[mirror_lxc.git] / src / lxc / conf.h

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <daniel.lezcano at free.fr>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */
#ifndef _conf_h
#define _conf_h

#include "config.h"

#include <netinet/in.h>
#include <net/if.h>
#include <sys/param.h>
#include <sys/types.h>
#include <stdbool.h>

#include <lxc/list.h>

#include <lxc/start.h> /* for lxc_handler */

#if HAVE_SCMP_FILTER_CTX
typedef void * scmp_filter_ctx;
#endif

enum {
	LXC_NET_EMPTY,
	LXC_NET_VETH,
	LXC_NET_MACVLAN,
	LXC_NET_PHYS,
	LXC_NET_VLAN,
	LXC_NET_NONE,
	LXC_NET_MAXCONFTYPE,
};

/*
 * Defines the structure to configure an ipv4 address
 * @address   : ipv4 address
 * @broadcast : ipv4 broadcast address
 * @mask      : network mask
 */
struct lxc_inetdev {
	struct in_addr addr;
	struct in_addr bcast;
	int prefix;
};

struct lxc_route {
	struct in_addr addr;
};

/*
 * Defines the structure to configure an ipv6 address
 * @flags     : set the address up
 * @address   : ipv6 address
 * @broadcast : ipv6 broadcast address
 * @mask      : network mask
 */
struct lxc_inet6dev {
	struct in6_addr addr;
	struct in6_addr mcast;
	struct in6_addr acast;
	int prefix;
};

struct lxc_route6 {
	struct in6_addr addr;
};

struct ifla_veth {
	char *pair; /* pair name */
	char veth1[IFNAMSIZ]; /* needed for deconf */
};

struct ifla_vlan {
	uint   flags;
	uint   fmask;
	unsigned short   vid;
	unsigned short   pad;
};

struct ifla_macvlan {
	int mode; /* private, vepa, bridge */
};

union netdev_p {
	struct ifla_veth veth_attr;
	struct ifla_vlan vlan_attr;
	struct ifla_macvlan macvlan_attr;
};

/*
 * Defines a structure to configure a network device
 * @link       : lxc.network.link, name of bridge or host iface to attach if any
 * @name       : lxc.network.name, name of iface on the container side
 * @flags      : flag of the network device (IFF_UP, ... )
 * @ipv4       : a list of ipv4 addresses to be set on the network device
 * @ipv6       : a list of ipv6 addresses to be set on the network device
 * @upscript   : a script filename to be executed during interface configuration
 * @downscript : a script filename to be executed during interface destruction
 */
struct lxc_netdev {
	int type;
	int flags;
	int ifindex;
	char *link;
	char *name;
	char *hwaddr;
	char *mtu;
	union netdev_p priv;
	struct lxc_list ipv4;
	struct lxc_list ipv6;
	struct in_addr *ipv4_gateway;
	bool ipv4_gateway_auto;
	struct in6_addr *ipv6_gateway;
	bool ipv6_gateway_auto;
	char *upscript;
	char *downscript;
};

/*
 * Defines a generic struct to configure the control group.
 * It is up to the programmer to specify the right subsystem.
 * @subsystem : the targetted subsystem
 * @value     : the value to set
 */
struct lxc_cgroup {
	char *subsystem;
	char *value;
};

enum idtype {
	ID_TYPE_UID,
	ID_TYPE_GID
};

/*
 * id_map is an id map entry.  Form in confile is:
 * lxc.id_map = u 0    9800 100
 * lxc.id_map = u 1000 9900 100
 * lxc.id_map = g 0    9800 100
 * lxc.id_map = g 1000 9900 100
 * meaning the container can use uids and gids 0-99 and 1000-1099,
 * with [ug]id 0 mapping to [ug]id 9800 on the host, and [ug]id 1000 to
 * [ug]id 9900 on the host.
 */
struct id_map {
	enum idtype idtype;
	unsigned long hostid, nsid, range;
};

extern int lxc_free_idmap(struct lxc_list *idmap);

