Skip to content

Commit b7f1d72

Browse files
committed
Isolation: Rename NXT_HAVE_CLONE -> NXT_HAVE_LINUX_NS.
Due to the need to replace our use of clone/__NR_clone on Linux with fork(2)/unshare(2) for enabling Linux namespaces(7) to keep the pthreads(7) API working. Let's rename NXT_HAVE_CLONE to NXT_HAVE_LINUX_NS, i.e name it after the feature, not how it's implemented, then in future if we change how we do namespaces again we don't have to rename this. Reviewed-by: Alejandro Colomar <[email protected]> Signed-off-by: Andrew Clayton <[email protected]>
1 parent 0277d8f commit b7f1d72

File tree

8 files changed

+25
-25
lines changed

8 files changed

+25
-25
lines changed

auto/isolation

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,29 +4,29 @@
44
# Linux clone syscall.
55

66
NXT_ISOLATION=NO
7-
NXT_HAVE_CLONE=NO
7+
NXT_HAVE_LINUX_NS=NO
88
NXT_HAVE_CLONE_NEWUSER=NO
99
NXT_HAVE_MOUNT=NO
1010
NXT_HAVE_UNMOUNT=NO
1111
NXT_HAVE_ROOTFS=NO
1212

1313
nsflags="USER NS PID NET UTS CGROUP"
1414

15-
nxt_feature="clone(2)"
16-
nxt_feature_name=NXT_HAVE_CLONE
15+
nxt_feature="Linux unshare()"
16+
nxt_feature_name=NXT_HAVE_LINUX_NS
1717
nxt_feature_run=no
1818
nxt_feature_incs=
1919
nxt_feature_libs=
20-
nxt_feature_test="#include <sys/wait.h>
21-
#include <sys/syscall.h>
20+
nxt_feature_test="#define _GNU_SOURCE
21+
#include <sched.h>
2222

2323
int main(void) {
24-
return SYS_clone | SIGCHLD;
24+
return unshare(0);
2525
}"
2626
. auto/feature
2727

2828
if [ $nxt_found = yes ]; then
29-
NXT_HAVE_CLONE=YES
29+
NXT_HAVE_LINUX_NS=YES
3030

3131
# Test all isolation flags
3232
for flag in $nsflags; do

auto/sources

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -299,7 +299,7 @@ if [ "$NXT_HAVE_HPUX_SENDFILE" = "YES" \
299299
fi
300300

301301

302-
if [ "$NXT_HAVE_CLONE" = "YES" ]; then
302+
if [ "$NXT_HAVE_LINUX_NS" = "YES" ]; then
303303
NXT_LIB_SRCS="$NXT_LIB_SRCS $NXT_LIB_CLONE_SRCS"
304304
fi
305305

src/nxt_clone.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
#include <nxt_conf.h>
99
#include <nxt_clone.h>
1010

11-
#if (NXT_HAVE_CLONE)
11+
#if (NXT_HAVE_LINUX_NS)
1212

1313
pid_t
1414
nxt_clone(nxt_int_t flags)

src/nxt_credential.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -286,7 +286,7 @@ nxt_credential_setuid(nxt_task_t *task, nxt_credential_t *uc)
286286

287287
if (setuid(uc->uid) != 0) {
288288

289-
#if (NXT_HAVE_CLONE)
289+
#if (NXT_HAVE_LINUX_NS)
290290
if (nxt_errno == EINVAL) {
291291
nxt_log(task, NXT_LOG_ERR, "The uid %d (user \"%s\") isn't "
292292
"valid in the application namespace.", uc->uid, uc->user);
@@ -314,7 +314,7 @@ nxt_credential_setgids(nxt_task_t *task, nxt_credential_t *uc)
314314

315315
if (setgid(uc->base_gid) != 0) {
316316

317-
#if (NXT_HAVE_CLONE)
317+
#if (NXT_HAVE_LINUX_NS)
318318
if (nxt_errno == EINVAL) {
319319
nxt_log(task, NXT_LOG_ERR, "The gid %d isn't valid in the "
320320
"application namespace.", uc->base_gid);
@@ -333,7 +333,7 @@ nxt_credential_setgids(nxt_task_t *task, nxt_credential_t *uc)
333333
if (nxt_slow_path(uc->ngroups > 0
334334
&& setgroups(uc->ngroups, uc->gids) != 0)) {
335335

336-
#if (NXT_HAVE_CLONE)
336+
#if (NXT_HAVE_LINUX_NS)
337337
if (nxt_errno == EINVAL) {
338338
nxt_log(task, NXT_LOG_ERR, "The user \"%s\" (uid: %d) has "
339339
"supplementary group ids not valid in the application "

src/nxt_isolation.c

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ static nxt_int_t nxt_isolation_set_cgroup(nxt_task_t *task,
2121
nxt_conf_value_t *isolation, nxt_process_t *process);
2222
#endif
2323

24-
#if (NXT_HAVE_CLONE)
24+
#if (NXT_HAVE_LINUX_NS)
2525
static nxt_int_t nxt_isolation_set_namespaces(nxt_task_t *task,
2626
nxt_conf_value_t *isolation, nxt_process_t *process);
2727
static nxt_int_t nxt_isolation_clone_flags(nxt_task_t *task,
@@ -169,7 +169,7 @@ nxt_isolation_set(nxt_task_t *task, nxt_conf_value_t *isolation,
169169
}
170170
#endif
171171

