#include "config.h"
#include <stdio.h>
-#include <netinet/in.h>
#include <net/if.h>
+#include <netinet/in.h>
#include <sys/param.h>
#include <sys/types.h>
#if HAVE_SYS_RESOURCE_H
#include <stdbool.h>
#include "list.h"
+#include "ringbuf.h"
#include "start.h" /* for lxc_handler */
#if HAVE_SCMP_FILTER_CTX
#define subuidfile "/etc/subuid"
#define subgidfile "/etc/subgid"
-enum {
- LXC_NET_EMPTY,
- LXC_NET_VETH,
- LXC_NET_MACVLAN,
- LXC_NET_PHYS,
- LXC_NET_VLAN,
- LXC_NET_NONE,
- LXC_NET_MAXCONFTYPE,
-};
-
-/*
- * Defines the structure to configure an ipv4 address
- * @address : ipv4 address
- * @broadcast : ipv4 broadcast address
- * @mask : network mask
- */
-struct lxc_inetdev {
- struct in_addr addr;
- struct in_addr bcast;
- unsigned int prefix;
-};
-
-struct lxc_route {
- struct in_addr addr;
-};
-
/*
- * Defines the structure to configure an ipv6 address
- * @flags : set the address up
- * @address : ipv6 address
- * @broadcast : ipv6 broadcast address
- * @mask : network mask
- */
-struct lxc_inet6dev {
- struct in6_addr addr;
- struct in6_addr mcast;
- struct in6_addr acast;
- unsigned int prefix;
-};
-
-struct lxc_route6 {
- struct in6_addr addr;
-};
-
-struct ifla_veth {
- char *pair; /* pair name */
- char veth1[IFNAMSIZ]; /* needed for deconf */
-};
-
-struct ifla_vlan {
- unsigned int flags;
- unsigned int fmask;
- unsigned short vid;
- unsigned short pad;
-};
-
-struct ifla_macvlan {
- int mode; /* private, vepa, bridge, passthru */
-};
-
-union netdev_p {
- struct ifla_veth veth_attr;
- struct ifla_vlan vlan_attr;
- struct ifla_macvlan macvlan_attr;
-};
-
-/*
- * Defines a structure to configure a network device
- * @link : lxc.net.[i].link, name of bridge or host iface to attach if any
- * @name : lxc.net.[i].name, name of iface on the container side
- * @flags : flag of the network device (IFF_UP, ... )
- * @ipv4 : a list of ipv4 addresses to be set on the network device
- * @ipv6 : a list of ipv6 addresses to be set on the network device
- * @upscript : a script filename to be executed during interface configuration
- * @downscript : a script filename to be executed during interface destruction
- * @idx : network counter
- */
-struct lxc_netdev {
- ssize_t idx;
- int type;
- int flags;
- int ifindex;
- char *link;
- char *name;
- char *hwaddr;
- char *mtu;
- union netdev_p priv;
- struct lxc_list ipv4;
- struct lxc_list ipv6;
- struct in_addr *ipv4_gateway;
- bool ipv4_gateway_auto;
- struct in6_addr *ipv6_gateway;
- bool ipv6_gateway_auto;
- char *upscript;
- char *downscript;
-};
-
-/*
- * Defines a generic struct to configure the control group.
- * It is up to the programmer to specify the right subsystem.
+ * Defines a generic struct to configure the control group. It is up to the
+ * programmer to specify the right subsystem.
* @subsystem : the targeted subsystem
* @value : the value to set
+ *
+ * @controllers : The controllers to use for this container.
+ * @dir : The name of the directory containing the container's cgroup.
+ * Not that this is a per-container setting.
*/
struct lxc_cgroup {
- char *subsystem;
- char *value;
+ union {
+ /* information about a specific controller */
+ struct /* controller */ {
+ char *subsystem;
+ char *value;
+ };
+
+ /* meta information about cgroup configuration */
+ struct /* meta */ {
+ char *controllers;
+ char *dir;
+ };
+ };
};
#if !HAVE_SYS_RESOURCE_H
ID_TYPE_GID
};
+/*
+ * Defines a structure to configure kernel parameters at runtime.
+ * @key : the kernel parameters will be configured without the "lxc.sysctl" prefix
+ * @value : the value to set
+ */
+struct lxc_sysctl {
+ char *key;
+ char *value;
+};
+
+/*
+ * Defines a structure to configure proc filesystem at runtime.
