[mirror_lxc.git] / src / lxc / conf.h

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <dlezcano at fr.ibm.com>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */
#ifndef _conf_h
#define _conf_h

#include <netinet/in.h>
#include <net/if.h>
#include <sys/param.h>
#include <sys/types.h>
#include <stdbool.h>

#include <lxc/list.h>

#include <lxc/start.h> /* for lxc_handler */

#if HAVE_SCMP_FILTER_CTX
typedef void * scmp_filter_ctx;
#endif

enum {
	LXC_NET_EMPTY,
	LXC_NET_VETH,
	LXC_NET_MACVLAN,
	LXC_NET_PHYS,
	LXC_NET_VLAN,
	LXC_NET_MAXCONFTYPE,
};

/*
 * Defines the structure to configure an ipv4 address
 * @address   : ipv4 address
 * @broadcast : ipv4 broadcast address
 * @mask      : network mask
 */
struct lxc_inetdev {
	struct in_addr addr;
	struct in_addr bcast;
	int prefix;
};

struct lxc_route {
	struct in_addr addr;
};

/*
 * Defines the structure to configure an ipv6 address
 * @flags     : set the address up
 * @address   : ipv6 address
 * @broadcast : ipv6 broadcast address
 * @mask      : network mask
 */
struct lxc_inet6dev {
	struct in6_addr addr;
	struct in6_addr mcast;
	struct in6_addr acast;
	int prefix;
};

struct lxc_route6 {
	struct in6_addr addr;
};

struct ifla_veth {
	char *pair; /* pair name */
	char veth1[IFNAMSIZ]; /* needed for deconf */
};

struct ifla_vlan {
	uint   flags;
	uint   fmask;
	unsigned short   vid;
	unsigned short   pad;
};

struct ifla_macvlan {
	int mode; /* private, vepa, bridge */
};

union netdev_p {
	struct ifla_veth veth_attr;
	struct ifla_vlan vlan_attr;
	struct ifla_macvlan macvlan_attr;
};

/*
 * Defines a structure to configure a network device
 * @link       : lxc.network.link, name of bridge or host iface to attach if any
 * @name       : lxc.network.name, name of iface on the container side
 * @flags      : flag of the network device (IFF_UP, ... )
 * @ipv4       : a list of ipv4 addresses to be set on the network device
 * @ipv6       : a list of ipv6 addresses to be set on the network device
 * @upscript   : a script filename to be executed during interface configuration
 * @downscript : a script filename to be executed during interface destruction
 */
struct lxc_netdev {
	int type;
	int flags;
	int ifindex;
	char *link;
	char *name;
	char *hwaddr;
	char *mtu;
	union netdev_p priv;
	struct lxc_list ipv4;
	struct lxc_list ipv6;
	struct in_addr *ipv4_gateway;
	bool ipv4_gateway_auto;
	struct in6_addr *ipv6_gateway;
	bool ipv6_gateway_auto;
	char *upscript;
	char *downscript;
};

/*
 * Defines a generic struct to configure the control group.
 * It is up to the programmer to specify the right subsystem.
 * @subsystem : the targetted subsystem
 * @value     : the value to set
 */
struct lxc_cgroup {
	char *subsystem;
	char *value;
};

enum idtype {
	ID_TYPE_UID,
	ID_TYPE_GID
};

/*
 * id_map is an id map entry.  Form in confile is:
 * lxc.id_map = u 0    9800 100
 * lxc.id_map = u 1000 9900 100
 * lxc.id_map = g 0    9800 100
 * lxc.id_map = g 1000 9900 100
 * meaning the container can use uids and gids 0-99 and 1000-1099,
 * with [ug]id 0 mapping to [ug]id 9800 on the host, and [ug]id 1000 to
 * [ug]id 9900 on the host.
 */
struct id_map {
	enum idtype idtype;
	unsigned long hostid, nsid, range;
};

/*
 * Defines a structure containing a pty information for
 * virtualizing a tty
 * @name   : the path name of the slave pty side
 * @master : the file descriptor of the master
 * @slave  : the file descriptor of the slave
 */
struct lxc_pty_info {
	char name[MAXPATHLEN];
	int master;
	int slave;
	int busy;
};

/*
 * Defines the number of tty configured and contains the
 * instanciated ptys
 * @nbtty = number of configured ttys
 */
struct lxc_tty_info {
	int nbtty;
	struct lxc_pty_info *pty_info;
};

