| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
The setuid/setgid syscalls requires root capabilities but if the kernel
supports unprivileged user namespace then the child process has the full
set of capabilities in the new namespace, then we can allow setting "user"
and "group" in such cases (this is a common security use case).
Tests were added to ensure user gets meaningful error messages for
uid/gid mapping misconfigurations.
|
|
This is required to avoid include cycles, as some nxt_clone_* functions
depend on the credential structures, but nxt_process depends on clone
structures.
|
|
Introduces the functions nxt_process_init_create() and
nxt_process_init_creds_set().
|
|
- Introduced nxt_runtime_process_port_create().
- Moved nxt_process_use() into nxt_process.c from nxt_runtime.c.
- Renamed nxt_runtime_process_remove_pid() as nxt_runtime_process_remove().
- Some public functions transformed to static.
This closes #327 issue on GitHub.
|
|
This avoids memory leak reports from the address sanitizer.
|
|
This patch closes #328 in github.
|
|
|
|
When Unit starts, the main process waits for module discovery message for a
while. If a QUIT signal arrives at this time, the router and controller
processes created by main and Unit stay running. Also, the main process
doesn't stop them after the second QUIT signal is received in this case.
|
|
The <sched.h> is already included by nxt_unix.h.
This closes #314 PR on GitHub.
|
|
Found by Coverity (CID 349485).
|
|
|
|
This closes #312 issue on GitHub.
|
|
|
|
|
|
|
|
This is related to issue #198 on GitHub.
|
|
There's nothing specific to Go language. This type of application object can
be used to run any external application that utilizes libunit API.
|
|
Router requests application start by sending port message with application
parameters to master. In response router gets application port. Stream id
used to link request and response. If application process terminates
unexpectedly (e.g. before ready state), it is required to notify router about
application start failure. For this purpose stream id is stored in process
initialization parameters.
Stream id sequentially incremented and starts from 1 in case of router
resurrection. New router application start stream id may coincide with
stream id of currently running/terminating application processes. In such
cases router may receive REMOVE_PID message with same stream id as used in
application start request and mistakenly reports application start failure.
This commit tries to avoid such errors by resetting stream for processes in
ready state.
|
|
|
|
|
|
Unit master process restarts the router if the router accidentally dies.
New router process receives the configuration from controller and starts
configured applications. The information of running applications cannot
be transferred to router because currently there is no persistent application
identifier. To avoid orphan application processes started by died router,
master process stops all currently running applications once it receives
SIGCHLD for router process.
|
|
This and previous commit close #131 issue on GitHub.
|
|
The bug had appeared in 5cc5002a788e when process type has been
converted to bitmask. This commit reverts the type back to a number.
This commit is related to #131 issue on GitHub.
|
|
|
|
This closes #110 issue on GitHub.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Previously, the discovery process might exit before the main process
received a list of available modules.
|
|
Avoiding word 'common' as too common.
Couple of assertions reduced to error messages.
|
|
The "type" option can contain version number that need to be cut off before
calling nxt_app_parse_type().
The bug was introduced in 4979fe09d9cd.
|
|
Found by Coverity (CID 260375).
|
|
|
|
- Pre-fork 'processes.spare' application processes;
- fork more processes to keep 'processes.spare' idle processes;
- fork on-demand up to 'processes.max' count;
- scale down idle application processes above 'processes.spare' after
'processes.idle_timeout';
- number of concurrently started application processes also limited by
'processes.spare' (or 1, if spare is 0).
|
|
|
|
|
|
This is required to run phpMyAdmin.
|
|
|
|
New parameter 'home' for python application allows to configure
application-specific virtualenv path.
This closes #15 issue on GitHub.
|
|
CID 200496
CID 200494
CID 200490
CID 200489
CID 200483
CID 200482
CID 200472
CID 200465
|
|
Previously, stored configuration wasn't reread on controller
process restart, which resulted in segmentation fault.
|
|
- Main process should be connected to all other processes.
- Controller should be connected to Router.
- Router should be connected to Controller and all Workers.
- Workers should be connected to Router worker thread ports only.
This filtering helps to avoid unnecessary communication and various errors
during massive application workers stop / restart.
|
|
|
|
|
|
- Each sendmsg() transmits no more than port->max_size payload data.
- Longer buffers are fragmented and send using multiple sendmsg() calls.
- On receive side, buffers are connected in chain.
- Number of handler calls is the same as number of nxt_port_socket_write()
calls.
- nxt_buf_make_plain() function introduced to make single plain buffer from
the chain.
|