/*
 * Defines a structure containing a pty information for
 * virtualizing a tty
 * @name   : the path name of the slave pty side
 * @master : the file descriptor of the master
 * @slave  : the file descriptor of the slave
 */
struct lxc_pty_info {
	char name[MAXPATHLEN];
	int master;
	int slave;
	int busy;
};

/*
 * Defines the number of tty configured and contains the
 * instanciated ptys
 * @nbtty = number of configured ttys
 */
struct lxc_tty_info {
	int nbtty;
	struct lxc_pty_info *pty_info;
};

struct lxc_tty_state;

/*
 * Defines the structure to store the console information
 * @peer   : the file descriptor put/get console traffic
 * @name   : the file name of the slave pty
 */
struct lxc_console {
	int slave;
	int master;
	int peer;
	struct lxc_pty_info peerpty;
	struct lxc_epoll_descr *descr;
	char *path;
	char *log_path;
	int log_fd;
	char name[MAXPATHLEN];
	struct termios *tios;
	struct lxc_tty_state *tty_state;
};

/*
 * Defines a structure to store the rootfs location, the
 * optionals pivot_root, rootfs mount paths
 * @rootfs     : a path to the rootfs
 * @pivot_root : a path to a pivot_root location to be used
 */
struct lxc_rootfs {
	char *path;
	char *mount;
	char *pivot;
};

/*
 * Automatic mounts for LXC to perform inside the container
 */
enum {
	LXC_AUTO_PROC_RW              = 0x001,   /* /proc read-write */
	LXC_AUTO_PROC_MIXED           = 0x002,   /* /proc/sys and /proc/sysrq-trigger read-only */
	LXC_AUTO_PROC_MASK            = 0x003,

	LXC_AUTO_SYS_RW               = 0x004,   /* /sys */
	LXC_AUTO_SYS_RO               = 0x008,   /* /sys read-only */
	LXC_AUTO_SYS_MASK             = 0x00C,

	LXC_AUTO_CGROUP_RO            = 0x010,   /* /sys/fs/cgroup (partial mount, read-only) */
	LXC_AUTO_CGROUP_RW            = 0x020,   /* /sys/fs/cgroup (partial mount, read-write) */
	LXC_AUTO_CGROUP_MIXED         = 0x030,   /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
	LXC_AUTO_CGROUP_FULL_RO       = 0x040,   /* /sys/fs/cgroup (full mount, read-only) */
	LXC_AUTO_CGROUP_FULL_RW       = 0x050,   /* /sys/fs/cgroup (full mount, read-write) */
	LXC_AUTO_CGROUP_FULL_MIXED    = 0x060,   /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
	LXC_AUTO_CGROUP_MASK          = 0x070,

	LXC_AUTO_ALL_MASK             = 0x07F,   /* all known settings */
};

/*
 * Defines the global container configuration
 * @rootfs     : root directory to run the container
 * @pivotdir   : pivotdir path, if not set default will be used
 * @mount      : list of mount points
 * @tty        : numbers of tty
 * @pts        : new pts instance
 * @mount_list : list of mount point (alternative to fstab file)
 * @network    : network configuration
 * @utsname    : container utsname
 * @fstab      : path to a fstab file format
 * @caps       : list of the capabilities to drop
 * @keepcaps   : list of the capabilities to keep
 * @tty_info   : tty data
 * @console    : console data
 * @ttydir     : directory (under /dev) in which to create console and ttys
 * @lsm_aa_profile : apparmor profile to switch to or NULL
 * @lsm_se_context : selinux type to switch to or NULL
 */
enum lxchooks {
	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
	LXCHOOK_START, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, NUM_LXC_HOOKS};
extern char *lxchook_names[NUM_LXC_HOOKS];

struct saved_nic {
	int ifindex;
	char *orig_name;
};

