Mercurial > hg > nginx

comparison auto/os/linux @ 7174:84e53e4735a4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Retain CAP_NET_RAW capability for transparent proxying. The capability is retained automatically in unprivileged worker processes after changing UID if transparent proxying is enabled at least once in nginx configuration. The feature is only available in Linux.
author Roman Arutyunyan <arut@nginx.com>
date Wed, 13 Dec 2017 20:40:53 +0300
parents c1524829af3d
children 56923e8e01a5
comparison
equal deleted inserted replaced
7173:057adb2a9d23 7174:84e53e4735a4
155 ngx_feature_libs= 155 ngx_feature_libs=
156 ngx_feature_test="if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) return 1" 156 ngx_feature_test="if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) return 1"
157 . auto/feature 157 . auto/feature
158 158
159 159
160 # prctl(PR_SET_KEEPCAPS)
161
162 ngx_feature="prctl(PR_SET_KEEPCAPS)"
163 ngx_feature_name="NGX_HAVE_PR_SET_KEEPCAPS"
164 ngx_feature_run=yes
165 ngx_feature_incs="#include <sys/prctl.h>"
166 ngx_feature_path=
167 ngx_feature_libs=
168 ngx_feature_test="if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) return 1"
169 . auto/feature
170
171
172 # capabilities
173
174 ngx_feature="capabilities"
175 ngx_feature_name="NGX_HAVE_CAPABILITIES"
176 ngx_feature_run=no
177 ngx_feature_incs="#include <sys/capability.h>"
178 ngx_feature_path=
179 ngx_feature_libs=
180 ngx_feature_test="struct __user_cap_data_struct data;
181 struct __user_cap_header_struct header;
182
183 header.version = _LINUX_CAPABILITY_VERSION_3;
184 data.effective = CAP_TO_MASK(CAP_NET_RAW);
185 data.permitted = 0;
186
187 (void) capset(&header, &data)"
188 . auto/feature
189
190
160 # crypt_r() 191 # crypt_r()
161 192
162 ngx_feature="crypt_r()" 193 ngx_feature="crypt_r()"
163 ngx_feature_name="NGX_HAVE_GNU_CRYPT_R" 194 ngx_feature_name="NGX_HAVE_GNU_CRYPT_R"
164 ngx_feature_run=no 195 ngx_feature_run=no