mirror of
https://github.com/nginx/nginx.git
synced 2024-11-27 23:49:00 +08:00
752f66bf7d
The capability is retained automatically in unprivileged worker processes after changing UID if transparent proxying is enabled at least once in nginx configuration. The feature is only available in Linux.
208 lines
5.4 KiB
Plaintext
208 lines
5.4 KiB
Plaintext
|
|
# Copyright (C) Igor Sysoev
|
|
# Copyright (C) Nginx, Inc.
|
|
|
|
|
|
have=NGX_LINUX . auto/have_headers
|
|
|
|
CORE_INCS="$UNIX_INCS"
|
|
CORE_DEPS="$UNIX_DEPS $LINUX_DEPS"
|
|
CORE_SRCS="$UNIX_SRCS $LINUX_SRCS"
|
|
|
|
ngx_spacer='
|
|
'
|
|
|
|
cc_aux_flags="$CC_AUX_FLAGS"
|
|
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
|
|
|
|
|
|
# Linux kernel version
|
|
|
|
version=$((`uname -r \
|
|
| sed -n -e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\)\.\([0-9][0-9]*\).*/ \
|
|
\1*256*256+\2*256+\3/p' \
|
|
-e 's/^\([0-9][0-9]*\)\.\([0-9][0-9]*\).*/\1*256*256+\2*256/p'`))
|
|
|
|
version=${version:-0}
|
|
|
|
|
|
# posix_fadvise64() had been implemented in 2.5.60
|
|
|
|
if [ $version -lt 132412 ]; then
|
|
have=NGX_HAVE_POSIX_FADVISE . auto/nohave
|
|
fi
|
|
|
|
# epoll, EPOLLET version
|
|
|
|
ngx_feature="epoll"
|
|
ngx_feature_name="NGX_HAVE_EPOLL"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/epoll.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int efd = 0;
|
|
struct epoll_event ee;
|
|
ee.events = EPOLLIN|EPOLLOUT|EPOLLET;
|
|
ee.data.ptr = NULL;
|
|
(void) ee;
|
|
efd = epoll_create(100);
|
|
if (efd == -1) return 1;"
|
|
. auto/feature
|
|
|
|
if [ $ngx_found = yes ]; then
|
|
have=NGX_HAVE_CLEAR_EVENT . auto/have
|
|
CORE_SRCS="$CORE_SRCS $EPOLL_SRCS"
|
|
EVENT_MODULES="$EVENT_MODULES $EPOLL_MODULE"
|
|
EVENT_FOUND=YES
|
|
|
|
|
|
# EPOLLRDHUP appeared in Linux 2.6.17, glibc 2.8
|
|
|
|
ngx_feature="EPOLLRDHUP"
|
|
ngx_feature_name="NGX_HAVE_EPOLLRDHUP"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <sys/epoll.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int efd = 0, fd = 0;
|
|
struct epoll_event ee;
|
|
ee.events = EPOLLIN|EPOLLRDHUP|EPOLLET;
|
|
ee.data.ptr = NULL;
|
|
epoll_ctl(efd, EPOLL_CTL_ADD, fd, &ee)"
|
|
. auto/feature
|
|
|
|
|
|
# EPOLLEXCLUSIVE appeared in Linux 4.5, glibc 2.24
|
|
|
|
ngx_feature="EPOLLEXCLUSIVE"
|
|
ngx_feature_name="NGX_HAVE_EPOLLEXCLUSIVE"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <sys/epoll.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int efd = 0, fd = 0;
|
|
struct epoll_event ee;
|
|
ee.events = EPOLLIN|EPOLLEXCLUSIVE;
|
|
ee.data.ptr = NULL;
|
|
epoll_ctl(efd, EPOLL_CTL_ADD, fd, &ee)"
|
|
. auto/feature
|
|
fi
|
|
|
|
|
|
# O_PATH and AT_EMPTY_PATH were introduced in 2.6.39, glibc 2.14
|
|
|
|
ngx_feature="O_PATH"
|
|
ngx_feature_name="NGX_HAVE_O_PATH"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <fcntl.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int fd; struct stat sb;
|
|
fd = openat(AT_FDCWD, \".\", O_PATH|O_DIRECTORY|O_NOFOLLOW);
|
|
if (fstatat(fd, \"\", &sb, AT_EMPTY_PATH) != 0) return 1"
|
|
. auto/feature
|
|
|
|
|
|
# sendfile()
|
|
|
|
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE"
|
|
ngx_feature="sendfile()"
|
|
ngx_feature_name="NGX_HAVE_SENDFILE"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/sendfile.h>
|
|
#include <errno.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int s = 0, fd = 1;
|
|
ssize_t n; off_t off = 0;
|
|
n = sendfile(s, fd, &off, 1);
|
|
if (n == -1 && errno == ENOSYS) return 1"
|
|
. auto/feature
|
|
|
|
if [ $ngx_found = yes ]; then
|
|
CORE_SRCS="$CORE_SRCS $LINUX_SENDFILE_SRCS"
|
|
fi
|
|
|
|
|
|
# sendfile64()
|
|
|
|
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
|
|
ngx_feature="sendfile64()"
|
|
ngx_feature_name="NGX_HAVE_SENDFILE64"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/sendfile.h>
|
|
#include <errno.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="int s = 0, fd = 1;
|
|
ssize_t n; off_t off = 0;
|
|
n = sendfile(s, fd, &off, 1);
|
|
if (n == -1 && errno == ENOSYS) return 1"
|
|
. auto/feature
|
|
|
|
|
|
ngx_include="sys/prctl.h"; . auto/include
|
|
|
|
# prctl(PR_SET_DUMPABLE)
|
|
|
|
ngx_feature="prctl(PR_SET_DUMPABLE)"
|
|
ngx_feature_name="NGX_HAVE_PR_SET_DUMPABLE"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/prctl.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) return 1"
|
|
. auto/feature
|
|
|
|
|
|
# prctl(PR_SET_KEEPCAPS)
|
|
|
|
ngx_feature="prctl(PR_SET_KEEPCAPS)"
|
|
ngx_feature_name="NGX_HAVE_PR_SET_KEEPCAPS"
|
|
ngx_feature_run=yes
|
|
ngx_feature_incs="#include <sys/prctl.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) return 1"
|
|
. auto/feature
|
|
|
|
|
|
# capabilities
|
|
|
|
ngx_feature="capabilities"
|
|
ngx_feature_name="NGX_HAVE_CAPABILITIES"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <sys/capability.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=
|
|
ngx_feature_test="struct __user_cap_data_struct data;
|
|
struct __user_cap_header_struct header;
|
|
|
|
header.version = _LINUX_CAPABILITY_VERSION_3;
|
|
data.effective = CAP_TO_MASK(CAP_NET_RAW);
|
|
data.permitted = 0;
|
|
|
|
(void) capset(&header, &data)"
|
|
. auto/feature
|
|
|
|
|
|
# crypt_r()
|
|
|
|
ngx_feature="crypt_r()"
|
|
ngx_feature_name="NGX_HAVE_GNU_CRYPT_R"
|
|
ngx_feature_run=no
|
|
ngx_feature_incs="#include <crypt.h>"
|
|
ngx_feature_path=
|
|
ngx_feature_libs=-lcrypt
|
|
ngx_feature_test="struct crypt_data cd;
|
|
crypt_r(\"key\", \"salt\", &cd);"
|
|
. auto/feature
|
|
|
|
|
|
ngx_include="sys/vfs.h"; . auto/include
|
|
|
|
|
|
CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
|