[systemd.git] / src / nspawn / nspawn-settings.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include <sched.h>
#include <stdio.h>

#if HAVE_SECCOMP
#include <seccomp.h>
#endif

#include "sd-bus.h"
#include "sd-id128.h"

#include "capability-util.h"
#include "conf-parser.h"
#include "cpu-set-util.h"
#include "macro.h"
#include "missing_resource.h"
#include "nspawn-expose-ports.h"
#include "nspawn-mount.h"
#include "time-util.h"

typedef enum StartMode {
        START_PID1, /* Run parameters as command line as process 1 */
        START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */
        START_BOOT, /* Search for init system, pass arguments as parameters */
        _START_MODE_MAX,
        _START_MODE_INVALID = -EINVAL,
} StartMode;

typedef enum UserNamespaceMode {
        USER_NAMESPACE_NO,
        USER_NAMESPACE_FIXED,
        USER_NAMESPACE_PICK,
        _USER_NAMESPACE_MODE_MAX,
        _USER_NAMESPACE_MODE_INVALID = -EINVAL,
} UserNamespaceMode;

typedef enum UserNamespaceOwnership {
        USER_NAMESPACE_OWNERSHIP_OFF,
        USER_NAMESPACE_OWNERSHIP_CHOWN,
        USER_NAMESPACE_OWNERSHIP_MAP,
        USER_NAMESPACE_OWNERSHIP_AUTO,
        _USER_NAMESPACE_OWNERSHIP_MAX,
        _USER_NAMESPACE_OWNERSHIP_INVALID = -1,
} UserNamespaceOwnership;

typedef enum ResolvConfMode {
        RESOLV_CONF_OFF,
        RESOLV_CONF_COPY_HOST,     /* /etc/resolv.conf */
        RESOLV_CONF_COPY_STATIC,   /* /usr/lib/systemd/resolv.conf */
        RESOLV_CONF_COPY_UPLINK,   /* /run/systemd/resolve/resolv.conf */
        RESOLV_CONF_COPY_STUB,     /* /run/systemd/resolve/stub-resolv.conf */
        RESOLV_CONF_REPLACE_HOST,
        RESOLV_CONF_REPLACE_STATIC,
        RESOLV_CONF_REPLACE_UPLINK,
        RESOLV_CONF_REPLACE_STUB,
        RESOLV_CONF_BIND_HOST,
        RESOLV_CONF_BIND_STATIC,
        RESOLV_CONF_BIND_UPLINK,
        RESOLV_CONF_BIND_STUB,
        RESOLV_CONF_DELETE,
        RESOLV_CONF_AUTO,
        _RESOLV_CONF_MODE_MAX,
        _RESOLV_CONF_MODE_INVALID = -EINVAL,
} ResolvConfMode;

typedef enum LinkJournal {
        LINK_NO,
        LINK_AUTO,
        LINK_HOST,
        LINK_GUEST,
        _LINK_JOURNAL_MAX,
        _LINK_JOURNAL_INVALID = -EINVAL,
} LinkJournal;

typedef enum TimezoneMode {
        TIMEZONE_OFF,
        TIMEZONE_COPY,
        TIMEZONE_BIND,
        TIMEZONE_SYMLINK,
        TIMEZONE_DELETE,
        TIMEZONE_AUTO,
        _TIMEZONE_MODE_MAX,
        _TIMEZONE_MODE_INVALID = -EINVAL,
} TimezoneMode;

typedef enum ConsoleMode {
        CONSOLE_INTERACTIVE,
        CONSOLE_READ_ONLY,
        CONSOLE_PASSIVE,
        CONSOLE_PIPE,
        _CONSOLE_MODE_MAX,
        _CONSOLE_MODE_INVALID = -EINVAL,
} ConsoleMode;

