nginx · ac000 · Jun 18, 2024 · Apr 24, 2024 · Apr 24, 2024 · Apr 23, 2024
diff --git a/auto/make b/auto/make
@@ -434,8 +434,6 @@ ${NXT_DAEMON}-install: $NXT_DAEMON install-check
 		|| install -d \$(DESTDIR)$NXT_STATEDIR
 	test -d \$(DESTDIR)$NXT_LOGDIR \
 		|| install -d \$(DESTDIR)$NXT_LOGDIR
-	test -d \$(DESTDIR)$NXT_RUNSTATEDIR \
-		|| install -d \$(DESTDIR)$NXT_RUNSTATEDIR
 
 manpage-install: manpage install-check
 	test -d \$(DESTDIR)$NXT_MANDIR/man8 \

diff --git a/auto/shmem b/auto/shmem
@@ -24,8 +24,7 @@ nxt_feature_test="#include <sys/mman.h>
 
                       shm_unlink(name);
 
-                      int fd = shm_open(name, O_CREAT | O_EXCL | O_RDWR,
-                          S_IRUSR | S_IWUSR);
+                      int fd = shm_open(name, O_CREAT | O_EXCL | O_RDWR, 0600);
                       if (fd == -1)
                           return 1;
 
@@ -68,7 +67,7 @@ if [ $nxt_found = no ]; then
                           shm_unlink(name);
 
                           int fd = shm_open(name, O_CREAT | O_EXCL | O_RDWR,
-                              S_IRUSR | S_IWUSR);
+                              0600);
                           if (fd == -1)
                               return 1;
 
@@ -95,7 +94,7 @@ nxt_feature_test="#include <sys/mman.h>
                   #include <sys/stat.h>
 
                   int main(void) {
-                      int fd = shm_open(SHM_ANON, O_RDWR, S_IRUSR | S_IWUSR);
+                      int fd = shm_open(SHM_ANON, O_RDWR, 0600);
                       if (fd == -1)
                           return 1;
 

diff --git a/configure b/configure
@@ -68,7 +68,6 @@ mkdir -p $NXT_BUILD_DIR/src
 mkdir -p $NXT_BUILD_DIR/src/test
 mkdir -p $NXT_BUILD_DIR/var/lib/unit
 mkdir -p $NXT_BUILD_DIR/var/log/unit
-mkdir -p $NXT_BUILD_DIR/var/run/unit
 
 
 > $NXT_AUTOCONF_ERR

diff --git a/src/nxt_cgroup.c b/src/nxt_cgroup.c
@@ -34,7 +34,7 @@ nxt_cgroup_proc_add(nxt_task_t *task, nxt_process_t *process)
         return NXT_ERROR;
     }
 
-    ret = nxt_fs_mkdir_all((const u_char *) cgprocs, 0777);
+    ret = nxt_fs_mkdir_p((const u_char *) cgprocs, 0777);
     if (nxt_slow_path(ret == NXT_ERROR)) {
         return NXT_ERROR;
     }

diff --git a/src/nxt_controller.c b/src/nxt_controller.c
@@ -695,7 +695,7 @@ nxt_runtime_controller_socket(nxt_task_t *task, nxt_runtime_t *rt)
     if (ls->sockaddr->u.sockaddr.sa_family == AF_UNIX) {
         const char *path = ls->sockaddr->u.sockaddr_un.sun_path;
 
-        nxt_fs_mkdir_parent((const u_char *) path, 0755);
+        nxt_fs_mkdir_p_dirname((const u_char *) path, 0755);
     }
 #endif
 

diff --git a/src/nxt_fs.c b/src/nxt_fs.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (C) NGINX, Inc.
+ * Copyright 2024, Alejandro Colomar <alx@kernel.org>
  */
 
 #include <nxt_main.h>
@@ -9,35 +10,31 @@ static nxt_int_t nxt_fs_mkdir(const u_char *dir, mode_t mode);
 
 
 nxt_int_t
-nxt_fs_mkdir_all(const u_char *dir, mode_t mode)
+nxt_fs_mkdir_p(const u_char *dir, mode_t mode)
 {
-    char    *start, *end, *dst;
-    size_t  dirlen;
-    char    path[PATH_MAX];
+    char       *start, *end, *dst;
+    size_t     dirlen;
+    nxt_int_t  ret;
+    char       path[PATH_MAX];
 
     dirlen = nxt_strlen(dir);
 
