#ifndef __LXC_CONF_H
#define __LXC_CONF_H
-#include "config.h"
-
-#include <stdio.h>
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+#include <linux/magic.h>
#include <net/if.h>
#include <netinet/in.h>
+#include <stdbool.h>
+#include <stdio.h>
#include <sys/param.h>
#include <sys/types.h>
-#if HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#include <stdbool.h>
+#include <sys/vfs.h>
+#include "compiler.h"
+#include "config.h"
#include "list.h"
#include "ringbuf.h"
-#include "start.h" /* for lxc_handler */
+#include "start.h"
#include "terminal.h"
+#if HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
+
#if HAVE_SCMP_FILTER_CTX
typedef void * scmp_filter_ctx;
#endif
struct /* meta */ {
char *controllers;
char *dir;
+ bool relative;
};
};
};
* optionals pivot_root, rootfs mount paths
* @path : the rootfs source (directory or device)
* @mount : where it is mounted
- * @options : mount options
* @bev_type : optional backing store type
+ * @options : mount options
+ * @mountflags : the portion of @options that are flags
+ * @data : the portion of @options that are not flags
+ * @managed : whether it is managed by LXC
*/
struct lxc_rootfs {
char *path;
char *mount;
- char *options;
char *bdev_type;
+ char *options;
+ unsigned long mountflags;
+ char *data;
+ bool managed;
};
/*
LXC_AUTO_CGROUP_FULL_NOSPEC = 0x0E0, /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
LXC_AUTO_CGROUP_FORCE = 0x100, /* mount cgroups even when cgroup namespaces are supported */
LXC_AUTO_CGROUP_MASK = 0x1F0, /* all known cgroup options, doe not contain LXC_AUTO_CGROUP_FORCE */
+
+ LXC_AUTO_SHMOUNTS = 0x200, /* shared mount point */
+ LXC_AUTO_SHMOUNTS_MASK = 0x200, /* shared mount point mask */
LXC_AUTO_ALL_MASK = 0x1FF, /* all known settings */
};
* Pointer to the idmap entry for the container's root uid in
* the id_map list. Do not free!
*/
- struct id_map *root_nsuid_map;
+ const struct id_map *root_nsuid_map;
/*
* Pointer to the idmap entry for the container's root gid in
* the id_map list. Do not free!
*/
- struct id_map *root_nsgid_map;
+ const struct id_map *root_nsgid_map;
};
struct lxc_list network;
struct lxc_list caps;
struct lxc_list keepcaps;
- /* Comma-separated list of lxc.tty.max pty names. */
+ /* /dev/tty<idx> devices */
struct lxc_tty_info ttys;
+ /* /dev/console device */
+ struct lxc_terminal console;
+ /* maximum pty devices allowed by devpts mount */
size_t pty_max;
- struct lxc_terminal console;
+ /* set to true when rootfs has been setup */
+ bool rootfs_setup;
struct lxc_rootfs rootfs;
+
bool close_all_fds;
struct {
};
char *lsm_aa_profile;
+ char *lsm_aa_profile_computed;
+ bool lsm_aa_profile_created;
+ unsigned int lsm_aa_allow_nesting;
unsigned int lsm_aa_allow_incomplete;
+ struct lxc_list lsm_aa_raw;
char *lsm_se_context;
- int tmp_umount_proc;
+ bool tmp_umount_proc;
char *seccomp; /* filename with the seccomp rules */
#if HAVE_SCMP_FILTER_CTX
scmp_filter_ctx seccomp_ctx;
int stopsignal; /* signal used to hard stop container */
char *rcfile; /* Copy of the top level rcfile we read */
- /* Logfile and logleve can be set in a container config file. Those
- * function as defaults. The defaults can be overriden by command line.
+ /* Logfile and loglevel can be set in a container config file. Those
+ * function as defaults. The defaults can be overridden by command line.
* However we don't want the command line specified values to be saved
* on c->save_config(). So we store the config file specified values
* here. */
/* unshare the mount namespace in the monitor */
unsigned int monitor_unshare;
-
- /* set to true when rootfs has been setup */
- bool rootfs_setup;
+ unsigned int monitor_signal_pdeath;
/* list of included files */
struct lxc_list includes;
/* text representation of the config file */
char *unexpanded_config;
- size_t unexpanded_len, unexpanded_alloced;
+ size_t unexpanded_len;
+ size_t unexpanded_alloced;
/* default command for lxc-execute */
char *execute_cmd;
/* procs */
struct lxc_list procs;
+
+ struct shmount {
+ /* Absolute path to the shared mount point on the host */
+ char *path_host;
+ /* Absolute path (in the container) to the shared mount point */
+ char *path_cont;
+ } shmount;
};
extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
size_t buf_size);
#ifdef HAVE_TLS
-extern __thread struct lxc_conf *current_config;
+extern thread_local struct lxc_conf *current_config;
#else
extern struct lxc_conf *current_config;
#endif
extern int lxc_clear_limits(struct lxc_conf *c, const char *key);
extern int lxc_delete_autodev(struct lxc_handler *handler);
extern void lxc_clear_includes(struct lxc_conf *conf);
-extern int do_rootfs_setup(struct lxc_conf *conf, const char *name,
- const char *lxcpath);
+extern int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf,
+ const char *name, const char *lxcpath);
extern int lxc_setup(struct lxc_handler *handler);
extern int lxc_setup_parent(struct lxc_handler *handler);
extern int setup_resource_limits(struct lxc_list *limits, pid_t pid);
void *data, const char *fn_name);
extern int parse_mntopts(const char *mntopts, unsigned long *mntflags,
char **mntdata);
+extern int parse_propagationopts(const char *mntopts, unsigned long *pflags);
extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
extern void remount_all_slave(void);
extern void suggest_default_idmap(void);
-extern FILE *make_anonymous_mount_file(struct lxc_list *mount);
+extern FILE *make_anonymous_mount_file(struct lxc_list *mount,
+ bool include_nesting_helpers);
extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
extern unsigned long add_required_remount_flags(const char *s, const char *d,
unsigned long flags);
extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid);
extern int lxc_clear_procs(struct lxc_conf *c, const char *key);
+extern int lxc_clear_apparmor_raw(struct lxc_conf *c);
#endif /* __LXC_CONF_H */