3 * lxc: linux Container library
5 * (C) Copyright IBM Corp. 2007, 2008
8 * Daniel Lezcano <daniel.lezcano at free.fr>
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
25 #ifndef __LXC_ATTACH_OPTIONS_H
26 #define __LXC_ATTACH_OPTIONS_H
28 #include <sys/types.h>
35 * LXC environment policy.
37 typedef enum lxc_attach_env_policy_t
{
38 LXC_ATTACH_KEEP_ENV
, //!< Retain the environment
39 LXC_ATTACH_CLEAR_ENV
//!< Clear the environment
40 } lxc_attach_env_policy_t
;
43 /* the following are on by default: */
44 LXC_ATTACH_MOVE_TO_CGROUP
= 0x00000001, //!< Move to cgroup
45 LXC_ATTACH_DROP_CAPABILITIES
= 0x00000002, //!< Drop capabilities
46 LXC_ATTACH_SET_PERSONALITY
= 0x00000004, //!< Set personality
47 LXC_ATTACH_LSM_EXEC
= 0x00000008, //!< Execute under a Linux Security Module
49 /* the following are off by default */
50 LXC_ATTACH_REMOUNT_PROC_SYS
= 0x00010000, //!< Remount /proc filesystem
51 LXC_ATTACH_LSM_NOW
= 0x00020000, //!< FIXME: unknown
53 /* we have 16 bits for things that are on by default
54 * and 16 bits that are off by default, that should
55 * be sufficient to keep binary compatibility for
58 LXC_ATTACH_DEFAULT
= 0x0000FFFF //!< Mask of flags to apply by default
61 /*! All Linux Security Module flags */
62 #define LXC_ATTACH_LSM (LXC_ATTACH_LSM_EXEC | LXC_ATTACH_LSM_NOW)
64 /*! LXC attach function type.
66 * Function to run in container.
68 * \param payload \ref lxc_attach_command_t to run.
70 * \return Function should return \c 0 on success, and any other value to denote failure.
72 typedef int (*lxc_attach_exec_t
)(void* payload
);
75 * LXC attach options for \ref lxc_container \c attach().
77 typedef struct lxc_attach_options_t
{
78 /*! Any combination of LXC_ATTACH_* flags */
81 /*! The namespaces to attach to (CLONE_NEW... flags) */
84 /*! Initial personality (\c -1 to autodetect).
85 * \warning This may be ignored if lxc is compiled without personality support)
89 /*! Initial current directory, use \c NULL to use cwd.
90 * If the current directory does not exist in the container, the
91 * root directory will be used instead because of kernel defaults.
95 /*! The user-id to run as.
97 * \note Set to \c -1 for default behaviour (init uid for userns
98 * containers or \c 0 (super-user) if detection fails).
102 /*! The group-id to run as.
104 * \note Set to \c -1 for default behaviour (init gid for userns
105 * containers or \c 0 (super-user) if detection fails).
109 /*! Environment policy */
110 lxc_attach_env_policy_t env_policy
;
112 /*! Extra environment variables to set in the container environment */
113 char** extra_env_vars
;
115 /*! Names of environment variables in existing environment to retain
116 * in container environment.
118 char** extra_keep_env
;
121 /*! File descriptors for stdin, stdout and stderr,
122 * \c dup2() will be used before calling exec_function,
123 * (assuming not \c 0, \c 1 and \c 2 are specified) and the
124 * original fds are closed before passing control
125 * over. Any \c O_CLOEXEC flag will be removed after
128 int stdin_fd
; /*!< stdin file descriptor */
129 int stdout_fd
; /*!< stdout file descriptor */
130 int stderr_fd
; /*!< stderr file descriptor */
132 } lxc_attach_options_t
;
134 /*! Default attach options to use */
135 #define LXC_ATTACH_OPTIONS_DEFAULT \
137 /* .attach_flags = */ LXC_ATTACH_DEFAULT, \
138 /* .namespaces = */ -1, \
139 /* .personality = */ -1, \
140 /* .initial_cwd = */ NULL, \
141 /* .uid = */ (uid_t)-1, \
142 /* .gid = */ (gid_t)-1, \
143 /* .env_policy = */ LXC_ATTACH_KEEP_ENV, \
144 /* .extra_env_vars = */ NULL, \
145 /* .extra_keep_env = */ NULL, \
146 /* .stdin_fd = */ 0, 1, 2 \
150 * Representation of a command to run in a container.
152 typedef struct lxc_attach_command_t
{
153 char* program
; /*!< The program to run (passed to execvp) */
154 char** argv
; /*!< The argv pointer of that program, including the program itself in argv[0] */
155 } lxc_attach_command_t
;
158 * \brief Run a command in the container.
160 * \param payload \ref lxc_attach_command_t to run.
162 * \return \c -1 on error, exit code of lxc_attach_command_t program on success.
164 extern int lxc_attach_run_command(void* payload
);
167 * \brief Run a shell command in the container.
169 * \param payload Not used.
171 * \return Exit code of shell.
173 extern int lxc_attach_run_shell(void* payload
);