Isolation: rootfs: Set the sticky bit on the tmp directory.

When using the 'rootfs' isolation option, by default a tmpfs filesystem
is mounted on tmp/. Currently this is mounted with a mode of 0777, i.e

  drwxrwxrwx.   3 root   root   60 Feb 22 11:56 tmp

however this should really have the sticky bit[0] set (as is per-normal for
such directories) to prevent users from having free reign on the files
contained within.

What we really want is it mounted with a mode of 01777, i.e

  drwxrwxrwt.   3 root   root   60 Feb 22 11:57 tmp

[0]: To quote inode(7)

 "The sticky bit (S_ISVTX) on a directory means that a file in that
  directory can be renamed or deleted only by the owner of the file, by
  the owner of the directory, and by a privileged process."

Reviewed-by: Liam Crilly <[email protected]>
Signed-off-by: Andrew Clayton <[email protected]>

Author: ac000

src/nxt_isolation.c

@@ -652,7 +652,7 @@ nxt_isolation_set_lang_mounts(nxt_task_t *task, nxt_process_t *process,
         mnt->flags = (NXT_FS_FLAGS_NOSUID
                       | NXT_FS_FLAGS_NODEV
                       | NXT_FS_FLAGS_NOEXEC);
-        mnt->data = (u_char *) "size=1m,mode=777";
+        mnt->data = (u_char *) "size=1m,mode=1777";
         mnt->builtin = 1;
         mnt->deps = 0;