summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/nxt_conf.c7
-rw-r--r--src/nxt_conf.h1
-rw-r--r--src/nxt_main_process.c6
-rw-r--r--test/test_go_isolation.py32
4 files changed, 42 insertions, 4 deletions
diff --git a/src/nxt_conf.c b/src/nxt_conf.c
index 59eddd77..43820d2a 100644
--- a/src/nxt_conf.c
+++ b/src/nxt_conf.c
@@ -228,6 +228,13 @@ nxt_conf_get_integer(nxt_conf_value_t *value)
}
+uint8_t
+nxt_conf_get_boolean(nxt_conf_value_t *value)
+{
+ return value->u.boolean;
+}
+
+
nxt_uint_t
nxt_conf_object_members_count(nxt_conf_value_t *value)
{
diff --git a/src/nxt_conf.h b/src/nxt_conf.h
index 725a6c95..66201fee 100644
--- a/src/nxt_conf.h
+++ b/src/nxt_conf.h
@@ -115,6 +115,7 @@ NXT_EXPORT void nxt_conf_set_string(nxt_conf_value_t *value, nxt_str_t *str);
NXT_EXPORT nxt_int_t nxt_conf_set_string_dup(nxt_conf_value_t *value,
nxt_mp_t *mp, nxt_str_t *str);
NXT_EXPORT int64_t nxt_conf_get_integer(nxt_conf_value_t *value);
+NXT_EXPORT uint8_t nxt_conf_get_boolean(nxt_conf_value_t *value);
// FIXME reimplement and reorder functions below
nxt_uint_t nxt_conf_object_members_count(nxt_conf_value_t *value);
diff --git a/src/nxt_main_process.c b/src/nxt_main_process.c
index 84f6e2a2..4e55dcfa 100644
--- a/src/nxt_main_process.c
+++ b/src/nxt_main_process.c
@@ -1600,11 +1600,9 @@ nxt_init_set_ns(nxt_task_t *task, nxt_process_init_t *init,
return NXT_ERROR;
}
- if (nxt_conf_get_integer(value) == 0) {
- continue; /* process shares everything by default */
+ if (nxt_conf_get_boolean(value)) {
+ init->isolation.clone.flags |= flag;
}
-
- init->isolation.clone.flags |= flag;
}
return NXT_OK;
diff --git a/test/test_go_isolation.py b/test/test_go_isolation.py
index 780c2b03..ee5ddf47 100644
--- a/test/test_go_isolation.py
+++ b/test/test_go_isolation.py
@@ -130,6 +130,38 @@ class TestGoIsolation(TestApplicationGo):
self.assertEqual(obj['PID'], 1, 'pid of container is 1')
+ def test_isolation_namespace_false(self):
+ self.load('ns_inspect')
+ allns = list(self.available['features']['isolation'].keys())
+
+ remove_list = ['unprivileged_userns_clone', 'ipc', 'cgroup']
+ allns = [ns for ns in allns if ns not in remove_list]
+
+ namespaces = {}
+ for ns in allns:
+ if ns == 'user':
+ namespaces['credential'] = False
+ elif ns == 'mnt':
+ namespaces['mount'] = False
+ elif ns == 'net':
+ namespaces['network'] = False
+ elif ns == 'uts':
+ namespaces['uname'] = False
+ else:
+ namespaces[ns] = False
+
+ self.conf_isolation({"namespaces": namespaces})
+
+ obj = self.isolation.parsejson(self.get()['body'])
+
+ for ns in allns:
+ if ns.upper() in obj['NS']:
+ self.assertEqual(
+ obj['NS'][ns.upper()],
+ self.available['features']['isolation'][ns],
+ '%s match' % ns,
+ )
+
if __name__ == '__main__':
TestGoIsolation.main()