[mirror_lxc.git] / src / lxc / conf.h

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <dlezcano at fr.ibm.com>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */
#ifndef _conf_h
#define _conf_h

#include <netinet/in.h>
#include <net/if.h>
#include <sys/param.h>
#include <sys/types.h>
#include <stdbool.h>

#include <lxc/list.h>

#include <lxc/start.h> /* for lxc_handler */

#if HAVE_SCMP_FILTER_CTX
typedef void * scmp_filter_ctx;
#endif

enum {
	LXC_NET_EMPTY,
	LXC_NET_VETH,
	LXC_NET_MACVLAN,
	LXC_NET_PHYS,
	LXC_NET_VLAN,
	LXC_NET_MAXCONFTYPE,
};

/*
 * Defines the structure to configure an ipv4 address
 * @address   : ipv4 address
 * @broadcast : ipv4 broadcast address
 * @mask      : network mask
 */
struct lxc_inetdev {
	struct in_addr addr;
	struct in_addr bcast;
	int prefix;
};

struct lxc_route {
	struct in_addr addr;
};

/*
 * Defines the structure to configure an ipv6 address
 * @flags     : set the address up
 * @address   : ipv6 address
 * @broadcast : ipv6 broadcast address
 * @mask      : network mask
 */
struct lxc_inet6dev {
	struct in6_addr addr;
	struct in6_addr mcast;
	struct in6_addr acast;
	int prefix;
};

struct lxc_route6 {
	struct in6_addr addr;
};

struct ifla_veth {
	char *pair; /* pair name */
	char veth1[IFNAMSIZ]; /* needed for deconf */
};

struct ifla_vlan {
	uint   flags;
	uint   fmask;
	unsigned short   vid;
	unsigned short   pad;
};

struct ifla_macvlan {
	int mode; /* private, vepa, bridge */
};

union netdev_p {
	struct ifla_veth veth_attr;
	struct ifla_vlan vlan_attr;
	struct ifla_macvlan macvlan_attr;
};

/*
 * Defines a structure to configure a network device
 * @link       : lxc.network.link, name of bridge or host iface to attach if any
 * @name       : lxc.network.name, name of iface on the container side
 * @flags      : flag of the network device (IFF_UP, ... )
 * @ipv4       : a list of ipv4 addresses to be set on the network device
 * @ipv6       : a list of ipv6 addresses to be set on the network device
 * @upscript   : a script filename to be executed during interface configuration
 * @downscript : a script filename to be executed during interface destruction
 */
struct lxc_netdev {
	int type;
	int flags;
	int ifindex;
	char *link;
	char *name;
	char *hwaddr;
	char *mtu;
	union netdev_p priv;
	struct lxc_list ipv4;
	struct lxc_list ipv6;
	struct in_addr *ipv4_gateway;
	bool ipv4_gateway_auto;
	struct in6_addr *ipv6_gateway;
	bool ipv6_gateway_auto;
	char *upscript;
	char *downscript;
};

/*
 * Defines a generic struct to configure the control group.
 * It is up to the programmer to specify the right subsystem.
 * @subsystem : the targetted subsystem
 * @value     : the value to set
 */
struct lxc_cgroup {
	char *subsystem;
	char *value;
};

/*
 * Defines a structure containing a pty information for
 * virtualizing a tty
 * @name   : the path name of the slave pty side
 * @master : the file descriptor of the master
 * @slave  : the file descriptor of the slave
 */
struct lxc_pty_info {
	char name[MAXPATHLEN];
	int master;
	int slave;
	int busy;
};

/*
 * Defines the number of tty configured and contains the
 * instanciated ptys
 * @nbtty = number of configured ttys
 */
struct lxc_tty_info {
	int nbtty;
	struct lxc_pty_info *pty_info;
};

