Mercurial > hg > nginx-quic
view src/os/unix/ngx_posix_init.c @ 5356:acd51b0f6fd4
Disable symlinks: use O_PATH to open path components.
It was introduced in Linux 2.6.39, glibc 2.14 and allows to obtain
file descriptors without actually opening files. Thus made it possible
to traverse path with openat() syscalls without the need to have read
permissions for path components. It is effectively emulates O_SEARCH
which is missing on Linux.
O_PATH is used in combination with O_RDONLY. The last one is ignored
if O_PATH is used, but it allows nginx to not fail when it was built on
modern system (i.e. glibc 2.14+) and run with a kernel older than 2.6.39.
Then O_PATH is unknown to the kernel and ignored, while O_RDONLY is used.
Sadly, fstat() is not working with O_PATH descriptors till Linux 3.6.
As a workaround we fallback to fstatat() with the AT_EMPTY_PATH flag
that was introduced at the same time as O_PATH.
author | Valentin Bartenev <vbart@nginx.com> |
---|---|
date | Mon, 02 Sep 2013 08:07:59 +0400 |
parents | 4c36e15651f7 |
children | 1209b8a7b077 |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #include <ngx_config.h> #include <ngx_core.h> #include <nginx.h> ngx_int_t ngx_ncpu; ngx_int_t ngx_max_sockets; ngx_uint_t ngx_inherited_nonblocking; ngx_uint_t ngx_tcp_nodelay_and_tcp_nopush; struct rlimit rlmt; ngx_os_io_t ngx_os_io = { ngx_unix_recv, ngx_readv_chain, ngx_udp_unix_recv, ngx_unix_send, ngx_writev_chain, 0 }; ngx_int_t ngx_os_init(ngx_log_t *log) { ngx_uint_t n; #if (NGX_HAVE_OS_SPECIFIC_INIT) if (ngx_os_specific_init(log) != NGX_OK) { return NGX_ERROR; } #endif ngx_init_setproctitle(log); ngx_pagesize = getpagesize(); ngx_cacheline_size = NGX_CPU_CACHE_LINE; for (n = ngx_pagesize; n >>= 1; ngx_pagesize_shift++) { /* void */ } #if (NGX_HAVE_SC_NPROCESSORS_ONLN) if (ngx_ncpu == 0) { ngx_ncpu = sysconf(_SC_NPROCESSORS_ONLN); } #endif if (ngx_ncpu < 1) { ngx_ncpu = 1; } ngx_cpuinfo(); if (getrlimit(RLIMIT_NOFILE, &rlmt) == -1) { ngx_log_error(NGX_LOG_ALERT, log, errno, "getrlimit(RLIMIT_NOFILE) failed)"); return NGX_ERROR; } ngx_max_sockets = (ngx_int_t) rlmt.rlim_cur; #if (NGX_HAVE_INHERITED_NONBLOCK || NGX_HAVE_ACCEPT4) ngx_inherited_nonblocking = 1; #else ngx_inherited_nonblocking = 0; #endif srandom(ngx_time()); return NGX_OK; } void ngx_os_status(ngx_log_t *log) { ngx_log_error(NGX_LOG_NOTICE, log, 0, NGINX_VER); #ifdef NGX_COMPILER ngx_log_error(NGX_LOG_NOTICE, log, 0, "built by " NGX_COMPILER); #endif #if (NGX_HAVE_OS_SPECIFIC_INIT) ngx_os_specific_status(log); #endif ngx_log_error(NGX_LOG_NOTICE, log, 0, "getrlimit(RLIMIT_NOFILE): %r:%r", rlmt.rlim_cur, rlmt.rlim_max); } #if 0 ngx_int_t ngx_posix_post_conf_init(ngx_log_t *log) { ngx_fd_t pp[2]; if (pipe(pp) == -1) { ngx_log_error(NGX_LOG_EMERG, log, ngx_errno, "pipe() failed"); return NGX_ERROR; } if (dup2(pp[1], STDERR_FILENO) == -1) { ngx_log_error(NGX_LOG_EMERG, log, errno, "dup2(STDERR) failed"); return NGX_ERROR; } if (pp[1] > STDERR_FILENO) { if (close(pp[1]) == -1) { ngx_log_error(NGX_LOG_EMERG, log, errno, "close() failed"); return NGX_ERROR; } } return NGX_OK; } #endif