Fixed passing false in namespace flags.

This patch closes #328 in github.
2019-10-11 10:00:06 +00:00
parent 09e7357b08
commit 0beb8ea5e1
4 changed files with 42 additions and 4 deletions
--- a/src/nxt_conf.c
+++ b/src/nxt_conf.c
@@ -228,6 +228,13 @@ nxt_conf_get_integer(nxt_conf_value_t *value)
 }


+uint8_t
+nxt_conf_get_boolean(nxt_conf_value_t *value)
+{
+    return value->u.boolean;
+}
+
+
 nxt_uint_t
 nxt_conf_object_members_count(nxt_conf_value_t *value)
 {
--- a/src/nxt_conf.h
+++ b/src/nxt_conf.h
@@ -115,6 +115,7 @@ NXT_EXPORT void nxt_conf_set_string(nxt_conf_value_t *value, nxt_str_t *str);
 NXT_EXPORT nxt_int_t nxt_conf_set_string_dup(nxt_conf_value_t *value,
    nxt_mp_t *mp, nxt_str_t *str);
 NXT_EXPORT int64_t nxt_conf_get_integer(nxt_conf_value_t *value);
+NXT_EXPORT uint8_t nxt_conf_get_boolean(nxt_conf_value_t *value);

 // FIXME reimplement and reorder functions below
 nxt_uint_t nxt_conf_object_members_count(nxt_conf_value_t *value);
--- a/src/nxt_main_process.c
+++ b/src/nxt_main_process.c
@@ -1600,11 +1600,9 @@ nxt_init_set_ns(nxt_task_t *task, nxt_process_init_t *init,
            return NXT_ERROR;
        }

-        if (nxt_conf_get_integer(value) == 0) {
-            continue;  /* process shares everything by default */
+        if (nxt_conf_get_boolean(value)) {
+            init->isolation.clone.flags |= flag;
        }
-
-        init->isolation.clone.flags |= flag;
    }

    return NXT_OK;
--- a/test/test_go_isolation.py
+++ b/test/test_go_isolation.py
@@ -130,6 +130,38 @@ class TestGoIsolation(TestApplicationGo):

        self.assertEqual(obj['PID'], 1, 'pid of container is 1')

+    def test_isolation_namespace_false(self):
+        self.load('ns_inspect')
+        allns = list(self.available['features']['isolation'].keys())
+
+        remove_list = ['unprivileged_userns_clone', 'ipc', 'cgroup']
+        allns = [ns for ns in allns if ns not in remove_list]
+
+        namespaces = {}
+        for ns in allns:
+            if ns == 'user':
+                namespaces['credential'] = False
+            elif ns == 'mnt':
+                namespaces['mount'] = False
+            elif ns == 'net':
+                namespaces['network'] = False
+            elif ns == 'uts':
+                namespaces['uname'] = False
+            else:
+                namespaces[ns] = False
+
+        self.conf_isolation({"namespaces": namespaces})
+
+        obj = self.isolation.parsejson(self.get()['body'])
+
+        for ns in allns:
+            if ns.upper() in obj['NS']:
+                self.assertEqual(
+                    obj['NS'][ns.upper()],
+                    self.available['features']['isolation'][ns],
+                    '%s match' % ns,
+                )
+

 if __name__ == '__main__':
    TestGoIsolation.main()