[mirror_lxc.git] / src / lxc / conf.h

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <daniel.lezcano at free.fr>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 */
#ifndef __LXC_CONF_H
#define __LXC_CONF_H

#include "config.h"

#include <netinet/in.h>
#include <net/if.h>
#include <sys/param.h>
#include <sys/types.h>
#include <stdbool.h>

#include "list.h"
#include "start.h" /* for lxc_handler */

#if HAVE_SCMP_FILTER_CTX
typedef void * scmp_filter_ctx;
#endif

enum {
	LXC_NET_EMPTY,
	LXC_NET_VETH,
	LXC_NET_MACVLAN,
	LXC_NET_PHYS,
	LXC_NET_VLAN,
	LXC_NET_NONE,
	LXC_NET_MAXCONFTYPE,
};

/*
 * Defines the structure to configure an ipv4 address
 * @address   : ipv4 address
 * @broadcast : ipv4 broadcast address
 * @mask      : network mask
 */
struct lxc_inetdev {
	struct in_addr addr;
	struct in_addr bcast;
	int prefix;
};

struct lxc_route {
	struct in_addr addr;
};

/*
 * Defines the structure to configure an ipv6 address
 * @flags     : set the address up
 * @address   : ipv6 address
 * @broadcast : ipv6 broadcast address
 * @mask      : network mask
 */
struct lxc_inet6dev {
	struct in6_addr addr;
	struct in6_addr mcast;
	struct in6_addr acast;
	int prefix;
};

struct lxc_route6 {
	struct in6_addr addr;
};

struct ifla_veth {
	char *pair; /* pair name */
	char veth1[IFNAMSIZ]; /* needed for deconf */
};

struct ifla_vlan {
	unsigned int   flags;
	unsigned int   fmask;
	unsigned short   vid;
	unsigned short   pad;
};

struct ifla_macvlan {
	int mode; /* private, vepa, bridge */
};

union netdev_p {
	struct ifla_veth veth_attr;
	struct ifla_vlan vlan_attr;
	struct ifla_macvlan macvlan_attr;
};

/*
 * Defines a structure to configure a network device
 * @link       : lxc.network.link, name of bridge or host iface to attach if any
 * @name       : lxc.network.name, name of iface on the container side
 * @flags      : flag of the network device (IFF_UP, ... )
 * @ipv4       : a list of ipv4 addresses to be set on the network device
 * @ipv6       : a list of ipv6 addresses to be set on the network device
 * @upscript   : a script filename to be executed during interface configuration
 * @downscript : a script filename to be executed during interface destruction
 */
struct lxc_netdev {
	int type;
	int flags;
	int ifindex;
	char *link;
	char *name;
	char *hwaddr;
	char *mtu;
	union netdev_p priv;
	struct lxc_list ipv4;
	struct lxc_list ipv6;
	struct in_addr *ipv4_gateway;
	bool ipv4_gateway_auto;
	struct in6_addr *ipv6_gateway;
	bool ipv6_gateway_auto;
	char *upscript;
	char *downscript;
};

/*
 * Defines a generic struct to configure the control group.
 * It is up to the programmer to specify the right subsystem.
 * @subsystem : the targetted subsystem
 * @value     : the value to set
 */
struct lxc_cgroup {
	char *subsystem;
	char *value;
};

enum idtype {
	ID_TYPE_UID,
	ID_TYPE_GID
};

/*
 * id_map is an id map entry.  Form in confile is:
 * lxc.id_map = u 0    9800 100
 * lxc.id_map = u 1000 9900 100
 * lxc.id_map = g 0    9800 100
 * lxc.id_map = g 1000 9900 100
 * meaning the container can use uids and gids 0-99 and 1000-1099,
 * with [ug]id 0 mapping to [ug]id 9800 on the host, and [ug]id 1000 to
 * [ug]id 9900 on the host.
 */
struct id_map {
	enum idtype idtype;
	unsigned long hostid, nsid, range;
};

/*
 * Defines a structure containing a pty information for
 * virtualizing a tty
 * @name   : the path name of the slave pty side
 * @master : the file descriptor of the master
 * @slave  : the file descriptor of the slave
 */
struct lxc_pty_info {
	char name[MAXPATHLEN];
	int master;
	int slave;
	int busy;
};