typedef enum SettingsMask {
        SETTING_START_MODE        = UINT64_C(1) << 0,
        SETTING_ENVIRONMENT       = UINT64_C(1) << 1,
        SETTING_USER              = UINT64_C(1) << 2,
        SETTING_CAPABILITY        = UINT64_C(1) << 3,
        SETTING_KILL_SIGNAL       = UINT64_C(1) << 4,
        SETTING_PERSONALITY       = UINT64_C(1) << 5,
        SETTING_MACHINE_ID        = UINT64_C(1) << 6,
        SETTING_NETWORK           = UINT64_C(1) << 7,
        SETTING_EXPOSE_PORTS      = UINT64_C(1) << 8,
        SETTING_READ_ONLY         = UINT64_C(1) << 9,
        SETTING_VOLATILE_MODE     = UINT64_C(1) << 10,
        SETTING_CUSTOM_MOUNTS     = UINT64_C(1) << 11,
        SETTING_WORKING_DIRECTORY = UINT64_C(1) << 12,
        SETTING_USERNS            = UINT64_C(1) << 13,
        SETTING_NOTIFY_READY      = UINT64_C(1) << 14,
        SETTING_PIVOT_ROOT        = UINT64_C(1) << 15,
        SETTING_SYSCALL_FILTER    = UINT64_C(1) << 16,
        SETTING_HOSTNAME          = UINT64_C(1) << 17,
        SETTING_NO_NEW_PRIVILEGES = UINT64_C(1) << 18,
        SETTING_OOM_SCORE_ADJUST  = UINT64_C(1) << 19,
        SETTING_CPU_AFFINITY      = UINT64_C(1) << 20,
        SETTING_RESOLV_CONF       = UINT64_C(1) << 21,
        SETTING_LINK_JOURNAL      = UINT64_C(1) << 22,
        SETTING_TIMEZONE          = UINT64_C(1) << 23,
        SETTING_EPHEMERAL         = UINT64_C(1) << 24,
        SETTING_SLICE             = UINT64_C(1) << 25,
        SETTING_DIRECTORY         = UINT64_C(1) << 26,
        SETTING_USE_CGNS          = UINT64_C(1) << 27,
        SETTING_CLONE_NS_FLAGS    = UINT64_C(1) << 28,
        SETTING_CONSOLE_MODE      = UINT64_C(1) << 29,
        SETTING_CREDENTIALS       = UINT64_C(1) << 30,
        SETTING_BIND_USER         = UINT64_C(1) << 31,
        SETTING_RLIMIT_FIRST      = UINT64_C(1) << 32, /* we define one bit per resource limit here */
        SETTING_RLIMIT_LAST       = UINT64_C(1) << (32 + _RLIMIT_MAX - 1),
        _SETTINGS_MASK_ALL        = (UINT64_C(1) << (32 + _RLIMIT_MAX)) -1,
        _SETTING_FORCE_ENUM_WIDTH = UINT64_MAX
} SettingsMask;

/* We want to use SETTING_RLIMIT_FIRST in shifts, so make sure it is really 64 bits
 * when used in expressions. */
#define SETTING_RLIMIT_FIRST ((uint64_t) SETTING_RLIMIT_FIRST)
#define SETTING_RLIMIT_LAST ((uint64_t) SETTING_RLIMIT_LAST)

assert_cc(sizeof(SettingsMask) == 8);
assert_cc(sizeof(SETTING_RLIMIT_FIRST) == 8);
assert_cc(sizeof(SETTING_RLIMIT_LAST) == 8);

typedef struct DeviceNode {
        char *path;
        unsigned major;
        unsigned minor;
        mode_t mode;
        uid_t uid;
        gid_t gid;
} DeviceNode;

typedef struct OciHook {
        char *path;
        char **args;
        char **env;
        usec_t timeout;
} OciHook;

typedef struct Settings {
        /* [Exec] */
        StartMode start_mode;
        bool ephemeral;
        char **parameters;
        char **environment;
        char *user;
        uint64_t capability;
        uint64_t drop_capability;
        uint64_t ambient_capability;
        int kill_signal;
        unsigned long personality;
        sd_id128_t machine_id;
        char *working_directory;
        char *pivot_root_new;
        char *pivot_root_old;
        UserNamespaceMode userns_mode;
        uid_t uid_shift, uid_range;
        bool notify_ready;
        char **syscall_allow_list;
        char **syscall_deny_list;
        struct rlimit *rlimit[_RLIMIT_MAX];
        char *hostname;
        int no_new_privileges;
        int oom_score_adjust;
        bool oom_score_adjust_set;
        CPUSet cpu_set;
        ResolvConfMode resolv_conf;
        LinkJournal link_journal;
        bool link_journal_try;
        TimezoneMode timezone;