struct lxc_conf {
	int is_execute;
	char *fstab;
	int tty;
	int pts;
	int reboot;
	int need_utmp_watch;
	int personality;
	struct utsname *utsname;
	struct lxc_list cgroup;
	struct lxc_list id_map;
	struct lxc_list network;
	struct saved_nic *saved_nics;
	int num_savednics;
	int auto_mounts;
	struct lxc_list mount_list;
	struct lxc_list caps;
	struct lxc_list keepcaps;
	struct lxc_tty_info tty_info;
	struct lxc_console console;
	struct lxc_rootfs rootfs;
	char *ttydir;
	int close_all_fds;
	struct lxc_list hooks[NUM_LXC_HOOKS];

	char *lsm_aa_profile;
	char *lsm_se_context;
	int lsm_umount_proc;
	char *seccomp;  // filename with the seccomp rules
#if HAVE_SCMP_FILTER_CTX
	scmp_filter_ctx *seccomp_ctx;
#endif
	int maincmd_fd;
	int autodev;  // if 1, mount and fill a /dev at start
	int stopsignal; // signal used to stop container
	int kmsg;  // if 1, create /dev/kmsg symlink
	char *rcfile;	// Copy of the top level rcfile we read

	// Logfile and logleve can be set in a container config file.
	// Those function as defaults.  The defaults can be overriden
	// by command line.  However we don't want the command line
	// specified values to be saved on c->save_config().  So we
	// store the config file specified values here.
	char *logfile;  // the logfile as specifed in config
	int loglevel;   // loglevel as specifed in config (if any)

	int inherit_ns_fd[LXC_NS_MAX];

	int start_auto;
	int start_delay;
	int start_order;
	struct lxc_list groups;
};

int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
		  const char *lxcpath, char *argv[]);

extern int detect_shared_rootfs(void);

/*
 * Initialize the lxc configuration structure
 */
extern struct lxc_conf *lxc_conf_init(void);
extern void lxc_conf_free(struct lxc_conf *conf);

extern int pin_rootfs(const char *rootfs);

extern int lxc_requests_empty_network(struct lxc_handler *handler);
extern int lxc_create_network(struct lxc_handler *handler);
extern void lxc_delete_network(struct lxc_handler *handler);
extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
extern int lxc_find_gateway_addresses(struct lxc_handler *handler);

extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
extern void lxc_delete_tty(struct lxc_tty_info *tty_info);

extern int lxc_clear_config_network(struct lxc_conf *c);
extern int lxc_clear_nic(struct lxc_conf *c, const char *key);
extern int lxc_clear_config_caps(struct lxc_conf *c);
extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
extern int lxc_clear_mount_entries(struct lxc_conf *c);
extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
extern int lxc_clear_idmaps(struct lxc_conf *c);
extern int lxc_clear_groups(struct lxc_conf *c);

/*
 * Configure the container from inside
 */

struct cgroup_process_info;
extern int lxc_setup(const char *name, struct lxc_conf *lxc_conf,
			const char *lxcpath,
			struct cgroup_process_info *cgroup_info,
			void *data);

extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);

