diff options
Diffstat (limited to '')
-rw-r--r-- | src/nxt_conf.c | 7 | ||||
-rw-r--r-- | src/nxt_conf.h | 1 | ||||
-rw-r--r-- | src/nxt_main_process.c | 6 | ||||
-rw-r--r-- | test/test_go_isolation.py | 32 |
4 files changed, 42 insertions, 4 deletions
diff --git a/src/nxt_conf.c b/src/nxt_conf.c index 59eddd77..43820d2a 100644 --- a/src/nxt_conf.c +++ b/src/nxt_conf.c @@ -228,6 +228,13 @@ nxt_conf_get_integer(nxt_conf_value_t *value) } +uint8_t +nxt_conf_get_boolean(nxt_conf_value_t *value) +{ + return value->u.boolean; +} + + nxt_uint_t nxt_conf_object_members_count(nxt_conf_value_t *value) { diff --git a/src/nxt_conf.h b/src/nxt_conf.h index 725a6c95..66201fee 100644 --- a/src/nxt_conf.h +++ b/src/nxt_conf.h @@ -115,6 +115,7 @@ NXT_EXPORT void nxt_conf_set_string(nxt_conf_value_t *value, nxt_str_t *str); NXT_EXPORT nxt_int_t nxt_conf_set_string_dup(nxt_conf_value_t *value, nxt_mp_t *mp, nxt_str_t *str); NXT_EXPORT int64_t nxt_conf_get_integer(nxt_conf_value_t *value); +NXT_EXPORT uint8_t nxt_conf_get_boolean(nxt_conf_value_t *value); // FIXME reimplement and reorder functions below nxt_uint_t nxt_conf_object_members_count(nxt_conf_value_t *value); diff --git a/src/nxt_main_process.c b/src/nxt_main_process.c index 84f6e2a2..4e55dcfa 100644 --- a/src/nxt_main_process.c +++ b/src/nxt_main_process.c @@ -1600,11 +1600,9 @@ nxt_init_set_ns(nxt_task_t *task, nxt_process_init_t *init, return NXT_ERROR; } - if (nxt_conf_get_integer(value) == 0) { - continue; /* process shares everything by default */ + if (nxt_conf_get_boolean(value)) { + init->isolation.clone.flags |= flag; } - - init->isolation.clone.flags |= flag; } return NXT_OK; diff --git a/test/test_go_isolation.py b/test/test_go_isolation.py index 780c2b03..ee5ddf47 100644 --- a/test/test_go_isolation.py +++ b/test/test_go_isolation.py @@ -130,6 +130,38 @@ class TestGoIsolation(TestApplicationGo): self.assertEqual(obj['PID'], 1, 'pid of container is 1') + def test_isolation_namespace_false(self): + self.load('ns_inspect') + allns = list(self.available['features']['isolation'].keys()) + + remove_list = ['unprivileged_userns_clone', 'ipc', 'cgroup'] + allns = [ns for ns in allns if ns not in remove_list] + + namespaces = {} + for ns in allns: + if ns == 'user': + namespaces['credential'] = False + elif ns == 'mnt': + namespaces['mount'] = False + elif ns == 'net': + namespaces['network'] = False + elif ns == 'uts': + namespaces['uname'] = False + else: + namespaces[ns] = False + + self.conf_isolation({"namespaces": namespaces}) + + obj = self.isolation.parsejson(self.get()['body']) + + for ns in allns: + if ns.upper() in obj['NS']: + self.assertEqual( + obj['NS'][ns.upper()], + self.available['features']['isolation'][ns], + '%s match' % ns, + ) + if __name__ == '__main__': TestGoIsolation.main() |