summaryrefslogtreecommitdiffhomepage
path: root/src/nxt_process.h (follow)
AgeCommit message (Collapse)AuthorFilesLines
2022-12-10Isolation: wired up per-application cgroup support internally.Andrew Clayton1-0/+13
This commit hooks into the cgroup infrastructure added in the previous commit to create per-application cgroups. It does this by adding each "prototype process" into its own cgroup, then each child process inherits its parents cgroup. If we fail to create a cgroup we simply fail the process. This behaviour may get enhanced in the future. This won't actually do anything yet. Subsequent commits will hook this up to the build and config systems. Reviewed-by: Alejandro Colomar <alx@nginx.com> Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
2022-08-11Fixing isolated process PID manipulation.Max Romanov1-0/+2
Registering an isolated PID in the global PID hash is wrong because it can be duplicated. Isolated processes are stored only in the children list until the response for the WHOAMI message is processed and the global PID is discovered. To remove isolated siblings, a pointer to the children list is introduced in the nxt_process_init_t struct. This closes #633 issue on GitHub.
2022-07-18Replaced Linux syscall macros by libc macros.Alejandro Colomar1-1/+1
User-space programs should use the SYS_*form, as documented in syscall(2). That also adds compatibility to non-Linux systems.
2021-11-24Fixing alerts on router restart.Max Romanov1-3/+3
Splitting the process type connectivity matrix to 'keep ports' and 'send ports'; the 'keep ports' matrix is used to clean up unnecessary ports after forking a new process, and the 'send ports' matrix determines which process types expect to get created process ports. Unfortunately, the original single connectivity matrix no longer works because of an application stop delay caused by prototypes. Existing applications should not get the new router port at the moment.
2021-11-09Introducing application prototype processes.Tiago Natel de Moura1-2/+9
2021-11-09Changed nxt_process_* for reuse.Tiago Natel de Moura1-2/+4
This enables the reuse of process creation functions.
2021-01-28Removing unused mutex from nxt_process_t.Max Romanov1-2/+0
2020-11-16Isolation: added option to disable "procfs" mount.Tiago Natel de Moura1-0/+1
Now users can disable the default procfs mount point in the rootfs. { "isolation": { "automount": { "procfs": false } } }
2020-11-13Isolation: added option to disable tmpfs mount.Tiago Natel de Moura1-0/+1
Now users can disable the default tmpfs mount point in the rootfs. { "isolation": { "automount": { "tmpfs": false } } }
2020-10-29Isolation: mounting of procfs by default when using "rootfs".Tiago Natel de Moura1-1/+1
2020-08-25Isolation: added "automount" option.Tiago Natel de Moura1-5/+12
Now it's possible to disable default bind mounts of languages by setting: { "isolation": { "automount": { "language_deps": false } } } In this case, the user is responsible to provide a "rootfs" containing the language libraries and required files for the application.
2020-08-20Moved isolation related code to "nxt_isolation.c".Tiago Natel de Moura1-13/+7
2020-08-11Process structures refactoring in runtime and libunit.Max Romanov1-1/+0
Generic process-to-process shared memory exchange is no more required. Here, it is transformed into a router-to-application pattern. The outgoing shared memory segments collection is now the property of the application structure. The applications connect to the router only, and the process only needs to group the ports.
2020-08-11Changing router to application port exchange protocol.Max Romanov1-9/+0
The application process needs to request the port from the router instead of the latter pushing the port before sending a request to the application. This is required to simplify the communication between the router and the application and to prepare the router to use the application shared port and then the queue.
2020-05-28Added "rootfs" feature.Tiago Natel de Moura1-19/+34
2020-03-09Refactor of process management.Tiago Natel de Moura1-36/+101
The process abstraction has changed to: setup(task, process) start(task, process_data) prefork(task, process, mp) The prefork() occurs in the main process right before fork. The file src/nxt_main_process.c is completely free of process specific logic. The creation of a process now supports a PROCESS_CREATED state. The The setup() function of each process can set its state to either created or ready. If created, a MSG_PROCESS_CREATED is sent to main process, where external setup can be done (required for rootfs under container). The core processes (discovery, controller and router) doesn't need external setup, then they all proceeds to their start() function straight away. In the case of applications, the load of the module happens at the process setup() time and The module's init() function has changed to be the start() of the process. The module API has changed to: setup(task, process, conf) start(task, data) As a direct benefit of the PROCESS_CREATED message, the clone(2) of processes using pid namespaces now doesn't need to create a pipe to make the child block until parent setup uid/gid mappings nor it needs to receive the child pid.
2020-04-10Resolving a racing condition while adding ports on the app's side.Max Romanov1-1/+3
An earlier attempt (ad6265786871) to resolve this condition on the router's side added a new issue: the app could get a request before acquiring a port.
2020-04-06Fixing 'find & add' racing condition in connected ports hash.Max Romanov1-4/+2
Missing error log messages added.