        /* [Files] */
        int read_only;
        VolatileMode volatile_mode;
        CustomMount *custom_mounts;
        size_t n_custom_mounts;
        UserNamespaceOwnership userns_ownership;
        char **bind_user;

        /* [Network] */
        int private_network;
        int network_veth;
        char *network_bridge;
        char *network_zone;
        char **network_interfaces;
        char **network_macvlan;
        char **network_ipvlan;
        char **network_veth_extra;
        ExposePort *expose_ports;

        /* Additional fields, that are specific to OCI runtime case */
        char *bundle;
        char *root;
        OciHook *oci_hooks_prestart, *oci_hooks_poststart, *oci_hooks_poststop;
        size_t n_oci_hooks_prestart, n_oci_hooks_poststart, n_oci_hooks_poststop;
        char *slice;
        sd_bus_message *properties;
        CapabilityQuintet full_capabilities;
        uid_t uid;
        gid_t gid;
        gid_t *supplementary_gids;
        size_t n_supplementary_gids;
        unsigned console_width, console_height;
        ConsoleMode console_mode;
        DeviceNode *extra_nodes;
        size_t n_extra_nodes;
        unsigned long clone_ns_flags;
        char *network_namespace_path;
        int use_cgns;
        char **sysctl;
#if HAVE_SECCOMP
        scmp_filter_ctx seccomp;
#endif
} Settings;

Settings *settings_new(void);
int settings_load(FILE *f, const char *path, Settings **ret);
Settings* settings_free(Settings *s);

bool settings_network_veth(Settings *s);
bool settings_private_network(Settings *s);
int settings_allocate_properties(Settings *s);

DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);

const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);

CONFIG_PARSER_PROTOTYPE(config_parse_capability);
CONFIG_PARSER_PROTOTYPE(config_parse_expose_port);
CONFIG_PARSER_PROTOTYPE(config_parse_volatile_mode);
CONFIG_PARSER_PROTOTYPE(config_parse_pivot_root);
CONFIG_PARSER_PROTOTYPE(config_parse_bind);
CONFIG_PARSER_PROTOTYPE(config_parse_tmpfs);
CONFIG_PARSER_PROTOTYPE(config_parse_overlay);
CONFIG_PARSER_PROTOTYPE(config_parse_inaccessible);
CONFIG_PARSER_PROTOTYPE(config_parse_veth_extra);
CONFIG_PARSER_PROTOTYPE(config_parse_network_zone);
CONFIG_PARSER_PROTOTYPE(config_parse_boot);
CONFIG_PARSER_PROTOTYPE(config_parse_pid2);
CONFIG_PARSER_PROTOTYPE(config_parse_private_users);
CONFIG_PARSER_PROTOTYPE(config_parse_syscall_filter);
CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
CONFIG_PARSER_PROTOTYPE(config_parse_oom_score_adjust);
CONFIG_PARSER_PROTOTYPE(config_parse_cpu_affinity);
CONFIG_PARSER_PROTOTYPE(config_parse_resolv_conf);
CONFIG_PARSER_PROTOTYPE(config_parse_link_journal);
CONFIG_PARSER_PROTOTYPE(config_parse_timezone);
CONFIG_PARSER_PROTOTYPE(config_parse_userns_chown);
CONFIG_PARSER_PROTOTYPE(config_parse_userns_ownership);
CONFIG_PARSER_PROTOTYPE(config_parse_bind_user);

const char *resolv_conf_mode_to_string(ResolvConfMode a) _const_;
ResolvConfMode resolv_conf_mode_from_string(const char *s) _pure_;

const char *timezone_mode_to_string(TimezoneMode a) _const_;
TimezoneMode timezone_mode_from_string(const char *s) _pure_;