/*
 * Defines the number of tty configured and contains the
 * instanciated ptys
 * @nbtty = number of configured ttys
 */
struct lxc_tty_info {
	int nbtty;
	struct lxc_pty_info *pty_info;
};

struct lxc_tty_state;

/*
 * Defines the structure to store the console information
 * @peer   : the file descriptor put/get console traffic
 * @name   : the file name of the slave pty
 */
struct lxc_console {
	int slave;
	int master;
	int peer;
	struct lxc_pty_info peerpty;
	struct lxc_epoll_descr *descr;
	char *path;
	char *log_path;
	int log_fd;
	char name[MAXPATHLEN];
	struct termios *tios;
	struct lxc_tty_state *tty_state;
};

/*
 * Defines a structure to store the rootfs location, the
 * optionals pivot_root, rootfs mount paths
 * @rootfs     : a path to the rootfs
 * @pivot_root : a path to a pivot_root location to be used
 */
struct lxc_rootfs {
	char *path;
	char *mount;
	char *pivot;
	char *options;
};

/*
 * Automatic mounts for LXC to perform inside the container
 */
enum {
	LXC_AUTO_PROC_RW              = 0x001,   /* /proc read-write */
	LXC_AUTO_PROC_MIXED           = 0x002,   /* /proc/sys and /proc/sysrq-trigger read-only */
	LXC_AUTO_PROC_MASK            = 0x003,

	LXC_AUTO_SYS_RW               = 0x004,   /* /sys */
	LXC_AUTO_SYS_RO               = 0x008,   /* /sys read-only */
	LXC_AUTO_SYS_MASK             = 0x00C,

	LXC_AUTO_CGROUP_RO            = 0x010,   /* /sys/fs/cgroup (partial mount, read-only) */
	LXC_AUTO_CGROUP_RW            = 0x020,   /* /sys/fs/cgroup (partial mount, read-write) */
	LXC_AUTO_CGROUP_MIXED         = 0x030,   /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
	LXC_AUTO_CGROUP_FULL_RO       = 0x040,   /* /sys/fs/cgroup (full mount, read-only) */
	LXC_AUTO_CGROUP_FULL_RW       = 0x050,   /* /sys/fs/cgroup (full mount, read-write) */
	LXC_AUTO_CGROUP_FULL_MIXED    = 0x060,   /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
	/* These are defined in such a way as to retain
	 * binary compatibility with earlier versions of
	 * this code. If the previous mask is applied,
	 * both of these will default back to the _MIXED
	 * variants, which is safe. */
	LXC_AUTO_CGROUP_NOSPEC        = 0x0B0,   /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
	LXC_AUTO_CGROUP_FULL_NOSPEC   = 0x0E0,   /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
	LXC_AUTO_CGROUP_MASK          = 0x0F0,

	LXC_AUTO_ALL_MASK             = 0x0FF,   /* all known settings */
};

/*
 * Defines the global container configuration
 * @rootfs     : root directory to run the container
 * @pivotdir   : pivotdir path, if not set default will be used
 * @mount      : list of mount points
 * @tty        : numbers of tty
 * @pts        : new pts instance
 * @mount_list : list of mount point (alternative to fstab file)
 * @network    : network configuration
 * @utsname    : container utsname
 * @fstab      : path to a fstab file format
 * @caps       : list of the capabilities to drop
 * @keepcaps   : list of the capabilities to keep
 * @tty_info   : tty data
 * @console    : console data
 * @ttydir     : directory (under /dev) in which to create console and ttys
 * @lsm_aa_profile : apparmor profile to switch to or NULL
 * @lsm_se_context : selinux type to switch to or NULL
 */
enum lxchooks {
	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
	LXCHOOK_START, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, NUM_LXC_HOOKS};
extern char *lxchook_names[NUM_LXC_HOOKS];

struct saved_nic {
	int ifindex;
	char *orig_name;
};

