diff options
author | Andrew Clayton <a.clayton@nginx.com> | 2022-11-25 10:32:20 +0000 |
---|---|---|
committer | Andrew Clayton <a.clayton@nginx.com> | 2022-11-25 10:32:20 +0000 |
commit | 0277d8f1034f6f3dcdb5fd88dc3a9a3f04c1de89 (patch) | |
tree | bba91031af562500f28d0f1743f3b8b69563d348 | |
parent | 1f37d8121a3dfc2f039b859835c4ec22e77f01c9 (diff) | |
download | unit-0277d8f1034f6f3dcdb5fd88dc3a9a3f04c1de89.tar.gz unit-0277d8f1034f6f3dcdb5fd88dc3a9a3f04c1de89.tar.bz2 |
Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.
This prctl(2) option is checked for in auto/isolation, unfortunately due
to a typo this feature has never been enabled.
In the auto/isolation script the feature name was down as
NXT_HAVE_PR_SET_NO_NEW_PRIVS0, which means we end up with the following
in build/nxt_auto_config.h
#ifndef NXT_HAVE_PR_SET_NO_NEW_PRIVS0
#define NXT_HAVE_PR_SET_NO_NEW_PRIVS0 1
#endif
Whereas everywhere else is checking for NXT_HAVE_PR_SET_NO_NEW_PRIVS.
This also guards the inclusion of sys/prctl.h in src/nxt_process.c which
is required by a subsequent commit.
Fixes: e2b53e1 ("Added "rootfs" feature.")
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
-rw-r--r-- | auto/isolation | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/auto/isolation b/auto/isolation index cbf42d9d..b706c94d 100644 --- a/auto/isolation +++ b/auto/isolation @@ -90,7 +90,7 @@ nxt_feature_test="#include <mntent.h> nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" -nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0 +nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS nxt_feature_run=no nxt_feature_incs= nxt_feature_libs= |