]>
Commit | Line | Data |
---|---|---|
953e611c JH |
1 | /*! \file |
2 | * | |
9c4693b8 CS |
3 | * lxc: linux Container library |
4 | * | |
5 | * (C) Copyright IBM Corp. 2007, 2008 | |
6 | * | |
7 | * Authors: | |
8 | * Daniel Lezcano <daniel.lezcano at free.fr> | |
9 | * | |
10 | * This library is free software; you can redistribute it and/or | |
11 | * modify it under the terms of the GNU Lesser General Public | |
12 | * License as published by the Free Software Foundation; either | |
13 | * version 2.1 of the License, or (at your option) any later version. | |
14 | * | |
15 | * This library is distributed in the hope that it will be useful, | |
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
18 | * Lesser General Public License for more details. | |
19 | * | |
20 | * You should have received a copy of the GNU Lesser General Public | |
21 | * License along with this library; if not, write to the Free Software | |
250b1eec | 22 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
9c4693b8 CS |
23 | */ |
24 | ||
f1a4a029 ÇO |
25 | #ifndef __LXC_ATTACH_OPTIONS_H |
26 | #define __LXC_ATTACH_OPTIONS_H | |
9c4693b8 CS |
27 | |
28 | #include <sys/types.h> | |
29 | ||
579e783e AM |
30 | #ifdef __cplusplus |
31 | extern "C" { | |
32 | #endif | |
33 | ||
953e611c JH |
34 | /*! |
35 | * LXC environment policy. | |
36 | */ | |
9c4693b8 | 37 | typedef enum lxc_attach_env_policy_t { |
1a0e70ac CB |
38 | LXC_ATTACH_KEEP_ENV, /*!< Retain the environment */ |
39 | LXC_ATTACH_CLEAR_ENV /*!< Clear the environment */ | |
9c4693b8 CS |
40 | } lxc_attach_env_policy_t; |
41 | ||
42 | enum { | |
1a0e70ac CB |
43 | /* The following are on by default: */ |
44 | LXC_ATTACH_MOVE_TO_CGROUP = 0x00000001, /*!< Move to cgroup */ | |
45 | LXC_ATTACH_DROP_CAPABILITIES = 0x00000002, /*!< Drop capabilities */ | |
46 | LXC_ATTACH_SET_PERSONALITY = 0x00000004, /*!< Set personality */ | |
47 | LXC_ATTACH_LSM_EXEC = 0x00000008, /*!< Execute under a Linux Security Module */ | |
48 | ||
49 | /* The following are off by default: */ | |
50 | LXC_ATTACH_REMOUNT_PROC_SYS = 0x00010000, /*!< Remount /proc filesystem */ | |
51 | LXC_ATTACH_LSM_NOW = 0x00020000, /*!< FIXME: unknown */ | |
1325da7e | 52 | /* Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges. */ |
1a0e70ac | 53 | LXC_ATTACH_NO_NEW_PRIVS = 0x00040000, /*!< PR_SET_NO_NEW_PRIVS */ |
9e84479f | 54 | LXC_ATTACH_TERMINAL = 0x00080000, /*!< Allocate new terminal for attached process. */ |
9c4693b8 | 55 | |
1a0e70ac CB |
56 | /* We have 16 bits for things that are on by default and 16 bits that |
57 | * are off by default, that should be sufficient to keep binary | |
58 | * compatibility for a while | |
9c4693b8 | 59 | */ |
1a0e70ac | 60 | LXC_ATTACH_DEFAULT = 0x0000FFFF /*!< Mask of flags to apply by default */ |
9c4693b8 CS |
61 | }; |
62 | ||
953e611c | 63 | /*! All Linux Security Module flags */ |
72863294 DE |
64 | #define LXC_ATTACH_LSM (LXC_ATTACH_LSM_EXEC | LXC_ATTACH_LSM_NOW) |
65 | ||
953e611c JH |
66 | /*! LXC attach function type. |
67 | * | |
68 | * Function to run in container. | |
69 | * | |
70 | * \param payload \ref lxc_attach_command_t to run. | |
71 | * | |
72 | * \return Function should return \c 0 on success, and any other value to denote failure. | |
73 | */ | |
9c4693b8 CS |
74 | typedef int (*lxc_attach_exec_t)(void* payload); |
75 | ||
953e611c JH |
76 | /*! |
77 | * LXC attach options for \ref lxc_container \c attach(). | |
78 | */ | |
79 | typedef struct lxc_attach_options_t { | |
80 | /*! Any combination of LXC_ATTACH_* flags */ | |
9c4693b8 | 81 | int attach_flags; |
953e611c JH |
82 | |
83 | /*! The namespaces to attach to (CLONE_NEW... flags) */ | |
9c4693b8 | 84 | int namespaces; |
953e611c JH |
85 | |
86 | /*! Initial personality (\c -1 to autodetect). | |
1a0e70ac CB |
87 | * \warning This may be ignored if lxc is compiled without personality |
88 | * support) | |
