diff options
| author | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-05-28 14:57:41 +0100 |
|---|---|---|
| committer | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-05-28 14:57:41 +0100 |
| commit | e2b53e16c60ba1e3bbbe59172c184e97f889326b (patch) | |
| tree | f2bda4ea966657fc52189d154e1d6afcb767973f /auto | |
| parent | e9e5ddd5a5d9ce99768833137eac2551a710becf (diff) | |
| download | unit-e2b53e16c60ba1e3bbbe59172c184e97f889326b.tar.gz unit-e2b53e16c60ba1e3bbbe59172c184e97f889326b.tar.bz2 | |
Added "rootfs" feature.
Diffstat (limited to 'auto')
| -rw-r--r-- | auto/isolation | 130 | ||||
| -rw-r--r-- | auto/modules/java | 31 | ||||
| -rw-r--r-- | auto/modules/python | 34 | ||||
| -rw-r--r-- | auto/modules/ruby | 38 | ||||
| -rw-r--r-- | auto/sources | 5 |
5 files changed, 235 insertions, 3 deletions
diff --git a/auto/isolation b/auto/isolation index d231de12..4238b859 100644 --- a/auto/isolation +++ b/auto/isolation @@ -6,6 +6,9 @@ NXT_ISOLATION=NO NXT_HAVE_CLONE=NO NXT_HAVE_CLONE_NEWUSER=NO +NXT_HAVE_MOUNT=NO +NXT_HAVE_UNMOUNT=NO +NXT_HAVE_ROOTFS=NO nsflags="USER NS PID NET UTS CGROUP" @@ -55,3 +58,130 @@ if [ $nxt_found = yes ]; then fi done fi + + +nxt_feature="Linux pivot_root()" +nxt_feature_name=NXT_HAVE_PIVOT_ROOT +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include <sys/syscall.h> + + int main() { + return __NR_pivot_root; + }" +. auto/feature + + +nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" +nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0 +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include <sys/prctl.h> + + int main() { + return PR_SET_NO_NEW_PRIVS; + }" +. auto/feature + + +nxt_feature="Linux mount()" +nxt_feature_name=NXT_HAVE_LINUX_MOUNT +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include <sys/mount.h> + + int main() { + return mount((void*)0, (void*)0, (void*)0, 0, (void*)0); + }" +. auto/feature + +if [ $nxt_found = yes ]; then + NXT_HAVE_MOUNT=YES +fi + + +nxt_feature="Bind mount()" +nxt_feature_name=NXT_HAVE_BIND_MOUNT +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include <sys/mount.h> + + int main() { + return MS_BIND | MS_REC + }" +. auto/feature + +if [ $nxt_found = yes ]; then + NXT_HAVE_MOUNT=YES +fi + + +if [ $nxt_found = no ]; then + nxt_feature="FreeBSD nmount()" + nxt_feature_name=NXT_HAVE_FREEBSD_NMOUNT + nxt_feature_run=no + nxt_feature_incs= + nxt_feature_libs= + nxt_feature_test="#include <sys/mount.h> + + int main() { + return nmount((void *)0, 0, 0); + }" + . auto/feature + + if [ $nxt_found = yes ]; then + NXT_HAVE_MOUNT=YES + fi +fi + + +nxt_feature="Linux umount2()" +nxt_feature_name=NXT_HAVE_LINUX_UMOUNT2 +nxt_feature_run=no +nxt_feature_incs= +nxt_feature_libs= +nxt_feature_test="#include <sys/mount.h> + + int main() { + return umount2((void *)0, 0); + }" +. auto/feature + +if [ $nxt_found = yes ]; then + NXT_HAVE_UNMOUNT=YES +fi + +if [ $nxt_found = no ]; then + nxt_feature="unmount()" + nxt_feature_name=NXT_HAVE_UNMOUNT + nxt_feature_run=no + nxt_feature_incs= + nxt_feature_libs= + nxt_feature_test="#include <sys/mount.h> + + int main() { + return unmount((void *)0, 0); + }" + . auto/feature + + if [ $nxt_found = yes ]; then + NXT_HAVE_UNMOUNT=YES + fi +fi + +if [ $NXT_HAVE_MOUNT = YES -a $NXT_HAVE_UNMOUNT = YES ]; then + NXT_HAVE_ROOTFS=YES + + cat << END >> $NXT_AUTO_CONFIG_H + +#ifndef NXT_HAVE_ISOLATION_ROOTFS +#define NXT_HAVE_ISOLATION_ROOTFS 1 +#endif + +END + +fi diff --git a/auto/modules/java b/auto/modules/java index 68b10836..2e6f292d 100644 --- a/auto/modules/java +++ b/auto/modules/java @@ -172,13 +172,13 @@ if [ -z "$NXT_JAVA_LIB_PATH" ]; then exit 1 fi - NXT_JAVA_LIB_PATH="${NXT_JAVA_LIB_PATH}/server" + NXT_JAVA_LIB_SERVER_PATH="${NXT_JAVA_LIB_PATH}/server" $echo " $NXT_JAVA_LIB_PATH" $echo "got library path $NXT_JAVA_LIB_PATH" >> $NXT_AUTOCONF_ERR fi -NXT_JAVA_LDFLAGS="-L${NXT_JAVA_LIB_PATH} -Wl,-rpath ${NXT_JAVA_LIB_PATH} -ljvm" +NXT_JAVA_LDFLAGS="-L${NXT_JAVA_LIB_SERVER_PATH} -Wl,-rpath ${NXT_JAVA_LIB_SERVER_PATH} -ljvm" nxt_found=no @@ -227,6 +227,7 @@ NXT_JAVA_INSTALL_JARS= NXT_JAVA_UNINSTALL_JARS= NXT_JAVA_JARS=$NXT_BUILD_DIR/$NXT_JAVA_MODULE/nxt_jars.h +NXT_JAVA_MOUNTS_HEADER=$NXT_BUILD_DIR/$NXT_JAVA_MODULE/nxt_java_mounts.h mkdir -p $NXT_BUILD_DIR/$NXT_JAVA_MODULE cat << END > $NXT_JAVA_JARS @@ -308,6 +309,32 @@ cat << END >> $NXT_JAVA_JARS #endif /* _NXT_JAVA_JARS_INCLUDED_ */ END +NXT_JAVA_LIBJVM="$NXT_JAVA_LIB_SERVER_PATH/libjvm.so" + +if [ "$NXT_SYSTEM" = "Darwin" ]; then +NXT_JAVA_LIBC_DIR="/usr/lib" +else +NXT_JAVA_LIBC_DIR=`ldd "$NXT_JAVA_LIBJVM" | grep libc.so | cut -d' ' -f3` +NXT_JAVA_LIBC_DIR=`dirname $NXT_JAVA_LIBC_DIR` +fi + +cat << END > $NXT_JAVA_MOUNTS_HEADER +#ifndef _NXT_JAVA_MOUNTS_H_INCLUDED_ +#define _NXT_JAVA_MOUNTS_H_INCLUDED_ + + +static const nxt_fs_mount_t nxt_java_mounts[] = { + {(u_char *) "proc", (u_char *) "/proc", (u_char *) "proc", 0, NULL}, + {(u_char *) "$NXT_JAVA_LIBC_DIR", (u_char *) "$NXT_JAVA_LIBC_DIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_JAVA_HOME", (u_char *) "$NXT_JAVA_HOME", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, +}; + + +#endif /* _NXT_JAVA_MOUNTS_H_INCLUDED_ */ +END + $echo " + Java module: ${NXT_JAVA_MODULE}.unit.so" . auto/cc/deps diff --git a/auto/modules/python b/auto/modules/python index 6c8198f5..ad862f3c 100644 --- a/auto/modules/python +++ b/auto/modules/python @@ -68,6 +68,7 @@ if /bin/sh -c "$NXT_PYTHON_CONFIG --prefix" >> $NXT_AUTOCONF_ERR 2>&1; then NXT_PYTHON_CONFIG="${NXT_PYTHON_CONFIG} --embed" fi + NXT_PYTHON_EXEC=`${NXT_PYTHON_CONFIG} --exec-prefix`/bin/${NXT_PYTHON} NXT_PYTHON_INCLUDE=`${NXT_PYTHON_CONFIG} --includes` NXT_PYTHON_LIBS=`${NXT_PYTHON_CONFIG} --ldflags` @@ -129,6 +130,37 @@ if grep ^$NXT_PYTHON_MODULE: $NXT_MAKEFILE 2>&1 > /dev/null; then exit 1; fi + +NXT_PYTHON_MOUNTS_HEADER=$NXT_BUILD_DIR/nxt_python_mounts.h + +$NXT_PYTHON_EXEC -c 'import os.path +import sys +pyver = "python" + str(sys.version_info[0]) + "." + str(sys.version_info[1]) + +print("static const nxt_fs_mount_t nxt_python%d%d_mounts[] = {" % (sys.version_info[0], sys.version_info[1])) + +pattern = "{(u_char *) \"%s\", (u_char *) \"%s\", (u_char *) \"bind\", NXT_MS_BIND|NXT_MS_REC, NULL}," +base = None +for p in sys.path: + if len(p) > 0: + if os.path.basename(p) == pyver: + base = p + +if base is None: + raise Exception("failed to compute sys.path mount points") + +print(pattern % (base, base)) + +for p