struct lxc_conf {
	int is_execute;
	char *fstab;
	int tty;
	int pts;
	int reboot;
	int need_utmp_watch;
	int personality;
	struct utsname *utsname;
	struct lxc_list cgroup;
	struct lxc_list id_map;
	struct lxc_list network;
	struct saved_nic *saved_nics;
	int num_savednics;
	int auto_mounts;
	struct lxc_list mount_list;
	struct lxc_list caps;
	struct lxc_list keepcaps;
	struct lxc_tty_info tty_info;
	struct lxc_console console;
	struct lxc_rootfs rootfs;
	char *ttydir;
	int close_all_fds;
	struct lxc_list hooks[NUM_LXC_HOOKS];

	char *lsm_aa_profile;
	char *lsm_se_context;
	int tmp_umount_proc;
	char *seccomp;  // filename with the seccomp rules
#if HAVE_SCMP_FILTER_CTX
	scmp_filter_ctx *seccomp_ctx;
#endif
	int maincmd_fd;
	int autodev;  // if 1, mount and fill a /dev at start
	int haltsignal; // signal used to halt container
	int stopsignal; // signal used to hard stop container
	int kmsg;  // if 1, create /dev/kmsg symlink
	char *rcfile;	// Copy of the top level rcfile we read

	// Logfile and logleve can be set in a container config file.
	// Those function as defaults.  The defaults can be overriden
	// by command line.  However we don't want the command line
	// specified values to be saved on c->save_config().  So we
	// store the config file specified values here.
	char *logfile;  // the logfile as specifed in config
	int loglevel;   // loglevel as specifed in config (if any)

	int inherit_ns_fd[LXC_NS_MAX];

	int start_auto;
	int start_delay;
	int start_order;
	struct lxc_list groups;
};

int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
		  const char *lxcpath, char *argv[]);

extern int detect_shared_rootfs(void);

/*
 * Initialize the lxc configuration structure
 */
extern struct lxc_conf *lxc_conf_init(void);
extern void lxc_conf_free(struct lxc_conf *conf);

extern int pin_rootfs(const char *rootfs);

extern int lxc_requests_empty_network(struct lxc_handler *handler);
extern int lxc_create_network(struct lxc_handler *handler);
extern void lxc_delete_network(struct lxc_handler *handler);
extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
extern int lxc_find_gateway_addresses(struct lxc_handler *handler);

extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
extern void lxc_delete_tty(struct lxc_tty_info *tty_info);

extern int lxc_clear_config_network(struct lxc_conf *c);
extern int lxc_clear_nic(struct lxc_conf *c, const char *key);
extern int lxc_clear_config_caps(struct lxc_conf *c);
extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
extern int lxc_clear_mount_entries(struct lxc_conf *c);
extern int lxc_clear_automounts(struct lxc_conf *c);
extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
extern int lxc_clear_idmaps(struct lxc_conf *c);
extern int lxc_clear_groups(struct lxc_conf *c);

/*
 * Configure the container from inside
 */

struct cgroup_process_info;
extern int lxc_setup(struct lxc_handler *handler);

extern void lxc_rename_phys_nics_on_shutdown(int netnsfd, struct lxc_conf *conf);