const char *user_namespace_ownership_to_string(UserNamespaceOwnership a) _const_;
UserNamespaceOwnership user_namespace_ownership_from_string(const char *s) _pure_;

int parse_link_journal(const char *s, LinkJournal *ret_mode, bool *ret_try);

void device_node_array_free(DeviceNode *node, size_t n);
Commit	Line	Data
a032b68d	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
d9dfd233 MP	2	#pragma once
d9dfd233 MP	3
b012e921	4	#include <sched.h>
d9dfd233 MP	5	#include <stdio.h>
d9dfd233 MP	6
bb4f798a MB	7	#if HAVE_SECCOMP
	8	#include <seccomp.h>
	9	#endif
	10
	11	#include "sd-bus.h"
1d42b86d MB	12	#include "sd-id128.h"
1d42b86d MB	13
bb4f798a	14	#include "capability-util.h"
b012e921	15	#include "conf-parser.h"
f2dec872	16	#include "cpu-set-util.h"
d9dfd233	17	#include "macro.h"
6e866b33	18	#include "missing_resource.h"
d9dfd233	19	#include "nspawn-expose-ports.h"
4c89c718	20	#include "nspawn-mount.h"
bb4f798a	21	#include "time-util.h"
4c89c718 MP	22
	23	typedef enum StartMode {
	24	START_PID1, /* Run parameters as command line as process 1 */
	25	START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */
	26	START_BOOT, /* Search for init system, pass arguments as parameters */
	27	_START_MODE_MAX,
3a6ce677	28	_START_MODE_INVALID = -EINVAL,
4c89c718	29	} StartMode;
d9dfd233	30
aa27b158 MP	31	typedef enum UserNamespaceMode {
	32	USER_NAMESPACE_NO,
	33	USER_NAMESPACE_FIXED,
	34	USER_NAMESPACE_PICK,
	35	_USER_NAMESPACE_MODE_MAX,
3a6ce677	36	_USER_NAMESPACE_MODE_INVALID = -EINVAL,
aa27b158 MP	37	} UserNamespaceMode;
aa27b158 MP	38
8b3d4ff0 MB	39	typedef enum UserNamespaceOwnership {
	40	USER_NAMESPACE_OWNERSHIP_OFF,
	41	USER_NAMESPACE_OWNERSHIP_CHOWN,
	42	USER_NAMESPACE_OWNERSHIP_MAP,
	43	USER_NAMESPACE_OWNERSHIP_AUTO,
	44	_USER_NAMESPACE_OWNERSHIP_MAX,
	45	_USER_NAMESPACE_OWNERSHIP_INVALID = -1,
	46	} UserNamespaceOwnership;
	47
b012e921 MB	48	typedef enum ResolvConfMode {
b012e921 MB	49	RESOLV_CONF_OFF,
a10f5d05 MB	50	RESOLV_CONF_COPY_HOST, /* /etc/resolv.conf */
	51	RESOLV_CONF_COPY_STATIC, /* /usr/lib/systemd/resolv.conf */
	52	RESOLV_CONF_COPY_UPLINK, /* /run/systemd/resolve/resolv.conf */
	53	RESOLV_CONF_COPY_STUB, /* /run/systemd/resolve/stub-resolv.conf */
	54	RESOLV_CONF_REPLACE_HOST,
	55	RESOLV_CONF_REPLACE_STATIC,
	56	RESOLV_CONF_REPLACE_UPLINK,
	57	RESOLV_CONF_REPLACE_STUB,
b012e921 MB	58	RESOLV_CONF_BIND_HOST,
b012e921 MB	59	RESOLV_CONF_BIND_STATIC,
a10f5d05 MB	60	RESOLV_CONF_BIND_UPLINK,
a10f5d05 MB	61	RESOLV_CONF_BIND_STUB,
b012e921 MB	62	RESOLV_CONF_DELETE,
	63	RESOLV_CONF_AUTO,
	64	_RESOLV_CONF_MODE_MAX,
3a6ce677	65	_RESOLV_CONF_MODE_INVALID = -EINVAL,
b012e921 MB	66	} ResolvConfMode;
	67
	68	typedef enum LinkJournal {
	69	LINK_NO,
	70	LINK_AUTO,
	71	LINK_HOST,
