]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/conf.h
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
github: Update for main branch
[mirror_lxc.git] / src / lxc / conf.h
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #ifndef __LXC_CONF_H
4 #define __LXC_CONF_H
5
6 #include "config.h"
7
8 #include <linux/magic.h>
9 #include <net/if.h>
10 #include <netinet/in.h>
11 #include <stdbool.h>
12 #include <stdio.h>
13 #include <sys/param.h>
14 #include <sys/types.h>
15 #include <sys/vfs.h>
16
17 #include "attach_options.h"
18 #include "caps.h"
19 #include "compiler.h"
20 #include "hlist.h"
21 #include "list.h"
22 #include "lxcseccomp.h"
23 #include "memory_utils.h"
24 #include "mount_utils.h"
25 #include "namespace.h"
26 #include "ringbuf.h"
27 #include "start.h"
28 #include "state.h"
29 #include "storage/storage.h"
30 #include "string_utils.h"
31 #include "syscall_wrappers.h"
32 #include "terminal.h"
33
34 #if HAVE_SYS_RESOURCE_H
35 #include <sys/resource.h>
36 #endif
37
38 #if HAVE_SCMP_FILTER_CTX
39 typedef void * scmp_filter_ctx;
40 #endif
41
42 typedef signed long personality_t;
43
44 /* worth moving to configure.ac? */
45 #define subuidfile "/etc/subuid"
46 #define subgidfile "/etc/subgid"
47
48 /*
49 * Defines a generic struct to configure the control group. It is up to the
50 * programmer to specify the right subsystem.
51 * @subsystem : the targeted subsystem
52 * @value : the value to set
53 * @version : The version of the cgroup filesystem on which the controller
54 * resides.
55 *
56 * @controllers : The controllers to use for this container.
57 * @dir : The name of the directory containing the container's cgroup.
58 * Not that this is a per-container setting.
59 */
60 struct lxc_cgroup {
61 union {
62 /* information about a specific controller */
63 struct /* controller */ {
64 int version;
65 char *subsystem;
66 char *value;
67 };
68
69 /* meta information about cgroup configuration */
70 struct /* meta */ {
71 char *controllers;
72 char *dir;
73 char *monitor_dir;
74 char *monitor_pivot_dir;
75 char *container_dir;
76 char *namespace_dir;
77 bool relative;
78 /* If an unpriv user in pure unified-only hierarchy
79 * starts a container, then we ask systemd to create
80 * a scope for us, and create the monitor and container
81 * cgroups under that.
82 * This will ignore the above things like monitor_dir
83 */
84 char *systemd_scope;
85 };
86 };
87
88 struct list_head head;
89 };
90
91 static void free_lxc_cgroup(struct lxc_cgroup *ptr)
92 {
93 if (ptr) {
94 free(ptr->subsystem);
95 free(ptr->value);
96 free_disarm(ptr);
97 }
98 }
99 define_cleanup_function(struct lxc_cgroup *, free_lxc_cgroup);
100
101 #if !HAVE_SYS_RESOURCE_H
102 #define RLIM_INFINITY ((unsigned long)-1)
103 struct rlimit {
104 unsigned long rlim_cur;
105 unsigned long rlim_max;
106 struct list_head head;
107 };
108 #endif
109
110 /*
111 * Defines a structure to configure resource limits to set via setrlimit().
112 * @resource : the resource name in lowercase without the RLIMIT_ prefix
113 * @limit : the limit to set
114 */
115 struct lxc_limit {
116 char *resource;
117 struct rlimit limit;
118 struct list_head head;
119 };
120
121 static void free_lxc_limit(struct lxc_limit *ptr)
122 {
123 if (ptr) {
124 free_disarm(ptr->resource);
125 free_disarm(ptr);
126 }
127 }
128 define_cleanup_function(struct lxc_limit *, free_lxc_limit);
129
130 enum idtype {
131 ID_TYPE_UID,
132 ID_TYPE_GID
133 };
134
135 /*
136 * Defines a structure to configure kernel parameters at runtime.
137 * @key : the kernel parameters will be configured without the "lxc.sysctl" prefix
138 * @value : the value to set
139 */
140 struct lxc_sysctl {
141 char *key;
142 char *value;
143 struct list_head head;
144 };
145
146 static void free_lxc_sysctl(struct lxc_sysctl *ptr)
147 {
148 if (ptr) {
149 free(ptr->key);
150 free(ptr->value);
151 free_disarm(ptr);
152 }
153 }
154 define_cleanup_function(struct lxc_sysctl *, free_lxc_sysctl);
155
156 /*
157 * Defines a structure to configure proc filesystem at runtime.
