#ifndef __LXC_CONF_H
#define __LXC_CONF_H
-#include "config.h"
-
-#include <stdio.h>
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+#include <linux/magic.h>
#include <net/if.h>
#include <netinet/in.h>
+#include <stdbool.h>
+#include <stdio.h>
#include <sys/param.h>
#include <sys/types.h>
-#if HAVE_SYS_RESOURCE_H
-#include <sys/resource.h>
-#endif
-#include <stdbool.h>
+#include <sys/vfs.h>
+#include "compiler.h"
+#include "config.h"
#include "list.h"
#include "ringbuf.h"
-#include "start.h" /* for lxc_handler */
+#include "start.h"
+#include "terminal.h"
+
+#if HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
#if HAVE_SCMP_FILTER_CTX
typedef void * scmp_filter_ctx;
struct /* meta */ {
char *controllers;
char *dir;
+ bool relative;
};
};
};
#if !HAVE_SYS_RESOURCE_H
-# define RLIM_INFINITY ((unsigned long)-1)
+#define RLIM_INFINITY ((unsigned long)-1)
struct rlimit {
unsigned long rlim_cur;
unsigned long rlim_max;
};
#endif
+
/*
* Defines a structure to configure resource limits to set via setrlimit().
* @resource : the resource name in lowercase without the RLIMIT_ prefix
unsigned long hostid, nsid, range;
};
-/*
- * Defines a structure containing a pty information for
- * virtualizing a tty
- * @name : the path name of the slave pty side
- * @master : the file descriptor of the master
- * @slave : the file descriptor of the slave
- */
-struct lxc_pty_info {
- char name[MAXPATHLEN];
- int master;
- int slave;
- int busy;
-};
-
-/*
- * Defines the number of tty configured and contains the
+/* Defines the number of tty configured and contains the
* instantiated ptys
- * @nbtty = number of configured ttys
+ * @max = number of configured ttys
*/
struct lxc_tty_info {
- int nbtty;
- struct lxc_pty_info *pty_info;
-};
-
-struct lxc_tty_state;
-
-/*
- * Defines the structure to store the console information
- * @peer : the file descriptor put/get console traffic
- * @name : the file name of the slave pty
- */
-struct lxc_console {
- int slave;
- int master;
- int peer;
- struct lxc_pty_info peerpty;
- struct lxc_epoll_descr *descr;
- char *path;
- char *log_path;
- int log_fd;
- unsigned int log_rotate;
- char name[MAXPATHLEN];
- struct termios *tios;
- struct lxc_tty_state *tty_state;
- struct /* lxc_console_ringbuf */ {
- /* size of the ringbuffer */
- uint64_t buffer_size;
-
- /* path to the log file for the ringbuffer */
- char *buffer_log_file;
-
- /* fd to the log file for the ringbuffer */
- int buffer_log_file_fd;
-
- /* the in-memory ringbuffer */
- struct lxc_ringbuf ringbuf;
- };
+ size_t max;
+ char *dir;
+ char *tty_names;
+ struct lxc_terminal_info *tty;
};
-/*
- * Defines a structure to store the rootfs location, the
+/* Defines a structure to store the rootfs location, the
* optionals pivot_root, rootfs mount paths
* @path : the rootfs source (directory or device)
* @mount : where it is mounted
- * @options : mount options
* @bev_type : optional backing store type
+ * @options : mount options
+ * @mountflags : the portion of @options that are flags
+ * @data : the portion of @options that are not flags
+ * @managed : whether it is managed by LXC
*/
struct lxc_rootfs {
char *path;
char *mount;
- char *options;
char *bdev_type;
+ char *options;
+ unsigned long mountflags;
+ char *data;
+ bool managed;
};
/*
* Automatic mounts for LXC to perform inside the container
*/
enum {
- LXC_AUTO_PROC_RW = 0x001, /* /proc read-write */
- LXC_AUTO_PROC_MIXED = 0x002, /* /proc/sys and /proc/sysrq-trigger read-only */
+ LXC_AUTO_PROC_RW = 0x001, /* /proc read-write */
+ LXC_AUTO_PROC_MIXED = 0x002, /* /proc/sys and /proc/sysrq-trigger read-only */
LXC_AUTO_PROC_MASK = 0x003,
- LXC_AUTO_SYS_RW = 0x004, /* /sys */
- LXC_AUTO_SYS_RO = 0x008, /* /sys read-only */
- LXC_AUTO_SYS_MIXED = 0x00C, /* /sys read-only and /sys/class/net read-write */
+ LXC_AUTO_SYS_RW = 0x004, /* /sys */
+ LXC_AUTO_SYS_RO = 0x008, /* /sys read-only */
+ LXC_AUTO_SYS_MIXED = 0x00C, /* /sys read-only and /sys/class/net read-write */