	72	LINK_GUEST,
	73	_LINK_JOURNAL_MAX,
3a6ce677	74	_LINK_JOURNAL_INVALID = -EINVAL,
b012e921 MB	75	} LinkJournal;
	76
	77	typedef enum TimezoneMode {
	78	TIMEZONE_OFF,
	79	TIMEZONE_COPY,
	80	TIMEZONE_BIND,
	81	TIMEZONE_SYMLINK,
	82	TIMEZONE_DELETE,
	83	TIMEZONE_AUTO,
	84	_TIMEZONE_MODE_MAX,
3a6ce677	85	_TIMEZONE_MODE_INVALID = -EINVAL,
b012e921 MB	86	} TimezoneMode;
b012e921 MB	87
bb4f798a MB	88	typedef enum ConsoleMode {
	89	CONSOLE_INTERACTIVE,
	90	CONSOLE_READ_ONLY,
	91	CONSOLE_PASSIVE,
	92	CONSOLE_PIPE,
	93	_CONSOLE_MODE_MAX,
3a6ce677	94	_CONSOLE_MODE_INVALID = -EINVAL,
bb4f798a MB	95	} ConsoleMode;
bb4f798a MB	96
d9dfd233	97	typedef enum SettingsMask {
b012e921 MB	98	SETTING_START_MODE = UINT64_C(1) << 0,
	99	SETTING_ENVIRONMENT = UINT64_C(1) << 1,
	100	SETTING_USER = UINT64_C(1) << 2,
	101	SETTING_CAPABILITY = UINT64_C(1) << 3,
	102	SETTING_KILL_SIGNAL = UINT64_C(1) << 4,
	103	SETTING_PERSONALITY = UINT64_C(1) << 5,
	104	SETTING_MACHINE_ID = UINT64_C(1) << 6,
	105	SETTING_NETWORK = UINT64_C(1) << 7,
	106	SETTING_EXPOSE_PORTS = UINT64_C(1) << 8,
	107	SETTING_READ_ONLY = UINT64_C(1) << 9,
	108	SETTING_VOLATILE_MODE = UINT64_C(1) << 10,
	109	SETTING_CUSTOM_MOUNTS = UINT64_C(1) << 11,
	110	SETTING_WORKING_DIRECTORY = UINT64_C(1) << 12,
	111	SETTING_USERNS = UINT64_C(1) << 13,
	112	SETTING_NOTIFY_READY = UINT64_C(1) << 14,
	113	SETTING_PIVOT_ROOT = UINT64_C(1) << 15,
	114	SETTING_SYSCALL_FILTER = UINT64_C(1) << 16,
	115	SETTING_HOSTNAME = UINT64_C(1) << 17,
	116	SETTING_NO_NEW_PRIVILEGES = UINT64_C(1) << 18,
	117	SETTING_OOM_SCORE_ADJUST = UINT64_C(1) << 19,
	118	SETTING_CPU_AFFINITY = UINT64_C(1) << 20,
	119	SETTING_RESOLV_CONF = UINT64_C(1) << 21,
	120	SETTING_LINK_JOURNAL = UINT64_C(1) << 22,
	121	SETTING_TIMEZONE = UINT64_C(1) << 23,
6e866b33	122	SETTING_EPHEMERAL = UINT64_C(1) << 24,
bb4f798a MB	123	SETTING_SLICE = UINT64_C(1) << 25,
	124	SETTING_DIRECTORY = UINT64_C(1) << 26,
	125	SETTING_USE_CGNS = UINT64_C(1) << 27,
	126	SETTING_CLONE_NS_FLAGS = UINT64_C(1) << 28,
	127	SETTING_CONSOLE_MODE = UINT64_C(1) << 29,
a032b68d	128	SETTING_CREDENTIALS = UINT64_C(1) << 30,
8b3d4ff0 MB	129	SETTING_BIND_USER = UINT64_C(1) << 31,
	130	SETTING_RLIMIT_FIRST = UINT64_C(1) << 32, /* we define one bit per resource limit here */
	131	SETTING_RLIMIT_LAST = UINT64_C(1) << (32 + _RLIMIT_MAX - 1),
	132	_SETTINGS_MASK_ALL = (UINT64_C(1) << (32 + _RLIMIT_MAX)) -1,
b012e921	133	_SETTING_FORCE_ENUM_WIDTH = UINT64_MAX
d9dfd233 MP	134	} SettingsMask;
d9dfd233 MP	135
b012e921 MB	136	/* We want to use SETTING_RLIMIT_FIRST in shifts, so make sure it is really 64 bits
	137	* when used in expressions. */
	138	#define SETTING_RLIMIT_FIRST ((uint64_t) SETTING_RLIMIT_FIRST)
	139	#define SETTING_RLIMIT_LAST ((uint64_t) SETTING_RLIMIT_LAST)
