Mercurial > hg > nginx
comparison auto/os/linux @ 7174:84e53e4735a4
Retain CAP_NET_RAW capability for transparent proxying.
The capability is retained automatically in unprivileged worker processes after
changing UID if transparent proxying is enabled at least once in nginx
configuration.
The feature is only available in Linux.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 13 Dec 2017 20:40:53 +0300 |
parents | c1524829af3d |
children | 56923e8e01a5 |
comparison
equal
deleted
inserted
replaced
7173:057adb2a9d23 | 7174:84e53e4735a4 |
---|---|
155 ngx_feature_libs= | 155 ngx_feature_libs= |
156 ngx_feature_test="if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) return 1" | 156 ngx_feature_test="if (prctl(PR_SET_DUMPABLE, 1, 0, 0, 0) == -1) return 1" |
157 . auto/feature | 157 . auto/feature |
158 | 158 |
159 | 159 |
160 # prctl(PR_SET_KEEPCAPS) | |
161 | |
162 ngx_feature="prctl(PR_SET_KEEPCAPS)" | |
163 ngx_feature_name="NGX_HAVE_PR_SET_KEEPCAPS" | |
164 ngx_feature_run=yes | |
165 ngx_feature_incs="#include <sys/prctl.h>" | |
166 ngx_feature_path= | |
167 ngx_feature_libs= | |
168 ngx_feature_test="if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1) return 1" | |
169 . auto/feature | |
170 | |
171 | |
172 # capabilities | |
173 | |
174 ngx_feature="capabilities" | |
175 ngx_feature_name="NGX_HAVE_CAPABILITIES" | |
176 ngx_feature_run=no | |
177 ngx_feature_incs="#include <sys/capability.h>" | |
178 ngx_feature_path= | |
179 ngx_feature_libs= | |
180 ngx_feature_test="struct __user_cap_data_struct data; | |
181 struct __user_cap_header_struct header; | |
182 | |
183 header.version = _LINUX_CAPABILITY_VERSION_3; | |
184 data.effective = CAP_TO_MASK(CAP_NET_RAW); | |
185 data.permitted = 0; | |
186 | |
187 (void) capset(&header, &data)" | |
188 . auto/feature | |
189 | |
190 | |
160 # crypt_r() | 191 # crypt_r() |
161 | 192 |
162 ngx_feature="crypt_r()" | 193 ngx_feature="crypt_r()" |
163 ngx_feature_name="NGX_HAVE_GNU_CRYPT_R" | 194 ngx_feature_name="NGX_HAVE_GNU_CRYPT_R" |
164 ngx_feature_run=no | 195 ngx_feature_run=no |