extern int find_unmapped_nsuid(struct lxc_conf *conf, enum idtype idtype);
extern int mapped_hostid(unsigned id, struct lxc_conf *conf, enum idtype idtype);
extern int chown_mapped_root(char *path, struct lxc_conf *conf);
extern int ttys_shift_ids(struct lxc_conf *c);
extern int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data);
extern int parse_mntopts(const char *mntopts, unsigned long *mntflags,
			 char **mntdata);
extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
#endif
Commit	Line	Data
0ad19a3f	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
9afe19d6	7	* Daniel Lezcano <daniel.lezcano at free.fr>
0ad19a3f	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
250b1eec	21	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
0ad19a3f	22	*/
f1a4a029 ÇO	23	#ifndef __LXC_CONF_H
f1a4a029 ÇO	24	#define __LXC_CONF_H
0ad19a3f	25
f424fa8f SG	26	#include "config.h"
f424fa8f SG	27
0ad19a3f	28	#include <netinet/in.h>
74a2b586	29	#include <net/if.h>
b0a33c1e	30	#include <sys/param.h>
8173e600	31	#include <sys/types.h>
19a26f82	32	#include <stdbool.h>
0ad19a3f	33
f2363e38 ÇO	34	#include "list.h"
f2363e38 ÇO	35	#include "start.h" /* for lxc_handler */
e3b4c4c4	36
769872f9 SH	37	#if HAVE_SCMP_FILTER_CTX
	38	typedef void * scmp_filter_ctx;
	39	#endif
	40
13954cce	41	enum {
24654103 DL	42	LXC_NET_EMPTY,
	43	LXC_NET_VETH,
	44	LXC_NET_MACVLAN,
	45	LXC_NET_PHYS,
	46	LXC_NET_VLAN,
26b797f3	47	LXC_NET_NONE,
24654103	48	LXC_NET_MAXCONFTYPE,
0ad19a3f	49	};
	50
	51	/*
	52	* Defines the structure to configure an ipv4 address
	53	* @address : ipv4 address
	54	* @broadcast : ipv4 broadcast address
	55	* @mask : network mask
	56	*/
	57	struct lxc_inetdev {
	58	struct in_addr addr;
	59	struct in_addr bcast;
	60	int prefix;
	61	};
	62
	63	struct lxc_route {
	64	struct in_addr addr;
	65	};
	66
	67	/*
	68	* Defines the structure to configure an ipv6 address
	69	* @flags : set the address up
	70	* @address : ipv6 address
	71	* @broadcast : ipv6 broadcast address
	72	* @mask : network mask
	73	*/
	74	struct lxc_inet6dev {
	75	struct in6_addr addr;
0093bb8c	76	struct in6_addr mcast;
0ad19a3f	77	struct in6_addr acast;
	78	int prefix;
	79	};
	80
	81	struct lxc_route6 {
	82	struct in6_addr addr;
	83	};
26c39028	84
e892973e DL	85	struct ifla_veth {
e892973e DL	86	char pair; / pair name */
74a2b586	87	char veth1[IFNAMSIZ]; /* needed for deconf */
e892973e DL	88	};
e892973e DL	89
26c39028	90	struct ifla_vlan {
85dce4a5 NC	91	unsigned int flags;
85dce4a5 NC	92	unsigned int fmask;
7c11d57a SG	93	unsigned short vid;
7c11d57a SG	94	unsigned short pad;
26c39028 JHS	95	};
26c39028 JHS	96
e892973e DL	97	struct ifla_macvlan {
	98	int mode; /* private, vepa, bridge */
	99	};
	100
f6cc1de1	101	union netdev_p {
e892973e	102	struct ifla_veth veth_attr;
f6cc1de1	103	struct ifla_vlan vlan_attr;
e892973e	104	struct ifla_macvlan macvlan_attr;
f6cc1de1 JHS	105	};
f6cc1de1 JHS	106
0ad19a3f	107	/*
0ad19a3f	108	* Defines a structure to configure a network device
e3b4c4c4 ST	109	* @link : lxc.network.link, name of bridge or host iface to attach if any
	110	* @name : lxc.network.name, name of iface on the container side
	111	* @flags : flag of the network device (IFF_UP, ... )
	112	* @ipv4 : a list of ipv4 addresses to be set on the network device
	113	* @ipv6 : a list of ipv6 addresses to be set on the network device
	114	* @upscript : a script filename to be executed during interface configuration
74a2b586	115	* @downscript : a script filename to be executed during interface destruction
0ad19a3f	116	*/
0ad19a3f	117	struct lxc_netdev {
5f4535a3	118	int type;
0ad19a3f	119	int flags;