extern uid_t get_mapped_rootid(struct lxc_conf *conf);
extern int find_unmapped_nsuid(struct lxc_conf *conf);
extern int mapped_hostid(int id, struct lxc_conf *conf);
extern int chown_mapped_root(char *path, struct lxc_conf *conf);
extern int ttys_shift_ids(struct lxc_conf *c);
extern int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data);
#endif
Commit	Line	Data
0ad19a3f	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
9afe19d6	7	* Daniel Lezcano <daniel.lezcano at free.fr>
0ad19a3f	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
250b1eec	21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
0ad19a3f	22	*/
	23	#ifndef _conf_h
	24	#define _conf_h
	25
f424fa8f SG	26	#include "config.h"
f424fa8f SG	27
0ad19a3f	28	#include <netinet/in.h>
74a2b586	29	#include <net/if.h>
b0a33c1e	30	#include <sys/param.h>
8173e600	31	#include <sys/types.h>
19a26f82	32	#include <stdbool.h>
0ad19a3f	33
00b3c2e2 CLG	34	#include <lxc/list.h>
00b3c2e2 CLG	35
43de51b7	36	#include <lxc/start.h> /* for lxc_handler */
e3b4c4c4	37
769872f9 SH	38	#if HAVE_SCMP_FILTER_CTX
	39	typedef void * scmp_filter_ctx;
	40	#endif
	41
13954cce	42	enum {
24654103 DL	43	LXC_NET_EMPTY,
	44	LXC_NET_VETH,
	45	LXC_NET_MACVLAN,
	46	LXC_NET_PHYS,
	47	LXC_NET_VLAN,
26b797f3	48	LXC_NET_NONE,
24654103	49	LXC_NET_MAXCONFTYPE,
0ad19a3f	50	};
	51
	52	/*
	53	* Defines the structure to configure an ipv4 address
	54	* @address : ipv4 address
	55	* @broadcast : ipv4 broadcast address
	56	* @mask : network mask
	57	*/
	58	struct lxc_inetdev {
	59	struct in_addr addr;
	60	struct in_addr bcast;
	61	int prefix;
	62	};
	63
	64	struct lxc_route {
	65	struct in_addr addr;
	66	};
	67
	68	/*
	69	* Defines the structure to configure an ipv6 address
	70	* @flags : set the address up
	71	* @address : ipv6 address
	72	* @broadcast : ipv6 broadcast address
	73	* @mask : network mask
	74	*/
	75	struct lxc_inet6dev {
	76	struct in6_addr addr;
0093bb8c	77	struct in6_addr mcast;
0ad19a3f	78	struct in6_addr acast;
	79	int prefix;
	80	};
	81
	82	struct lxc_route6 {
	83	struct in6_addr addr;
	84	};
26c39028	85
e892973e DL	86	struct ifla_veth {
e892973e DL	87	char pair; / pair name */
74a2b586	88	char veth1[IFNAMSIZ]; /* needed for deconf */
e892973e DL	89	};
e892973e DL	90
26c39028 JHS	91	struct ifla_vlan {
	92	uint flags;
	93	uint fmask;
7c11d57a SG	94	unsigned short vid;
7c11d57a SG	95	unsigned short pad;
26c39028 JHS	96	};
26c39028 JHS	97
e892973e DL	98	struct ifla_macvlan {
	99	int mode; /* private, vepa, bridge */
	100	};
	101
f6cc1de1	102	union netdev_p {
e892973e	103	struct ifla_veth veth_attr;
f6cc1de1	104	struct ifla_vlan vlan_attr;
e892973e	105	struct ifla_macvlan macvlan_attr;
f6cc1de1 JHS	106	};
f6cc1de1 JHS	107
0ad19a3f	108	/*
0ad19a3f	109	* Defines a structure to configure a network device
e3b4c4c4 ST	110	* @link : lxc.network.link, name of bridge or host iface to attach if any
	111	* @name : lxc.network.name, name of iface on the container side
	112	* @flags : flag of the network device (IFF_UP, ... )
	113	* @ipv4 : a list of ipv4 addresses to be set on the network device
	114	* @ipv6 : a list of ipv6 addresses to be set on the network device
	115	* @upscript : a script filename to be executed during interface configuration
74a2b586	116	* @downscript : a script filename to be executed during interface destruction
0ad19a3f	117	*/
0ad19a3f	118	struct lxc_netdev {
5f4535a3	119	int type;
