X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=src%2Flxc%2Fconf.h;h=72441538e89ccea23f942d218e94badf6c05897c;hb=b98318f4c29b9177b82478c4825808b4a3a28134;hp=b7ddf1d3f434dedf95847115dfa113780cfcb368;hpb=389c46753ba4a8bf446575cc6e2ab508309bd9b2;p=mirror_lxc.git

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index b7ddf1d3f..72441538e 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -23,21 +23,28 @@
 #ifndef __LXC_CONF_H
 #define __LXC_CONF_H
 
-#include "config.h"
-
-#include <stdio.h>
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+#include <linux/magic.h>
 #include <net/if.h>
 #include <netinet/in.h>
+#include <stdbool.h>
+#include <stdio.h>
 #include <sys/param.h>
 #include <sys/types.h>
-#if HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#include <stdbool.h>
+#include <sys/vfs.h>
 
+#include "compiler.h"
+#include "config.h"
 #include "list.h"
 #include "ringbuf.h"
-#include "start.h" /* for lxc_handler */
+#include "start.h"
+#include "terminal.h"
+
+#if HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
 
 #if HAVE_SCMP_FILTER_CTX
 typedef void * scmp_filter_ctx;
@@ -52,6 +59,8 @@ typedef void * scmp_filter_ctx;
  * programmer to specify the right subsystem.
  * @subsystem : the targeted subsystem
  * @value     : the value to set
+ * @version   : The version of the cgroup filesystem on which the controller
+ *              resides.
  *
  * @controllers : The controllers to use for this container.
  * @dir         : The name of the directory containing the container's cgroup.
@@ -61,6 +70,7 @@ struct lxc_cgroup {
 	union {
 		/* information about a specific controller */
 		struct /* controller */ {
+			int version;
 			char *subsystem;
 			char *value;
 		};
@@ -69,17 +79,19 @@ struct lxc_cgroup {
 		struct /* meta */ {
 			char *controllers;
 			char *dir;
+			bool relative;
 		};
 	};
 };
 
 #if !HAVE_SYS_RESOURCE_H
-# define RLIM_INFINITY ((unsigned long)-1)
+#define RLIM_INFINITY ((unsigned long)-1)
 struct rlimit {
 	unsigned long rlim_cur;
 	unsigned long rlim_max;
 };
 #endif
+
 /*
  * Defines a structure to configure resource limits to set via setrlimit().
  * @resource : the resource name in lowercase without the RLIMIT_ prefix
@@ -130,128 +142,72 @@ struct id_map {
 	unsigned long hostid, nsid, range;
 };
 
-/*
- * Defines a structure containing a pty information for
- * virtualizing a tty
- * @name   : the path name of the slave pty side
- * @master : the file descriptor of the master
- * @slave  : the file descriptor of the slave
- */
-struct lxc_pty_info {
-	char name[MAXPATHLEN];
-	int master;
-	int slave;
-	int busy;
-};
-
-/*
- * Defines the number of tty configured and contains the
+/* Defines the number of tty configured and contains the
  * instantiated ptys
- * @nbtty = number of configured ttys
+ * @max = number of configured ttys
  */
 struct lxc_tty_info {
-	int nbtty;
-	struct lxc_pty_info *pty_info;
-};
-
-struct lxc_tty_state;
-
-/*
- * Defines the structure to store the console information
- * @peer   : the file descriptor put/get console traffic
- * @name   : the file name of the slave pty
- */
-struct lxc_console {
-	int slave;
-	int master;
-	int peer;
-	struct lxc_pty_info peerpty;
-	struct lxc_epoll_descr *descr;
-	char *path;
-	char *log_path;
-	int log_fd;
-	unsigned int log_rotate;
-	char name[MAXPATHLEN];
-	struct termios *tios;
-	struct lxc_tty_state *tty_state;
-
-	/* size of the ringbuffer */
-	uint64_t buffer_size;
-
-	/* path to the log file for the ringbuffer */
-	char *buffer_log_file;
-
-	/* fd to the log file for the ringbuffer */
-	int buffer_log_file_fd;
-
-	/* the in-memory ringbuffer */
-	struct lxc_ringbuf ringbuf;
+	size_t max;
+	char *dir;
+	char *tty_names;
+	struct lxc_terminal_info *tty;
 };
 