82d5ae15	120	int ifindex;
9d083402 MT	121	char *link;
9d083402 MT	122	char *name;
0ad19a3f	123	char *hwaddr;
442cbbe6	124	char *mtu;
f6cc1de1	125	union netdev_p priv;
0ad19a3f	126	struct lxc_list ipv4;
0ad19a3f	127	struct lxc_list ipv6;
f8fee0e2	128	struct in_addr *ipv4_gateway;
19a26f82	129	bool ipv4_gateway_auto;
f8fee0e2	130	struct in6_addr *ipv6_gateway;
19a26f82	131	bool ipv6_gateway_auto;
e3b4c4c4	132	char *upscript;
74a2b586	133	char *downscript;
0ad19a3f	134	};
	135
	136	/*
576f946d	137	* Defines a generic struct to configure the control group.
	138	* It is up to the programmer to specify the right subsystem.
	139	* @subsystem : the targetted subsystem
	140	* @value : the value to set
0ad19a3f	141	*/
0ad19a3f	142	struct lxc_cgroup {
576f946d	143	char *subsystem;
576f946d	144	char *value;
0ad19a3f	145	};
0ad19a3f	146
f6d3e3e4 SH	147	enum idtype {
	148	ID_TYPE_UID,
	149	ID_TYPE_GID
	150	};
	151
	152	/*
	153	* id_map is an id map entry. Form in confile is:
251d0d2a DE	154	* lxc.id_map = u 0 9800 100
	155	* lxc.id_map = u 1000 9900 100
	156	* lxc.id_map = g 0 9800 100
	157	* lxc.id_map = g 1000 9900 100
	158	* meaning the container can use uids and gids 0-99 and 1000-1099,
	159	* with [ug]id 0 mapping to [ug]id 9800 on the host, and [ug]id 1000 to
	160	* [ug]id 9900 on the host.
f6d3e3e4 SH	161	*/
	162	struct id_map {
	163	enum idtype idtype;
251d0d2a	164	unsigned long hostid, nsid, range;
f6d3e3e4 SH	165	};
f6d3e3e4 SH	166
b0a33c1e	167	/*
	168	* Defines a structure containing a pty information for
	169	* virtualizing a tty
	170	* @name : the path name of the slave pty side
	171	* @master : the file descriptor of the master
	172	* @slave : the file descriptor of the slave
	173	*/
	174	struct lxc_pty_info {
	175	char name[MAXPATHLEN];
	176	int master;
	177	int slave;
	178	int busy;
	179	};
	180
	181	/*
	182	* Defines the number of tty configured and contains the
	183	* instanciated ptys
	184	* @nbtty = number of configured ttys
	185	*/
	186	struct lxc_tty_info {
	187	int nbtty;
	188	struct lxc_pty_info *pty_info;
	189	};
	190
b5159817 DE	191	struct lxc_tty_state;
b5159817 DE	192
63376d7d DL	193	/*
	194	* Defines the structure to store the console information
	195	* @peer : the file descriptor put/get console traffic
	196	* @name : the file name of the slave pty
	197	*/
	198	struct lxc_console {
	199	int slave;
	200	int master;
	201	int peer;
b5159817 DE	202	struct lxc_pty_info peerpty;
b5159817 DE	203	struct lxc_epoll_descr *descr;
28a4b0e5	204	char *path;
596a818d DE	205	char *log_path;
596a818d DE	206	int log_fd;
63376d7d	207	char name[MAXPATHLEN];
e0dc0de7	208	struct termios *tios;
b5159817	209	struct lxc_tty_state *tty_state;
63376d7d DL	210	};
63376d7d DL	211
33fcb7a0 DL	212	/*
	213	* Defines a structure to store the rootfs location, the
	214	* optionals pivot_root, rootfs mount paths
	215	* @rootfs : a path to the rootfs
	216	* @pivot_root : a path to a pivot_root location to be used
	217	*/
	218	struct lxc_rootfs {
	219	char *path;
23b7ea69	220	char *mount;
33fcb7a0	221	char *pivot;
a17b1e65	222	char *options;
33fcb7a0 DL	223	};
33fcb7a0 DL	224
368bbc02 CS	225	/*
	226	* Automatic mounts for LXC to perform inside the container
	227	*/
	228	enum {
b06b8511 CS	229	LXC_AUTO_PROC_RW = 0x001, /* /proc read-write */
	230	LXC_AUTO_PROC_MIXED = 0x002, /* /proc/sys and /proc/sysrq-trigger read-only */
	231	LXC_AUTO_PROC_MASK = 0x003,
	232
	233	LXC_AUTO_SYS_RW = 0x004, /* /sys */
	234	LXC_AUTO_SYS_RO = 0x008, /* /sys read-only */
	235	LXC_AUTO_SYS_MASK = 0x00C,
	236
	237	LXC_AUTO_CGROUP_RO = 0x010, /* /sys/fs/cgroup (partial mount, read-only) */
