[PATCH] chroot directive for unix

Connor Worley worley at berkeley.edu
Thu Aug 14 03:06:10 UTC 2014


# HG changeset patch
# User Connor Worley <worley at berkeley.edu>
# Date 1407983583 14400
#      Wed Aug 13 22:33:03 2014 -0400
# Node ID 342f712f72ceaeed3a5169fde96beb2a9950944a
# Parent  92490a725fef588939abfe0e1fe89cda0788d02d
chroot directive for unix

Adds a chroot directive that calls chroot on worker processes for unix

diff -r 92490a725fef -r 342f712f72ce src/core/nginx.c
--- a/src/core/nginx.c	Sun Aug 10 17:44:46 2014 +0400
+++ b/src/core/nginx.c	Wed Aug 13 22:33:03 2014 -0400
@@ -125,6 +125,13 @@
       offsetof(ngx_core_conf_t, rlimit_sigpending),
       NULL },
 
+    { ngx_string("chroot"),
+      NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_str_slot,
+      0,
+      offsetof(ngx_core_conf_t, chroot),
+      NULL },
+
     { ngx_string("working_directory"),
       NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
       ngx_conf_set_str_slot,
diff -r 92490a725fef -r 342f712f72ce src/core/ngx_cycle.h
--- a/src/core/ngx_cycle.h	Sun Aug 10 17:44:46 2014 +0400
+++ b/src/core/ngx_cycle.h	Wed Aug 13 22:33:03 2014 -0400
@@ -94,6 +94,8 @@
      ngx_uid_t                user;
      ngx_gid_t                group;
 
+     ngx_str_t                chroot;
+
      ngx_str_t                working_directory;
      ngx_str_t                lock_file;
 
diff -r 92490a725fef -r 342f712f72ce src/os/unix/ngx_process_cycle.c
--- a/src/os/unix/ngx_process_cycle.c	Sun Aug 10 17:44:46 2014 +0400
+++ b/src/os/unix/ngx_process_cycle.c	Wed Aug 13 22:33:03 2014 -0400
@@ -949,6 +949,15 @@
 
 #endif
 
+    if(ccf->chroot.len) {
+        if (chroot((char *) ccf->chroot.data) == -1) {
+  	    ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
+			  "chroot(\"%s\") failed", ccf->chroot.data);
+	    /* fatal */
+	    exit(2);
+	}
+    }
+
     if (ccf->working_directory.len) {
         if (chdir((char *) ccf->working_directory.data) == -1) {
             ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,



More information about the nginx-devel mailing list