diff options
| author | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-10-29 14:24:38 +0000 |
|---|---|---|
| committer | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-10-29 14:24:38 +0000 |
| commit | 5ffd88ad7c682f4bc60702d8829d1534aafb09e8 (patch) | |
| tree | 3e9d3f8cad96d70026399fba2ce657948c6aa427 /src/nxt_isolation.c | |
| parent | 6a00bab41e2ebffe5f61f6fb9641162624db41d1 (diff) | |
| download | unit-5ffd88ad7c682f4bc60702d8829d1534aafb09e8.tar.gz unit-5ffd88ad7c682f4bc60702d8829d1534aafb09e8.tar.bz2 | |
Isolation: correctly unmount non-dependent paths first.
When mount points reside within other mount points, this
patch sorts them by path length and then unmounts then
in an order reverse to their mounting. This results in
independent paths being unmounted first.
This fixes an issue in buildbots where dependent paths failed
to unmount, leading to the build script removing system-wide
language libraries.
Diffstat (limited to 'src/nxt_isolation.c')
| -rw-r--r-- | src/nxt_isolation.c | 40 |
1 files changed, 36 insertions, 4 deletions
diff --git a/src/nxt_isolation.c b/src/nxt_isolation.c index ac7a37e8..03160de3 100644 --- a/src/nxt_isolation.c +++ b/src/nxt_isolation.c @@ -41,6 +41,8 @@ static nxt_int_t nxt_isolation_set_mounts(nxt_task_t *task, nxt_process_t *process, nxt_str_t *app_type); static nxt_int_t nxt_isolation_set_lang_mounts(nxt_task_t *task, nxt_process_t *process, nxt_array_t *syspaths); +static int nxt_cdecl nxt_isolation_mount_compare(const void *v1, + const void *v2); static void nxt_isolation_unmount_all(nxt_task_t *task, nxt_process_t *process); #if (NXT_HAVE_PIVOT_ROOT) && (NXT_HAVE_CLONE_NEWNS) @@ -607,20 +609,48 @@ nxt_isolation_set_lang_mounts(nxt_task_t *task, nxt_process_t *process, } #endif + qsort(mounts->elts, mounts->nelts, sizeof(nxt_fs_mount_t), + nxt_isolation_mount_compare); + process->isolation.mounts = mounts; return NXT_OK; } +static int nxt_cdecl +nxt_isolation_mount_compare(const void *v1, const void *v2) +{ + const nxt_fs_mount_t *mnt1, *mnt2; + + mnt1 = v1; + mnt2 = v2; + + return nxt_strlen(mnt1->src) > nxt_strlen(mnt2->src); +} + + void nxt_isolation_unmount_all(nxt_task_t *task, nxt_process_t *process) { - size_t i, n; + size_t n; nxt_array_t *mounts; + nxt_runtime_t *rt; nxt_fs_mount_t *mnt; nxt_process_automount_t *automount; + rt = task->thread->runtime; + + if (!rt->capabilities.setid) { + return; + } + +#if (NXT_HAVE_CLONE_NEWNS) + if (nxt_is_clone_flag_set(process->isolation.clone.flags, NEWNS)) { + return; + } +#endif + nxt_debug(task, "unmount all (%s)", process->name); automount = &process->isolation.automount; @@ -628,12 +658,14 @@ nxt_isolation_unmount_all(nxt_task_t *task, nxt_process_t *process) n = mounts->nelts; mnt = mounts->elts; - for (i = 0; i < n; i++) { - if (mnt[i].builtin && !automount->language_deps) { + while (n > 0) { + n--; + + if (mnt[n].builtin && !automount->language_deps) { continue; } - nxt_fs_unmount(mnt[i].dst); + nxt_fs_unmount(mnt[n].dst); } } |