diff options
author | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-05-28 14:57:41 +0100 |
---|---|---|
committer | Tiago Natel de Moura <t.nateldemoura@f5.com> | 2020-05-28 14:57:41 +0100 |
commit | e2b53e16c60ba1e3bbbe59172c184e97f889326b (patch) | |
tree | f2bda4ea966657fc52189d154e1d6afcb767973f /src/nxt_process.h | |
parent | e9e5ddd5a5d9ce99768833137eac2551a710becf (diff) | |
download | unit-e2b53e16c60ba1e3bbbe59172c184e97f889326b.tar.gz unit-e2b53e16c60ba1e3bbbe59172c184e97f889326b.tar.bz2 |
Added "rootfs" feature.
Diffstat (limited to '')
-rw-r--r-- | src/nxt_process.h | 53 |
1 files changed, 34 insertions, 19 deletions
diff --git a/src/nxt_process.h b/src/nxt_process.h index 45bab25e..d3311722 100644 --- a/src/nxt_process.h +++ b/src/nxt_process.h @@ -69,33 +69,42 @@ typedef struct { nxt_port_mmap_t *elts; } nxt_port_mmaps_t; +typedef struct { + u_char *rootfs; + nxt_array_t *mounts; /* of nxt_mount_t */ + +#if (NXT_HAVE_CLONE) + nxt_clone_t clone; +#endif + +#if (NXT_HAVE_PR_SET_NO_NEW_PRIVS) + uint8_t new_privs; /* 1 bit */ +#endif +} nxt_process_isolation_t; + typedef struct { - nxt_pid_t pid; - const char *name; - nxt_queue_t ports; /* of nxt_port_t */ - nxt_process_state_t state; - nxt_bool_t registered; - nxt_int_t use_count; + nxt_pid_t pid; + const char *name; + nxt_queue_t ports; /* of nxt_port_t */ + nxt_process_state_t state; + nxt_bool_t registered; + nxt_int_t use_count; - nxt_port_mmaps_t incoming; - nxt_port_mmaps_t outgoing; + nxt_port_mmaps_t incoming; + nxt_port_mmaps_t outgoing; - nxt_thread_mutex_t cp_mutex; - nxt_lvlhsh_t connected_ports; /* of nxt_port_t */ + nxt_thread_mutex_t cp_mutex; + nxt_lvlhsh_t connected_ports; /* of nxt_port_t */ - uint32_t stream; + uint32_t stream; - nxt_mp_t *mem_pool; - nxt_credential_t *user_cred; + nxt_mp_t *mem_pool; + nxt_credential_t *user_cred; - nxt_process_data_t data; + nxt_process_data_t data; - union { -#if (NXT_HAVE_CLONE) - nxt_clone_t clone; -#endif - } isolation; + nxt_process_isolation_t isolation; } nxt_process_t; @@ -184,6 +193,12 @@ nxt_int_t nxt_process_vldt_isolation_creds(nxt_task_t *task, nxt_process_t *process); #endif +nxt_int_t nxt_process_change_root(nxt_task_t *task, nxt_process_t *process); + +#if (NXT_HAVE_ISOLATION_ROOTFS) +void nxt_process_unmount_all(nxt_task_t *task, nxt_process_t *process); +#endif + #if (NXT_HAVE_SETPROCTITLE) #define nxt_process_title(task, fmt, ...) \ |