0ad19a3f	120	int flags;
82d5ae15	121	int ifindex;
9d083402 MT	122	char *link;
9d083402 MT	123	char *name;
0ad19a3f	124	char *hwaddr;
442cbbe6	125	char *mtu;
f6cc1de1	126	union netdev_p priv;
0ad19a3f	127	struct lxc_list ipv4;
0ad19a3f	128	struct lxc_list ipv6;
f8fee0e2	129	struct in_addr *ipv4_gateway;
19a26f82	130	bool ipv4_gateway_auto;
f8fee0e2	131	struct in6_addr *ipv6_gateway;
19a26f82	132	bool ipv6_gateway_auto;
e3b4c4c4	133	char *upscript;
74a2b586	134	char *downscript;
0ad19a3f	135	};
	136
	137	/*
576f946d	138	* Defines a generic struct to configure the control group.
	139	* It is up to the programmer to specify the right subsystem.
	140	* @subsystem : the targetted subsystem
	141	* @value : the value to set
0ad19a3f	142	*/
0ad19a3f	143	struct lxc_cgroup {
576f946d	144	char *subsystem;
576f946d	145	char *value;
0ad19a3f	146	};
0ad19a3f	147
f6d3e3e4 SH	148	enum idtype {
	149	ID_TYPE_UID,
	150	ID_TYPE_GID
	151	};
	152
	153	/*
	154	* id_map is an id map entry. Form in confile is:
251d0d2a DE	155	* lxc.id_map = u 0 9800 100
	156	* lxc.id_map = u 1000 9900 100
	157	* lxc.id_map = g 0 9800 100
	158	* lxc.id_map = g 1000 9900 100
	159	* meaning the container can use uids and gids 0-99 and 1000-1099,
	160	* with [ug]id 0 mapping to [ug]id 9800 on the host, and [ug]id 1000 to
	161	* [ug]id 9900 on the host.
f6d3e3e4 SH	162	*/
	163	struct id_map {
	164	enum idtype idtype;
251d0d2a	165	unsigned long hostid, nsid, range;
f6d3e3e4 SH	166	};
f6d3e3e4 SH	167
4355ab5f SH	168	extern int lxc_free_idmap(struct lxc_list *idmap);
4355ab5f SH	169
b0a33c1e	170	/*
	171	* Defines a structure containing a pty information for
	172	* virtualizing a tty
	173	* @name : the path name of the slave pty side
	174	* @master : the file descriptor of the master
	175	* @slave : the file descriptor of the slave
	176	*/
	177	struct lxc_pty_info {
	178	char name[MAXPATHLEN];
	179	int master;
	180	int slave;
	181	int busy;
	182	};
	183
	184	/*
	185	* Defines the number of tty configured and contains the
	186	* instanciated ptys
	187	* @nbtty = number of configured ttys
	188	*/
	189	struct lxc_tty_info {
	190	int nbtty;
	191	struct lxc_pty_info *pty_info;
	192	};
	193
b5159817 DE	194	struct lxc_tty_state;
b5159817 DE	195
63376d7d DL	196	/*
	197	* Defines the structure to store the console information
	198	* @peer : the file descriptor put/get console traffic
	199	* @name : the file name of the slave pty
	200	*/
	201	struct lxc_console {
	202	int slave;
	203	int master;
	204	int peer;
b5159817 DE	205	struct lxc_pty_info peerpty;
b5159817 DE	206	struct lxc_epoll_descr *descr;
28a4b0e5	207	char *path;
596a818d DE	208	char *log_path;
596a818d DE	209	int log_fd;
63376d7d	210	char name[MAXPATHLEN];
e0dc0de7	211	struct termios *tios;
b5159817	212	struct lxc_tty_state *tty_state;
63376d7d DL	213	};
63376d7d DL	214
33fcb7a0 DL	215	/*
	216	* Defines a structure to store the rootfs location, the
	217	* optionals pivot_root, rootfs mount paths
	218	* @rootfs : a path to the rootfs
	219	* @pivot_root : a path to a pivot_root location to be used
	220	*/
	221	struct lxc_rootfs {
	222	char *path;
23b7ea69	223	char *mount;
33fcb7a0 DL	224	char *pivot;
	225	};
	226
368bbc02 CS	227	/*
	228	* Automatic mounts for LXC to perform inside the container
	229	*/
	230	enum {
b06b8511 CS	231	LXC_AUTO_PROC_RW = 0x001, /* /proc read-write */
	232	LXC_AUTO_PROC_MIXED = 0x002, /* /proc/sys and /proc/sysrq-trigger read-only */