/*
 * Defines the structure to store the console information
 * @peer   : the file descriptor put/get console traffic
 * @name   : the file name of the slave pty
 */
struct lxc_console {
	int slave;
	int master;
	int peer;
	char *path;
	char *log_path;
	int log_fd;
	char name[MAXPATHLEN];
	struct termios *tios;
};

/*
 * Defines a structure to store the rootfs location, the
 * optionals pivot_root, rootfs mount paths
 * @rootfs     : a path to the rootfs
 * @pivot_root : a path to a pivot_root location to be used
 */
struct lxc_rootfs {
	char *path;
	char *mount;
	char *pivot;
};

/*
 * Defines the global container configuration
 * @rootfs     : root directory to run the container
 * @pivotdir   : pivotdir path, if not set default will be used
 * @mount      : list of mount points
 * @tty        : numbers of tty
 * @pts        : new pts instance
 * @mount_list : list of mount point (alternative to fstab file)
 * @network    : network configuration
 * @utsname    : container utsname
 * @fstab      : path to a fstab file format
 * @caps       : list of the capabilities
 * @tty_info   : tty data
 * @console    : console data
 * @ttydir     : directory (under /dev) in which to create console and ttys
#if HAVE_APPARMOR
 * @aa_profile : apparmor profile to switch to
#endif
 */
enum lxchooks {
	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
	LXCHOOK_START, LXCHOOK_POSTSTOP, NUM_LXC_HOOKS};
extern char *lxchook_names[NUM_LXC_HOOKS];

struct saved_nic {
	int ifindex;
	char *orig_name;
};

struct lxc_conf {
	char *fstab;
	int tty;
	int pts;
	int reboot;
	int need_utmp_watch;
	int personality;
	struct utsname *utsname;
	struct lxc_list cgroup;
	struct lxc_list network;
	struct saved_nic *saved_nics;
	int num_savednics;
	struct lxc_list mount_list;
	struct lxc_list caps;
	struct lxc_tty_info tty_info;
	struct lxc_console console;
	struct lxc_rootfs rootfs;
	char *ttydir;
	int close_all_fds;
	struct lxc_list hooks[NUM_LXC_HOOKS];
#if HAVE_APPARMOR
	char *aa_profile;
#endif

#if HAVE_APPARMOR /* || HAVE_SELINUX || HAVE_SMACK */
	int lsm_umount_proc;
#endif
	char *seccomp;  // filename with the seccomp rules
#if HAVE_SCMP_FILTER_CTX
	scmp_filter_ctx *seccomp_ctx;
#endif
	int maincmd_fd;
	int autodev;  // if 1, mount and fill a /dev at start
	char *rcfile;	// Copy of the top level rcfile we read
};

int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf);

extern int setup_cgroup(const char *name, struct lxc_list *cgroups);
extern int detect_shared_rootfs(void);

/*
 * Initialize the lxc configuration structure
 */
extern struct lxc_conf *lxc_conf_init(void);
extern void lxc_conf_free(struct lxc_conf *conf);

extern int pin_rootfs(const char *rootfs);

extern int lxc_create_network(struct lxc_handler *handler);
extern void lxc_delete_network(struct lxc_handler *handler);
extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
extern int lxc_find_gateway_addresses(struct lxc_handler *handler);

extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
extern void lxc_delete_tty(struct lxc_tty_info *tty_info);

extern int lxc_clear_config_network(struct lxc_conf *c);
extern int lxc_clear_nic(struct lxc_conf *c, const char *key);
extern int lxc_clear_config_caps(struct lxc_conf *c);
extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
extern int lxc_clear_mount_entries(struct lxc_conf *c);
extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);

