diff options
author | Tiago de Bem Natel de Moura <t.nateldemoura@f5.com> | 2019-09-19 15:25:23 +0300 |
---|---|---|
committer | Tiago de Bem Natel de Moura <t.nateldemoura@f5.com> | 2019-09-19 15:25:23 +0300 |
commit | c554941b4f826d83d92d5ca8d7713bea4167896e (patch) | |
tree | 86afb0a5efc790e1852124426acb73d8164341af /auto/isolation | |
parent | 6346e641eef4aacf92e81e0f1ea4f42ed1e62834 (diff) | |
download | unit-c554941b4f826d83d92d5ca8d7713bea4167896e.tar.gz unit-c554941b4f826d83d92d5ca8d7713bea4167896e.tar.bz2 |
Initial applications isolation support using Linux namespaces.
Diffstat (limited to '')
-rw-r--r-- | auto/isolation | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/auto/isolation b/auto/isolation new file mode 100644 index 00000000..c26a4991 --- /dev/null +++ b/auto/isolation @@ -0,0 +1,52 @@ +# Copyright (C) Igor Sysoev +# Copyright (C) NGINX, Inc. + +# Linux clone syscall. + +NXT_ISOLATION=NO +NXT_HAVE_CLONE=NO + +nsflags="USER NS PID NET UTS CGROUP" + +nxt_feature="clone(2)" +nxt_feature_name=NXT_HAVE_CLONE +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include <sys/wait.h> + #include <sys/syscall.h> + + int main() { + return __NR_clone | SIGCHLD; + }" +. auto/feature + +if [ $nxt_found = yes ]; then + NXT_HAVE_CLONE=YES + + # Test all isolation flags + for flag in $nsflags; do + nxt_feature="CLONE_NEW${flag}" + nxt_feature_name=NXT_HAVE_CLONE_NEW${flag} + nxt_feature_run=no + nxt_feature_incs= + nxt_feature_libs= + nxt_feature_test="#define _GNU_SOURCE + #include <sys/wait.h> + #include <sys/syscall.h> + #include <sched.h> + + int main() { + return CLONE_NEW$flag; + }" + . auto/feature + + if [ $nxt_found = yes ]; then + if [ "$NXT_ISOLATION" = "NO" ]; then + NXT_ISOLATION=$flag + else + NXT_ISOLATION="$NXT_ISOLATION $flag" + fi + fi + done +fi |