/*
 * Defines the structure to store the console information
 * @peer   : the file descriptor put/get console traffic
 * @name   : the file name of the slave pty
 */
struct lxc_console {
	int slave;
	int master;
	int peer;
	char *path;
	char *log_path;
	int log_fd;
	char name[MAXPATHLEN];
	struct termios *tios;
};

/*
 * Defines a structure to store the rootfs location, the
 * optionals pivot_root, rootfs mount paths
 * @rootfs     : a path to the rootfs
 * @pivot_root : a path to a pivot_root location to be used
 */
struct lxc_rootfs {
	char *path;
	char *mount;
	char *pivot;
};

/*
 * Defines the global container configuration
 * @rootfs     : root directory to run the container
 * @pivotdir   : pivotdir path, if not set default will be used
 * @mount      : list of mount points
 * @tty        : numbers of tty
 * @pts        : new pts instance
 * @mount_list : list of mount point (alternative to fstab file)
 * @network    : network configuration
 * @utsname    : container utsname
 * @fstab      : path to a fstab file format
 * @caps       : list of the capabilities
 * @tty_info   : tty data
 * @console    : console data
 * @ttydir     : directory (under /dev) in which to create console and ttys
#if HAVE_APPARMOR
 * @aa_profile : apparmor profile to switch to
#endif
 */
enum lxchooks {
	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
	LXCHOOK_START, LXCHOOK_POSTSTOP, NUM_LXC_HOOKS};
extern char *lxchook_names[NUM_LXC_HOOKS];

struct saved_nic {
	int ifindex;
	char *orig_name;
};

struct lxc_conf {
	char *fstab;
	int tty;
	int pts;
	int reboot;
	int need_utmp_watch;
	int personality;
	struct utsname *utsname;
	struct lxc_list cgroup;
	struct lxc_list id_map;
	struct lxc_list network;
	struct saved_nic *saved_nics;
	int num_savednics;
	struct lxc_list mount_list;
	struct lxc_list caps;
	struct lxc_tty_info tty_info;
	struct lxc_console console;
	struct lxc_rootfs rootfs;
	char *ttydir;
	int close_all_fds;
	struct lxc_list hooks[NUM_LXC_HOOKS];
#if HAVE_APPARMOR
	char *aa_profile;
#endif

#if HAVE_APPARMOR /* || HAVE_SELINUX || HAVE_SMACK */
	int lsm_umount_proc;
#endif
	char *seccomp;  // filename with the seccomp rules
#if HAVE_SCMP_FILTER_CTX
	scmp_filter_ctx *seccomp_ctx;
#endif
	int maincmd_fd;
	int autodev;  // if 1, mount and fill a /dev at start
	int stopsignal; // signal used to stop container
	int kmsg;  // if 1, create /dev/kmsg symlink
	char *rcfile;	// Copy of the top level rcfile we read
};

int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf);

extern int setup_cgroup(const char *cgpath, struct lxc_list *cgroups);
extern int detect_shared_rootfs(void);

/*
 * Initialize the lxc configuration structure
 */
extern struct lxc_conf *lxc_conf_init(void);
extern void lxc_conf_free(struct lxc_conf *conf);

extern int pin_rootfs(const char *rootfs);

extern int lxc_create_network(struct lxc_handler *handler);
extern void lxc_delete_network(struct lxc_handler *handler);
extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
extern int lxc_find_gateway_addresses(struct lxc_handler *handler);

extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
extern void lxc_delete_tty(struct lxc_tty_info *tty_info);

extern int lxc_clear_config_network(struct lxc_conf *c);
extern int lxc_clear_nic(struct lxc_conf *c, const char *key);
extern int lxc_clear_config_caps(struct lxc_conf *c);
extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
extern int lxc_clear_mount_entries(struct lxc_conf *c);
extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);

extern int setup_cgroup(const char *name, struct lxc_list *cgroups);

extern int uid_shift_ttys(int pid, struct lxc_conf *conf);

