Line data Source code
1 : /* SPDX-License-Identifier: LGPL-2.1+ */
2 : #pragma once
3 :
4 : #include <sched.h>
5 : #include <stdio.h>
6 :
7 : #if HAVE_SECCOMP
8 : #include <seccomp.h>
9 : #endif
10 :
11 : #include "sd-bus.h"
12 : #include "sd-id128.h"
13 :
14 : #include "capability-util.h"
15 : #include "conf-parser.h"
16 : #include "cpu-set-util.h"
17 : #include "macro.h"
18 : #include "missing_resource.h"
19 : #include "nspawn-expose-ports.h"
20 : #include "nspawn-mount.h"
21 : #include "time-util.h"
22 :
23 : typedef enum StartMode {
24 : START_PID1, /* Run parameters as command line as process 1 */
25 : START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */
26 : START_BOOT, /* Search for init system, pass arguments as parameters */
27 : _START_MODE_MAX,
28 : _START_MODE_INVALID = -1
29 : } StartMode;
30 :
31 : typedef enum UserNamespaceMode {
32 : USER_NAMESPACE_NO,
33 : USER_NAMESPACE_FIXED,
34 : USER_NAMESPACE_PICK,
35 : _USER_NAMESPACE_MODE_MAX,
36 : _USER_NAMESPACE_MODE_INVALID = -1,
37 : } UserNamespaceMode;
38 :
39 : typedef enum ResolvConfMode {
40 : RESOLV_CONF_OFF,
41 : RESOLV_CONF_COPY_HOST,
42 : RESOLV_CONF_COPY_STATIC,
43 : RESOLV_CONF_BIND_HOST,
44 : RESOLV_CONF_BIND_STATIC,
45 : RESOLV_CONF_DELETE,
46 : RESOLV_CONF_AUTO,
47 : _RESOLV_CONF_MODE_MAX,
48 : _RESOLV_CONF_MODE_INVALID = -1
49 : } ResolvConfMode;
50 :
51 : typedef enum LinkJournal {
52 : LINK_NO,
53 : LINK_AUTO,
54 : LINK_HOST,
55 : LINK_GUEST,
56 : _LINK_JOURNAL_MAX,
57 : _LINK_JOURNAL_INVALID = -1
58 : } LinkJournal;
59 :
60 : typedef enum TimezoneMode {
61 : TIMEZONE_OFF,
62 : TIMEZONE_COPY,
63 : TIMEZONE_BIND,
64 : TIMEZONE_SYMLINK,
65 : TIMEZONE_DELETE,
66 : TIMEZONE_AUTO,
67 : _TIMEZONE_MODE_MAX,
68 : _TIMEZONE_MODE_INVALID = -1
69 : } TimezoneMode;
70 :
71 : typedef enum ConsoleMode {
72 : CONSOLE_INTERACTIVE,
73 : CONSOLE_READ_ONLY,
74 : CONSOLE_PASSIVE,
75 : CONSOLE_PIPE,
76 : _CONSOLE_MODE_MAX,
77 : _CONSOLE_MODE_INVALID = -1,
78 : } ConsoleMode;
79 :
80 : typedef enum SettingsMask {
81 : SETTING_START_MODE = UINT64_C(1) << 0,
82 : SETTING_ENVIRONMENT = UINT64_C(1) << 1,
83 : SETTING_USER = UINT64_C(1) << 2,
84 : SETTING_CAPABILITY = UINT64_C(1) << 3,
85 : SETTING_KILL_SIGNAL = UINT64_C(1) << 4,
86 : SETTING_PERSONALITY = UINT64_C(1) << 5,
87 : SETTING_MACHINE_ID = UINT64_C(1) << 6,
88 : SETTING_NETWORK = UINT64_C(1) << 7,
89 : SETTING_EXPOSE_PORTS = UINT64_C(1) << 8,
90 : SETTING_READ_ONLY = UINT64_C(1) << 9,
91 : SETTING_VOLATILE_MODE = UINT64_C(1) << 10,
92 : SETTING_CUSTOM_MOUNTS = UINT64_C(1) << 11,
93 : SETTING_WORKING_DIRECTORY = UINT64_C(1) << 12,
94 : SETTING_USERNS = UINT64_C(1) << 13,
95 : SETTING_NOTIFY_READY = UINT64_C(1) << 14,
96 : SETTING_PIVOT_ROOT = UINT64_C(1) << 15,
97 : SETTING_SYSCALL_FILTER = UINT64_C(1) << 16,
98 : SETTING_HOSTNAME = UINT64_C(1) << 17,
99 : SETTING_NO_NEW_PRIVILEGES = UINT64_C(1) << 18,