+ * @filename : the proc filesystem will be configured without the "lxc.proc" prefix
+ * @value : the value to set
+ */
+struct lxc_proc {
+ char *filename;
+ char *value;
+};
+
/*
* id_map is an id map entry. Form in confile is:
- * lxc.id_map = u 0 9800 100
- * lxc.id_map = u 1000 9900 100
- * lxc.id_map = g 0 9800 100
- * lxc.id_map = g 1000 9900 100
+ * lxc.idmap = u 0 9800 100
+ * lxc.idmap = u 1000 9900 100
+ * lxc.idmap = g 0 9800 100
+ * lxc.idmap = g 1000 9900 100
* meaning the container can use uids and gids 0-99 and 1000-1099,
* with [ug]id 0 mapping to [ug]id 9800 on the host, and [ug]id 1000 to
* [ug]id 9900 on the host.
char *path;
char *log_path;
int log_fd;
+ unsigned int log_rotate;
char name[MAXPATHLEN];
struct termios *tios;
struct lxc_tty_state *tty_state;
+
+ /* size of the ringbuffer */
+ uint64_t buffer_size;
+
+ /* path to the log file for the ringbuffer */
+ char *buffer_log_file;
+
+ /* fd to the log file for the ringbuffer */
+ int buffer_log_file_fd;
+
+ /* the in-memory ringbuffer */
+ struct lxc_ringbuf ringbuf;
};
/*
* @lsm_se_context : selinux type to switch to or NULL
*/
enum lxchooks {
- LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
- LXCHOOK_START, LXCHOOK_STOP, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, LXCHOOK_DESTROY,
- NUM_LXC_HOOKS};
+ LXCHOOK_PRESTART,
+ LXCHOOK_PREMOUNT,
+ LXCHOOK_MOUNT,
+ LXCHOOK_AUTODEV,
+ LXCHOOK_START,
+ LXCHOOK_STOP,
+ LXCHOOK_POSTSTOP,
+ LXCHOOK_CLONE,
+ LXCHOOK_DESTROY,
+ LXCHOOK_START_HOST,
+ NUM_LXC_HOOKS
+};
+
extern char *lxchook_names[NUM_LXC_HOOKS];
-struct saved_nic {
- int ifindex;
- char *orig_name;
+struct lxc_state_client {
+ int clientfd;
+ lxc_state_t states[MAX_STATE];
};
struct lxc_conf {
signed long personality;
struct utsname *utsname;
struct lxc_list cgroup;
- struct lxc_list id_map;
+ struct {
+ struct lxc_list id_map;
+
+ /* Pointer to the idmap entry for the container's root uid in
+ * the id_map list. Do not free! */
+ struct id_map *root_nsuid_map;
+
+ /* Pointer to the idmap entry for the container's root gid in
+ * the id_map list. Do not free! */
+ struct id_map *root_nsgid_map;
+ };
struct lxc_list network;
- struct saved_nic *saved_nics;
- int num_savednics;
int auto_mounts;
struct lxc_list mount_list;
struct lxc_list caps;
struct lxc_rootfs rootfs;
char *ttydir;
int close_all_fds;
- struct lxc_list hooks[NUM_LXC_HOOKS];
+
+ struct {
+ unsigned int hooks_version;
+ struct lxc_list hooks[NUM_LXC_HOOKS];
+ };
char *lsm_aa_profile;
unsigned int lsm_aa_allow_incomplete;
char *lsm_se_context;
int tmp_umount_proc;
- char *seccomp; // filename with the seccomp rules
+ char *seccomp; /* filename with the seccomp rules */
#if HAVE_SCMP_FILTER_CTX
scmp_filter_ctx seccomp_ctx;
#endif
int maincmd_fd;
- unsigned int autodev; // if 1, mount and fill a /dev at start
- int haltsignal; // signal used to halt container
- int rebootsignal; // signal used to reboot container
- int stopsignal; // signal used to hard stop container
- char *rcfile; // Copy of the top level rcfile we read
-
- // Logfile and logleve can be set in a container config file.
- // Those function as defaults. The defaults can be overriden
- // by command line. However we don't want the command line
- // specified values to be saved on c->save_config(). So we
- // store the config file specified values here.
- char *logfile; // the logfile as specifed in config
- int loglevel; // loglevel as specifed in config (if any)
+ unsigned int autodev; /* if 1, mount and fill a /dev at start */
+ int haltsignal; /* signal used to halt container */
+ int rebootsignal; /* signal used to reboot container */
+ int stopsignal; /* signal used to hard stop container */
+ char *rcfile; /* Copy of the top level rcfile we read */
+
+ /* Logfile and logleve can be set in a container config file. Those
+ * function as defaults. The defaults can be overriden by command line.