	233	LXC_AUTO_PROC_MASK = 0x003,
	234
	235	LXC_AUTO_SYS_RW = 0x004, /* /sys */
	236	LXC_AUTO_SYS_RO = 0x008, /* /sys read-only */
	237	LXC_AUTO_SYS_MASK = 0x00C,
	238
	239	LXC_AUTO_CGROUP_RO = 0x010, /* /sys/fs/cgroup (partial mount, read-only) */
	240	LXC_AUTO_CGROUP_RW = 0x020, /* /sys/fs/cgroup (partial mount, read-write) */
	241	LXC_AUTO_CGROUP_MIXED = 0x030, /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
	242	LXC_AUTO_CGROUP_FULL_RO = 0x040, /* /sys/fs/cgroup (full mount, read-only) */
	243	LXC_AUTO_CGROUP_FULL_RW = 0x050, /* /sys/fs/cgroup (full mount, read-write) */
	244	LXC_AUTO_CGROUP_FULL_MIXED = 0x060, /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
	245	LXC_AUTO_CGROUP_MASK = 0x070,
	246
	247	LXC_AUTO_ALL_MASK = 0x07F, /* all known settings */
368bbc02 CS	248	};
368bbc02 CS	249
571e6ec8 DL	250	/*
571e6ec8 DL	251	* Defines the global container configuration
63376d7d DL	252	* @rootfs : root directory to run the container
	253	* @pivotdir : pivotdir path, if not set default will be used
	254	* @mount : list of mount points
	255	* @tty : numbers of tty
	256	* @pts : new pts instance
	257	* @mount_list : list of mount point (alternative to fstab file)
	258	* @network : network configuration
	259	* @utsname : container utsname
	260	* @fstab : path to a fstab file format
1fb86a7c SH	261	* @caps : list of the capabilities to drop
1fb86a7c SH	262	* @keepcaps : list of the capabilities to keep
63376d7d DL	263	* @tty_info : tty data
63376d7d DL	264	* @console : console data
7c6ef2a2	265	* @ttydir : directory (under /dev) in which to create console and ttys
fe4de9a6 DE	266	* @lsm_aa_profile : apparmor profile to switch to or NULL
fe4de9a6 DE	267	* @lsm_se_context : selinux type to switch to or NULL
571e6ec8	268	*/
26ddeedd	269	enum lxchooks {
f7bee6c6	270	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
148e91f5	271	LXCHOOK_START, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, NUM_LXC_HOOKS};
72d0e1cb SG	272	extern char *lxchook_names[NUM_LXC_HOOKS];
72d0e1cb SG	273
7b35f3d6 SH	274	struct saved_nic {
	275	int ifindex;
	276	char *orig_name;
	277	};
	278
571e6ec8	279	struct lxc_conf {
37903589	280	int is_execute;
571e6ec8 DL	281	char *fstab;
	282	int tty;
	283	int pts;
91480a0f	284	int reboot;
828695d9	285	int need_utmp_watch;
cccc74b5	286	int personality;
571e6ec8 DL	287	struct utsname *utsname;
571e6ec8 DL	288	struct lxc_list cgroup;
f6d3e3e4	289	struct lxc_list id_map;
5f4535a3	290	struct lxc_list network;
7b35f3d6 SH	291	struct saved_nic *saved_nics;
7b35f3d6 SH	292	int num_savednics;
368bbc02	293	int auto_mounts;
e7938e9e	294	struct lxc_list mount_list;
81810dd1	295	struct lxc_list caps;
1fb86a7c	296	struct lxc_list keepcaps;
571e6ec8	297	struct lxc_tty_info tty_info;
63376d7d	298	struct lxc_console console;
33fcb7a0	299	struct lxc_rootfs rootfs;
7c6ef2a2	300	char *ttydir;
b119f362	301	int close_all_fds;
26ddeedd	302	struct lxc_list hooks[NUM_LXC_HOOKS];
4a85ce2a	303
fe4de9a6 DE	304	char *lsm_aa_profile;
fe4de9a6 DE	305	char *lsm_se_context;
e075f5d9	306	int lsm_umount_proc;
8f2c3a70	307	char *seccomp; // filename with the seccomp rules
769872f9 SH	308	#if HAVE_SCMP_FILTER_CTX
	309	scmp_filter_ctx *seccomp_ctx;
	310	#endif
72d0e1cb	311	int maincmd_fd;
c6883f38	312	int autodev; // if 1, mount and fill a /dev at start
a84b9932	313	int stopsignal; // signal used to stop container