	238	LXC_AUTO_CGROUP_RW = 0x020, /* /sys/fs/cgroup (partial mount, read-write) */
	239	LXC_AUTO_CGROUP_MIXED = 0x030, /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
	240	LXC_AUTO_CGROUP_FULL_RO = 0x040, /* /sys/fs/cgroup (full mount, read-only) */
	241	LXC_AUTO_CGROUP_FULL_RW = 0x050, /* /sys/fs/cgroup (full mount, read-write) */
	242	LXC_AUTO_CGROUP_FULL_MIXED = 0x060, /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
0769b82a CS	243	/* These are defined in such a way as to retain
	244	* binary compatibility with earlier versions of
	245	* this code. If the previous mask is applied,
	246	* both of these will default back to the _MIXED
	247	* variants, which is safe. */
	248	LXC_AUTO_CGROUP_NOSPEC = 0x0B0, /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
	249	LXC_AUTO_CGROUP_FULL_NOSPEC = 0x0E0, /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
	250	LXC_AUTO_CGROUP_MASK = 0x0F0,
b06b8511	251
0769b82a	252	LXC_AUTO_ALL_MASK = 0x0FF, /* all known settings */
368bbc02 CS	253	};
368bbc02 CS	254
571e6ec8 DL	255	/*
571e6ec8 DL	256	* Defines the global container configuration
63376d7d DL	257	* @rootfs : root directory to run the container
	258	* @pivotdir : pivotdir path, if not set default will be used
	259	* @mount : list of mount points
	260	* @tty : numbers of tty
	261	* @pts : new pts instance
	262	* @mount_list : list of mount point (alternative to fstab file)
	263	* @network : network configuration
	264	* @utsname : container utsname
	265	* @fstab : path to a fstab file format
1fb86a7c SH	266	* @caps : list of the capabilities to drop
1fb86a7c SH	267	* @keepcaps : list of the capabilities to keep
63376d7d DL	268	* @tty_info : tty data
63376d7d DL	269	* @console : console data
7c6ef2a2	270	* @ttydir : directory (under /dev) in which to create console and ttys
fe4de9a6 DE	271	* @lsm_aa_profile : apparmor profile to switch to or NULL
fe4de9a6 DE	272	* @lsm_se_context : selinux type to switch to or NULL
571e6ec8	273	*/
26ddeedd	274	enum lxchooks {
f7bee6c6	275	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
148e91f5	276	LXCHOOK_START, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, NUM_LXC_HOOKS};
72d0e1cb SG	277	extern char *lxchook_names[NUM_LXC_HOOKS];
72d0e1cb SG	278
7b35f3d6 SH	279	struct saved_nic {
	280	int ifindex;
	281	char *orig_name;
	282	};
	283
571e6ec8	284	struct lxc_conf {
37903589	285	int is_execute;
571e6ec8 DL	286	char *fstab;
	287	int tty;
	288	int pts;
91480a0f	289	int reboot;
828695d9	290	int need_utmp_watch;
cccc74b5	291	int personality;
571e6ec8 DL	292	struct utsname *utsname;
571e6ec8 DL	293	struct lxc_list cgroup;
f6d3e3e4	294	struct lxc_list id_map;
5f4535a3	295	struct lxc_list network;
7b35f3d6 SH	296	struct saved_nic *saved_nics;
7b35f3d6 SH	297	int num_savednics;
368bbc02	298	int auto_mounts;
e7938e9e	299	struct lxc_list mount_list;
81810dd1	300	struct lxc_list caps;
1fb86a7c	301	struct lxc_list keepcaps;
571e6ec8	302	struct lxc_tty_info tty_info;
63376d7d	303	struct lxc_console console;
33fcb7a0	304	struct lxc_rootfs rootfs;
7c6ef2a2	305	char *ttydir;
b119f362	306	int close_all_fds;
26ddeedd	307	struct lxc_list hooks[NUM_LXC_HOOKS];
4a85ce2a	308
fe4de9a6 DE	309	char *lsm_aa_profile;
fe4de9a6 DE	310	char *lsm_se_context;
5112cd70	311	int tmp_umount_proc;
8f2c3a70	312	char *seccomp; // filename with the seccomp rules
769872f9 SH	313	#if HAVE_SCMP_FILTER_CTX
	314	scmp_filter_ctx *seccomp_ctx;
	315	#endif
72d0e1cb	316	int maincmd_fd;
c6883f38	317	int autodev; // if 1, mount and fill a /dev at start
f0f1d8c0 DE	318	int haltsignal; // signal used to halt container
