From e2b53e16c60ba1e3bbbe59172c184e97f889326b Mon Sep 17 00:00:00 2001
From: Tiago Natel de Moura <t.nateldemoura@f5.com>
Date: Thu, 28 May 2020 14:57:41 +0100
Subject: Added "rootfs" feature.

---
 src/nxt_capability.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/nxt_capability.c')

diff --git a/src/nxt_capability.c b/src/nxt_capability.c
index dfa7a834..24fd55d0 100644
--- a/src/nxt_capability.c
+++ b/src/nxt_capability.c
@@ -39,6 +39,7 @@ nxt_capability_set(nxt_task_t *task, nxt_capabilities_t *cap)
 
     if (geteuid() == 0) {
         cap->setid = 1;
+        cap->chroot = 1;
         return NXT_OK;
     }
 
@@ -91,6 +92,10 @@ nxt_capability_specific_set(nxt_task_t *task, nxt_capabilities_t *cap)
         return NXT_ERROR;
     }
 
+    if ((val->effective & (1 << CAP_SYS_CHROOT)) != 0) {
+        cap->chroot = 1;
+    }
+
     if ((val->effective & (1 << CAP_SETUID)) == 0) {
         return NXT_OK;
     }
-- 
cgit