Mercurial > hg > nginx
view src/os/unix/ngx_os.h @ 5356:acd51b0f6fd4
Disable symlinks: use O_PATH to open path components.
It was introduced in Linux 2.6.39, glibc 2.14 and allows to obtain
file descriptors without actually opening files. Thus made it possible
to traverse path with openat() syscalls without the need to have read
permissions for path components. It is effectively emulates O_SEARCH
which is missing on Linux.
O_PATH is used in combination with O_RDONLY. The last one is ignored
if O_PATH is used, but it allows nginx to not fail when it was built on
modern system (i.e. glibc 2.14+) and run with a kernel older than 2.6.39.
Then O_PATH is unknown to the kernel and ignored, while O_RDONLY is used.
Sadly, fstat() is not working with O_PATH descriptors till Linux 3.6.
As a workaround we fallback to fstatat() with the AT_EMPTY_PATH flag
that was introduced at the same time as O_PATH.
| author | Valentin Bartenev <vbart@nginx.com> |
|---|---|
| date | Mon, 02 Sep 2013 08:07:59 +0400 |
| parents | d620f497c50f |
| children | b63e829621ab |
line wrap: on
line source
/* * Copyright (C) Igor Sysoev * Copyright (C) Nginx, Inc. */ #ifndef _NGX_OS_H_INCLUDED_ #define _NGX_OS_H_INCLUDED_ #include <ngx_config.h> #include <ngx_core.h> #define NGX_IO_SENDFILE 1 typedef ssize_t (*ngx_recv_pt)(ngx_connection_t *c, u_char *buf, size_t size); typedef ssize_t (*ngx_recv_chain_pt)(ngx_connection_t *c, ngx_chain_t *in); typedef ssize_t (*ngx_send_pt)(ngx_connection_t *c, u_char *buf, size_t size); typedef ngx_chain_t *(*ngx_send_chain_pt)(ngx_connection_t *c, ngx_chain_t *in, off_t limit); typedef struct { ngx_recv_pt recv; ngx_recv_chain_pt recv_chain; ngx_recv_pt udp_recv; ngx_send_pt send; ngx_send_chain_pt send_chain; ngx_uint_t flags; } ngx_os_io_t; ngx_int_t ngx_os_init(ngx_log_t *log); void ngx_os_status(ngx_log_t *log); ngx_int_t ngx_os_specific_init(ngx_log_t *log); void ngx_os_specific_status(ngx_log_t *log); ngx_int_t ngx_daemon(ngx_log_t *log); ngx_int_t ngx_os_signal_process(ngx_cycle_t *cycle, char *sig, ngx_int_t pid); ssize_t ngx_unix_recv(ngx_connection_t *c, u_char *buf, size_t size); ssize_t ngx_readv_chain(ngx_connection_t *c, ngx_chain_t *entry); ssize_t ngx_udp_unix_recv(ngx_connection_t *c, u_char *buf, size_t size); ssize_t ngx_unix_send(ngx_connection_t *c, u_char *buf, size_t size); ngx_chain_t *ngx_writev_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit); #if (NGX_HAVE_AIO) ssize_t ngx_aio_read(ngx_connection_t *c, u_char *buf, size_t size); ssize_t ngx_aio_read_chain(ngx_connection_t *c, ngx_chain_t *cl); ssize_t ngx_aio_write(ngx_connection_t *c, u_char *buf, size_t size); ngx_chain_t *ngx_aio_write_chain(ngx_connection_t *c, ngx_chain_t *in, off_t limit); #endif extern ngx_os_io_t ngx_os_io; extern ngx_int_t ngx_ncpu; extern ngx_int_t ngx_max_sockets; extern ngx_uint_t ngx_inherited_nonblocking; extern ngx_uint_t ngx_tcp_nodelay_and_tcp_nopush; #if (NGX_FREEBSD) #include <ngx_freebsd.h> #elif (NGX_LINUX) #include <ngx_linux.h> #elif (NGX_SOLARIS) #include <ngx_solaris.h> #elif (NGX_DARWIN) #include <ngx_darwin.h> #endif #endif /* _NGX_OS_H_INCLUDED_ */