summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_process.c (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2019-12-06Isolation: allowed the use of credentials with unpriv userns.Tiago Natel1-6/+26
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has the full set of capabilities in the new namespace, then we can allow setting "user" and "group" in such cases (this is a common security use case). Tests were added to ensure user gets meaningful error messages for uid/gid mapping misconfigurations.
2019-12-06Moved credential-related code to nxt_credential.c.Tiago Natel1-334/+1
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone structures.
2019-11-26Refactor of process init.Tiago Natel1-12/+12
Introduces the functions nxt_process_init_create() and nxt_process_init_creds_set().
2019-11-26Changed the group listing to run unprivileged when possible.Tiago Natel1-30/+104
Now the nxt_user_groups_get() function uses getgrouplist(3) when available (except MacOS, see below). For some platforms, getgrouplist() supports a method of probing how much groups the user has but the behavior is not consistent. The method used here consists of optimistically trying to get up to min(256, NGROUPS_MAX) groups; only if ngroups returned exceeds the original value, we do a second call. This method can block main's process if LDAP/NDIS+ is in use. MacOS has getgrouplist(3) but it's buggy. It doesn't update ngroups if the value passed is smaller than the number of groups the user has. Some projects (like Go stdlib) call getgrouplist() in a loop, increasing ngroups until it exceeds the number of groups user belongs to or fail when a limit is reached. For performance reasons, this is to be avoided and MacOS is handled in the fallback implementation. The fallback implementation is the old Unit approach. It saves main's user groups (getgroups(2)) and then calls initgroups(3) to load application's groups in main, then does a second getgroups(2) to store the gids and restore main's groups in the end. Because of initgroups(3)' call to setgroups(2), this method requires root capabilities. In the case of OSX, which has small NGROUPS_MAX by default (16), it's not possible to restore main's groups if it's large; if so, this method fallbacks again: user_cred gids aren't stored, and the worker process calls initgroups() itself and may block for some time if LDAP/NDIS+ is in use.
2019-10-29Process port refactoring.Hong Zhi Dao1-0/+11
- Introduced nxt_runtime_process_port_create(). - Moved nxt_process_use() into nxt_process.c from nxt_runtime.c. - Renamed nxt_runtime_process_remove_pid() as nxt_runtime_process_remove(). - Some public functions transformed to static. This closes #327 issue on GitHub.
2019-10-28Added clone syscall check for uid/gid mapping.Tiago Natel1-1/+1
Now it's possible to pass -DNXT_HAVE_CLONE=0 for debugging.
2019-10-22Improved error logging when uid/gid map is not properly set.Tiago Natel1-2/+30
When using "credential: true", the new namespace starts with a completely empty uid and gid ranges. Then, any setuid/setgid/setgroups calls using ids not properly mapped with uidmap and gidmap fields return EINVAL, meaning the id is not valid inside the new namespace.
2019-09-26Refactored nxt_process_create() for more explicit pipe closing.Valentin Bartenev1-40/+29
2019-09-26Fixed descriptors leak on process creation.Valentin Bartenev1-0/+12
The leak has been introduced in 325b315e48c4. This closes #322 issue in GitHub.
2019-09-19Initial applications isolation support using Linux namespaces.Tiago de Bem Natel de Moura1-62/+189
2019-03-22Ignoring EPERM error when changing application process uid/gid.Max Romanov1-16/+33
This closes #228 issue on GitHub.
2018-09-19Initializing user_cred gids and ngroups for MacOS.Max Romanov1-0/+4
2018-09-07Misspelled variable names fixed.Max Romanov1-3/+3
2018-06-18Removing Unix control socket on start failure.Igor Sysoev1-3/+1
The bug had appeared in 5cc5002a788e when process type has been converted to bitmask. This commit reverts the type back to a number. This commit is related to #131 issue on GitHub.
