nginx.git/auto/os/linux, branch release-1.15.9

Configure: fixed compiler warnings with "-Wall -Wextra".

2018-07-24T15:46:54+00:00

Fixed capabilities version.

2017-12-19T16:00:27+00:00

Previously, capset(2) was called with the 64-bit capabilities version
_LINUX_CAPABILITY_VERSION_3.  With this version Linux kernel expected two
copies of struct __user_cap_data_struct, while only one was submitted.  As a
result, random stack memory was accessed and random capabilities were requested
by the worker.  This sometimes caused capset() errors.  Now the 32-bit version
_LINUX_CAPABILITY_VERSION_1 is used instead.  This is OK since CAP_NET_RAW is
a 32-bit capability (CAP_NET_RAW = 13).

Improved the capabilities feature detection.

2017-12-18T18:09:39+00:00

Previously included file sys/capability.h mentioned in capset(2) man page,
belongs to the libcap-dev package, which may not be installed on some Linux
systems when compiling nginx.  This prevented the capabilities feature from
being detected and compiled on that systems.

Now linux/capability.h system header is included instead.  Since capset()
declaration is located in sys/capability.h, now capset() syscall is defined
explicitly in code using the SYS_capset constant, similarly to other
Linux-specific features in nginx.

Retain CAP_NET_RAW capability for transparent proxying.

2017-12-13T17:40:53+00:00

The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.

The feature is only available in Linux.

Configure: sched_setaffinity() test moved to auto/unix.

2017-05-29T13:48:30+00:00

The sched_setaffinity() function was introduced in DragonFly BSD 4.7,
so it is no longer Linux-specific.

Prodded by Sepherosa Ziehau.

Events: support for EPOLLEXCLUSIVE.

2016-07-15T12:18:57+00:00

This flag appeared in Linux 4.5 and is useful for avoiding thundering herd
problem.

The current Linux kernel implementation walks the list of exclusive waiters,
and queues an event to each epfd, until it finds the first waiter that has
threads blocked on it via epoll_wait().

Configure: fix build with -Werror=unused-but-set-variable.

2016-06-27T22:00:03+00:00

Signed-off-by: Piotr Sikora

Removed the obsolete rtsig module.

2015-04-23T11:17:40+00:00

Events: support for EPOLLRDHUP (ticket #320).

2013-07-12T10:51:07+00:00

Since Linux 2.6.17, epoll is able to report about peer half-closed connection
using special EPOLLRDHUP flag on a read event.

Disable symlinks: use O_PATH to open path components.

2013-09-02T04:07:59+00:00

It was introduced in Linux 2.6.39, glibc 2.14 and allows to obtain
file descriptors without actually opening files.  Thus made it possible
to traverse path with openat() syscalls without the need to have read
permissions for path components.  It is effectively emulates O_SEARCH
which is missing on Linux.

O_PATH is used in combination with O_RDONLY.  The last one is ignored
if O_PATH is used, but it allows nginx to not fail when it was built on
modern system (i.e. glibc 2.14+) and run with a kernel older than 2.6.39.
Then O_PATH is unknown to the kernel and ignored, while O_RDONLY is used.

Sadly, fstat() is not working with O_PATH descriptors till Linux 3.6.
As a workaround we fallback to fstatat() with the AT_EMPTY_PATH flag
that was introduced at the same time as O_PATH.