LXC_AUTO_SYS_MASK = 0x00C,
- LXC_AUTO_CGROUP_RO = 0x010, /* /sys/fs/cgroup (partial mount, read-only) */
- LXC_AUTO_CGROUP_RW = 0x020, /* /sys/fs/cgroup (partial mount, read-write) */
- LXC_AUTO_CGROUP_MIXED = 0x030, /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
- LXC_AUTO_CGROUP_FULL_RO = 0x040, /* /sys/fs/cgroup (full mount, read-only) */
- LXC_AUTO_CGROUP_FULL_RW = 0x050, /* /sys/fs/cgroup (full mount, read-write) */
- LXC_AUTO_CGROUP_FULL_MIXED = 0x060, /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
- /* These are defined in such a way as to retain
- * binary compatibility with earlier versions of
- * this code. If the previous mask is applied,
- * both of these will default back to the _MIXED
- * variants, which is safe. */
- LXC_AUTO_CGROUP_NOSPEC = 0x0B0, /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
- LXC_AUTO_CGROUP_FULL_NOSPEC = 0x0E0, /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
- LXC_AUTO_CGROUP_MASK = 0x0F0,
-
- LXC_AUTO_ALL_MASK = 0x0FF, /* all known settings */
+ LXC_AUTO_CGROUP_RO = 0x010, /* /sys/fs/cgroup (partial mount, read-only) */
+ LXC_AUTO_CGROUP_RW = 0x020, /* /sys/fs/cgroup (partial mount, read-write) */
+ LXC_AUTO_CGROUP_MIXED = 0x030, /* /sys/fs/cgroup (partial mount, paths r/o, cgroup r/w) */
+ LXC_AUTO_CGROUP_FULL_RO = 0x040, /* /sys/fs/cgroup (full mount, read-only) */
+ LXC_AUTO_CGROUP_FULL_RW = 0x050, /* /sys/fs/cgroup (full mount, read-write) */
+ LXC_AUTO_CGROUP_FULL_MIXED = 0x060, /* /sys/fs/cgroup (full mount, parent r/o, own r/w) */
+ /*
+ * These are defined in such a way as to retain binary compatibility
+ * with earlier versions of this code. If the previous mask is applied,
+ * both of these will default back to the _MIXED variants, which is
+ * safe.
+ */
+ LXC_AUTO_CGROUP_NOSPEC = 0x0B0, /* /sys/fs/cgroup (partial mount, r/w or mixed, depending on caps) */
+ LXC_AUTO_CGROUP_FULL_NOSPEC = 0x0E0, /* /sys/fs/cgroup (full mount, r/w or mixed, depending on caps) */
+ LXC_AUTO_CGROUP_FORCE = 0x100, /* mount cgroups even when cgroup namespaces are supported */
+ LXC_AUTO_CGROUP_MASK = 0x1F0, /* all known cgroup options, doe not contain LXC_AUTO_CGROUP_FORCE */
+
+ LXC_AUTO_SHMOUNTS = 0x200, /* shared mount point */
+ LXC_AUTO_SHMOUNTS_MASK = 0x200, /* shared mount point mask */
+ LXC_AUTO_ALL_MASK = 0x1FF, /* all known settings */
};
-/*
- * Defines the global container configuration
- * @rootfs : root directory to run the container
- * @mount : list of mount points
- * @tty : numbers of tty
- * @pts : new pts instance
- * @mount_list : list of mount point (alternative to fstab file)
- * @network : network configuration
- * @utsname : container utsname
- * @fstab : path to a fstab file format
- * @caps : list of the capabilities to drop
- * @keepcaps : list of the capabilities to keep
- * @tty_info : tty data
- * @console : console data
- * @ttydir : directory (under /dev) in which to create console and ttys
- * @lsm_aa_profile : apparmor profile to switch to or NULL
- * @lsm_se_context : selinux type to switch to or NULL
- */
enum lxchooks {
LXCHOOK_PRESTART,
LXCHOOK_PREMOUNT,
};
struct lxc_conf {
- int is_execute;
- char *fstab;
- unsigned int tty;
- unsigned int pts;
+ /* Pointer to the name of the container. Do not free! */
+ const char *name;
+ bool is_execute;
int reboot;
signed long personality;
struct utsname *utsname;
+
struct {
struct lxc_list cgroup;
struct lxc_list cgroup2;
};
+
struct {
struct lxc_list id_map;
- /* Pointer to the idmap entry for the container's root uid in
- * the id_map list. Do not free! */
- struct id_map *root_nsuid_map;
-
- /* Pointer to the idmap entry for the container's root gid in
- * the id_map list. Do not free! */
- struct id_map *root_nsgid_map;
+ /*
+ * Pointer to the idmap entry for the container's root uid in
+ * the id_map list. Do not free!
+ */
+ const struct id_map *root_nsuid_map;
+
+ /*
+ * Pointer to the idmap entry for the container's root gid in
+ * the id_map list. Do not free!
