Isolation: added option to disable tmpfs mount.

Now users can disable the default tmpfs mount point in the rootfs. { "isolation": { "automount": { "tmpfs": false } } }
2020-11-13 10:48:32 +00:00
parent d6829cc93b
commit 3837d28f9b
3 changed files with 35 additions and 21 deletions
--- a/src/nxt_conf_validation.c
+++ b/src/nxt_conf_validation.c
@@ -841,6 +841,9 @@ static nxt_conf_vldt_object_t  nxt_conf_vldt_app_automount_members[] = {
    {
        .name       = nxt_string("language_deps"),
        .type       = NXT_CONF_VLDT_BOOLEAN,
+    }, {
+        .name       = nxt_string("tmpfs"),
+        .type       = NXT_CONF_VLDT_BOOLEAN,
    },

    NXT_CONF_VLDT_END
--- a/src/nxt_isolation.c
+++ b/src/nxt_isolation.c
@@ -484,10 +484,12 @@ nxt_isolation_set_automount(nxt_task_t *task, nxt_conf_value_t *isolation,

    static nxt_str_t  automount_name = nxt_string("automount");
    static nxt_str_t  langdeps_name = nxt_string("language_deps");
+    static nxt_str_t  tmp_name = nxt_string("tmpfs");

    automount = &process->isolation.automount;

    automount->language_deps = 1;
+    automount->tmpfs = 1;

    conf = nxt_conf_get_object_member(isolation, &automount_name, NULL);
    if (conf != NULL) {
@@ -495,6 +497,11 @@ nxt_isolation_set_automount(nxt_task_t *task, nxt_conf_value_t *isolation,
        if (value != NULL) {
            automount->language_deps = nxt_conf_get_boolean(value);
        }
+
+        value = nxt_conf_get_object_member(conf, &tmp_name, NULL);
+        if (value != NULL) {
+            automount->tmpfs = nxt_conf_get_boolean(value);
+        }
    }

    return NXT_OK;
@@ -576,29 +583,32 @@ nxt_isolation_set_lang_mounts(nxt_task_t *task, nxt_process_t *process,
        *p = '\0';
    }

-    mnt = nxt_array_add(mounts);
-    if (nxt_slow_path(mnt == NULL)) {
-        return NXT_ERROR;
+    if (process->isolation.automount.tmpfs) {
+        mnt = nxt_array_add(mounts);
+        if (nxt_slow_path(mnt == NULL)) {
+            return NXT_ERROR;
+        }
+
+        mnt->src = (u_char *) "tmpfs";
+        mnt->name = (u_char *) "tmpfs";
+        mnt->type = NXT_FS_TMP;
+        mnt->flags = (NXT_FS_FLAGS_NOSUID
+                      | NXT_FS_FLAGS_NODEV
+                      | NXT_FS_FLAGS_NOEXEC);
+        mnt->data = (u_char *) "size=1m,mode=777";
+        mnt->builtin = 1;
+        mnt->deps = 0;
+
+        mnt->dst = nxt_mp_nget(mp, rootfs_len + nxt_length("/tmp") + 1);
+        if (nxt_slow_path(mnt->dst == NULL)) {
+            return NXT_ERROR;
+        }
+
+        p = nxt_cpymem(mnt->dst, rootfs, rootfs_len);
+        p = nxt_cpymem(p, "/tmp", 4);
+        *p = '\0';
    }

-    mnt->src = (u_char *) "tmpfs";
-    mnt->name = (u_char *) "tmpfs";
-    mnt->type = NXT_FS_TMP;
-    mnt->flags = (NXT_FS_FLAGS_NOSUID | NXT_FS_FLAGS_NODEV
-                  | NXT_FS_FLAGS_NOEXEC);
-    mnt->data = (u_char *) "size=1m,mode=777";
-    mnt->builtin = 1;
-    mnt->deps = 0;
-
-    mnt->dst = nxt_mp_nget(mp, rootfs_len + nxt_length("/tmp") + 1);
-    if (nxt_slow_path(mnt->dst == NULL)) {
-        return NXT_ERROR;
-    }
-
-    p = nxt_cpymem(mnt->dst, rootfs, rootfs_len);
-    p = nxt_cpymem(p, "/tmp", 4);
-    *p = '\0';
-
    mnt = nxt_array_add(mounts);
    if (nxt_slow_path(mnt == NULL)) {
        return NXT_ERROR;
--- a/src/nxt_process.h
+++ b/src/nxt_process.h
@@ -75,6 +75,7 @@ typedef struct {

 typedef struct {
    uint8_t             language_deps;      /* 1-bit */
+    uint8_t             tmpfs;              /* 1-bit */
 } nxt_process_automount_t;