From 4ad8c5b8989d2772a2f68f9386bf31036e39ccdd Mon Sep 17 00:00:00 2001 From: Tiago Natel de Moura Date: Thu, 20 Aug 2020 15:44:29 +0100 Subject: Isolation: mount tmpfs by default. --- src/nxt_fs.h | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'src/nxt_fs.h') diff --git a/src/nxt_fs.h b/src/nxt_fs.h index 85c78b27..9f3266d8 100644 --- a/src/nxt_fs.h +++ b/src/nxt_fs.h @@ -18,6 +18,30 @@ #define NXT_MS_REC 0 #endif +#ifdef MS_NOSUID +#define NXT_MS_NOSUID MS_NOSUID +#else +#define NXT_MS_NOSUID 0 +#endif + +#ifdef MS_NOEXEC +#define NXT_MS_NOEXEC MS_NOEXEC +#else +#define NXT_MS_NOEXEC 0 +#endif + +#ifdef MS_RELATIME +#define NXT_MS_RELATIME MS_RELATIME +#else +#define NXT_MS_RELATIME 0 +#endif + +#ifdef MS_NODEV +#define NXT_MS_NODEV MS_NODEV +#else +#define NXT_MS_NODEV 0 +#endif + typedef struct { u_char *src; -- cgit From b65a8636bb5b2ee61c69660aa6f7edc7d909e632 Mon Sep 17 00:00:00 2001 From: Tiago Natel de Moura Date: Tue, 25 Aug 2020 15:25:51 +0100 Subject: Isolation: added "automount" option. Now it's possible to disable default bind mounts of languages by setting: { "isolation": { "automount": { "language_deps": false } } } In this case, the user is responsible to provide a "rootfs" containing the language libraries and required files for the application. --- src/nxt_fs.h | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'src/nxt_fs.h') diff --git a/src/nxt_fs.h b/src/nxt_fs.h index 9f3266d8..bbd7ab9f 100644 --- a/src/nxt_fs.h +++ b/src/nxt_fs.h @@ -44,11 +44,12 @@ typedef struct { - u_char *src; - u_char *dst; - u_char *fstype; - nxt_int_t flags; - u_char *data; + u_char *src; + u_char *dst; + u_char *fstype; + nxt_int_t flags; + u_char *data; + nxt_uint_t builtin; /* 1-bit */ } nxt_fs_mount_t; -- cgit