+ * However we don't want the command line specified values to be saved
+ * on c->save_config(). So we store the config file specified values
+ * here. */
+ char *logfile; /* the logfile as specifed in config */
+ int loglevel; /* loglevel as specifed in config (if any) */
int logfd;
- int inherit_ns_fd[LXC_NS_MAX];
-
unsigned int start_auto;
unsigned int start_delay;
int start_order;
char *unexpanded_config;
size_t unexpanded_len, unexpanded_alloced;
+ /* default command for lxc-execute */
+ char *execute_cmd;
+
/* init command */
char *init_cmd;
/* RLIMIT_* limits */
struct lxc_list limits;
+
+ /* REMOVE IN LXC 3.0
+ * Indicator whether the current config file we're using contained any
+ * legacy configuration keys.
+ */
+ bool contains_legacy_key;
+
+ /* Contains generic info about the cgroup configuration for this
+ * container. Note that struct lxc_cgroup contains a union. It is only
+ * valid to access the members of the anonymous "meta" struct within
+ * that union.
+ */
+ struct lxc_cgroup cgroup_meta;
+
+ char *inherit_ns[LXC_NS_MAX];
+
+ /* init working directory */
+ char *init_cwd;
+
+ /* A list of clients registered to be informed about a container state. */
+ struct lxc_list state_clients;
+
+ /* sysctls */
+ struct lxc_list sysctls;
+
+ /* procs */
+ struct lxc_list procs;
};
+extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
+ size_t buf_size);
+
#ifdef HAVE_TLS
extern __thread struct lxc_conf *current_config;
#else
extern struct lxc_conf *current_config;
#endif
-int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
- const char *lxcpath, char *argv[]);
-
+extern int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
+ char *argv[]);
extern int detect_shared_rootfs(void);
-
-/*
- * Initialize the lxc configuration structure
- */
extern struct lxc_conf *lxc_conf_init(void);
extern void lxc_conf_free(struct lxc_conf *conf);
-
extern int pin_rootfs(const char *rootfs);
-
-extern int lxc_requests_empty_network(struct lxc_handler *handler);
-extern int lxc_setup_networks_in_parent_namespaces(struct lxc_handler *handler);
-extern bool lxc_delete_network(struct lxc_handler *handler);
-extern int lxc_assign_network(const char *lxcpath, char *lxcname,
- struct lxc_list *networks, pid_t pid);
extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
-extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
-
extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
-
extern int lxc_clear_config_caps(struct lxc_conf *c);
extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
extern int lxc_clear_limits(struct lxc_conf *c, const char *key);
extern int lxc_delete_autodev(struct lxc_handler *handler);
extern void lxc_clear_includes(struct lxc_conf *conf);
-
extern int do_rootfs_setup(struct lxc_conf *conf, const char *name,
const char *lxcpath);
-
-/*
- * Configure the container from inside
- */
-
-struct cgroup_process_info;
extern int lxc_setup(struct lxc_handler *handler);
-
+extern int lxc_setup_parent(struct lxc_handler *handler);
extern int setup_resource_limits(struct lxc_list *limits, pid_t pid);
-
-extern void lxc_restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf);
-
extern int find_unmapped_nsid(struct lxc_conf *conf, enum idtype idtype);
-extern int mapped_hostid(unsigned id, struct lxc_conf *conf, enum idtype idtype);
-extern int chown_mapped_root(char *path, struct lxc_conf *conf);
+extern int mapped_hostid(unsigned id, struct lxc_conf *conf,
+ enum idtype idtype);
+extern int chown_mapped_root(const char *path, struct lxc_conf *conf);
extern int lxc_ttys_shift_ids(struct lxc_conf *c);
extern int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data,
const char *fn_name);
+extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *),
+ void *data, const char *fn_name);
extern int parse_mntopts(const char *mntopts, unsigned long *mntflags,
char **mntdata);
extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
-void remount_all_slave(void);
+extern void remount_all_slave(void);
extern void suggest_default_idmap(void);
-FILE *make_anonymous_mount_file(struct lxc_list *mount);
-struct lxc_list *sort_cgroup_settings(struct lxc_list* cgroup_settings);
-unsigned long add_required_remount_flags(const char *s, const char *d,
- unsigned long flags);
-
-#endif
+extern FILE *make_anonymous_mount_file(struct lxc_list *mount);
+extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
+extern unsigned long add_required_remount_flags(const char *s, const char *d,
+ unsigned long flags);
+extern int run_script(const char *name, const char *section, const char *script,
+ ...);
+extern int run_script_argv(const char *name, unsigned int hook_version,
+ const char *section, const char *script,
+ const char *hookname, char **argsin);
+extern int in_caplist(int cap, struct lxc_list *caps);
+extern int setup_sysctl_parameters(struct lxc_list *sysctls);
+extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
+extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid);
+extern int lxc_clear_procs(struct lxc_conf *c, const char *key);
+
+#endif /* __LXC_CONF_H */