Age | Commit message (Collapse) | Author | Files | Lines |
|
When using "credential: true", the new namespace starts with a completely
empty uid and gid ranges. Then, any setuid/setgid/setgroups calls using ids
not properly mapped with uidmap and gidmap fields return EINVAL, meaning
the id is not valid inside the new namespace.
|
|
This is related to #330 issue on GitHub.
|
|
There was a typo: nxt_queue_head() used instead of nxt_queue_first() in
connection iteration loop. This prevents idle connection close on quit.
This closes #334 issue on GitHub.
Thanks to 洪志道 (Hong Zhi Dao).
|
|
Thanks to tonyafanasyev.
This is related to #331 issue on GitHub.
|
|
This patch closes #328 in github.
|
|
|
|
|
|
|
|
|
|
Also changed order of subprocess status checks.
_terminate_process() method removed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Docker images now accept shell scripts, json files and certificate chain
bundles to provide configuration on a container start by placing them
into /docker-entrypoint.d/ directory.
|
|
Also the error page markup is now valid according to HTML5 specification.
All optional tags were omitted.
|
|
Currently almost all Unit object files depends on generated nxt_version.h.
This patch adds missing dependence and fixes running make with multiple
jobs.
This closes #318 issue on GitHub.
|
|
Header names and values are stored 0-terminated for ease of use in different
languages, so magic number 2 should be added to each name-value pair size.
|
|
|
|
This field was intended for MIME type lookup by file extension when serving
static files, but this use case is too narrow; only a fraction of requests
targets static content, and the URI presumably isn't rewritten. Moreover,
current implementation uses the entire filename for MIME type lookup if the
file has no extension.
Instead of extracting filenames and extensions when parsing requests, it's
easier to obtain them right before serving static content; this behavior is
already implemented. Thus, we can drop excessive logic from parser.
|
|
Earlier, the paths were normalized only if there was a "/" at the end, which
is wrong according to section 5.2.4 of RFC 3986 and hypothetically may allow
to the directory above the document root.
|
|
Before this fix EWOULDBLOCK error was fatal for SSL write operation.
This closes #325 issue on GitHub.
|
|
When Unit starts, the main process waits for module discovery message for a
while. If a QUIT signal arrives at this time, the router and controller
processes created by main and Unit stay running. Also, the main process
doesn't stop them after the second QUIT signal is received in this case.
|
|
|
|
The leak has been introduced in 325b315e48c4.
This closes #322 issue in GitHub.
|
|
This closes #319 issue on GitHub.
|
|
|
|
This fixes the following issues:
- inability to stop unit daemon
- default configuration from /etc/default/unit are not propagated to the daemon
|
|
While here, made logrotate configuration consistent between rpm and deb.
This closes #323 issue on GitHub.
|
|
|
|
The <sched.h> is already included by nxt_unix.h.
This closes #314 PR on GitHub.
|
|
Found by Coverity (CID 349485).
|
|
Found by Coverity (CID 349484).
|
|
It's now similar to how attempts to access other non-regular files are handled.
|
|
Fixes segfaults with PHP 7.4.
|
|
Found by Coverity (CID 349483).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Found by Coverity (CID 349456).
|
|
This closes #312 issue on GitHub.
|
|
One small step to Go modules support.
|
|
Each request references the router process structure that owns all memory
maps. The process structure has a reference counter; each request increases
the counter to lock the structure in memory until request processing ends.
Incoming and outgoing buffers reference memory maps that the process owns,
so the process structure should be released only when all buffers are
released to avoid invalid memory access and a crash.
This describes the libunit library mechanism used for application processes.
The background of this issue is as follows:
The issue was found on buildbot when the router crashed during Java
websocket tests. The Java application receives a notification from the
master process; when the notification is processed, libunit deletes the
process structure from its process hash and decrements the use counter;
however, active websocket connections maintain their use counts on the
process structure. After that, when the master process is stopping the
application, libunit releases active websocket connections. At this point,
it's important to release the connections' memory buffers before the
corresponding process structure and all shared memory segments are released.
|
|
To pass Go object references to C and back we use hack with casting to
unsafe and then to uintptr. However, we should not store such references
because Go not guaratnee it will be available by the same address.
Introducing map with integer key helps to avoid dereference stored address.
This closes #253 and #309 issues on GitHub.
|