/*
 * Configure the container from inside
 */

extern int lxc_setup(const char *name, struct lxc_conf *lxc_conf);

extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
#endif
Commit	Line	Data
0ad19a3f	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
	7	* Daniel Lezcano <dlezcano at fr.ibm.com>
	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
	21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	22	*/
	23	#ifndef _conf_h
	24	#define _conf_h
	25
	26	#include <netinet/in.h>
74a2b586	27	#include <net/if.h>
b0a33c1e	28	#include <sys/param.h>
8173e600	29	#include <sys/types.h>
19a26f82	30	#include <stdbool.h>
0ad19a3f	31
00b3c2e2 CLG	32	#include <lxc/list.h>
00b3c2e2 CLG	33
43de51b7	34	#include <lxc/start.h> /* for lxc_handler */
e3b4c4c4	35
769872f9 SH	36	#if HAVE_SCMP_FILTER_CTX
	37	typedef void * scmp_filter_ctx;
	38	#endif
	39
13954cce	40	enum {
24654103 DL	41	LXC_NET_EMPTY,
	42	LXC_NET_VETH,
	43	LXC_NET_MACVLAN,
	44	LXC_NET_PHYS,
	45	LXC_NET_VLAN,
	46	LXC_NET_MAXCONFTYPE,
0ad19a3f	47	};
	48
	49	/*
	50	* Defines the structure to configure an ipv4 address
	51	* @address : ipv4 address
	52	* @broadcast : ipv4 broadcast address
	53	* @mask : network mask
	54	*/
	55	struct lxc_inetdev {
	56	struct in_addr addr;
	57	struct in_addr bcast;
	58	int prefix;
	59	};
	60
	61	struct lxc_route {
	62	struct in_addr addr;
	63	};
	64
	65	/*
	66	* Defines the structure to configure an ipv6 address
	67	* @flags : set the address up
	68	* @address : ipv6 address
	69	* @broadcast : ipv6 broadcast address
	70	* @mask : network mask
	71	*/
	72	struct lxc_inet6dev {
	73	struct in6_addr addr;
0093bb8c	74	struct in6_addr mcast;
0ad19a3f	75	struct in6_addr acast;
	76	int prefix;
	77	};
	78
	79	struct lxc_route6 {
	80	struct in6_addr addr;
	81	};
26c39028	82
e892973e DL	83	struct ifla_veth {
e892973e DL	84	char pair; / pair name */
74a2b586	85	char veth1[IFNAMSIZ]; /* needed for deconf */
e892973e DL	86	};
e892973e DL	87
26c39028 JHS	88	struct ifla_vlan {
	89	uint flags;
	90	uint fmask;
7c11d57a SG	91	unsigned short vid;
7c11d57a SG	92	unsigned short pad;
26c39028 JHS	93	};
26c39028 JHS	94
e892973e DL	95	struct ifla_macvlan {
	96	int mode; /* private, vepa, bridge */
	97	};
	98
f6cc1de1	99	union netdev_p {
e892973e	100	struct ifla_veth veth_attr;
f6cc1de1	101	struct ifla_vlan vlan_attr;
e892973e	102	struct ifla_macvlan macvlan_attr;
f6cc1de1 JHS	103	};
f6cc1de1 JHS	104
0ad19a3f	105	/*
0ad19a3f	106	* Defines a structure to configure a network device
e3b4c4c4 ST	107	* @link : lxc.network.link, name of bridge or host iface to attach if any
	108	* @name : lxc.network.name, name of iface on the container side
	109	* @flags : flag of the network device (IFF_UP, ... )
	110	* @ipv4 : a list of ipv4 addresses to be set on the network device
	111	* @ipv6 : a list of ipv6 addresses to be set on the network device
	112	* @upscript : a script filename to be executed during interface configuration
74a2b586	113	* @downscript : a script filename to be executed during interface destruction
0ad19a3f	114	*/
0ad19a3f	115	struct lxc_netdev {
5f4535a3	116	int type;
0ad19a3f	117	int flags;
82d5ae15	118	int ifindex;
9d083402 MT	119	char *link;
9d083402 MT	120	char *name;
0ad19a3f	121	char *hwaddr;
442cbbe6	122	char *mtu;
f6cc1de1	123	union netdev_p priv;
0ad19a3f	124	struct lxc_list ipv4;
0ad19a3f	125	struct lxc_list ipv6;
f8fee0e2	126	struct in_addr *ipv4_gateway;
19a26f82	127	bool ipv4_gateway_auto;
f8fee0e2	128	struct in6_addr *ipv6_gateway;
