Initial applications isolation support using Linux namespaces.

1 files changed, 21 insertions, 10 deletions

diff --git a/src/nxt_process.h b/src/nxt_process.h
index c6e19f97..df9ca038 100644
--- a/src/nxt_process.h
+++ b/src/nxt_process.h
@@ -7,6 +7,8 @@
 #ifndef _NXT_PROCESS_H_INCLUDED_
 #define _NXT_PROCESS_H_INCLUDED_
 
+#include <nxt_conf.h>
+
 
 typedef pid_t            nxt_pid_t;
 typedef uid_t            nxt_uid_t;
@@ -21,26 +23,35 @@ typedef struct {
     nxt_gid_t            *gids;
 } nxt_user_cred_t;
 
+typedef struct {
+    nxt_int_t            flags;
+    nxt_conf_value_t     *uidmap;
+    nxt_conf_value_t     *gidmap;
+} nxt_process_clone_t;
+
 typedef struct nxt_process_init_s  nxt_process_init_t;
 typedef nxt_int_t (*nxt_process_start_t)(nxt_task_t *task, void *data);
 typedef nxt_int_t (*nxt_process_restart_t)(nxt_task_t *task, nxt_runtime_t *rt,
     nxt_process_init_t *init);
 
-
 struct nxt_process_init_s {
-    nxt_process_start_t    start;
-    const char             *name;
-    nxt_user_cred_t        *user_cred;
+    nxt_process_start_t      start;
+    const char               *name;
+    nxt_user_cred_t          *user_cred;
+
+    nxt_port_handlers_t      *port_handlers;
+    const nxt_sig_event_t    *signals;
 
-    nxt_port_handlers_t    *port_handlers;
-    const nxt_sig_event_t  *signals;
+    nxt_process_type_t       type;
 
-    nxt_process_type_t     type;
+    void                     *data;
+    uint32_t                 stream;
 
-    void                   *data;
-    uint32_t               stream;
+    nxt_process_restart_t    restart;
 
-    nxt_process_restart_t  restart;
+    union {
+        nxt_process_clone_t  clone;
+    } isolation;
 };