158 * @filename : the proc filesystem will be configured without the "lxc.proc" prefix
159 * @value : the value to set
160 */
161 struct lxc_proc {
162 char *filename;
163 char *value;
164 struct list_head head;
165 };
166
167 static void free_lxc_proc(struct lxc_proc *ptr)
168 {
169 if (ptr) {
170 free(ptr->filename);
171 free(ptr->value);
172 free_disarm(ptr);
173 }
174 }
175 define_cleanup_function(struct lxc_proc *, free_lxc_proc);
176
177 /*
178 * id_map is an id map entry. Form in confile is:
179 * lxc.idmap = u 0 9800 100
180 * lxc.idmap = u 1000 9900 100
181 * lxc.idmap = g 0 9800 100
182 * lxc.idmap = g 1000 9900 100
183 * meaning the container can use uids and gids 0-99 and 1000-1099,
184 * with [ug]id 0 mapping to [ug]id 9800 on the host, and [ug]id 1000 to
185 * [ug]id 9900 on the host.
186 */
187 struct id_map {
188 enum idtype idtype;
189 unsigned long hostid, nsid, range;
190 struct list_head head;
191 };
192
193 /* Defines the number of tty configured and contains the
194 * instantiated ptys
195 * @max = number of configured ttys
196 */
197 struct lxc_tty_info {
198 size_t max;
199 char *dir;
200 char *tty_names;
201 struct lxc_terminal_info *tty;
202 };
203
204 typedef enum lxc_mount_options_t {
205 LXC_MOUNT_CREATE_DIR = 0,
206 LXC_MOUNT_CREATE_FILE = 1,
207 LXC_MOUNT_OPTIONAL = 2,
208 LXC_MOUNT_RELATIVE = 3,
209 LXC_MOUNT_IDMAP = 4,
210 LXC_MOUNT_MAX = 5,
211 } lxc_mount_options_t;
212
213 __hidden extern const char *lxc_mount_options_info[LXC_MOUNT_MAX];
214
215 struct lxc_mount_options {
216 unsigned int create_dir : 1;
217 unsigned int create_file : 1;
218 unsigned int optional : 1;
219 unsigned int relative : 1;
220 unsigned int bind_recursively : 1;
221 unsigned int propagate_recursively : 1;
222 unsigned int bind : 1;
223 char userns_path[PATH_MAX];
224 unsigned long mnt_flags;
225 unsigned long prop_flags;
226 char *data;
227 struct mount_attr attr;
228 char *raw_options;
229 };
230
231 /* Defines a structure to store the rootfs location, the
232 * optionals pivot_root, rootfs mount paths
233 * @path : the rootfs source (directory or device)
234 * @mount : where it is mounted
235 * @buf : static buffer to construct paths
236 * @bdev_type : optional backing store type
237 * @managed : whether it is managed by LXC
238 * @dfd_mnt : fd for @mount
239 * @dfd_dev : fd for /dev of the container
240 */
241 struct lxc_rootfs {
242 int dfd_host;
243
244 char *path;
245 int fd_path_pin;
246 int dfd_idmapped;
247
248 int dfd_mnt;
249 char *mount;
250
251 int dfd_dev;
252
253 char buf[PATH_MAX];
254 char *bdev_type;
255 bool managed;
256 struct lxc_mount_options mnt_opts;
257 struct lxc_storage *storage;
258 };
259
260 /*
261 * Automatic mounts for LXC to perform inside the container
262 */
263 enum {
264 /* /proc read-write */
265 LXC_AUTO_PROC_RW = BIT(0),
266 /* /proc/sys and /proc/sysrq-trigger read-only */
267 LXC_AUTO_PROC_MIXED = BIT(1),
268 LXC_AUTO_PROC_MASK = LXC_AUTO_PROC_RW |
269 LXC_AUTO_PROC_MIXED,
270 /* /sys read-write */
271 LXC_AUTO_SYS_RW = BIT(2),
272 /* /sys read-only */
273 LXC_AUTO_SYS_RO = BIT(3),
274 /* /sys read-only and /sys/class/net read-write */
275 LXC_AUTO_SYS_MIXED = LXC_AUTO_SYS_RW |
276 LXC_AUTO_SYS_RO,
277 LXC_AUTO_SYS_MASK = LXC_AUTO_SYS_MIXED,
278
279 /* /sys/fs/cgroup (partial mount, read-only) */
280 LXC_AUTO_CGROUP_RO = BIT(4),
281 /* /sys/fs/cgroup (partial mount, read-write) */
282 LXC_AUTO_CGROUP_RW = BIT(5),
283 /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
284 LXC_AUTO_CGROUP_MIXED = LXC_AUTO_CGROUP_RO |
285 LXC_AUTO_CGROUP_RW,
286 /* /sys/fs/cgroup (full mount, read-only) */
287 LXC_AUTO_CGROUP_FULL_RO = BIT(6),
288 /* /sys/fs/cgroup (full mount, read-write) */
289 LXC_AUTO_CGROUP_FULL_RW = BIT(7),
290 /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
291 LXC_AUTO_CGROUP_FULL_MIXED = LXC_AUTO_CGROUP_FULL_RO |
292 LXC_AUTO_CGROUP_FULL_RW,
293
294 /*
295 * Mount a pure read-write cgroup2 layout in the container independent
296 * of the cgroup layout used on the host.
