Added "rootfs" feature.

author: Tiago Natel de Moura <t.nateldemoura@f5.com> 2020-05-28 14:57:41 +0100
committer: Tiago Natel de Moura <t.nateldemoura@f5.com> 2020-05-28 14:57:41 +0100
commit: e2b53e16c60ba1e3bbbe59172c184e97f889326b (patch)
tree: f2bda4ea966657fc52189d154e1d6afcb767973f /src/nxt_capability.c
parent: e9e5ddd5a5d9ce99768833137eac2551a710becf (diff)
download: unit-e2b53e16c60ba1e3bbbe59172c184e97f889326b.tar.gz
unit-e2b53e16c60ba1e3bbbe59172c184e97f889326b.tar.bz2
1 files changed, 5 insertions, 0 deletions
diff --git a/src/nxt_capability.c b/src/nxt_capability.c
index dfa7a834..24fd55d0 100644
--- a/src/nxt_capability.c
+++ b/src/nxt_capability.c
@@ -39,6 +39,7 @@ nxt_capability_set(nxt_task_t *task, nxt_capabilities_t *cap)
 
     if (geteuid() == 0) {
         cap->setid = 1;
+        cap->chroot = 1;
         return NXT_OK;
     }
 
@@ -91,6 +92,10 @@ nxt_capability_specific_set(nxt_task_t *task, nxt_capabilities_t *cap)
         return NXT_ERROR;
     }
 
+    if ((val->effective & (1 << CAP_SYS_CHROOT)) != 0) {
+        cap->chroot = 1;
+    }
+
     if ((val->effective & (1 << CAP_SETUID)) == 0) {
         return NXT_OK;
     }
author	Tiago Natel de Moura <t.nateldemoura@f5.com>	2020-05-28 14:57:41 +0100
committer	Tiago Natel de Moura <t.nateldemoura@f5.com>	2020-05-28 14:57:41 +0100
commit	e2b53e16c60ba1e3bbbe59172c184e97f889326b (patch)
tree	f2bda4ea966657fc52189d154e1d6afcb767973f /src/nxt_capability.c
parent	e9e5ddd5a5d9ce99768833137eac2551a710becf (diff)
download	unit-e2b53e16c60ba1e3bbbe59172c184e97f889326b.tar.gz unit-e2b53e16c60ba1e3bbbe59172c184e97f889326b.tar.bz2