-    nxt_assert(dirlen < PATH_MAX && dirlen > 1 && dir[0] == '/');
+    nxt_assert(dirlen < PATH_MAX && dirlen > 0);
 
     dst = path;
     start = (char *) dir;
 
     while (*start != '\0') {
-        if (*start == '/') {
-            *dst++ = *start++;
-        }
-
-        end = strchr(start, '/');
+        end = strchr(start + 1, '/');
         if (end == NULL) {
             end = ((char *)dir + dirlen);
         }
 
         dst = nxt_cpymem(dst, start, end - start);
         *dst = '\0';
 
-        if (nxt_slow_path(nxt_fs_mkdir((u_char *) path, mode) != NXT_OK
-                          && nxt_errno != EEXIST))
-        {
+        ret = nxt_fs_mkdir((u_char *) path, mode);
+        if (nxt_slow_path(ret != NXT_OK && nxt_errno != EEXIST)) {
             return NXT_ERROR;
         }
 
@@ -49,7 +46,7 @@ nxt_fs_mkdir_all(const u_char *dir, mode_t mode)
 
 
 nxt_int_t
-nxt_fs_mkdir_parent(const u_char *path, mode_t mode)
+nxt_fs_mkdir_p_dirname(const u_char *path, mode_t mode)
 {
     char       *ptr, *dir;
     nxt_int_t  ret;
@@ -62,11 +59,14 @@ nxt_fs_mkdir_parent(const u_char *path, mode_t mode)
     ret = NXT_OK;
 
     ptr = strrchr(dir, '/');
-    if (nxt_fast_path(ptr != NULL)) {
-        *ptr = '\0';
-        ret = nxt_fs_mkdir((const u_char *) dir, mode);
+    if (ptr == dir || nxt_slow_path(ptr == NULL)) {
+        goto out_free;
     }
 
+    *ptr = '\0';
+    ret = nxt_fs_mkdir_p((const u_char *) dir, mode);
+
+out_free:
     nxt_free(dir);
 
     return ret;

diff --git a/src/nxt_fs.h b/src/nxt_fs.h
@@ -6,8 +6,8 @@
 #define _NXT_FS_H_INCLUDED_
 
 
-nxt_int_t nxt_fs_mkdir_parent(const u_char *path, mode_t mode);
-nxt_int_t nxt_fs_mkdir_all(const u_char *dir, mode_t mode);
+nxt_int_t nxt_fs_mkdir_p_dirname(const u_char *path, mode_t mode);
+nxt_int_t nxt_fs_mkdir_p(const u_char *dir, mode_t mode);
 
 
 #endif  /* _NXT_FS_H_INCLUDED_ */
diff --git a/src/nxt_isolation.c b/src/nxt_isolation.c
@@ -780,7 +780,7 @@ nxt_isolation_prepare_rootfs(nxt_task_t *task, nxt_process_t *process)
             continue;
         }
 
-        ret = nxt_fs_mkdir_all(dst, S_IRWXU | S_IRWXG | S_IRWXO);
+        ret = nxt_fs_mkdir_p(dst, 0777);
         if (nxt_slow_path(ret != NXT_OK)) {
             nxt_alert(task, "mkdir(%s) %E", dst, nxt_errno);
             goto undo;

diff --git a/src/nxt_listen_socket.c b/src/nxt_listen_socket.c
@@ -132,7 +132,7 @@ nxt_listen_socket_create(nxt_task_t *task, nxt_mp_t *mp,
         nxt_runtime_t  *rt = thr->runtime;
 
         name = (nxt_file_name_t *) sa->u.sockaddr_un.sun_path;
-        access = rt->control_mode > 0 ? rt->control_mode : S_IRUSR | S_IWUSR;
+        access = rt->control_mode > 0 ? rt->control_mode : 0600;
 
         if (nxt_file_set_access(name, access) != NXT_OK) {
             goto listen_fail;

diff --git a/src/nxt_main_process.c b/src/nxt_main_process.c
@@ -1275,13 +1275,11 @@ nxt_main_listening_socket(nxt_sockaddr_t *sa, nxt_listening_socket_t *ls)
         && sa->u.sockaddr_un.sun_path[0] != '\0')
     {
         char          *filename;
-        mode_t        access;
         nxt_thread_t  *thr;
 
         filename = sa->u.sockaddr_un.sun_path;
-        access = (S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH);
 