7e0e1d94	314	int kmsg; // if 1, create /dev/kmsg symlink
f7bee6c6	315	char *rcfile; // Copy of the top level rcfile we read
b40a606e SH	316
	317	// Logfile and logleve can be set in a container config file.
	318	// Those function as defaults. The defaults can be overriden
	319	// by command line. However we don't want the command line
	320	// specified values to be saved on c->save_config(). So we
	321	// store the config file specified values here.
	322	char *logfile; // the logfile as specifed in config
	323	int loglevel; // loglevel as specifed in config (if any)
9f30a190 MM	324
9f30a190 MM	325	int inherit_ns_fd[LXC_NS_MAX];
ee1e7aa0 SG	326
	327	int start_auto;
	328	int start_delay;
	329	int start_order;
	330	struct lxc_list groups;
571e6ec8 DL	331	};
571e6ec8 DL	332
283678ed SH	333	int run_lxc_hooks(const char name, char hook, struct lxc_conf *conf,
283678ed SH	334	const char lxcpath, char argv[]);
26ddeedd	335
cc28d0b0 SH	336	extern int detect_shared_rootfs(void);
cc28d0b0 SH	337
089cd8b8 DL	338	/*
	339	* Initialize the lxc configuration structure
	340	*/
7b379ab3	341	extern struct lxc_conf *lxc_conf_init(void);
8eb5694b	342	extern void lxc_conf_free(struct lxc_conf *conf);
089cd8b8	343
0c547523 SH	344	extern int pin_rootfs(const char *rootfs);
0c547523 SH	345
26b797f3	346	extern int lxc_requests_empty_network(struct lxc_handler *handler);
e3b4c4c4	347	extern int lxc_create_network(struct lxc_handler *handler);
74a2b586	348	extern void lxc_delete_network(struct lxc_handler *handler);
82d5ae15	349	extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
f6d3e3e4	350	extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
19a26f82	351	extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
0ad19a3f	352
5e4a62bf	353	extern int lxc_create_tty(const char name, struct lxc_conf conf);
b0a33c1e	354	extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
b0a33c1e	355
72d0e1cb	356	extern int lxc_clear_config_network(struct lxc_conf *c);
12a50cc6	357	extern int lxc_clear_nic(struct lxc_conf c, const char key);
72d0e1cb	358	extern int lxc_clear_config_caps(struct lxc_conf *c);
1fb86a7c	359	extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
12a50cc6	360	extern int lxc_clear_cgroups(struct lxc_conf c, const char key);
72d0e1cb	361	extern int lxc_clear_mount_entries(struct lxc_conf *c);
12a50cc6	362	extern int lxc_clear_hooks(struct lxc_conf c, const char key);
7d0eb87e	363	extern int lxc_clear_idmaps(struct lxc_conf *c);
ee1e7aa0	364	extern int lxc_clear_groups(struct lxc_conf *c);
72d0e1cb	365
0ad19a3f	366	/*
	367	* Configure the container from inside
	368	*/
88d5514d	369
368bbc02	370	struct cgroup_process_info;
283678ed	371	extern int lxc_setup(const char name, struct lxc_conf lxc_conf,
bc6928ff MW	372	const char *lxcpath,
	373	struct cgroup_process_info *cgroup_info,
	374	void *data);
7b35f3d6 SH	375
7b35f3d6 SH	376	extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
cf3ef16d	377
c4d10a05	378	extern uid_t get_mapped_rootid(struct lxc_conf *conf);
cf3ef16d	379	extern int find_unmapped_nsuid(struct lxc_conf *conf);
57d116ab	380	extern int mapped_hostid(int id, struct lxc_conf *conf);
c4d10a05 SH	381	extern int chown_mapped_root(char path, struct lxc_conf conf);
c4d10a05 SH	382	extern int ttys_shift_ids(struct lxc_conf *c);
4355ab5f	383	extern int userns_exec_1(struct lxc_conf conf, int (fn)(void ), void data);
0ad19a3f	384	#endif