953e611c | 89 | */ |
9c4693b8 CS |
90 | long personality; |
91 | ||
ec64264d | 92 | /*! Initial current directory, use \c NULL to use cwd. |
1a0e70ac CB |
93 | * If the current directory does not exist in the container, the root |
94 | * directory will be used instead because of kernel defaults. | |
9c4693b8 CS |
95 | */ |
96 | char* initial_cwd; | |
97 | ||
953e611c JH |
98 | /*! The user-id to run as. |
99 | * | |
100 | * \note Set to \c -1 for default behaviour (init uid for userns | |
101 | * containers or \c 0 (super-user) if detection fails). | |
9c4693b8 CS |
102 | */ |
103 | uid_t uid; | |
953e611c JH |
104 | |
105 | /*! The group-id to run as. | |
106 | * | |
107 | * \note Set to \c -1 for default behaviour (init gid for userns | |
108 | * containers or \c 0 (super-user) if detection fails). | |
109 | */ | |
9c4693b8 CS |
110 | gid_t gid; |
111 | ||
953e611c | 112 | /*! Environment policy */ |
9c4693b8 | 113 | lxc_attach_env_policy_t env_policy; |
953e611c JH |
114 | |
115 | /*! Extra environment variables to set in the container environment */ | |
9c4693b8 | 116 | char** extra_env_vars; |
953e611c JH |
117 | |
118 | /*! Names of environment variables in existing environment to retain | |
119 | * in container environment. | |
120 | */ | |
9c4693b8 CS |
121 | char** extra_keep_env; |
122 | ||
953e611c JH |
123 | /**@{*/ |
124 | /*! File descriptors for stdin, stdout and stderr, | |
125 | * \c dup2() will be used before calling exec_function, | |
126 | * (assuming not \c 0, \c 1 and \c 2 are specified) and the | |
9c4693b8 | 127 | * original fds are closed before passing control |
953e611c JH |
128 | * over. Any \c O_CLOEXEC flag will be removed after |
129 | * that. | |
9c4693b8 | 130 | */ |
953e611c JH |
131 | int stdin_fd; /*!< stdin file descriptor */ |
132 | int stdout_fd; /*!< stdout file descriptor */ | |
133 | int stderr_fd; /*!< stderr file descriptor */ | |
134 | /**@}*/ | |
79bd7662 CB |
135 | |
136 | /*! File descriptor to log output. */ | |
137 | int log_fd; | |
953e611c | 138 | } lxc_attach_options_t; |
9c4693b8 | 139 | |
953e611c | 140 | /*! Default attach options to use */ |
1a0e70ac CB |
141 | #define LXC_ATTACH_OPTIONS_DEFAULT \ |
142 | { \ | |
143 | /* .attach_flags = */ LXC_ATTACH_DEFAULT, \ | |
144 | /* .namespaces = */ -1, \ | |
145 | /* .personality = */ -1, \ | |
146 | /* .initial_cwd = */ NULL, \ | |
147 | /* .uid = */ (uid_t)-1, \ | |
148 | /* .gid = */ (gid_t)-1, \ | |
149 | /* .env_policy = */ LXC_ATTACH_KEEP_ENV, \ | |
150 | /* .extra_env_vars = */ NULL, \ | |
151 | /* .extra_keep_env = */ NULL, \ | |
79bd7662 CB |
152 | /* .stdin_fd = */ 0, \ |
153 | /* .stdout_fd = */ 1, \ | |
154 | /* .stderr_fd = */ 2, \ | |
155 | /* .log_fd = */ -EBADF, \ | |
9c4693b8 CS |
156 | } |
157 | ||
953e611c JH |
158 | /*! |
159 | * Representation of a command to run in a container. | |
160 | */ | |
9c4693b8 | 161 | typedef struct lxc_attach_command_t { |
953e611c JH |
162 | char* program; /*!< The program to run (passed to execvp) */ |
163 | char** argv; /*!< The argv pointer of that program, including the program itself in argv[0] */ | |
9c4693b8 CS |
164 | } lxc_attach_command_t; |
165 | ||
953e611c JH |
166 | /*! |
167 | * \brief Run a command in the container. | |
168 | * | |
169 | * \param payload \ref lxc_attach_command_t to run. | |
170 | * | |
171 | * \return \c -1 on error, exit code of lxc_attach_command_t program on success. | |
9c4693b8 CS |
172 | */ |
173 | extern int lxc_attach_run_command(void* payload); | |
953e611c JH |
174 | |
175 | /*! | |
176 | * \brief Run a shell command in the container. | |
177 | * | |
178 | * \param payload Not used. | |
179 | * | |
180 | * \return Exit code of shell. | |
181 | */ | |
9c4693b8 CS |
182 | extern int lxc_attach_run_shell(void* payload); |
183 | ||
579e783e AM |
184 | #ifdef __cplusplus |
185 | } | |
186 | #endif | |
187 | ||
9c4693b8 | 188 | #endif |