f0f1d8c0 DE	319	int stopsignal; // signal used to hard stop container
7e0e1d94	320	int kmsg; // if 1, create /dev/kmsg symlink
f7bee6c6	321	char *rcfile; // Copy of the top level rcfile we read
b40a606e SH	322
	323	// Logfile and logleve can be set in a container config file.
	324	// Those function as defaults. The defaults can be overriden
	325	// by command line. However we don't want the command line
	326	// specified values to be saved on c->save_config(). So we
	327	// store the config file specified values here.
	328	char *logfile; // the logfile as specifed in config
	329	int loglevel; // loglevel as specifed in config (if any)
9f30a190 MM	330
9f30a190 MM	331	int inherit_ns_fd[LXC_NS_MAX];
ee1e7aa0 SG	332
	333	int start_auto;
	334	int start_delay;
	335	int start_order;
	336	struct lxc_list groups;
571e6ec8 DL	337	};
571e6ec8 DL	338
283678ed SH	339	int run_lxc_hooks(const char name, char hook, struct lxc_conf *conf,
283678ed SH	340	const char lxcpath, char argv[]);
26ddeedd	341
cc28d0b0 SH	342	extern int detect_shared_rootfs(void);
cc28d0b0 SH	343
089cd8b8 DL	344	/*
	345	* Initialize the lxc configuration structure
	346	*/
7b379ab3	347	extern struct lxc_conf *lxc_conf_init(void);
8eb5694b	348	extern void lxc_conf_free(struct lxc_conf *conf);
089cd8b8	349
0c547523 SH	350	extern int pin_rootfs(const char *rootfs);
0c547523 SH	351
26b797f3	352	extern int lxc_requests_empty_network(struct lxc_handler *handler);
e3b4c4c4	353	extern int lxc_create_network(struct lxc_handler *handler);
74a2b586	354	extern void lxc_delete_network(struct lxc_handler *handler);
82d5ae15	355	extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
f6d3e3e4	356	extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
19a26f82	357	extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
0ad19a3f	358
5e4a62bf	359	extern int lxc_create_tty(const char name, struct lxc_conf conf);
b0a33c1e	360	extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
b0a33c1e	361
72d0e1cb	362	extern int lxc_clear_config_network(struct lxc_conf *c);
12a50cc6	363	extern int lxc_clear_nic(struct lxc_conf c, const char key);
72d0e1cb	364	extern int lxc_clear_config_caps(struct lxc_conf *c);
1fb86a7c	365	extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
12a50cc6	366	extern int lxc_clear_cgroups(struct lxc_conf c, const char key);
72d0e1cb	367	extern int lxc_clear_mount_entries(struct lxc_conf *c);
b099e9e9	368	extern int lxc_clear_automounts(struct lxc_conf *c);
12a50cc6	369	extern int lxc_clear_hooks(struct lxc_conf c, const char key);
7d0eb87e	370	extern int lxc_clear_idmaps(struct lxc_conf *c);
ee1e7aa0	371	extern int lxc_clear_groups(struct lxc_conf *c);
72d0e1cb	372
0ad19a3f	373	/*
	374	* Configure the container from inside
	375	*/
88d5514d	376
368bbc02	377	struct cgroup_process_info;
d4ef7c50	378	extern int lxc_setup(struct lxc_handler *handler);
7b35f3d6	379
2af6bd1b	380	extern void lxc_rename_phys_nics_on_shutdown(int netnsfd, struct lxc_conf *conf);
cf3ef16d	381
2133f58c SH	382	extern int find_unmapped_nsuid(struct lxc_conf *conf, enum idtype idtype);
2133f58c SH	383	extern int mapped_hostid(unsigned id, struct lxc_conf *conf, enum idtype idtype);
c4d10a05 SH	384	extern int chown_mapped_root(char path, struct lxc_conf conf);
c4d10a05 SH	385	extern int ttys_shift_ids(struct lxc_conf *c);
4355ab5f	386	extern int userns_exec_1(struct lxc_conf conf, int (fn)(void ), void data);
a17b1e65 SG	387	extern int parse_mntopts(const char mntopts, unsigned long mntflags,
a17b1e65 SG	388	char **mntdata);
5112cd70	389	extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
0ad19a3f	390	#endif