-/*
- * Defines a structure to store the rootfs location, the
+/* Defines a structure to store the rootfs location, the
  * optionals pivot_root, rootfs mount paths
  * @path       : the rootfs source (directory or device)
  * @mount      : where it is mounted
- * @options    : mount options
  * @bev_type   : optional backing store type
+ * @options    : mount options
+ * @mountflags : the portion of @options that are flags
+ * @data       : the portion of @options that are not flags
+ * @managed    : whether it is managed by LXC
  */
 struct lxc_rootfs {
 	char *path;
 	char *mount;
-	char *options;
 	char *bdev_type;
+	char *options;
+	unsigned long mountflags;
+	char *data;
+	bool managed;
 };
 
 /*
  * Automatic mounts for LXC to perform inside the container
  */
 enum {
-	LXC_AUTO_PROC_RW              = 0x001,   /* /proc read-write */
-	LXC_AUTO_PROC_MIXED           = 0x002,   /* /proc/sys and /proc/sysrq-trigger read-only */
+	LXC_AUTO_PROC_RW              = 0x001, /* /proc read-write */
+	LXC_AUTO_PROC_MIXED           = 0x002, /* /proc/sys and /proc/sysrq-trigger read-only */
 	LXC_AUTO_PROC_MASK            = 0x003,
 
-	LXC_AUTO_SYS_RW               = 0x004,   /* /sys */
-	LXC_AUTO_SYS_RO               = 0x008,   /* /sys read-only */
-	LXC_AUTO_SYS_MIXED            = 0x00C,   /* /sys read-only and /sys/class/net read-write */
+	LXC_AUTO_SYS_RW               = 0x004, /* /sys */
+	LXC_AUTO_SYS_RO               = 0x008, /* /sys read-only */
+	LXC_AUTO_SYS_MIXED            = 0x00C, /* /sys read-only and /sys/class/net read-write */
 	LXC_AUTO_SYS_MASK             = 0x00C,
 
-	LXC_AUTO_CGROUP_RO            = 0x010,   /* /sys/fs/cgroup (partial mount, read-only) */
-	LXC_AUTO_CGROUP_RW            = 0x020,   /* /sys/fs/cgroup (partial mount, read-write) */
-	LXC_AUTO_CGROUP_MIXED         = 0x030,   /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
-	LXC_AUTO_CGROUP_FULL_RO       = 0x040,   /* /sys/fs/cgroup (full mount, read-only) */
-	LXC_AUTO_CGROUP_FULL_RW       = 0x050,   /* /sys/fs/cgroup (full mount, read-write) */
-	LXC_AUTO_CGROUP_FULL_MIXED    = 0x060,   /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
-	/* These are defined in such a way as to retain
-	 * binary compatibility with earlier versions of
-	 * this code. If the previous mask is applied,
-	 * both of these will default back to the _MIXED
-	 * variants, which is safe. */
-	LXC_AUTO_CGROUP_NOSPEC        = 0x0B0,   /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
-	LXC_AUTO_CGROUP_FULL_NOSPEC   = 0x0E0,   /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
-	LXC_AUTO_CGROUP_MASK          = 0x0F0,
-
-	LXC_AUTO_ALL_MASK             = 0x0FF,   /* all known settings */
+	LXC_AUTO_CGROUP_RO            = 0x010, /* /sys/fs/cgroup (partial mount, read-only) */
+	LXC_AUTO_CGROUP_RW            = 0x020, /* /sys/fs/cgroup (partial mount, read-write) */
+	LXC_AUTO_CGROUP_MIXED         = 0x030, /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
+	LXC_AUTO_CGROUP_FULL_RO       = 0x040, /* /sys/fs/cgroup (full mount, read-only) */
+	LXC_AUTO_CGROUP_FULL_RW       = 0x050, /* /sys/fs/cgroup (full mount, read-write) */
+	LXC_AUTO_CGROUP_FULL_MIXED    = 0x060, /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
+	/*
+	 * These are defined in such a way as to retain binary compatibility
+	 * with earlier versions of this code. If the previous mask is applied,
+	 * both of these will default back to the _MIXED variants, which is
+	 * safe.
+	 */
+	LXC_AUTO_CGROUP_NOSPEC        = 0x0B0, /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
+	LXC_AUTO_CGROUP_FULL_NOSPEC   = 0x0E0, /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
+	LXC_AUTO_CGROUP_FORCE         = 0x100, /* mount cgroups even when cgroup namespaces are supported */
+	LXC_AUTO_CGROUP_MASK          = 0x1F0, /* all known cgroup options, doe not contain LXC_AUTO_CGROUP_FORCE */
+
+	LXC_AUTO_SHMOUNTS             = 0x200, /* shared mount point */
+	LXC_AUTO_SHMOUNTS_MASK        = 0x200, /* shared mount point mask */
+	LXC_AUTO_ALL_MASK             = 0x1FF, /* all known settings */
 };
 