	140
	141	assert_cc(sizeof(SettingsMask) == 8);
	142	assert_cc(sizeof(SETTING_RLIMIT_FIRST) == 8);
	143	assert_cc(sizeof(SETTING_RLIMIT_LAST) == 8);
	144
bb4f798a MB	145	typedef struct DeviceNode {
	146	char *path;
	147	unsigned major;
	148	unsigned minor;
	149	mode_t mode;
	150	uid_t uid;
	151	gid_t gid;
	152	} DeviceNode;
	153
	154	typedef struct OciHook {
	155	char *path;
	156	char **args;
	157	char **env;
	158	usec_t timeout;
	159	} OciHook;
	160
d9dfd233	161	typedef struct Settings {
8b3d4ff0	162	/* [Exec] */
4c89c718	163	StartMode start_mode;
6e866b33	164	bool ephemeral;
d9dfd233 MP	165	char **parameters;
	166	char **environment;
	167	char *user;
	168	uint64_t capability;
	169	uint64_t drop_capability;
3a6ce677	170	uint64_t ambient_capability;
d9dfd233 MP	171	int kill_signal;
	172	unsigned long personality;
	173	sd_id128_t machine_id;
4c89c718	174	char *working_directory;
2897b343 MP	175	char *pivot_root_new;
2897b343 MP	176	char *pivot_root_old;
aa27b158 MP	177	UserNamespaceMode userns_mode;
aa27b158 MP	178	uid_t uid_shift, uid_range;
5a920b42	179	bool notify_ready;
a10f5d05 MB	180	char **syscall_allow_list;
a10f5d05 MB	181	char **syscall_deny_list;
b012e921 MB	182	struct rlimit *rlimit[_RLIMIT_MAX];
	183	char *hostname;
	184	int no_new_privileges;
	185	int oom_score_adjust;
	186	bool oom_score_adjust_set;
f2dec872	187	CPUSet cpu_set;
b012e921 MB	188	ResolvConfMode resolv_conf;
	189	LinkJournal link_journal;
	190	bool link_journal_try;
	191	TimezoneMode timezone;
d9dfd233	192
8b3d4ff0	193	/* [Files] */
d9dfd233 MP	194	int read_only;
	195	VolatileMode volatile_mode;
	196	CustomMount *custom_mounts;
b012e921	197	size_t n_custom_mounts;
8b3d4ff0 MB	198	UserNamespaceOwnership userns_ownership;
8b3d4ff0 MB	199	char **bind_user;
d9dfd233 MP	200
	201	/* [Network] */
	202	int private_network;
	203	int network_veth;
	204	char *network_bridge;
aa27b158	205	char *network_zone;
d9dfd233 MP	206	char **network_interfaces;
	207	char **network_macvlan;
	208	char **network_ipvlan;
db2df898	209	char **network_veth_extra;
d9dfd233	210	ExposePort *expose_ports;
bb4f798a MB	211
	212	/* Additional fields, that are specific to OCI runtime case */
	213	char *bundle;
	214	char *root;
	215	OciHook oci_hooks_prestart, oci_hooks_poststart, *oci_hooks_poststop;
	216	size_t n_oci_hooks_prestart, n_oci_hooks_poststart, n_oci_hooks_poststop;
	217	char *slice;
	218	sd_bus_message *properties;
	219	CapabilityQuintet full_capabilities;
	220	uid_t uid;
	221	gid_t gid;
	222	gid_t *supplementary_gids;
	223	size_t n_supplementary_gids;
	224	unsigned console_width, console_height;
	225	ConsoleMode console_mode;
	226	DeviceNode *extra_nodes;
	227	size_t n_extra_nodes;