172-
#if (NXT_HAVE_CLONE)
172+
#if (NXT_HAVE_LINUX_NS)
173173
if (nxt_slow_path(nxt_isolation_set_namespaces(task, isolation, process)
174174
!= NXT_OK))
175175
{
@@ -247,7 +247,7 @@ nxt_isolation_set_cgroup(nxt_task_t *task, nxt_conf_value_t *isolation,
247247
#endif
248248

249249

250-
#if (NXT_HAVE_CLONE)
250+
#if (NXT_HAVE_LINUX_NS)
251251

252252
static nxt_int_t
253253
nxt_isolation_set_namespaces(nxt_task_t *task, nxt_conf_value_t *isolation,
@@ -409,7 +409,7 @@ nxt_isolation_vldt_creds(nxt_task_t *task, nxt_process_t *process)
409409
#endif
410410

411411

412-
#if (NXT_HAVE_CLONE)
412+
#if (NXT_HAVE_LINUX_NS)
413413

414414
static nxt_int_t
415415
nxt_isolation_clone_flags(nxt_task_t *task, nxt_conf_value_t *namespaces,

src/nxt_main_process.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -556,7 +556,7 @@ nxt_main_process_created_handler(nxt_task_t *task, nxt_port_recv_msg_t *msg)
556556
nxt_assert(process != NULL);
557557
nxt_assert(process->state == NXT_PROCESS_STATE_CREATING);
558558

559-
#if (NXT_HAVE_CLONE && NXT_HAVE_CLONE_NEWUSER)
559+
#if (NXT_HAVE_LINUX_NS && NXT_HAVE_CLONE_NEWUSER)
560560
if (nxt_is_clone_flag_set(process->isolation.clone.flags, NEWUSER)) {
561561
if (nxt_slow_path(nxt_clone_credential_map(task, process->pid,
562562
process->user_cred,

src/nxt_process.c

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
#include <nxt_main.h>
88
#include <nxt_cgroup.h>
99

10-
#if (NXT_HAVE_CLONE)
10+
#if (NXT_HAVE_LINUX_NS)
1111
#include <nxt_clone.h>
1212
#endif
1313

@@ -18,7 +18,7 @@
1818
#endif
1919

2020

21-
#if (NXT_HAVE_CLONE) && (NXT_HAVE_CLONE_NEWPID)
21+
#if (NXT_HAVE_LINUX_NS) && (NXT_HAVE_CLONE_NEWPID)
2222
#define nxt_is_pid_isolated(process) \
2323
nxt_is_clone_flag_set(process->isolation.clone.flags, NEWPID)
2424
#else
@@ -318,7 +318,7 @@ nxt_process_create(nxt_task_t *task, nxt_process_t *process)
318318
nxt_pid_t pid;
319319
nxt_runtime_t *rt;
320320

321-
#if (NXT_HAVE_CLONE)
321+
#if (NXT_HAVE_LINUX_NS)
322322
pid = nxt_clone(SIGCHLD | process->isolation.clone.flags);
323323
if (nxt_slow_path(pid < 0)) {
324324
nxt_alert(task, "clone() failed for %s %E", process->name, nxt_errno);
@@ -355,7 +355,7 @@ nxt_process_create(nxt_task_t *task, nxt_process_t *process)
355355

356356
/* Parent. */
357357

358-
#if (NXT_HAVE_CLONE)
358+
#if (NXT_HAVE_LINUX_NS)
359359
nxt_debug(task, "clone(%s): %PI", process->name, pid);
360360
#else
361361
nxt_debug(task, "fork(%s): %PI", process->name, pid);
@@ -781,7 +781,7 @@ nxt_process_apply_creds(nxt_task_t *task, nxt_process_t *process)
781781

782782
cap_setid = rt->capabilities.setid;
783783

784-
#if (NXT_HAVE_CLONE && NXT_HAVE_CLONE_NEWUSER)
784+
#if (NXT_HAVE_LINUX_NS && NXT_HAVE_CLONE_NEWUSER)
785785
if (!cap_setid
786786
&& nxt_is_clone_flag_set(process->isolation.clone.flags, NEWUSER))
787787
{

src/nxt_process.h

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,13 @@
77
#ifndef _NXT_PROCESS_H_INCLUDED_
88
#define _NXT_PROCESS_H_INCLUDED_
99

10-
#if (NXT_HAVE_CLONE)
10+
#if (NXT_HAVE_LINUX_NS)
1111
#include <unistd.h>
1212
#include <nxt_clone.h>
1313
#endif
1414

1515

16-
#if (NXT_HAVE_CLONE)
16+
#if (NXT_HAVE_LINUX_NS)
1717
/*
1818
* Old glibc wrapper for getpid(2) returns a cached pid invalidated only by
1919
* fork(2) calls. As we use clone(2) for container, it returns the wrong pid.
@@ -100,7 +100,7 @@ typedef struct {
100100
nxt_cgroup_t cgroup;
101101
#endif
102102

103-
#if (NXT_HAVE_CLONE)
103+
#if (NXT_HAVE_LINUX_NS)
104104
nxt_clone_t clone;
105105
#endif
106106

0 commit comments

Comments
 (0)