diff options
| author | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-11-13 10:48:32 +0000 |
|---|---|---|
| committer | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-11-13 10:48:32 +0000 |
| commit | 3837d28f9b7c5d0840d2e4b26f4867b66838d31b (patch) | |
| tree | d0911324c83a45b51afcb1c31fced83f844ad987 | |
| parent | d6829cc93b86f10a4ad747bfcc92a9cdfb2c2519 (diff) | |
| download | unit-3837d28f9b7c5d0840d2e4b26f4867b66838d31b.tar.gz unit-3837d28f9b7c5d0840d2e4b26f4867b66838d31b.tar.bz2 | |
Isolation: added option to disable tmpfs mount.
Now users can disable the default tmpfs mount point
in the rootfs.
{
"isolation": {
"automount": {
"tmpfs": false
}
}
}
| -rw-r--r-- | src/nxt_conf_validation.c | 3 | ||||
| -rw-r--r-- | src/nxt_isolation.c | 48 | ||||
| -rw-r--r-- | src/nxt_process.h | 1 |
3 files changed, 33 insertions, 19 deletions
diff --git a/src/nxt_conf_validation.c b/src/nxt_conf_validation.c index fc521016..69a47274 100644 --- a/src/nxt_conf_validation.c +++ b/src/nxt_conf_validation.c @@ -841,6 +841,9 @@ static nxt_conf_vldt_object_t nxt_conf_vldt_app_automount_members[] = { { .name = nxt_string("language_deps"), .type = NXT_CONF_VLDT_BOOLEAN, + }, { + .name = nxt_string("tmpfs"), + .type = NXT_CONF_VLDT_BOOLEAN, }, NXT_CONF_VLDT_END diff --git a/src/nxt_isolation.c b/src/nxt_isolation.c index e0f169aa..f0ef625f 100644 --- a/src/nxt_isolation.c +++ b/src/nxt_isolation.c @@ -484,10 +484,12 @@ nxt_isolation_set_automount(nxt_task_t *task, nxt_conf_value_t *isolation, static nxt_str_t automount_name = nxt_string("automount"); static nxt_str_t langdeps_name = nxt_string("language_deps"); + static nxt_str_t tmp_name = nxt_string("tmpfs"); automount = &process->isolation.automount; automount->language_deps = 1; + automount->tmpfs = 1; conf = nxt_conf_get_object_member(isolation, &automount_name, NULL); if (conf != NULL) { @@ -495,6 +497,11 @@ nxt_isolation_set_automount(nxt_task_t *task, nxt_conf_value_t *isolation, if (value != NULL) { automount->language_deps = nxt_conf_get_boolean(value); } + + value = nxt_conf_get_object_member(conf, &tmp_name, NULL); + if (value != NULL) { + automount->tmpfs = nxt_conf_get_boolean(value); + } } return NXT_OK; @@ -576,29 +583,32 @@ nxt_isolation_set_lang_mounts(nxt_task_t *task, nxt_process_t *process, *p = '\0'; } - mnt = nxt_array_add(mounts); - if (nxt_slow_path(mnt == NULL)) { - return NXT_ERROR; - } + if (process->isolation.automount.tmpfs) { + mnt = nxt_array_add(mounts); + if (nxt_slow_path(mnt == NULL)) { + return NXT_ERROR; + } - mnt->src = (u_char *) "tmpfs"; - mnt->name = (u_char *) "tmpfs"; - mnt->type = NXT_FS_TMP; - mnt->flags = (NXT_FS_FLAGS_NOSUID | NXT_FS_FLAGS_NODEV - | NXT_FS_FLAGS_NOEXEC); - mnt->data = (u_char *) "size=1m,mode=777"; - mnt->builtin = 1; - mnt->deps = 0; + mnt->src = (u_char *) "tmpfs"; + mnt->name = (u_char *) "tmpfs"; + mnt->type = NXT_FS_TMP; + mnt->flags = (NXT_FS_FLAGS_NOSUID + | NXT_FS_FLAGS_NODEV + | NXT_FS_FLAGS_NOEXEC); + mnt->data = (u_char *) "size=1m,mode=777"; + mnt->builtin = 1; + mnt->deps = 0; + + mnt->dst = nxt_mp_nget(mp, rootfs_len + nxt_length("/tmp") + 1); + if (nxt_slow_path(mnt->dst == NULL)) { + return NXT_ERROR; + } - mnt->dst = nxt_mp_nget(mp, rootfs_len + nxt_length("/tmp") + 1); - if (nxt_slow_path(mnt->dst == NULL)) { - return NXT_ERROR; + p = nxt_cpymem(mnt->dst, rootfs, rootfs_len); + p = nxt_cpymem(p, "/tmp", 4); + *p = '\0'; } - p = nxt_cpymem(mnt->dst, rootfs, rootfs_len); - p = nxt_cpymem(p, "/tmp", 4); - *p = '\0'; - mnt = nxt_array_add(mounts); if (nxt_slow_path(mnt == NULL)) { return NXT_ERROR; diff --git a/src/nxt_process.h b/src/nxt_process.h index ddadb08f..99ba8022 100644 --- a/src/nxt_process.h +++ b/src/nxt_process.h @@ -75,6 +75,7 @@ typedef struct { typedef struct { uint8_t language_deps; /* 1-bit */ + uint8_t tmpfs; /* 1-bit */ } nxt_process_automount_t; |