/*
 * Configure the container from inside
 */

extern int lxc_setup(const char *name, struct lxc_conf *lxc_conf);

extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
#endif
Commit	Line	Data
0ad19a3f	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
	7	* Daniel Lezcano <dlezcano at fr.ibm.com>
	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
	21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	22	*/
	23	#ifndef _conf_h
	24	#define _conf_h
	25
	26	#include <netinet/in.h>
74a2b586	27	#include <net/if.h>
b0a33c1e	28	#include <sys/param.h>
8173e600	29	#include <sys/types.h>
19a26f82	30	#include <stdbool.h>
0ad19a3f	31
00b3c2e2 CLG	32	#include <lxc/list.h>
00b3c2e2 CLG	33
43de51b7	34	#include <lxc/start.h> /* for lxc_handler */
e3b4c4c4	35
769872f9 SH	36	#if HAVE_SCMP_FILTER_CTX
	37	typedef void * scmp_filter_ctx;
	38	#endif
	39
13954cce	40	enum {
24654103 DL	41	LXC_NET_EMPTY,
	42	LXC_NET_VETH,
	43	LXC_NET_MACVLAN,
	44	LXC_NET_PHYS,
	45	LXC_NET_VLAN,
	46	LXC_NET_MAXCONFTYPE,
0ad19a3f	47	};
	48
	49	/*
	50	* Defines the structure to configure an ipv4 address
	51	* @address : ipv4 address
	52	* @broadcast : ipv4 broadcast address
	53	* @mask : network mask
	54	*/
	55	struct lxc_inetdev {
	56	struct in_addr addr;
	57	struct in_addr bcast;
	58	int prefix;
	59	};
	60
	61	struct lxc_route {
	62	struct in_addr addr;
	63	};
	64
	65	/*
	66	* Defines the structure to configure an ipv6 address
	67	* @flags : set the address up
	68	* @address : ipv6 address
	69	* @broadcast : ipv6 broadcast address
	70	* @mask : network mask
	71	*/
	72	struct lxc_inet6dev {
	73	struct in6_addr addr;
0093bb8c	74	struct in6_addr mcast;
0ad19a3f	75	struct in6_addr acast;
	76	int prefix;
	77	};
	78
	79	struct lxc_route6 {
	80	struct in6_addr addr;
	81	};
26c39028	82
e892973e DL	83	struct ifla_veth {
e892973e DL	84	char pair; / pair name */
74a2b586	85	char veth1[IFNAMSIZ]; /* needed for deconf */
e892973e DL	86	};
e892973e DL	87
26c39028 JHS	88	struct ifla_vlan {
	89	uint flags;
	90	uint fmask;
7c11d57a SG	91	unsigned short vid;
7c11d57a SG	92	unsigned short pad;
26c39028 JHS	93	};
26c39028 JHS	94
e892973e DL	95	struct ifla_macvlan {
	96	int mode; /* private, vepa, bridge */
	97	};
	98
f6cc1de1	99	union netdev_p {
e892973e	100	struct ifla_veth veth_attr;
f6cc1de1	101	struct ifla_vlan vlan_attr;
e892973e	102	struct ifla_macvlan macvlan_attr;
f6cc1de1 JHS	103	};
f6cc1de1 JHS	104
0ad19a3f	105	/*
0ad19a3f	106	* Defines a structure to configure a network device
e3b4c4c4 ST	107	* @link : lxc.network.link, name of bridge or host iface to attach if any
	108	* @name : lxc.network.name, name of iface on the container side
	109	* @flags : flag of the network device (IFF_UP, ... )
	110	* @ipv4 : a list of ipv4 addresses to be set on the network device
	111	* @ipv6 : a list of ipv6 addresses to be set on the network device
	112	* @upscript : a script filename to be executed during interface configuration
74a2b586	113	* @downscript : a script filename to be executed during interface destruction
0ad19a3f	114	*/
0ad19a3f	115	struct lxc_netdev {
5f4535a3	116	int type;
0ad19a3f	117	int flags;
82d5ae15	118	int ifindex;