297 */
298 LXC_AUTO_CGROUP2_RW = BIT(8),
299 /*
300 * Mount a pure read-only cgroup2 layout in the container independent
301 * of the cgroup layout used on the host.
302 */
303 LXC_AUTO_CGROUP2_RO = BIT(9),
304
305 /*
306 * These are defined in such a way as to retain binary compatibility
307 * with earlier versions of this code. If the previous mask is applied,
308 * both of these will default back to the _MIXED variants, which is
309 * safe.
310 */
311 /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
312 LXC_AUTO_CGROUP_NOSPEC = 0x0B0,
313 /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
314 LXC_AUTO_CGROUP_FULL_NOSPEC = 0x0E0,
315 /* mount cgroups even when cgroup namespaces are supported */
316 LXC_AUTO_CGROUP_FORCE = BIT(10),
317 /* all known cgroup options */
318 LXC_AUTO_CGROUP_MASK = LXC_AUTO_CGROUP_MIXED |
319 LXC_AUTO_CGROUP_FULL_MIXED |
320 LXC_AUTO_CGROUP_NOSPEC |
321 LXC_AUTO_CGROUP_FULL_NOSPEC |
322 LXC_AUTO_CGROUP_FORCE |
323 LXC_AUTO_CGROUP2_RW |
324 LXC_AUTO_CGROUP2_RO,
325
326 /* shared mount point */
327 LXC_AUTO_SHMOUNTS = BIT(11),
328 /* shared mount point mask */
329 LXC_AUTO_SHMOUNTS_MASK = LXC_AUTO_SHMOUNTS,
330
331 /* all known settings */
332 LXC_AUTO_ALL_MASK = LXC_AUTO_PROC_MASK |
333 LXC_AUTO_SYS_MASK |
334 LXC_AUTO_CGROUP_MASK,
335 };
336
337 enum lxchooks {
338 LXCHOOK_PRESTART,
339 LXCHOOK_PREMOUNT,
340 LXCHOOK_MOUNT,
341 LXCHOOK_AUTODEV,
342 LXCHOOK_START,
343 LXCHOOK_STOP,
344 LXCHOOK_POSTSTOP,
345 LXCHOOK_CLONE,
346 LXCHOOK_DESTROY,
347 LXCHOOK_START_HOST,
348 NUM_LXC_HOOKS
349 };
350
351 __hidden extern char *lxchook_names[NUM_LXC_HOOKS];
352
353 struct lxc_state_client {
354 int clientfd;
355 lxc_state_t states[MAX_STATE];
356 struct list_head head;
357 };
358
359 typedef enum lxc_bpf_devices_rule_t {
360 LXC_BPF_DEVICE_CGROUP_ALLOWLIST = 0,
361 LXC_BPF_DEVICE_CGROUP_DENYLIST = 1,
362 } lxc_bpf_devices_rule_t;
363
364 struct device_item {
365 char type;
366 int major;
367 int minor;
368 char access[4];
369 int allow;
370 struct list_head head;
371 };
372
373 struct bpf_devices {
374 lxc_bpf_devices_rule_t list_type;
375 struct list_head devices;
376 };
377
378 struct timens_offsets {
379 /* Currently, either s_boot or ns_boot is set, but not both. */
380 int64_t s_boot;
381 int64_t ns_boot;
382
383 /* Currently, either s_monotonic or ns_monotonic is set, but not both. */
384 int64_t s_monotonic;
385 int64_t ns_monotonic;
386 };
387
388 struct environment_entry {
389 char *key;
390 char *val;
391 struct list_head head;
392 };
393
394 struct cap_entry {
395 char *cap_name;
396 __u32 cap;
397 struct list_head head;
398 };
399
400 struct caps {
401 int keep;
402 struct list_head list;
403 };
404
405 struct string_entry {
406 char *val;
407 struct list_head head;
408 };
409
410 struct lxc_conf {
411 /* Pointer to the name of the container. Do not free! */
412 const char *name;
413 bool is_execute;
414 int reboot;
415 personality_t personality;
416 struct utsname *utsname;
417
418 struct {
419 struct list_head cgroup;
420 struct list_head cgroup2;
421 struct bpf_devices bpf_devices;
422 };
423
424 struct {
425 struct list_head id_map;
426
427 /*
428 * Pointer to the idmap entry for the container's root uid in
429 * the id_map list. Do not free!