100 : SETTING_OOM_SCORE_ADJUST = UINT64_C(1) << 19,
101 : SETTING_CPU_AFFINITY = UINT64_C(1) << 20,
102 : SETTING_RESOLV_CONF = UINT64_C(1) << 21,
103 : SETTING_LINK_JOURNAL = UINT64_C(1) << 22,
104 : SETTING_TIMEZONE = UINT64_C(1) << 23,
105 : SETTING_EPHEMERAL = UINT64_C(1) << 24,
106 : SETTING_SLICE = UINT64_C(1) << 25,
107 : SETTING_DIRECTORY = UINT64_C(1) << 26,
108 : SETTING_USE_CGNS = UINT64_C(1) << 27,
109 : SETTING_CLONE_NS_FLAGS = UINT64_C(1) << 28,
110 : SETTING_CONSOLE_MODE = UINT64_C(1) << 29,
111 : SETTING_RLIMIT_FIRST = UINT64_C(1) << 30, /* we define one bit per resource limit here */
112 : SETTING_RLIMIT_LAST = UINT64_C(1) << (30 + _RLIMIT_MAX - 1),
113 : _SETTINGS_MASK_ALL = (UINT64_C(1) << (30 + _RLIMIT_MAX)) -1,
114 : _SETTING_FORCE_ENUM_WIDTH = UINT64_MAX
115 : } SettingsMask;
116 :
117 : /* We want to use SETTING_RLIMIT_FIRST in shifts, so make sure it is really 64 bits
118 : * when used in expressions. */
119 : #define SETTING_RLIMIT_FIRST ((uint64_t) SETTING_RLIMIT_FIRST)
120 : #define SETTING_RLIMIT_LAST ((uint64_t) SETTING_RLIMIT_LAST)
121 :
122 : assert_cc(sizeof(SettingsMask) == 8);
123 : assert_cc(sizeof(SETTING_RLIMIT_FIRST) == 8);
124 : assert_cc(sizeof(SETTING_RLIMIT_LAST) == 8);
125 :
126 : typedef struct DeviceNode {
127 : char *path;
128 : unsigned major;
129 : unsigned minor;
130 : mode_t mode;
131 : uid_t uid;
132 : gid_t gid;
133 : } DeviceNode;
134 :
135 : typedef struct OciHook {
136 : char *path;
137 : char **args;
138 : char **env;
139 : usec_t timeout;
140 : } OciHook;
141 :
142 : typedef struct Settings {
143 : /* [Run] */
144 : StartMode start_mode;
145 : bool ephemeral;
146 : char **parameters;
147 : char **environment;
148 : char *user;
149 : uint64_t capability;
150 : uint64_t drop_capability;
151 : int kill_signal;
152 : unsigned long personality;
153 : sd_id128_t machine_id;
154 : char *working_directory;
155 : char *pivot_root_new;
156 : char *pivot_root_old;
157 : UserNamespaceMode userns_mode;
158 : uid_t uid_shift, uid_range;
159 : bool notify_ready;
160 : char **syscall_whitelist;
161 : char **syscall_blacklist;
162 : struct rlimit *rlimit[_RLIMIT_MAX];
163 : char *hostname;
164 : int no_new_privileges;
165 : int oom_score_adjust;
166 : bool oom_score_adjust_set;
167 : CPUSet cpu_set;
168 : ResolvConfMode resolv_conf;
169 : LinkJournal link_journal;
170 : bool link_journal_try;
171 : TimezoneMode timezone;
172 :
173 : /* [Image] */
174 : int read_only;
175 : VolatileMode volatile_mode;
176 : CustomMount *custom_mounts;
177 : size_t n_custom_mounts;
178 : int userns_chown;
179 :
180 : /* [Network] */
181 : int private_network;
182 : int network_veth;
183 : char *network_bridge;
184 : char *network_zone;
185 : char **network_interfaces;
186 : char **network_macvlan;
187 : char **network_ipvlan;
188 : char **network_veth_extra;
189 : ExposePort *expose_ports;
190 :