	228	unsigned long clone_ns_flags;
	229	char *network_namespace_path;
	230	int use_cgns;
	231	char **sysctl;
	232	#if HAVE_SECCOMP
	233	scmp_filter_ctx seccomp;
	234	#endif
d9dfd233 MP	235	} Settings;
d9dfd233 MP	236
bb4f798a	237	Settings *settings_new(void);
d9dfd233 MP	238	int settings_load(FILE f, const char path, Settings **ret);
	239	Settings* settings_free(Settings *s);
	240
db2df898 MP	241	bool settings_network_veth(Settings *s);
db2df898 MP	242	bool settings_private_network(Settings *s);
bb4f798a	243	int settings_allocate_properties(Settings *s);
db2df898	244
d9dfd233 MP	245	DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);
d9dfd233 MP	246
2897b343	247	const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
d9dfd233	248
b012e921	249	CONFIG_PARSER_PROTOTYPE(config_parse_capability);
b012e921 MB	250	CONFIG_PARSER_PROTOTYPE(config_parse_expose_port);
	251	CONFIG_PARSER_PROTOTYPE(config_parse_volatile_mode);
	252	CONFIG_PARSER_PROTOTYPE(config_parse_pivot_root);
	253	CONFIG_PARSER_PROTOTYPE(config_parse_bind);
	254	CONFIG_PARSER_PROTOTYPE(config_parse_tmpfs);
	255	CONFIG_PARSER_PROTOTYPE(config_parse_overlay);
bb4f798a	256	CONFIG_PARSER_PROTOTYPE(config_parse_inaccessible);
b012e921 MB	257	CONFIG_PARSER_PROTOTYPE(config_parse_veth_extra);
	258	CONFIG_PARSER_PROTOTYPE(config_parse_network_zone);
	259	CONFIG_PARSER_PROTOTYPE(config_parse_boot);
	260	CONFIG_PARSER_PROTOTYPE(config_parse_pid2);
	261	CONFIG_PARSER_PROTOTYPE(config_parse_private_users);
	262	CONFIG_PARSER_PROTOTYPE(config_parse_syscall_filter);
	263	CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
	264	CONFIG_PARSER_PROTOTYPE(config_parse_oom_score_adjust);
	265	CONFIG_PARSER_PROTOTYPE(config_parse_cpu_affinity);
	266	CONFIG_PARSER_PROTOTYPE(config_parse_resolv_conf);
	267	CONFIG_PARSER_PROTOTYPE(config_parse_link_journal);
	268	CONFIG_PARSER_PROTOTYPE(config_parse_timezone);
8b3d4ff0 MB	269	CONFIG_PARSER_PROTOTYPE(config_parse_userns_chown);
	270	CONFIG_PARSER_PROTOTYPE(config_parse_userns_ownership);
	271	CONFIG_PARSER_PROTOTYPE(config_parse_bind_user);
b012e921 MB	272
	273	const char *resolv_conf_mode_to_string(ResolvConfMode a) _const_;
	274	ResolvConfMode resolv_conf_mode_from_string(const char *s) _pure_;
	275
	276	const char *timezone_mode_to_string(TimezoneMode a) _const_;
	277	TimezoneMode timezone_mode_from_string(const char *s) _pure_;
	278
8b3d4ff0 MB	279	const char *user_namespace_ownership_to_string(UserNamespaceOwnership a) _const_;
	280	UserNamespaceOwnership user_namespace_ownership_from_string(const char *s) _pure_;
	281
b012e921	282	int parse_link_journal(const char s, LinkJournal ret_mode, bool *ret_try);
bb4f798a MB	283
bb4f798a MB	284	void device_node_array_free(DeviceNode *node, size_t n);