manpages@gmail.com #endif 721489St.nateldemoura@f5.com 732228Sa.clayton@nginx.com int main(void) { 742153Salx.manpages@gmail.com return SYS_pivot_root; 751489St.nateldemoura@f5.com }" 761489St.nateldemoura@f5.com. auto/feature 771489St.nateldemoura@f5.com 781489St.nateldemoura@f5.com 792169Salx.manpages@gmail.comnxt_feature="<mntent.h>" 802169Salx.manpages@gmail.comnxt_feature_name=NXT_HAVE_MNTENT_H 812169Salx.manpages@gmail.comnxt_feature_run=no 822169Salx.manpages@gmail.comnxt_feature_incs= 832169Salx.manpages@gmail.comnxt_feature_libs= 842169Salx.manpages@gmail.comnxt_feature_test="#include <mntent.h> 852169Salx.manpages@gmail.com 862169Salx.manpages@gmail.com int main(void) { 872169Salx.manpages@gmail.com return 0; 882169Salx.manpages@gmail.com }" 892169Salx.manpages@gmail.com. auto/feature 902169Salx.manpages@gmail.com 912169Salx.manpages@gmail.com 921489St.nateldemoura@f5.comnxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" 932320Sa.clayton@nginx.comnxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS 941489St.nateldemoura@f5.comnxt_feature_run=no 951489St.nateldemoura@f5.comnxt_feature_incs= 961489St.nateldemoura@f5.comnxt_feature_libs= 971489St.nateldemoura@f5.comnxt_feature_test="#include <sys/prctl.h> 981489St.nateldemoura@f5.com 992228Sa.clayton@nginx.com int main(void) { 1001489St.nateldemoura@f5.com return PR_SET_NO_NEW_PRIVS; 1011489St.nateldemoura@f5.com }" 1021489St.nateldemoura@f5.com. auto/feature 1031489St.nateldemoura@f5.com 1041489St.nateldemoura@f5.com 105*2322Sa.clayton@nginx.comnxt_feature="prctl(PR_SET_CHILD_SUBREAPER)" 106*2322Sa.clayton@nginx.comnxt_feature_name=NXT_HAVE_PR_SET_CHILD_SUBREAPER 107*2322Sa.clayton@nginx.comnxt_feature_run=no 108*2322Sa.clayton@nginx.comnxt_feature_incs= 109*2322Sa.clayton@nginx.comnxt_feature_libs= 110*2322Sa.clayton@nginx.comnxt_feature_test="#include <sys/prctl.h> 111*2322Sa.clayton@nginx.com 112*2322Sa.clayton@nginx.com int main(void) { 113*2322Sa.clayton@nginx.com return PR_SET_CHILD_SUBREAPER; 114*2322Sa.clayton@nginx.com }" 115*2322Sa.clayton@nginx.com. auto/feature 116*2322Sa.clayton@nginx.com 117*2322Sa.clayton@nginx.com 1181489St.nateldemoura@f5.comnxt_feature="Linux mount()" 1191489St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_LINUX_MOUNT 1201489St.nateldemoura@f5.comnxt_feature_run=no 1211489St.nateldemoura@f5.comnxt_feature_incs= 1221489St.nateldemoura@f5.comnxt_feature_libs= 1231489St.nateldemoura@f5.comnxt_feature_test="#include <sys/mount.h> 1241489St.nateldemoura@f5.com 1252228Sa.clayton@nginx.com int main(void) { 1261503St.nateldemoura@f5.com return mount(\"/\", \"/\", \"bind\", 1271503St.nateldemoura@f5.com MS_BIND | MS_REC, \"\"); 1281489St.nateldemoura@f5.com }" 1291489St.nateldemoura@f5.com. auto/feature 1301489St.nateldemoura@f5.com 1311489St.nateldemoura@f5.comif [ $nxt_found = yes ]; then 1321489St.nateldemoura@f5.com NXT_HAVE_MOUNT=YES 1331489St.nateldemoura@f5.comfi 1341489St.nateldemoura@f5.com 1351489St.nateldemoura@f5.com 1361489St.nateldemoura@f5.comif [ $nxt_found = no ]; then 1371489St.nateldemoura@f5.com nxt_feature="FreeBSD nmount()" 1381489St.nateldemoura@f5.com nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT 1391489St.nateldemoura@f5.com nxt_feature_run=no 1401489St.nateldemoura@f5.com nxt_feature_incs= 1411489St.nateldemoura@f5.com nxt_feature_libs= 1421489St.nateldemoura@f5.com nxt_feature_test="#include <sys/mount.h> 1431489St.nateldemoura@f5.com 1442228Sa.clayton@nginx.com int main(void) { 1451489St.nateldemoura@f5.com return nmount((void *)0, 0, 0); 1461489St.nateldemoura@f5.com }" 1471489St.nateldemoura@f5.com . auto/feature 1481489St.nateldemoura@f5.com 1491489St.nateldemoura@f5.com if [ $nxt_found = yes ]; then 1501489St.nateldemoura@f5.com NXT_HAVE_MOUNT=YES 1511489St.nateldemoura@f5.com fi 1521489St.nateldemoura@f5.comfi 1531489St.nateldemoura@f5.com 1541489St.nateldemoura@f5.com 1551489St.nateldemoura@f5.comnxt_feature="Linux umount2()" 1561489St.nateldemoura@f5.comnxt_feature_name=NXT_HAVE_LINUX_UMOUNT2 1571489St.nateldemoura@f5.comnxt_feature_run=no 1581489St.nateldemoura@f5.comnxt_feature_incs= 1591489St.nateldemoura@f5.comnxt_feature_libs= 1601489St.nateldemoura@f5.comnxt_feature_test="#include <sys/mount.h> 1611489St.nateldemoura@f5.com 1622228Sa.clayton@nginx.com int main(void) { 1631489St.nateldemoura@f5.com return umount2((void *)0, 0); 1641489St.nateldemoura@f5.com }" 1651489St.nateldemoura@f5.com. auto/feature 1661489St.nateldemoura@f5.com 1671489St.nateldemoura@f5.comif [ $nxt_found = yes ]; then 1681489St.nateldemoura@f5.com NXT_HAVE_UNMOUNT=YES 1691489St.nateldemoura@f5.comfi 1701489St.nateldemoura@f5.com 1711489St.nateldemoura@f5.comif [ $nxt_found = no ]; then 1721489St.nateldemoura@f5.com nxt_feature="unmount()" 1731489St.nateldemoura@f5.com nxt_feature_name=NXT_HAVE_UNMOUNT 1741489St.nateldemoura@f5.com nxt_feature_run=no 1751489St.nateldemoura@f5.com nxt_feature_incs= 1761489St.nateldemoura@f5.com nxt_feature_libs= 1771489St.nateldemoura@f5.com nxt_feature_test="#include <sys/mount.h> 1781489St.nateldemoura@f5.com 1792228Sa.clayton@nginx.com int main(void) { 1801489St.nateldemoura@f5.com return unmount((void *)0, 0); 1811489St.nateldemoura@f5.com }" 1821489St.nateldemoura@f5.com . auto/feature 1831489St.nateldemoura@f5.com 1841489St.nateldemoura@f5.com if [ $nxt_found = yes ]; then 1851489St.nateldemoura@f5.com NXT_HAVE_UNMOUNT=YES 1861489St.nateldemoura@f5.com fi 1871489St.nateldemoura@f5.comfi 1881489St.nateldemoura@f5.com 1891489St.nateldemoura@f5.comif [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then 1901489St.nateldemoura@f5.com NXT_HAVE_ROOTFS=YES 1911489St.nateldemoura@f5.com 1921489St.nateldemoura@f5.com cat << END >> $NXT_AUTO_CONFIG_H 1931489St.nateldemoura@f5.com 1941489St.nateldemoura@f5.com#ifndef NXT_HAVE_ISOLATION_ROOTFS 1951489St.nateldemoura@f5.com#define NXT_HAVE_ISOLATION_ROOTFS 1 1961489St.nateldemoura@f5.com#endif 1971489St.nateldemoura@f5.com 1981489St.nateldemoura@f5.comEND 1991489St.nateldemoura@f5.com 2001489St.nateldemoura@f5.comfi 201