430 */
431 const struct id_map *root_nsuid_map;
432
433 /*
434 * Pointer to the idmap entry for the container's root gid in
435 * the id_map list. Do not free!
436 */
437 const struct id_map *root_nsgid_map;
438 };
439
440 struct list_head netdevs;
441
442 struct {
443 char *fstab;
444 int auto_mounts;
445 struct list_head mount_entries;
446 };
447
448 struct caps caps;
449
450 /* /dev/tty<idx> devices */
451 struct lxc_tty_info ttys;
452 /* /dev/console device */
453 struct lxc_terminal console;
454 /* maximum pty devices allowed by devpts mount */
455 size_t pty_max;
456 /* file descriptor for the container's /dev/pts mount */
457 int devpts_fd;
458
459 /* set to true when rootfs has been setup */
460 bool rootfs_setup;
461 struct lxc_rootfs rootfs;
462
463 bool close_all_fds;
464
465 struct {
466 unsigned int hooks_version;
467 struct list_head hooks[NUM_LXC_HOOKS];
468 };
469
470 char *lsm_aa_profile;
471 char *lsm_aa_profile_computed;
472 bool lsm_aa_profile_created;
473 unsigned int lsm_aa_allow_nesting;
474 unsigned int lsm_aa_allow_incomplete;
475 struct list_head lsm_aa_raw;
476 char *lsm_se_context;
477 char *lsm_se_keyring_context;
478 bool keyring_disable_session;
479 bool transient_procfs_mnt;
480 struct lxc_seccomp seccomp;
481 int maincmd_fd;
482 unsigned int autodev; /* if 1, mount and fill a /dev at start */
483 int autodevtmpfssize; /* size of the /dev tmpfs */
484 int haltsignal; /* signal used to halt container */
485 int rebootsignal; /* signal used to reboot container */
486 int stopsignal; /* signal used to hard stop container */
487 char *rcfile; /* Copy of the top level rcfile we read */
488
489 /* Logfile and loglevel can be set in a container config file. Those
490 * function as defaults. The defaults can be overridden by command line.
491 * However we don't want the command line specified values to be saved
492 * on c->save_config(). So we store the config file specified values
493 * here. */
494 char *logfile; /* the logfile as specified in config */
495 int loglevel; /* loglevel as specified in config (if any) */
496 int logfd;
497
498 unsigned int start_auto;
499 unsigned int start_delay;
500 int start_order;
501 struct list_head groups;
502 int nbd_idx;
503
504 /* unshare the mount namespace in the monitor */
505 unsigned int monitor_unshare;
506 unsigned int monitor_signal_pdeath;
507
508 /* list of environment variables we'll add to the container when
509 * started */
510 struct list_head environment;
511
512 /* text representation of the config file */
513 char *unexpanded_config;
514 size_t unexpanded_len;
515 size_t unexpanded_alloced;
516
517 /* default command for lxc-execute */
518 char *execute_cmd;
519
520 /* init command */
521 char *init_cmd;
522
523 /* The uid to use for the container. */
524 uid_t init_uid;
525 /* The gid to use for the container. */
526 gid_t init_gid;
527 /* The groups to use for the container. */
528 lxc_groups_t init_groups;
529
530 /* indicator if the container will be destroyed on shutdown */
531 unsigned int ephemeral;
532
533 /* The facility to pass to syslog. Let's users establish as what type of
534 * program liblxc is supposed to write to the syslog. */
535 char *syslog;
536
537 /* Whether PR_SET_NO_NEW_PRIVS will be set for the container. */
538 bool no_new_privs;
539
540 /* RLIMIT_* limits */
541 struct list_head limits;
542
543 /* Contains generic info about the cgroup configuration for this
544 * container. Note that struct lxc_cgroup contains a union. It is only
545 * valid to access the members of the anonymous "meta" struct within
546 * that union.