2018-06-18Removed unused single process type.Igor Sysoev1-12/+10
2018-03-05Reduced number of critical log levels.Valentin Bartenev1-37/+26
2018-01-24Fixed formatting in nxt_sprintf() and logging.Sergey Kandaurov1-1/+1
2017-11-20Fixing Coverity warnings.Max Romanov1-0/+6
CID 200496 CID 200494 CID 200490 CID 200489 CID 200483 CID 200482 CID 200472 CID 200465
2017-10-19Filtering process to keep connection.Max Romanov1-6/+43
- Main process should be connected to all other processes. - Controller should be connected to Router. - Router should be connected to Controller and all Workers. - Workers should be connected to Router worker thread ports only. This filtering helps to avoid unnecessary communication and various errors during massive application workers stop / restart.
2017-10-19Supporting concurrent shared memory fd receive in router.Max Romanov1-2/+2
Two different router threads may send different requests to single application worker. In this case shared memory fds from worker to router will be send over 2 different router ports. These fds will be received and processed by different threads in any order. This patch made possible to add incoming shared memory segments in arbitrary order. Additionally, array and memory pool are no longer used to store segments because of pool's single threaded nature. Custom array-like structure nxt_port_mmaps_t introduced.
2017-10-04Introducing process use counter.Max Romanov1-16/+19
This helps to decouple process removal from port memory pool cleanups.
2017-10-04Introducing use counters for port and app. Thread safe port write.Max Romanov1-7/+5
Use counter helps to simplify logic around port and application free. Port 'post' function introduced to simplify post execution of particular function to original port engine's thread. Write message queue is protected by mutex which makes port write operation thread safe.
2017-10-04Removing mem_pool from port_hash interface.Max Romanov1-13/+2
Memory pool is not used by port_hash and it was a mistake to pass it into 'add' and 'remove' functions. port_hash enrties are allocated from heap.
2017-09-15Introducing named port message handlers to avoid misprints.Max Romanov1-1/+1
2017-09-06Style fixes.Igor Sysoev1-0/+1
2017-08-31nginext has been renamed to unit.Igor Sysoev1-1/+1
2017-08-29The master process has been renamed to the main process.Igor Sysoev1-9/+9
2017-08-26Added configure option --user=USER and --group=GROUP.Igor Sysoev1-5/+25
2017-08-02Runtime processes protected with mutex.Max Romanov1-1/+1
2017-07-18Work queue thread assertions. Reset thread after fork.Max Romanov1-0/+2
2017-07-18Mem pool cleanup introduced.Max Romanov1-1/+21
Used for connection mem pool cleanup, which can be used by buffers. Used for port mem pool to safely destroy linked process.
2017-07-18Port allocation and destroy changed. Worker process stop introduced.Max Romanov1-23/+4
2017-07-12New process port exchange changed. READY message type introduced.Max Romanov1-33/+99
Application process start request DATA message from router to master. Master notifies router via NEW_PORT message after worker process become ready.
2017-07-10Introducing thread-safe nxt_random().Igor Sysoev1-2/+3
2017-07-07Process stop notification from master to all other processes.Max Romanov1-1/+3
New port message type introduced NXT_PORT_MSG_REMOVE_PID. Default handler removes process description from nxt_runtime_t with all ports, incoming and outgoing mmaps etc.
2017-06-23Added basic HTTP request processing in router.Max Romanov1-0/+26
- request to connection mapping in engine; - requests queue in connection; - engine port creation; - connected ports hash for each process; - engine port data messages processing (app responses);
2017-06-23nxt_process_create() changed to add process to runtime before callbacks.Max Romanov1-5/+19
2017-06-23nxt_port_create() use task instead of thread.Max Romanov1-1/+2
Write socket close() call moved out from nxt_port_create().
2017-06-20Using new memory pool implementation.Igor Sysoev1-1/+1
2017-05-12Using shared memory to send data via nxt_port.Max Romanov1-0/+19
Usage: b = nxt_port_mmap_get_buf(task, port, size); b->mem.free = nxt_cpymem(b->mem.free, data, size); nxt_port_socket_write(task, port, NXT_PORT_MSG_DATA, -1, 0, b);
2017-03-09Processes refactoring.Igor Sysoev1-55/+127
The cycle has been renamed to the runtime.