2019-12-06Isolation: allowed the use of credentials with unpriv userns.Tiago Natel1-8/+10
The setuid/setgid syscalls requires root capabilities but if the kernel supports unprivileged user namespace then the child process has the full set of capabilities in the new namespace, then we can allow setting "user" and "group" in such cases (this is a common security use case). Tests were added to ensure user gets meaningful error messages for uid/gid mapping misconfigurations.
2019-12-06Moved credential-related code to nxt_credential.c.Tiago Natel1-14/+1
This is required to avoid include cycles, as some nxt_clone_* functions depend on the credential structures, but nxt_process depends on clone structures.
2019-11-26Refactor of process init.Tiago Natel1-14/+12
Introduces the functions nxt_process_init_create() and nxt_process_init_creds_set().
2019-10-29Process port refactoring.Hong Zhi Dao1-0/+2
- Introduced nxt_runtime_process_port_create(). - Moved nxt_process_use() into nxt_process.c from nxt_runtime.c. - Renamed nxt_runtime_process_remove_pid() as nxt_runtime_process_remove(). - Some public functions transformed to static. This closes #327 issue on GitHub.
2019-09-19Initial applications isolation support using Linux namespaces.Tiago de Bem Natel de Moura1-10/+21
2018-09-07Misspelled variable names fixed.Max Romanov1-2/+2
2017-10-19Fixed controller restarting.Valentin Bartenev1-1/+3
Previously, stored configuration wasn't reread on controller process restart, which resulted in segmentation fault.
2017-10-19Filtering process to keep connection.Max Romanov1-0/+6
- Main process should be connected to all other processes. - Controller should be connected to Router. - Router should be connected to Controller and all Workers. - Workers should be connected to Router worker thread ports only. This filtering helps to avoid unnecessary communication and various errors during massive application workers stop / restart.
2017-10-19Supporting concurrent shared memory fd receive in router.Max Romanov1-5/+13
Two different router threads may send different requests to single application worker. In this case shared memory fds from worker to router will be send over 2 different router ports. These fds will be received and processed by different threads in any order. This patch made possible to add incoming shared memory segments in arbitrary order. Additionally, array and memory pool are no longer used to store segments because of pool's single threaded nature. Custom array-like structure nxt_port_mmaps_t introduced.
2017-10-04Introducing process use counter.Max Romanov1-1/+2
This helps to decouple process removal from port memory pool cleanups.
2017-10-04Removing mem_pool from port_hash interface.Max Romanov1-1/+0
Memory pool is not used by port_hash and it was a mistake to pass it into 'add' and 'remove' functions. port_hash enrties are allocated from heap.
2017-09-15Introducing named port message handlers to avoid misprints.Max Romanov1-1/+1
2017-08-30Controller: waiting for router before start to accept connections.Valentin Bartenev1-0/+4
Previously, reconfiguration might fail right after the daemon start if the router process wasn't ready yet.
2017-08-29The process type enum exposed to go module.Max Romanov1-12/+0
2017-08-29The master process has been renamed to the main process.Igor Sysoev1-1/+1
2017-08-17The new module configuration interface.Igor Sysoev1-0/+1
Configuration and building example: ./configure ./configure python ./configure php ./configure go make all or ./configure make nginext ./configure python make python ./configure php make php ./configure go make go Modules configuration options and building examples: ./configure python --module=python2 --config=python2.7-config make python2 ./configure php --module=php7 --config=php7.0-config --lib-path=/usr/local/php7.0 make php7 ./configure go --go=go1.6 --go-path=${HOME}/go1.6 make go1.6
2017-08-02Runtime processes protected with mutex.Max Romanov1-0/+1
2017-07-18Mem pool cleanup introduced.Max Romanov1-1/+3
Used for connection mem pool cleanup, which can be used by buffers. Used for port mem pool to safely destroy linked process.
2017-07-18Port allocation and destroy changed. Worker process stop introduced.Max Romanov1-5/+1
2017-07-12New process port exchange changed. READY message type introduced.Max Romanov1-11/+17
Application process start request DATA message from router to master. Master notifies router via NEW_PORT message after worker process become ready.
2017-07-07Memory pool thread safety checks in DEBUG build and usage fixes.Max Romanov1-0/+2
2017-06-23Incoming and outgoing port_mmap arrays are protected with mutexes.Max Romanov1-2/+4
2017-06-23Added basic HTTP request processing in router.Max Romanov1-0/+12
- request to connection mapping in engine; - requests queue in connection; - engine port creation; - connected ports hash for each process; - engine port data messages processing (app responses);
2017-06-23nxt_process_create() changed to add process to runtime before callbacks.Max Romanov1-1/+1
2017-06-20Using new memory pool implementation.Igor Sysoev1-1/+1
2017-05-12Using shared memory to send data via nxt_port.Max Romanov1-1/+23
Usage: b = nxt_port_mmap_get_buf(task, port, size); b->mem.free = nxt_cpymem(b->mem.free, data, size); nxt_port_socket_write(task, port, NXT_PORT_MSG_DATA, -1, 0, b);
2017-03-09Processes refactoring.Igor Sysoev1-48/+64
The cycle has been renamed to the runtime.
2017-01-17Initial version.Igor Sysoev1-0/+87