547 */
548 struct lxc_cgroup cgroup_meta;
549
550 struct {
551 int ns_clone;
552 int ns_keep;
553 char *ns_share[LXC_NS_MAX];
554 };
555
556 /* init working directory */
557 char *init_cwd;
558
559 /* A list of clients registered to be informed about a container state. */
560 struct list_head state_clients;
561
562 /* sysctls */
563 struct list_head sysctls;
564
565 /* procs */
566 struct list_head procs;
567
568 struct shmount {
569 /* Absolute path to the shared mount point on the host */
570 char *path_host;
571 /* Absolute path (in the container) to the shared mount point */
572 char *path_cont;
573 } shmount;
574
575 struct timens_offsets timens;
576
577 bool sched_core;
578 __u64 sched_core_cookie;
579 };
580
581 __hidden extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf, size_t buf_size)
582 __access_r(3, 4);
583
584 extern thread_local struct lxc_conf *current_config;
585
586 __hidden extern int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf, char *argv[]);
587 __hidden extern struct lxc_conf *lxc_conf_init(void);
588 __hidden extern void lxc_conf_free(struct lxc_conf *conf);
589 __hidden extern int lxc_storage_prepare(struct lxc_conf *conf);
590 __hidden extern int lxc_rootfs_prepare(struct lxc_conf *conf, bool userns);
591 __hidden extern void lxc_storage_put(struct lxc_conf *conf);
592 __hidden extern int lxc_rootfs_init(struct lxc_conf *conf, bool userns);
593 __hidden extern int lxc_rootfs_prepare_parent(struct lxc_handler *handler);
594 __hidden extern int lxc_idmapped_mounts_parent(struct lxc_handler *handler);
595 __hidden extern int lxc_map_ids(struct list_head *idmap, pid_t pid);
596 __hidden extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
597 __hidden extern void lxc_delete_tty(struct lxc_tty_info *ttys);
598 __hidden extern int lxc_clear_config_caps(struct lxc_conf *c);
599 __hidden extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version);
600 __hidden extern int lxc_clear_mount_entries(struct lxc_conf *c);
601 __hidden extern int lxc_clear_automounts(struct lxc_conf *c);
602 __hidden extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
603 __hidden extern int lxc_clear_idmaps(struct lxc_conf *c);
604 __hidden extern int lxc_clear_groups(struct lxc_conf *c);
605 __hidden extern int lxc_clear_environment(struct lxc_conf *c);
606 __hidden extern int lxc_clear_limits(struct lxc_conf *c, const char *key);
607 __hidden extern int lxc_delete_autodev(struct lxc_handler *handler);
608 __hidden extern int lxc_clear_autodev_tmpfs_size(struct lxc_conf *c);
609 __hidden extern int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name,
610 const char *lxcpath);
611 __hidden extern int lxc_setup(struct lxc_handler *handler);
612 __hidden extern int lxc_setup_parent(struct lxc_handler *handler);
613 __hidden extern int setup_resource_limits(struct lxc_conf *conf, pid_t pid);
614 __hidden extern int find_unmapped_nsid(const struct lxc_conf *conf, enum idtype idtype);
615 __hidden extern int mapped_hostid(unsigned id, const struct lxc_conf *conf, enum idtype idtype);
616 __hidden extern int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), void *data,
617 const char *fn_name);
618 __hidden extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
619 const char *fn_name);
620 __hidden extern int parse_mntopts_legacy(const char *mntopts, unsigned long *mntflags, char **mntdata);
621 __hidden extern int parse_propagationopts(const char *mntopts, unsigned long *pflags);
622 __hidden extern int parse_lxc_mount_attrs(struct lxc_mount_options *opts, char *mnt_opts);
623 __hidden extern int parse_mount_attrs(struct lxc_mount_options *opts, const char *mntopts);
