diff options
| author | Andrew Clayton <a.clayton@nginx.com> | 2022-11-25 10:32:20 +0000 |
|---|---|---|
| committer | Andrew Clayton <a.clayton@nginx.com> | 2023-02-17 21:24:18 +0000 |
| commit | 763396b8be07be41b1baf336952fd222cbeb8db7 (patch) | |
| tree | f98232df5d7d9b0a4554ca85e46bd302ee4245c9 | |
| parent | b0bb829107094a64ed6c93b88b6ed4847bd3fa53 (diff) | |
| download | unit-763396b8be07be41b1baf336952fd222cbeb8db7.tar.gz unit-763396b8be07be41b1baf336952fd222cbeb8db7.tar.bz2 | |
Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.
This prctl(2) option is checked for in auto/isolation, unfortunately due
to a typo this feature has never been enabled.
In the auto/isolation script the feature name was down as
NXT_HAVE_PR_SET_NO_NEW_PRIVS0, which means we end up with the following
in build/nxt_auto_config.h
#ifndef NXT_HAVE_PR_SET_NO_NEW_PRIVS0
#define NXT_HAVE_PR_SET_NO_NEW_PRIVS0 1
#endif
Whereas everywhere else is checking for NXT_HAVE_PR_SET_NO_NEW_PRIVS.
This also guards the inclusion of sys/prctl.h in src/nxt_process.c which
is required by a subsequent commit.
Fixes: e2b53e1 ("Added "rootfs" feature.")
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
| -rw-r--r-- | auto/isolation | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/auto/isolation b/auto/isolation index cbf42d9d..b706c94d 100644 --- a/auto/isolation +++ b/auto/isolation @@ -90,7 +90,7 @@ nxt_feature_test="#include <mntent.h> nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" -nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0 +nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS nxt_feature_run=no nxt_feature_incs= nxt_feature_libs= |