in sys.path: + if len(p) > 0: + if not p.startswith(base): + print(pattern % (p, p)) + +print("};\n\n") + +' >> $NXT_PYTHON_MOUNTS_HEADER + + $echo " + Python module: ${NXT_PYTHON_MODULE}.unit.so" . auto/cc/deps @@ -165,7 +197,7 @@ END done - + cat << END >> $NXT_MAKEFILE .PHONY: ${NXT_PYTHON_MODULE} diff --git a/auto/modules/ruby b/auto/modules/ruby index 407406ce..f7334cc7 100644 --- a/auto/modules/ruby +++ b/auto/modules/ruby @@ -51,6 +51,7 @@ $echo "configuring Ruby module ..." >> $NXT_AUTOCONF_ERR NXT_RUBY=${NXT_RUBY=ruby} NXT_RUBY_MODULE=${NXT_RUBY_MODULE=${NXT_RUBY}} +NXT_RUBY_MOUNTS_HEADER=$NXT_BUILD_DIR/nxt_ruby_mounts.h nxt_found=no @@ -58,6 +59,14 @@ if /bin/sh -c "$NXT_RUBY -v" >> $NXT_AUTOCONF_ERR 2>&1; then NXT_RUBY_RUBYHDRDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["rubyhdrdir"])'` NXT_RUBY_ARCHHDRDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["rubyarchhdrdir"])'` + NXT_RUBY_SITEARCHDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["sitearchhdrdir"])'` + NXT_RUBY_SITEDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["sitedir"])'` + NXT_RUBY_LIBDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["rubylibdir"])'` + NXT_RUBY_TOPDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["topdir"])'` + NXT_RUBY_PREFIXDIR=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["rubylibprefix"])'` + NXT_RUBY_GEMDIR=`gem environment gemdir` + NXT_RUBY_GEMPATH=`gem environment gempath` + NXT_RUBY_INCPATH="-I$NXT_RUBY_ARCHHDRDIR -I$NXT_RUBY_RUBYHDRDIR" NXT_RUBY_LIBNAME=`$NXT_RUBY -r rbconfig -e 'printf("%s",RbConfig::CONFIG["RUBY_SO_NAME"])'` @@ -135,6 +144,35 @@ if grep ^$NXT_RUBY_MODULE: $NXT_MAKEFILE 2>&1 > /dev/null; then exit 1; fi + +cat << END > $NXT_RUBY_MOUNTS_HEADER + +static const nxt_fs_mount_t nxt_ruby_mounts[] = { + {(u_char *) "$NXT_RUBY_RUBYHDRDIR", (u_char *) "$NXT_RUBY_RUBYHDRDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_ARCHHDRDIR", (u_char *) "$NXT_RUBY_ARCHHDRDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_SITEDIR", (u_char *) "$NXT_RUBY_SITEDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_LIBDIR", (u_char *) "$NXT_RUBY_LIBDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_GEMDIR", (u_char *) "$NXT_RUBY_GEMDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_TOPDIR", (u_char *) "$NXT_RUBY_TOPDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + {(u_char *) "$NXT_RUBY_PREFIXDIR", (u_char *) "$NXT_RUBY_PREFIXDIR", + (u_char *) "bind", NXT_MS_BIND | NXT_MS_REC, NULL}, + +END + +for path in `echo $NXT_RUBY_GEMPATH | tr ':' '\n'`; do + $echo "{(u_char *) \"$path\", (u_char *) \"$path\"," >> $NXT_RUBY_MOUNTS_HEADER + $echo "(u_char *) \"bind\", NXT_MS_BIND | NXT_MS_REC, NULL}," >> $NXT_RUBY_MOUNTS_HEADER +done + +$echo "};" >> $NXT_RUBY_MOUNTS_HEADER + + $echo " + Ruby module: ${NXT_RUBY_MODULE}.unit.so" . auto/cc/deps diff --git a/auto/sources b/auto/sources index 4ac132dd..2075ca0f 100644 --- a/auto/sources +++ b/auto/sources @@ -177,6 +177,11 @@ NXT_LIB_UTF8_FILE_NAME_TEST_SRCS=" \ " +if [ $NXT_HAVE_ROOTFS = YES ]; then + NXT_LIB_SRCS="$NXT_LIB_SRCS src/nxt_fs.c" +fi + + if [ $NXT_TLS = YES ]; then nxt_have=NXT_TLS . auto/have NXT_LIB_SRCS="$NXT_LIB_SRCS $NXT_LIB_TLS_SRCS" |