624 __hidden extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
625 __hidden extern void suggest_default_idmap(void);
626 __hidden extern FILE *make_anonymous_mount_file(const struct list_head *mount,
627 bool include_nesting_helpers);
628 __hidden extern int run_script(const char *name, const char *section, const char *script, ...);
629 __hidden extern int run_script_argv(const char *name, unsigned int hook_version, const char *section,
630 const char *script, const char *hookname, char **argsin);
631
632 __hidden extern bool has_cap(__u32 cap, struct lxc_conf *conf);
633 static inline bool lxc_wants_cap(__u32 cap, struct lxc_conf *conf)
634 {
635 __u32 last_cap;
636 int ret;
637
638 ret = lxc_caps_last_cap(&last_cap);
639 if (ret)
640 return false;
641
642 if (last_cap < cap)
643 return false;
644
645 return has_cap(cap, conf);
646 }
647
648 __hidden extern int setup_sysctl_parameters(struct lxc_conf *conf);
649 __hidden extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
650 __hidden extern int setup_proc_filesystem(struct lxc_conf *conf, pid_t pid);
651 __hidden extern int lxc_clear_procs(struct lxc_conf *c, const char *key);
652 __hidden extern int lxc_clear_apparmor_raw(struct lxc_conf *c);
653 __hidden extern int lxc_clear_namespace(struct lxc_conf *c);
654 __hidden extern int userns_exec_minimal(const struct lxc_conf *conf, int (*fn_parent)(void *),
655 void *fn_parent_data, int (*fn_child)(void *),
656 void *fn_child_data);
657 __hidden extern int userns_exec_mapped_root(const char *path, int path_fd,
658 const struct lxc_conf *conf);
659 static inline int chown_mapped_root(const char *path, const struct lxc_conf *conf)
660 {
661 return userns_exec_mapped_root(path, -EBADF, conf);
662 }
663
664 __hidden extern int lxc_sync_fds_parent(struct lxc_handler *handler);
665 __hidden extern int lxc_sync_fds_child(struct lxc_handler *handler);
666
667 static inline const char *get_rootfs_mnt(const struct lxc_rootfs *rootfs)
668 {
669 static const char *s = "/";
670
671 return !is_empty_string(rootfs->path) ? rootfs->mount : s;
672 }
673
674 static inline void put_lxc_mount_options(struct lxc_mount_options *mnt_opts)
675 {
676 mnt_opts->create_dir = 0;
677 mnt_opts->create_file = 0;
678 mnt_opts->optional = 0;
679 mnt_opts->relative = 0;
680 mnt_opts->userns_path[0] = '\0';
681 mnt_opts->mnt_flags = 0;
682 mnt_opts->prop_flags = 0;
683
684 free_disarm(mnt_opts->data);
685 free_disarm(mnt_opts->raw_options);
686 }
687
688 static inline void put_lxc_rootfs(struct lxc_rootfs *rootfs, bool unpin)
689 {
690 if (rootfs) {
691 close_prot_errno_disarm(rootfs->dfd_host);
692 close_prot_errno_disarm(rootfs->dfd_mnt);
693 close_prot_errno_disarm(rootfs->dfd_dev);
694 if (unpin)
695 close_prot_errno_disarm(rootfs->fd_path_pin);
696 close_prot_errno_disarm(rootfs->dfd_idmapped);
697 put_lxc_mount_options(&rootfs->mnt_opts);
698 storage_put(rootfs->storage);
699 rootfs->storage = NULL;
700 }
701 }
702
703 static inline void lxc_clear_cgroup2_devices(struct bpf_devices *bpf_devices)
704 {
705 struct device_item *device, *n;
706
707 list_for_each_entry_safe(device, n, &bpf_devices->devices, head)
708 list_del(&device->head);
709
710 INIT_LIST_HEAD(&bpf_devices->devices);
711 }
712
713 static inline int lxc_personality(personality_t persona)
714 {
715 if (persona < 0)
716 return ret_errno(EINVAL);
717
718 return personality(persona);
719 }
720
721 __hidden extern int lxc_set_environment(const struct lxc_conf *conf);
722 __hidden extern int parse_cap(const char *cap_name, __u32 *cap);
723
724 #endif /* __LXC_CONF_H */
LXC mirror