*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef _conf_h
#define _conf_h
char *pivot;
};
+/*
+ * Automatic mounts for LXC to perform inside the container
+ */
+enum {
+ LXC_AUTO_PROC = 0x01, /* /proc */
+ LXC_AUTO_SYS = 0x02, /* /sys*/
+ LXC_AUTO_CGROUP = 0x04, /* /sys/fs/cgroup */
+ LXC_AUTO_PROC_SYSRQ = 0x08, /* /proc/sysrq-trigger over-bind-mounted with /dev/null */
+};
+
/*
* Defines the global container configuration
* @rootfs : root directory to run the container
* @network : network configuration
* @utsname : container utsname
* @fstab : path to a fstab file format
- * @caps : list of the capabilities
+ * @caps : list of the capabilities to drop
+ * @keepcaps : list of the capabilities to keep
* @tty_info : tty data
* @console : console data
* @ttydir : directory (under /dev) in which to create console and ttys
-#if HAVE_APPARMOR
- * @aa_profile : apparmor profile to switch to
-#endif
+ * @lsm_aa_profile : apparmor profile to switch to or NULL
+ * @lsm_se_context : selinux type to switch to or NULL
*/
enum lxchooks {
LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
struct lxc_list network;
struct saved_nic *saved_nics;
int num_savednics;
+ int auto_mounts;
struct lxc_list mount_list;
struct lxc_list caps;
+ struct lxc_list keepcaps;
struct lxc_tty_info tty_info;
struct lxc_console console;
struct lxc_rootfs rootfs;
char *ttydir;
int close_all_fds;
struct lxc_list hooks[NUM_LXC_HOOKS];
-#if HAVE_APPARMOR
- char *aa_profile;
-#endif
-#if HAVE_APPARMOR /* || HAVE_SELINUX || HAVE_SMACK */
+ char *lsm_aa_profile;
+ char *lsm_se_context;
int lsm_umount_proc;
-#endif
char *seccomp; // filename with the seccomp rules
#if HAVE_SCMP_FILTER_CTX
scmp_filter_ctx *seccomp_ctx;
int stopsignal; // signal used to stop container
int kmsg; // if 1, create /dev/kmsg symlink
char *rcfile; // Copy of the top level rcfile we read
+
+ // Logfile and logleve can be set in a container config file.
+ // Those function as defaults. The defaults can be overriden
+ // by command line. However we don't want the command line
+ // specified values to be saved on c->save_config(). So we
+ // store the config file specified values here.
+ char *logfile; // the logfile as specifed in config
+ int loglevel; // loglevel as specifed in config (if any)
};
int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
const char *lxcpath, char *argv[]);
-extern int setup_cgroup(const char *cgpath, struct lxc_list *cgroups);
-extern int setup_cgroup_devices(const char *cgpath, struct lxc_list *cgroups);
extern int detect_shared_rootfs(void);
/*
extern int lxc_clear_config_network(struct lxc_conf *c);
extern int lxc_clear_nic(struct lxc_conf *c, const char *key);
extern int lxc_clear_config_caps(struct lxc_conf *c);
+extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
extern int lxc_clear_mount_entries(struct lxc_conf *c);
extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
* Configure the container from inside
*/
+struct cgroup_process_info;
extern int lxc_setup(const char *name, struct lxc_conf *lxc_conf,
- const char *lxcpath);
+ const char *lxcpath, struct cgroup_process_info *cgroup_info);
extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
#endif
projects / mirror_lxc.git / blobdiff