191 : /* Additional fields, that are specific to OCI runtime case */
192 : char *bundle;
193 : char *root;
194 : OciHook *oci_hooks_prestart, *oci_hooks_poststart, *oci_hooks_poststop;
195 : size_t n_oci_hooks_prestart, n_oci_hooks_poststart, n_oci_hooks_poststop;
196 : char *slice;
197 : sd_bus_message *properties;
198 : CapabilityQuintet full_capabilities;
199 : uid_t uid;
200 : gid_t gid;
201 : gid_t *supplementary_gids;
202 : size_t n_supplementary_gids;
203 : unsigned console_width, console_height;
204 : ConsoleMode console_mode;
205 : DeviceNode *extra_nodes;
206 : size_t n_extra_nodes;
207 : unsigned long clone_ns_flags;
208 : char *network_namespace_path;
209 : int use_cgns;
210 : char **sysctl;
211 : #if HAVE_SECCOMP
212 : scmp_filter_ctx seccomp;
213 : #endif
214 : } Settings;
215 :
216 : Settings *settings_new(void);
217 : int settings_load(FILE *f, const char *path, Settings **ret);
218 : Settings* settings_free(Settings *s);
219 :
220 : bool settings_network_veth(Settings *s);
221 : bool settings_private_network(Settings *s);
222 : int settings_allocate_properties(Settings *s);
223 :
224 0 : DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);
225 :
226 : const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
227 :
228 : CONFIG_PARSER_PROTOTYPE(config_parse_capability);
229 : CONFIG_PARSER_PROTOTYPE(config_parse_id128);
230 : CONFIG_PARSER_PROTOTYPE(config_parse_expose_port);
231 : CONFIG_PARSER_PROTOTYPE(config_parse_volatile_mode);
232 : CONFIG_PARSER_PROTOTYPE(config_parse_pivot_root);
233 : CONFIG_PARSER_PROTOTYPE(config_parse_bind);
234 : CONFIG_PARSER_PROTOTYPE(config_parse_tmpfs);
235 : CONFIG_PARSER_PROTOTYPE(config_parse_overlay);
236 : CONFIG_PARSER_PROTOTYPE(config_parse_inaccessible);
237 : CONFIG_PARSER_PROTOTYPE(config_parse_veth_extra);
238 : CONFIG_PARSER_PROTOTYPE(config_parse_network_zone);
239 : CONFIG_PARSER_PROTOTYPE(config_parse_boot);
240 : CONFIG_PARSER_PROTOTYPE(config_parse_pid2);
241 : CONFIG_PARSER_PROTOTYPE(config_parse_private_users);
242 : CONFIG_PARSER_PROTOTYPE(config_parse_syscall_filter);
243 : CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
244 : CONFIG_PARSER_PROTOTYPE(config_parse_oom_score_adjust);
245 : CONFIG_PARSER_PROTOTYPE(config_parse_cpu_affinity);
246 : CONFIG_PARSER_PROTOTYPE(config_parse_resolv_conf);
247 : CONFIG_PARSER_PROTOTYPE(config_parse_link_journal);
248 : CONFIG_PARSER_PROTOTYPE(config_parse_timezone);
249 :
250 : const char *resolv_conf_mode_to_string(ResolvConfMode a) _const_;
251 : ResolvConfMode resolv_conf_mode_from_string(const char *s) _pure_;
252 :
253 : const char *timezone_mode_to_string(TimezoneMode a) _const_;
254 : TimezoneMode timezone_mode_from_string(const char *s) _pure_;
255 :
256 : int parse_link_journal(const char *s, LinkJournal *ret_mode, bool *ret_try);
257 :
258 : void device_node_array_free(DeviceNode *node, size_t n);
|