19a26f82	129	bool ipv6_gateway_auto;
e3b4c4c4	130	char *upscript;
74a2b586	131	char *downscript;
0ad19a3f	132	};
	133
	134	/*
576f946d	135	* Defines a generic struct to configure the control group.
	136	* It is up to the programmer to specify the right subsystem.
	137	* @subsystem : the targetted subsystem
	138	* @value : the value to set
0ad19a3f	139	*/
0ad19a3f	140	struct lxc_cgroup {
576f946d	141	char *subsystem;
576f946d	142	char *value;
0ad19a3f	143	};
0ad19a3f	144
f6d3e3e4 SH	145	enum idtype {
	146	ID_TYPE_UID,
	147	ID_TYPE_GID
	148	};
	149
	150	/*
	151	* id_map is an id map entry. Form in confile is:
251d0d2a DE	152	* lxc.id_map = u 0 9800 100
	153	* lxc.id_map = u 1000 9900 100
	154	* lxc.id_map = g 0 9800 100
	155	* lxc.id_map = g 1000 9900 100
	156	* meaning the container can use uids and gids 0-99 and 1000-1099,
	157	* with [ug]id 0 mapping to [ug]id 9800 on the host, and [ug]id 1000 to
	158	* [ug]id 9900 on the host.
f6d3e3e4 SH	159	*/
	160	struct id_map {
	161	enum idtype idtype;
251d0d2a	162	unsigned long hostid, nsid, range;
f6d3e3e4 SH	163	};
f6d3e3e4 SH	164
b0a33c1e	165	/*
	166	* Defines a structure containing a pty information for
	167	* virtualizing a tty
	168	* @name : the path name of the slave pty side
	169	* @master : the file descriptor of the master
	170	* @slave : the file descriptor of the slave
	171	*/
	172	struct lxc_pty_info {
	173	char name[MAXPATHLEN];
	174	int master;
	175	int slave;
	176	int busy;
	177	};
	178
	179	/*
	180	* Defines the number of tty configured and contains the
	181	* instanciated ptys
	182	* @nbtty = number of configured ttys
	183	*/
	184	struct lxc_tty_info {
	185	int nbtty;
	186	struct lxc_pty_info *pty_info;
	187	};
	188
63376d7d DL	189	/*
	190	* Defines the structure to store the console information
	191	* @peer : the file descriptor put/get console traffic
	192	* @name : the file name of the slave pty
	193	*/
	194	struct lxc_console {
	195	int slave;
	196	int master;
	197	int peer;
28a4b0e5	198	char *path;
596a818d DE	199	char *log_path;
596a818d DE	200	int log_fd;
63376d7d	201	char name[MAXPATHLEN];
e0dc0de7	202	struct termios *tios;
63376d7d DL	203	};
63376d7d DL	204
33fcb7a0 DL	205	/*
	206	* Defines a structure to store the rootfs location, the
	207	* optionals pivot_root, rootfs mount paths
	208	* @rootfs : a path to the rootfs
	209	* @pivot_root : a path to a pivot_root location to be used
	210	*/
	211	struct lxc_rootfs {
	212	char *path;
23b7ea69	213	char *mount;
33fcb7a0 DL	214	char *pivot;
	215	};
	216
571e6ec8 DL	217	/*
571e6ec8 DL	218	* Defines the global container configuration
63376d7d DL	219	* @rootfs : root directory to run the container
	220	* @pivotdir : pivotdir path, if not set default will be used
	221	* @mount : list of mount points
	222	* @tty : numbers of tty
	223	* @pts : new pts instance
	224	* @mount_list : list of mount point (alternative to fstab file)
	225	* @network : network configuration
	226	* @utsname : container utsname
	227	* @fstab : path to a fstab file format
	228	* @caps : list of the capabilities
	229	* @tty_info : tty data
	230	* @console : console data
7c6ef2a2	231	* @ttydir : directory (under /dev) in which to create console and ttys
e075f5d9 SH	232	#if HAVE_APPARMOR
	233	* @aa_profile : apparmor profile to switch to
	234	#endif
571e6ec8	235	*/
26ddeedd	236	enum lxchooks {
f7bee6c6 MW	237	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
f7bee6c6 MW	238	LXCHOOK_START, LXCHOOK_POSTSTOP, NUM_LXC_HOOKS};