-/*
- * Defines the global container configuration
- * @rootfs     : root directory to run the container
- * @mount      : list of mount points
- * @tty        : numbers of tty
- * @pts        : new pts instance
- * @mount_list : list of mount point (alternative to fstab file)
- * @network    : network configuration
- * @utsname    : container utsname
- * @fstab      : path to a fstab file format
- * @caps       : list of the capabilities to drop
- * @keepcaps   : list of the capabilities to keep
- * @tty_info   : tty data
- * @console    : console data
- * @ttydir     : directory (under /dev) in which to create console and ttys
- * @lsm_aa_profile : apparmor profile to switch to or NULL
- * @lsm_se_context : selinux type to switch to or NULL
- */
 enum lxchooks {
 	LXCHOOK_PRESTART,
 	LXCHOOK_PREMOUNT,
@@ -274,27 +230,57 @@ struct lxc_state_client {
 };
 
 struct lxc_conf {
-	int is_execute;
-	char *fstab;
-	unsigned int tty;
-	unsigned int pts;
+	/* Pointer to the name of the container. Do not free! */
+	const char *name;
+	bool is_execute;
 	int reboot;
 	signed long personality;
 	struct utsname *utsname;
-	struct lxc_list cgroup;
-	struct lxc_list id_map;
+
+	struct {
+		struct lxc_list cgroup;
+		struct lxc_list cgroup2;
+	};
+
+	struct {
+		struct lxc_list id_map;
+
+		/*
+		 * Pointer to the idmap entry for the container's root uid in
+		 * the id_map list. Do not free!
+		 */
+		const struct id_map *root_nsuid_map;
+
+		/*
+		 * Pointer to the idmap entry for the container's root gid in
+		 * the id_map list. Do not free!
+		 */
+		const struct id_map *root_nsgid_map;
+	};
+
 	struct lxc_list network;
-	int auto_mounts;
-	struct lxc_list mount_list;
+
+	struct {
+		char *fstab;
+		int auto_mounts;
+		struct lxc_list mount_list;
+	};
+
 	struct lxc_list caps;
 	struct lxc_list keepcaps;
-	struct lxc_tty_info tty_info;
-	/* Comma-separated list of lxc.tty.max pty names. */
-	char *pty_names;
-	struct lxc_console console;
+
+	/* /dev/tty<idx> devices */
+	struct lxc_tty_info ttys;
+	/* /dev/console device */
+	struct lxc_terminal console;
+	/* maximum pty devices allowed by devpts mount */
+	size_t pty_max;
+
+	/* set to true when rootfs has been setup */
+	bool rootfs_setup;
 	struct lxc_rootfs rootfs;
-	char *ttydir;
-	int close_all_fds;
+
+	bool close_all_fds;
 
 	struct {
 		unsigned int hooks_version;
@@ -302,9 +288,13 @@ struct lxc_conf {
 	};
 
 	char *lsm_aa_profile;
+	char *lsm_aa_profile_computed;
+	bool lsm_aa_profile_created;
+	unsigned int lsm_aa_allow_nesting;
 	unsigned int lsm_aa_allow_incomplete;
+	struct lxc_list lsm_aa_raw;
 	char *lsm_se_context;
-	int tmp_umount_proc;
+	bool tmp_umount_proc;
 	char *seccomp;  /* filename with the seccomp rules */
 #if HAVE_SCMP_FILTER_CTX
 	scmp_filter_ctx seccomp_ctx;
@@ -316,8 +306,8 @@ struct lxc_conf {
 	int stopsignal; /* signal used to hard stop container */
 	char *rcfile;	/* Copy of the top level rcfile we read */
 
-	/* Logfile and logleve can be set in a container config file. Those
-	 * function as defaults. The defaults can be overriden by command line.
+	/* Logfile and loglevel can be set in a container config file. Those
+	 * function as defaults. The defaults can be overridden by command line.
 	 * However we don't want the command line specified values to be saved
 	 * on c->save_config(). So we store the config file specified values
 	 * here. */
@@ -333,9 +323,7 @@ struct lxc_conf {
 
 	/* unshare the mount namespace in the monitor */
 	unsigned int monitor_unshare;
-
-	/* set to true when rootfs has been setup */
-	bool rootfs_setup;
+	unsigned int monitor_signal_pdeath;
 
 	/* list of included files */
 	struct lxc_list includes;
@@ -348,7 +336,8 @@ struct lxc_conf {
 
