* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
-#ifndef _conf_h
-#define _conf_h
+#ifndef __LXC_CONF_H
+#define __LXC_CONF_H
#include "config.h"
#include <sys/types.h>
#include <stdbool.h>
-#include <lxc/list.h>
-
-#include <lxc/start.h> /* for lxc_handler */
+#include "list.h"
+#include "start.h" /* for lxc_handler */
#if HAVE_SCMP_FILTER_CTX
typedef void * scmp_filter_ctx;
LXC_NET_MACVLAN,
LXC_NET_PHYS,
LXC_NET_VLAN,
+ LXC_NET_NONE,
LXC_NET_MAXCONFTYPE,
};
};
struct ifla_vlan {
- uint flags;
- uint fmask;
+ unsigned int flags;
+ unsigned int fmask;
unsigned short vid;
unsigned short pad;
};
char *path;
char *mount;
char *pivot;
+ char *options;
};
/*
* Automatic mounts for LXC to perform inside the container
*/
enum {
- LXC_AUTO_PROC = 0x01, /* /proc */
- LXC_AUTO_SYS = 0x02, /* /sys*/
- LXC_AUTO_CGROUP = 0x04, /* /sys/fs/cgroup */
- LXC_AUTO_PROC_SYSRQ = 0x08, /* /proc/sysrq-trigger over-bind-mounted with /dev/null */
+ LXC_AUTO_PROC_RW = 0x001, /* /proc read-write */
+ LXC_AUTO_PROC_MIXED = 0x002, /* /proc/sys and /proc/sysrq-trigger read-only */
+ LXC_AUTO_PROC_MASK = 0x003,
+
+ LXC_AUTO_SYS_RW = 0x004, /* /sys */
+ LXC_AUTO_SYS_RO = 0x008, /* /sys read-only */
+ LXC_AUTO_SYS_MASK = 0x00C,
+
+ LXC_AUTO_CGROUP_RO = 0x010, /* /sys/fs/cgroup (partial mount, read-only) */
+ LXC_AUTO_CGROUP_RW = 0x020, /* /sys/fs/cgroup (partial mount, read-write) */
+ LXC_AUTO_CGROUP_MIXED = 0x030, /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
+ LXC_AUTO_CGROUP_FULL_RO = 0x040, /* /sys/fs/cgroup (full mount, read-only) */
+ LXC_AUTO_CGROUP_FULL_RW = 0x050, /* /sys/fs/cgroup (full mount, read-write) */
+ LXC_AUTO_CGROUP_FULL_MIXED = 0x060, /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
+ /* These are defined in such a way as to retain
+ * binary compatibility with earlier versions of
+ * this code. If the previous mask is applied,
+ * both of these will default back to the _MIXED
+ * variants, which is safe. */
+ LXC_AUTO_CGROUP_NOSPEC = 0x0B0, /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
+ LXC_AUTO_CGROUP_FULL_NOSPEC = 0x0E0, /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
+ LXC_AUTO_CGROUP_MASK = 0x0F0,
+
+ LXC_AUTO_ALL_MASK = 0x0FF, /* all known settings */
};
/*
char *lsm_aa_profile;
char *lsm_se_context;
- int lsm_umount_proc;
+ int tmp_umount_proc;
char *seccomp; // filename with the seccomp rules
#if HAVE_SCMP_FILTER_CTX
scmp_filter_ctx *seccomp_ctx;
#endif
int maincmd_fd;
int autodev; // if 1, mount and fill a /dev at start
- int stopsignal; // signal used to stop container
+ int haltsignal; // signal used to halt container
+ int stopsignal; // signal used to hard stop container
int kmsg; // if 1, create /dev/kmsg symlink
char *rcfile; // Copy of the top level rcfile we read
// store the config file specified values here.
char *logfile; // the logfile as specifed in config
int loglevel; // loglevel as specifed in config (if any)
+
+ int inherit_ns_fd[LXC_NS_MAX];
+
+ int start_auto;
+ int start_delay;
+ int start_order;
+ struct lxc_list groups;
};
int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
extern int pin_rootfs(const char *rootfs);
+extern int lxc_requests_empty_network(struct lxc_handler *handler);
extern int lxc_create_network(struct lxc_handler *handler);
extern void lxc_delete_network(struct lxc_handler *handler);
extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
extern int lxc_clear_mount_entries(struct lxc_conf *c);
+extern int lxc_clear_automounts(struct lxc_conf *c);
extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
-
-extern int uid_shift_ttys(int pid, struct lxc_conf *conf);
+extern int lxc_clear_idmaps(struct lxc_conf *c);
+extern int lxc_clear_groups(struct lxc_conf *c);
/*
* Configure the container from inside
*/
struct cgroup_process_info;
-extern int lxc_setup(const char *name, struct lxc_conf *lxc_conf,
- const char *lxcpath, struct cgroup_process_info *cgroup_info);
-
-extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
+extern int lxc_setup(struct lxc_handler *handler);
+
+extern void lxc_rename_phys_nics_on_shutdown(int netnsfd, struct lxc_conf *conf);
+
+extern int find_unmapped_nsuid(struct lxc_conf *conf, enum idtype idtype);
+extern int mapped_hostid(unsigned id, struct lxc_conf *conf, enum idtype idtype);
+extern int chown_mapped_root(char *path, struct lxc_conf *conf);
+extern int ttys_shift_ids(struct lxc_conf *c);
+extern int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data);
+extern int parse_mntopts(const char *mntopts, unsigned long *mntflags,
+ char **mntdata);
+extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
#endif