72d0e1cb SG	239	extern char *lxchook_names[NUM_LXC_HOOKS];
72d0e1cb SG	240
7b35f3d6 SH	241	struct saved_nic {
	242	int ifindex;
	243	char *orig_name;
	244	};
	245
571e6ec8	246	struct lxc_conf {
571e6ec8 DL	247	char *fstab;
	248	int tty;
	249	int pts;
91480a0f	250	int reboot;
828695d9	251	int need_utmp_watch;
cccc74b5	252	int personality;
571e6ec8 DL	253	struct utsname *utsname;
571e6ec8 DL	254	struct lxc_list cgroup;
f6d3e3e4	255	struct lxc_list id_map;
5f4535a3	256	struct lxc_list network;
7b35f3d6 SH	257	struct saved_nic *saved_nics;
7b35f3d6 SH	258	int num_savednics;
e7938e9e	259	struct lxc_list mount_list;
81810dd1	260	struct lxc_list caps;
571e6ec8	261	struct lxc_tty_info tty_info;
63376d7d	262	struct lxc_console console;
33fcb7a0	263	struct lxc_rootfs rootfs;
7c6ef2a2	264	char *ttydir;
b119f362	265	int close_all_fds;
26ddeedd	266	struct lxc_list hooks[NUM_LXC_HOOKS];
e075f5d9 SH	267	#if HAVE_APPARMOR
	268	char *aa_profile;
	269	#endif
4a85ce2a	270
e075f5d9 SH	271	#if HAVE_APPARMOR /* \|\| HAVE_SELINUX \|\| HAVE_SMACK */
	272	int lsm_umount_proc;
	273	#endif
8f2c3a70	274	char *seccomp; // filename with the seccomp rules
769872f9 SH	275	#if HAVE_SCMP_FILTER_CTX
	276	scmp_filter_ctx *seccomp_ctx;
	277	#endif
72d0e1cb	278	int maincmd_fd;
c6883f38	279	int autodev; // if 1, mount and fill a /dev at start
a84b9932	280	int stopsignal; // signal used to stop container
7e0e1d94	281	int kmsg; // if 1, create /dev/kmsg symlink
f7bee6c6	282	char *rcfile; // Copy of the top level rcfile we read
571e6ec8 DL	283	};
571e6ec8 DL	284
26ddeedd	285	int run_lxc_hooks(const char name, char hook, struct lxc_conf *conf);
26ddeedd	286
ae5c8b8e	287	extern int setup_cgroup(const char cgpath, struct lxc_list cgroups);
cc28d0b0 SH	288	extern int detect_shared_rootfs(void);
cc28d0b0 SH	289
089cd8b8 DL	290	/*
	291	* Initialize the lxc configuration structure
	292	*/
7b379ab3	293	extern struct lxc_conf *lxc_conf_init(void);
8eb5694b	294	extern void lxc_conf_free(struct lxc_conf *conf);
089cd8b8	295
0c547523 SH	296	extern int pin_rootfs(const char *rootfs);
0c547523 SH	297
e3b4c4c4	298	extern int lxc_create_network(struct lxc_handler *handler);
74a2b586	299	extern void lxc_delete_network(struct lxc_handler *handler);
82d5ae15	300	extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
f6d3e3e4	301	extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
19a26f82	302	extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
0ad19a3f	303
5e4a62bf	304	extern int lxc_create_tty(const char name, struct lxc_conf conf);
b0a33c1e	305	extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
b0a33c1e	306
72d0e1cb	307	extern int lxc_clear_config_network(struct lxc_conf *c);
12a50cc6	308	extern int lxc_clear_nic(struct lxc_conf c, const char key);
72d0e1cb	309	extern int lxc_clear_config_caps(struct lxc_conf *c);
12a50cc6	310	extern int lxc_clear_cgroups(struct lxc_conf c, const char key);
72d0e1cb	311	extern int lxc_clear_mount_entries(struct lxc_conf *c);
12a50cc6	312	extern int lxc_clear_hooks(struct lxc_conf c, const char key);
72d0e1cb	313
f6d3e3e4 SH	314	extern int setup_cgroup(const char name, struct lxc_list cgroups);
	315
	316	extern int uid_shift_ttys(int pid, struct lxc_conf *conf);
	317
0ad19a3f	318	/*
	319	* Configure the container from inside
	320	*/
88d5514d	321
571e6ec8	322	extern int lxc_setup(const char name, struct lxc_conf lxc_conf);
7b35f3d6 SH	323
7b35f3d6 SH	324	extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
0ad19a3f	325	#endif