9d083402 MT	119	char *link;
9d083402 MT	120	char *name;
0ad19a3f	121	char *hwaddr;
442cbbe6	122	char *mtu;
f6cc1de1	123	union netdev_p priv;
0ad19a3f	124	struct lxc_list ipv4;
0ad19a3f	125	struct lxc_list ipv6;
f8fee0e2	126	struct in_addr *ipv4_gateway;
19a26f82	127	bool ipv4_gateway_auto;
f8fee0e2	128	struct in6_addr *ipv6_gateway;
19a26f82	129	bool ipv6_gateway_auto;
e3b4c4c4	130	char *upscript;
74a2b586	131	char *downscript;
0ad19a3f	132	};
	133
	134	/*
576f946d	135	* Defines a generic struct to configure the control group.
	136	* It is up to the programmer to specify the right subsystem.
	137	* @subsystem : the targetted subsystem
	138	* @value : the value to set
0ad19a3f	139	*/
0ad19a3f	140	struct lxc_cgroup {
576f946d	141	char *subsystem;
576f946d	142	char *value;
0ad19a3f	143	};
0ad19a3f	144
b0a33c1e	145	/*
	146	* Defines a structure containing a pty information for
	147	* virtualizing a tty
	148	* @name : the path name of the slave pty side
	149	* @master : the file descriptor of the master
	150	* @slave : the file descriptor of the slave
	151	*/
	152	struct lxc_pty_info {
	153	char name[MAXPATHLEN];
	154	int master;
	155	int slave;
	156	int busy;
	157	};
	158
	159	/*
	160	* Defines the number of tty configured and contains the
	161	* instanciated ptys
	162	* @nbtty = number of configured ttys
	163	*/
	164	struct lxc_tty_info {
	165	int nbtty;
	166	struct lxc_pty_info *pty_info;
	167	};
	168
63376d7d DL	169	/*
	170	* Defines the structure to store the console information
	171	* @peer : the file descriptor put/get console traffic
	172	* @name : the file name of the slave pty
	173	*/
	174	struct lxc_console {
	175	int slave;
	176	int master;
	177	int peer;
28a4b0e5	178	char *path;
596a818d DE	179	char *log_path;
596a818d DE	180	int log_fd;
63376d7d	181	char name[MAXPATHLEN];
e0dc0de7	182	struct termios *tios;
63376d7d DL	183	};
63376d7d DL	184
33fcb7a0 DL	185	/*
	186	* Defines a structure to store the rootfs location, the
	187	* optionals pivot_root, rootfs mount paths
	188	* @rootfs : a path to the rootfs
	189	* @pivot_root : a path to a pivot_root location to be used
	190	*/
	191	struct lxc_rootfs {
	192	char *path;
23b7ea69	193	char *mount;
33fcb7a0 DL	194	char *pivot;
	195	};
	196
571e6ec8 DL	197	/*
571e6ec8 DL	198	* Defines the global container configuration
63376d7d DL	199	* @rootfs : root directory to run the container
	200	* @pivotdir : pivotdir path, if not set default will be used
	201	* @mount : list of mount points
	202	* @tty : numbers of tty
	203	* @pts : new pts instance
	204	* @mount_list : list of mount point (alternative to fstab file)
	205	* @network : network configuration
	206	* @utsname : container utsname
	207	* @fstab : path to a fstab file format
	208	* @caps : list of the capabilities
	209	* @tty_info : tty data
	210	* @console : console data
7c6ef2a2	211	* @ttydir : directory (under /dev) in which to create console and ttys
e075f5d9 SH	212	#if HAVE_APPARMOR
	213	* @aa_profile : apparmor profile to switch to
	214	#endif
571e6ec8	215	*/
26ddeedd	216	enum lxchooks {
f7bee6c6 MW	217	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
