technocloud-public/nginx-unit
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Isolation: Fix the enablement of PR_SET_NO_NEW_PRIVS.

Browse Source 
This prctl(2) option is checked for in auto/isolation, unfortunately due
to a typo this feature has never been enabled.

In the auto/isolation script the feature name was down as
NXT_HAVE_PR_SET_NO_NEW_PRIVS0, which means we end up with the following
in build/nxt_auto_config.h

  #ifndef NXT_HAVE_PR_SET_NO_NEW_PRIVS0
  #define NXT_HAVE_PR_SET_NO_NEW_PRIVS0  1
  #endif

Whereas everywhere else is checking for NXT_HAVE_PR_SET_NO_NEW_PRIVS.

This also guards the inclusion of sys/prctl.h in src/nxt_process.c which
is required by a subsequent commit.

Fixes: e2b53e1 ("Added "rootfs" feature.")
Reviewed-by: Alejandro Colomar <alx@nginx.com>
Signed-off-by: Andrew Clayton <a.clayton@nginx.com>
This commit is contained in:
Andrew Clayton
2022-11-25 10:32:20 +00:00
parent 1f37d8121a
commit 0277d8f103
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
auto/isolation
View File

@@ -90,7 +90,7 @@ nxt_feature_test="#include <mntent.h>
nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)" nxt_feature="prctl(PR_SET_NO_NEW_PRIVS)"
nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS0 nxt_feature_name=NXT_HAVE_PR_SET_NO_NEW_PRIVS
nxt_feature_run=no nxt_feature_run=no
nxt_feature_incs= nxt_feature_incs=
nxt_feature_libs= nxt_feature_libs=