-/*! \file
- *
- * liblxcapi
- *
- * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2012 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_CONTAINER_H
#define __LXC_CONTAINER_H
#include <lxc/attach_options.h>
-#if HAVE_DECL_SECCOMP_NOTIF_GET_FD
-#include <seccomp.h>
-#endif
-
#ifdef __cplusplus
extern "C" {
#endif
int version;
};
-enum {
- LXC_SECCOMP_NOTIFY_GET_FD = 0,
- LXC_SECCOMP_NOTIFY_MAX,
-};
-
-#if HAVE_DECL_SECCOMP_NOTIF_GET_FD
-struct seccomp_notify_proxy_msg {
- uint32_t version;
- struct seccomp_notif req;
- struct seccomp_notif_resp resp;
- pid_t monitor_pid;
- pid_t init_pid;
-};
-#endif
-
/*!
* An LXC container.
*
* \private
* Container configuration.
*
- * \internal FIXME: do we want the whole lxc_handler?
+ * \internal TODO: do we want the whole lxc_handler?
*/
struct lxc_conf *lxc_conf;
/*!
* \brief Change whether the container wishes all file descriptors
- * to be closed on startup.
+ * to be closed on startup. The LISTEN_FDS environment variable
+ * can be set to keep inherited file descriptors open.
*
* \param c Container.
* \param state Value for the close_all_fds bit (0 or 1).
* \param c Container.
* \param[in,out] ttynum Terminal number to attempt to allocate,
* or \c -1 to allocate the first available tty.
- * \param[out] masterfd File descriptor referring to the master side of the pty.
+ * \param[out] ptxfd File descriptor referring to the ptx side of the pty.
*
* \return tty file descriptor number on success, or \c -1 on
* failure.
* descriptor when no longer required so that it may be allocated
* by another caller.
*/
- int (*console_getfd)(struct lxc_container *c, int *ttynum, int *masterfd);
+ int (*console_getfd)(struct lxc_container *c, int *ttynum, int *ptxfd);
/*!
* \brief Allocate and run a console tty.
int (*umount)(struct lxc_container *c, const char *target,
unsigned long mountflags, struct lxc_mount *mnt);
- int (*seccomp_notify)(struct lxc_container *c, unsigned int cmd, int fd);
+ /*!
+ * \brief Retrieve a file descriptor for the container's seccomp filter.
+ *
+ * \param c Container
+ *
+ * \return file descriptor for container's seccomp filter
+ */
+ int (*seccomp_notify_fd)(struct lxc_container *c);
+
+ /*!
+ * \brief Retrieve a file descriptor for the running container's seccomp filter.
+ *
+ * \param c Container
+ *
+ * \return file descriptor for the running container's seccomp filter
+ */
+ int (*seccomp_notify_fd_active)(struct lxc_container *c);
+
+ /*!
+ * \brief Retrieve a pidfd for the container's init process.
+ *
+ * \param c Container.
+ *
+ * \return pidfd of init process of the container.
+ */
+ int (*init_pidfd)(struct lxc_container *c);
+
+ /*!
+ * \brief Retrieve a mount fd for the container's devpts instance.
+ *
+ * \param c Container.
+ *
+ * \return Mount fd of the container's devpts instance.
+ */
+ int (*devpts_fd)(struct lxc_container *c);
};
/*!