f7bee6c6 MW	218	LXCHOOK_START, LXCHOOK_POSTSTOP, NUM_LXC_HOOKS};
72d0e1cb SG	219	extern char *lxchook_names[NUM_LXC_HOOKS];
72d0e1cb SG	220
7b35f3d6 SH	221	struct saved_nic {
	222	int ifindex;
	223	char *orig_name;
	224	};
	225
571e6ec8	226	struct lxc_conf {
571e6ec8 DL	227	char *fstab;
	228	int tty;
	229	int pts;
91480a0f	230	int reboot;
828695d9	231	int need_utmp_watch;
cccc74b5	232	int personality;
571e6ec8 DL	233	struct utsname *utsname;
571e6ec8 DL	234	struct lxc_list cgroup;
5f4535a3	235	struct lxc_list network;
7b35f3d6 SH	236	struct saved_nic *saved_nics;
7b35f3d6 SH	237	int num_savednics;
e7938e9e	238	struct lxc_list mount_list;
81810dd1	239	struct lxc_list caps;
571e6ec8	240	struct lxc_tty_info tty_info;
63376d7d	241	struct lxc_console console;
33fcb7a0	242	struct lxc_rootfs rootfs;
7c6ef2a2	243	char *ttydir;
b119f362	244	int close_all_fds;
26ddeedd	245	struct lxc_list hooks[NUM_LXC_HOOKS];
e075f5d9 SH	246	#if HAVE_APPARMOR
	247	char *aa_profile;
	248	#endif
4a85ce2a	249
e075f5d9 SH	250	#if HAVE_APPARMOR /* \|\| HAVE_SELINUX \|\| HAVE_SMACK */
	251	int lsm_umount_proc;
	252	#endif
8f2c3a70	253	char *seccomp; // filename with the seccomp rules
769872f9 SH	254	#if HAVE_SCMP_FILTER_CTX
	255	scmp_filter_ctx *seccomp_ctx;
	256	#endif
72d0e1cb	257	int maincmd_fd;
c6883f38	258	int autodev; // if 1, mount and fill a /dev at start
f7bee6c6	259	char *rcfile; // Copy of the top level rcfile we read
571e6ec8 DL	260	};
571e6ec8 DL	261
26ddeedd	262	int run_lxc_hooks(const char name, char hook, struct lxc_conf *conf);
26ddeedd	263
cc28d0b0 SH	264	extern int setup_cgroup(const char name, struct lxc_list cgroups);
	265	extern int detect_shared_rootfs(void);
	266
089cd8b8 DL	267	/*
	268	* Initialize the lxc configuration structure
	269	*/
7b379ab3	270	extern struct lxc_conf *lxc_conf_init(void);
8eb5694b	271	extern void lxc_conf_free(struct lxc_conf *conf);
089cd8b8	272
0c547523 SH	273	extern int pin_rootfs(const char *rootfs);
0c547523 SH	274
e3b4c4c4	275	extern int lxc_create_network(struct lxc_handler *handler);
74a2b586	276	extern void lxc_delete_network(struct lxc_handler *handler);
82d5ae15	277	extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
19a26f82	278	extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
0ad19a3f	279
5e4a62bf	280	extern int lxc_create_tty(const char name, struct lxc_conf conf);
b0a33c1e	281	extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
b0a33c1e	282
72d0e1cb	283	extern int lxc_clear_config_network(struct lxc_conf *c);
12a50cc6	284	extern int lxc_clear_nic(struct lxc_conf c, const char key);
72d0e1cb	285	extern int lxc_clear_config_caps(struct lxc_conf *c);
12a50cc6	286	extern int lxc_clear_cgroups(struct lxc_conf c, const char key);
72d0e1cb	287	extern int lxc_clear_mount_entries(struct lxc_conf *c);
12a50cc6	288	extern int lxc_clear_hooks(struct lxc_conf c, const char key);
72d0e1cb	289
0ad19a3f	290	/*
	291	* Configure the container from inside
	292	*/
88d5514d	293
571e6ec8	294	extern int lxc_setup(const char name, struct lxc_conf lxc_conf);
7b35f3d6 SH	295
7b35f3d6 SH	296	extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
0ad19a3f	297	#endif