[PATCH] chroot directive for unix
Connor Worley
worley at berkeley.edu
Thu Aug 14 03:06:10 UTC 2014
# HG changeset patch
# User Connor Worley <worley at berkeley.edu>
# Date 1407983583 14400
# Wed Aug 13 22:33:03 2014 -0400
# Node ID 342f712f72ceaeed3a5169fde96beb2a9950944a
# Parent 92490a725fef588939abfe0e1fe89cda0788d02d
chroot directive for unix
Adds a chroot directive that calls chroot on worker processes for unix
diff -r 92490a725fef -r 342f712f72ce src/core/nginx.c
--- a/src/core/nginx.c Sun Aug 10 17:44:46 2014 +0400
+++ b/src/core/nginx.c Wed Aug 13 22:33:03 2014 -0400
@@ -125,6 +125,13 @@
offsetof(ngx_core_conf_t, rlimit_sigpending),
NULL },
+ { ngx_string("chroot"),
+ NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_str_slot,
+ 0,
+ offsetof(ngx_core_conf_t, chroot),
+ NULL },
+
{ ngx_string("working_directory"),
NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
ngx_conf_set_str_slot,
diff -r 92490a725fef -r 342f712f72ce src/core/ngx_cycle.h
--- a/src/core/ngx_cycle.h Sun Aug 10 17:44:46 2014 +0400
+++ b/src/core/ngx_cycle.h Wed Aug 13 22:33:03 2014 -0400
@@ -94,6 +94,8 @@
ngx_uid_t user;
ngx_gid_t group;
+ ngx_str_t chroot;
+
ngx_str_t working_directory;
ngx_str_t lock_file;
diff -r 92490a725fef -r 342f712f72ce src/os/unix/ngx_process_cycle.c
--- a/src/os/unix/ngx_process_cycle.c Sun Aug 10 17:44:46 2014 +0400
+++ b/src/os/unix/ngx_process_cycle.c Wed Aug 13 22:33:03 2014 -0400
@@ -949,6 +949,15 @@
#endif
+ if(ccf->chroot.len) {
+ if (chroot((char *) ccf->chroot.data) == -1) {
+ ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
+ "chroot(\"%s\") failed", ccf->chroot.data);
+ /* fatal */
+ exit(2);
+ }
+ }
+
if (ccf->working_directory.len) {
if (chdir((char *) ccf->working_directory.data) == -1) {
ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
More information about the nginx-devel
mailing list