 	/* text representation of the config file */
 	char *unexpanded_config;
-	size_t unexpanded_len, unexpanded_alloced;
+	size_t unexpanded_len;
+	size_t unexpanded_alloced;
 
 	/* default command for lxc-execute */
 	char *execute_cmd;
@@ -374,12 +363,6 @@ struct lxc_conf {
 	/* RLIMIT_* limits */
 	struct lxc_list limits;
 
-	/* REMOVE IN LXC 3.0
-	 * Indicator whether the current config file we're using contained any
-	 * legacy configuration keys.
-	 */
-	bool contains_legacy_key;
-
 	/* Contains generic info about the cgroup configuration for this
 	 * container. Note that struct lxc_cgroup contains a union. It is only
 	 * valid to access the members of the anonymous "meta" struct within
@@ -387,7 +370,11 @@ struct lxc_conf {
 	 */
 	struct lxc_cgroup cgroup_meta;
 
-	char *inherit_ns[LXC_NS_MAX];
+	struct {
+		int ns_clone;
+		int ns_keep;
+		char *ns_share[LXC_NS_MAX];
+	};
 
 	/* init working directory */
 	char *init_cwd;
@@ -400,13 +387,20 @@ struct lxc_conf {
 
 	/* procs */
 	struct lxc_list procs;
+
+	struct shmount {
+		/* Absolute path to the shared mount point on the host */
+		char *path_host;
+		/* Absolute path (in the container) to the shared mount point */
+		char *path_cont;
+	} shmount;
 };
 
-int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
+extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
 			    size_t buf_size);
 
 #ifdef HAVE_TLS
-extern __thread struct lxc_conf *current_config;
+extern thread_local struct lxc_conf *current_config;
 #else
 extern struct lxc_conf *current_config;
 #endif
@@ -419,10 +413,10 @@ extern void lxc_conf_free(struct lxc_conf *conf);
 extern int pin_rootfs(const char *rootfs);
 extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
 extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
-extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
+extern void lxc_delete_tty(struct lxc_tty_info *ttys);
 extern int lxc_clear_config_caps(struct lxc_conf *c);
 extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
-extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key);
+extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version);
 extern int lxc_clear_mount_entries(struct lxc_conf *c);
 extern int lxc_clear_automounts(struct lxc_conf *c);
 extern int lxc_clear_hooks(struct lxc_conf *c, const char *key);
@@ -432,8 +426,8 @@ extern int lxc_clear_environment(struct lxc_conf *c);
 extern int lxc_clear_limits(struct lxc_conf *c, const char *key);
 extern int lxc_delete_autodev(struct lxc_handler *handler);
 extern void lxc_clear_includes(struct lxc_conf *conf);
-extern int do_rootfs_setup(struct lxc_conf *conf, const char *name,
-			   const char *lxcpath);
+extern int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf,
+					 const char *name, const char *lxcpath);
 extern int lxc_setup(struct lxc_handler *handler);
 extern int lxc_setup_parent(struct lxc_handler *handler);
 extern int setup_resource_limits(struct lxc_list *limits, pid_t pid);
@@ -441,17 +435,18 @@ extern int find_unmapped_nsid(struct lxc_conf *conf, enum idtype idtype);
 extern int mapped_hostid(unsigned id, struct lxc_conf *conf,
 			 enum idtype idtype);
 extern int chown_mapped_root(const char *path, struct lxc_conf *conf);
-extern int lxc_ttys_shift_ids(struct lxc_conf *c);
 extern int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data,
 			 const char *fn_name);
 extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *),
 			    void *data, const char *fn_name);
 extern int parse_mntopts(const char *mntopts, unsigned long *mntflags,
 			 char **mntdata);
+extern int parse_propagationopts(const char *mntopts, unsigned long *pflags);
 extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
 extern void remount_all_slave(void);
 extern void suggest_default_idmap(void);
-extern FILE *make_anonymous_mount_file(struct lxc_list *mount);
+extern FILE *make_anonymous_mount_file(struct lxc_list *mount,
+				       bool include_nesting_helpers);
 extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
 extern unsigned long add_required_remount_flags(const char *s, const char *d,
 						unsigned long flags);
@@ -465,5 +460,6 @@ extern int setup_sysctl_parameters(struct lxc_list *sysctls);
 extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
 extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid);
 extern int lxc_clear_procs(struct lxc_conf *c, const char *key);
+extern int lxc_clear_apparmor_raw(struct lxc_conf *c);
 
 #endif /* __LXC_CONF_H */