From c554941b4f826d83d92d5ca8d7713bea4167896e Mon Sep 17 00:00:00 2001
From: Tiago de Bem Natel de Moura <t.nateldemoura@f5.com>
Date: Thu, 19 Sep 2019 15:25:23 +0300
Subject: Initial applications isolation support using Linux namespaces.

---
 auto/isolation | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 auto/isolation

(limited to 'auto/isolation')

diff --git a/auto/isolation b/auto/isolation
new file mode 100644
index 00000000..c26a4991
--- /dev/null
+++ b/auto/isolation
@@ -0,0 +1,52 @@
+# Copyright (C) Igor Sysoev
+# Copyright (C) NGINX, Inc.
+
+# Linux clone syscall.
+
+NXT_ISOLATION=NO
+NXT_HAVE_CLONE=NO
+
+nsflags="USER NS PID NET UTS CGROUP"
+
+nxt_feature="clone(2)"
+nxt_feature_name=NXT_HAVE_CLONE
+nxt_feature_run=no
+nxt_feature_incs=
+nxt_feature_libs=
+nxt_feature_test="#include <sys/wait.h>
+                  #include <sys/syscall.h>
+
+                  int main() {
+                      return __NR_clone | SIGCHLD;
+                  }"
+. auto/feature
+
+if [ $nxt_found = yes ]; then
+    NXT_HAVE_CLONE=YES
+
+    # Test all isolation flags
+    for flag in $nsflags; do
+        nxt_feature="CLONE_NEW${flag}"
+        nxt_feature_name=NXT_HAVE_CLONE_NEW${flag}
+        nxt_feature_run=no
+        nxt_feature_incs=
+        nxt_feature_libs=
+        nxt_feature_test="#define _GNU_SOURCE
+                          #include <sys/wait.h>
+                          #include <sys/syscall.h>
+                          #include <sched.h>
+
+                          int main() {
+                              return CLONE_NEW$flag;
+                         }"
+        . auto/feature
+
+        if [ $nxt_found = yes ]; then
+            if [ "$NXT_ISOLATION" = "NO" ]; then
+                NXT_ISOLATION=$flag
+            else
+                NXT_ISOLATION="$NXT_ISOLATION $flag"
+            fi
+        fi
+    done
+fi
-- 
cgit