-        if (chmod(filename, access) != 0) {
+        if (chmod(filename, 0666) != 0) {
             ls->end = nxt_sprintf(ls->start, ls->end,
                                   "chmod(\\\"%s\\\") failed %E",
                                   filename, nxt_errno);

diff --git a/src/nxt_port_memory.c b/src/nxt_port_memory.c
@@ -393,8 +393,7 @@ nxt_shm_open(nxt_task_t *task, size_t size)
 
 #elif (NXT_HAVE_SHM_OPEN_ANON)
 
-    fd = shm_open(SHM_ANON, O_RDWR, S_IRUSR | S_IWUSR);
-
+    fd = shm_open(SHM_ANON, O_RDWR, 0600);
     if (nxt_slow_path(fd == -1)) {
         nxt_alert(task, "shm_open(SHM_ANON) failed %E", nxt_errno);
 
@@ -408,8 +407,7 @@ nxt_shm_open(nxt_task_t *task, size_t size)
     /* Just in case. */
     shm_unlink((char *) name);
 
-    fd = shm_open((char *) name, O_CREAT | O_EXCL | O_RDWR, S_IRUSR | S_IWUSR);
-
+    fd = shm_open((char *) name, O_CREAT | O_EXCL | O_RDWR, 0600);
     if (nxt_slow_path(fd == -1)) {
         nxt_alert(task, "shm_open(%s) failed %E", name, nxt_errno);
 

diff --git a/src/nxt_runtime.c b/src/nxt_runtime.c
@@ -895,8 +895,7 @@ nxt_runtime_conf_init(nxt_task_t *task, nxt_runtime_t *rt)
         return NXT_ERROR;
     }
 
-    ret = mkdir((char *) file_name.start, S_IRWXU);
-
+    ret = mkdir((char *) file_name.start, 0700);
     if (nxt_fast_path(ret == 0 || nxt_errno == EEXIST)) {
         rt->certs.length = file_name.len;
         rt->certs.start = file_name.start;
@@ -912,8 +911,7 @@ nxt_runtime_conf_init(nxt_task_t *task, nxt_runtime_t *rt)
         return NXT_ERROR;
     }
 
-    ret = mkdir((char *) file_name.start, S_IRWXU);
-
+    ret = mkdir((char *) file_name.start, 0700);
     if (nxt_fast_path(ret == 0 || nxt_errno == EEXIST)) {
         rt->scripts.length = file_name.len;
         rt->scripts.start = file_name.start;
@@ -1490,7 +1488,7 @@ nxt_runtime_pid_file_create(nxt_task_t *task, nxt_file_name_t *pid_file)
 
     file.name = pid_file;
 
-    nxt_fs_mkdir_parent(pid_file, 0755);
+    nxt_fs_mkdir_p_dirname(pid_file, 0755);
 
     n = nxt_file_open(task, &file, O_WRONLY, O_CREAT | O_TRUNC,
                       NXT_FILE_DEFAULT_ACCESS);

diff --git a/src/nxt_unit.c b/src/nxt_unit.c
@@ -3857,7 +3857,7 @@ nxt_unit_shm_open(nxt_unit_ctx_t *ctx, size_t size)
 
 #elif (NXT_HAVE_SHM_OPEN_ANON)
 
-    fd = shm_open(SHM_ANON, O_RDWR, S_IRUSR | S_IWUSR);
+    fd = shm_open(SHM_ANON, O_RDWR, 0600);
     if (nxt_slow_path(fd == -1)) {
         nxt_unit_alert(ctx, "shm_open(SHM_ANON) failed: %s (%d)",
                        strerror(errno), errno);
@@ -3870,7 +3870,7 @@ nxt_unit_shm_open(nxt_unit_ctx_t *ctx, size_t size)
     /* Just in case. */
     shm_unlink(name);
 
-    fd = shm_open(name, O_CREAT | O_EXCL | O_RDWR, S_IRUSR | S_IWUSR);
+    fd = shm_open(name, O_CREAT | O_EXCL | O_RDWR, 0600);
     if (nxt_slow_path(fd == -1)) {
         nxt_unit_alert(ctx, "shm_open(%s) failed: %s (%d)", name,
                        strerror(errno), errno);