1# Copyright (C) Igor Sysoev 2# Copyright (C) NGINX, Inc. 3 4# Linux clone syscall. 5 6NXT_ISOLATION=NO 7NXT_HAVE_CLONE=NO 8NXT_HAVE_CLONE_NEWUSER=NO 9NXT_HAVE_MOUNT=NO 10NXT_HAVE_UNMOUNT=NO 11NXT_HAVE_ROOTFS=NO 12 13nsflags="USER NS PID NET UTS CGROUP" 14 15nxt_feature="clone(2)" 16nxt_feature_name=NXT_HAVE_CLONE 17nxt_feature_run=no 18nxt_feature_incs= 19nxt_feature_libs= 20nxt_feature_test="#include <sys/wait.h> 21 #include <sys/syscall.h> 22 23 int main() { 24 return __NR_clone | SIGCHLD; 25 }" 26. auto/feature 27 28if [ $nxt_found = yes ]; then 29 NXT_HAVE_CLONE=YES 30 31 # Test all isolation flags 32 for flag in $nsflags; do 33 nxt_feature="CLONE_NEW${flag}" 34 nxt_feature_name=NXT_HAVE_CLONE_NEW${flag} 35 nxt_feature_run=no 36 nxt_feature_incs= 37 nxt_feature_libs= 38 nxt_feature_test="#define _GNU_SOURCE 39 #include <sys/wait.h> 40 #include <sys/syscall.h> 41 #include <sched.h> 42 43 int main() { 44 return CLONE_NEW$flag; 45 }" 46 . auto/feature 47 48 if [ $nxt_found = yes ]; then 49 if [ $flag = "USER" ]; then 50 NXT_HAVE_CLONE_NEWUSER=YES 51 fi 52 53 if [ "$NXT_ISOLATION" = "NO" ]; then 54 NXT_ISOLATION=$flag 55 else 56 NXT_ISOLATION="$NXT_ISOLATION $flag" 57 fi 58 fi 59 done 60fi 61 62 63nxt_feature="Linux pivot_root()" 64nxt_feature_name=NXT_HAVE_PIVOT_ROOT 65nxt_feature_run=no 66nxt_feature_incs= 67nxt_feature_libs= 68nxt_feature_test="#include <sys/syscall.h> 69 70 int main() { 71 return __NR_pivot_root; 72 }" 73. auto/feature 74 75 76nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" 77nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0 78nxt_feature_run=no 79nxt_feature_incs= 80nxt_feature_libs= 81nxt_feature_test="#include <sys/prctl.h> 82 83 int main() { 84 return PR_SET_NO_NEW_PRIVS; 85 }" 86. auto/feature 87 88 89nxt_feature="Linux mount()" 90nxt_feature_name=NXT_HAVE_LINUX_MOUNT 91nxt_feature_run=no 92nxt_feature_incs= 93nxt_feature_libs= 94nxt_feature_test="#include <sys/mount.h> 95 96 int main() { 97 return mount(\"/\", \"/\", \"bind\", 98 MS_BIND | MS_REC, \"\"); 99 }" 100. auto/feature 101 102if [ $nxt_found = yes ]; then 103 NXT_HAVE_MOUNT=YES 104fi 105 106 107if [ $nxt_found = no ]; then 108 nxt_feature="FreeBSD nmount()" 109 nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT 110 nxt_feature_run=no 111 nxt_feature_incs= 112 nxt_feature_libs= 113 nxt_feature_test="#include <sys/mount.h> 114 115 int main() { 116 return nmount((void *)0, 0, 0); 117 }" 118 . auto/feature 119 120 if [ $nxt_found = yes ]; then 121 NXT_HAVE_MOUNT=YES 122 fi 123fi 124 125 126nxt_feature="Linux umount2()" 127nxt_feature_name=NXT_HAVE_LINUX_UMOUNT2 128nxt_feature_run=no 129nxt_feature_incs= 130nxt_feature_libs= 131nxt_feature_test="#include <sys/mount.h> 132 133 int main() { 134 return umount2((void *)0, 0); 135 }" 136. auto/feature 137 138if [ $nxt_found = yes ]; then 139 NXT_HAVE_UNMOUNT=YES 140fi 141 142if [ $nxt_found = no ]; then 143 nxt_feature="unmount()" 144 nxt_feature_name=NXT_HAVE_UNMOUNT 145 nxt_feature_run=no 146 nxt_feature_incs= 147 nxt_feature_libs= 148 nxt_feature_test="#include <sys/mount.h> 149 150 int main() { 151 return unmount((void *)0, 0); 152 }" 153 . auto/feature 154 155 if [ $nxt_found = yes ]; then 156 NXT_HAVE_UNMOUNT=YES 157 fi 158fi 159 160if [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then 161 NXT_HAVE_ROOTFS=YES 162 163 cat << END >> $NXT_AUTO_CONFIG_H 164 165#ifndef NXT_HAVE_ISOLATION_ROOTFS 166#define NXT_HAVE_ISOLATION_ROOTFS 1 167#endif 168 169END 170 171fi 172