+ */
+ const struct id_map *root_nsgid_map;
};
+
struct lxc_list network;
- int auto_mounts;
- struct lxc_list mount_list;
+
+ struct {
+ char *fstab;
+ int auto_mounts;
+ struct lxc_list mount_list;
+ };
+
struct lxc_list caps;
struct lxc_list keepcaps;
- struct lxc_tty_info tty_info;
- /* Comma-separated list of lxc.tty.max pty names. */
- char *pty_names;
- struct lxc_console console;
+
+ /* /dev/tty<idx> devices */
+ struct lxc_tty_info ttys;
+ /* /dev/console device */
+ struct lxc_terminal console;
+ /* maximum pty devices allowed by devpts mount */
+ size_t pty_max;
+
+ /* set to true when rootfs has been setup */
+ bool rootfs_setup;
struct lxc_rootfs rootfs;
- char *ttydir;
- int close_all_fds;
+
+ bool close_all_fds;
struct {
unsigned int hooks_version;
};
char *lsm_aa_profile;
+ char *lsm_aa_profile_computed;
+ bool lsm_aa_profile_created;
+ unsigned int lsm_aa_allow_nesting;
unsigned int lsm_aa_allow_incomplete;
+ struct lxc_list lsm_aa_raw;
char *lsm_se_context;
- int tmp_umount_proc;
+ bool tmp_umount_proc;
char *seccomp; /* filename with the seccomp rules */
#if HAVE_SCMP_FILTER_CTX
scmp_filter_ctx seccomp_ctx;
int stopsignal; /* signal used to hard stop container */
char *rcfile; /* Copy of the top level rcfile we read */
- /* Logfile and logleve can be set in a container config file. Those
- * function as defaults. The defaults can be overriden by command line.
+ /* Logfile and loglevel can be set in a container config file. Those
+ * function as defaults. The defaults can be overridden by command line.
* However we don't want the command line specified values to be saved
* on c->save_config(). So we store the config file specified values
* here. */
/* unshare the mount namespace in the monitor */
unsigned int monitor_unshare;
-
- /* set to true when rootfs has been setup */
- bool rootfs_setup;
+ unsigned int monitor_signal_pdeath;
/* list of included files */
struct lxc_list includes;
/* text representation of the config file */
char *unexpanded_config;
- size_t unexpanded_len, unexpanded_alloced;
+ size_t unexpanded_len;
+ size_t unexpanded_alloced;
/* default command for lxc-execute */
char *execute_cmd;
/* RLIMIT_* limits */
struct lxc_list limits;
- /* REMOVE IN LXC 3.0
- * Indicator whether the current config file we're using contained any
- * legacy configuration keys.
- */
- bool contains_legacy_key;
-
/* Contains generic info about the cgroup configuration for this
* container. Note that struct lxc_cgroup contains a union. It is only
* valid to access the members of the anonymous "meta" struct within
struct {
int ns_clone;
+ int ns_keep;
char *ns_share[LXC_NS_MAX];
};
/* procs */
struct lxc_list procs;
+
+ struct shmount {
+ /* Absolute path to the shared mount point on the host */
+ char *path_host;
+ /* Absolute path (in the container) to the shared mount point */
+ char *path_cont;
+ } shmount;
};
extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
size_t buf_size);
#ifdef HAVE_TLS
-extern __thread struct lxc_conf *current_config;
+extern thread_local struct lxc_conf *current_config;
#else
extern struct lxc_conf *current_config;
#endif
extern int pin_rootfs(const char *rootfs);
extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
-extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
+extern void lxc_delete_tty(struct lxc_tty_info *ttys);
extern int lxc_clear_config_caps(struct lxc_conf *c);
extern int lxc_clear_config_keepcaps(struct lxc_conf *c);
extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version);
extern int lxc_clear_limits(struct lxc_conf *c, const char *key);
extern int lxc_delete_autodev(struct lxc_handler *handler);
extern void lxc_clear_includes(struct lxc_conf *conf);
-extern int do_rootfs_setup(struct lxc_conf *conf, const char *name,
- const char *lxcpath);
+extern int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf,
+ const char *name, const char *lxcpath);
extern int lxc_setup(struct lxc_handler *handler);
extern int lxc_setup_parent(struct lxc_handler *handler);
extern int setup_resource_limits(struct lxc_list *limits, pid_t pid);
void *data, const char *fn_name);
extern int parse_mntopts(const char *mntopts, unsigned long *mntflags,
char **mntdata);
+extern int parse_propagationopts(const char *mntopts, unsigned long *pflags);
extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
extern void remount_all_slave(void);
extern void suggest_default_idmap(void);
-extern FILE *make_anonymous_mount_file(struct lxc_list *mount);
+extern FILE *make_anonymous_mount_file(struct lxc_list *mount,
+ bool include_nesting_helpers);
extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
extern unsigned long add_required_remount_flags(const char *s, const char *d,
unsigned long flags);
extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid);
extern int lxc_clear_procs(struct lxc_conf *c, const char *key);
+extern int lxc_clear_apparmor_raw(struct lxc_conf *c);
#endif /* __LXC_CONF_H */
projects / mirror_lxc.git / blobdiff