1 /* SPDX-License-Identifier: LGPL-2.1+ */
5 This file is part of systemd.
7 Copyright 2010 Lennart Poettering
8 Copyright 2016 Djalal Harouni
11 typedef struct NamespaceInfo NamespaceInfo
;
12 typedef struct BindMount BindMount
;
13 typedef struct TemporaryFileSystem TemporaryFileSystem
;
17 #include "dissect-image.h"
20 typedef enum ProtectHome
{
23 PROTECT_HOME_READ_ONLY
,
26 _PROTECT_HOME_INVALID
= -1
29 typedef enum NamespaceType
{
38 _NAMESPACE_TYPE_INVALID
= -1,
41 typedef enum ProtectSystem
{
45 PROTECT_SYSTEM_STRICT
,
47 _PROTECT_SYSTEM_INVALID
= -1
50 struct NamespaceInfo
{
51 bool ignore_protect_paths
:1;
53 bool private_mounts
:1;
54 bool protect_control_groups
:1;
55 bool protect_kernel_tunables
:1;
56 bool protect_kernel_modules
:1;
68 struct TemporaryFileSystem
{
74 const char *root_directory
,
75 const char *root_image
,
76 const NamespaceInfo
*ns_info
,
77 char **read_write_paths
,
78 char **read_only_paths
,
79 char **inaccessible_paths
,
80 char **empty_directories
,
81 const BindMount
*bind_mounts
,
83 const TemporaryFileSystem
*temporary_filesystems
,
84 size_t n_temporary_filesystems
,
86 const char *var_tmp_dir
,
87 ProtectHome protect_home
,
88 ProtectSystem protect_system
,
89 unsigned long mount_flags
,
90 DissectImageFlags dissected_image_flags
);
97 int setup_netns(int netns_storage_socket
[2]);
99 const char* protect_home_to_string(ProtectHome p
) _const_
;
100 ProtectHome
protect_home_from_string(const char *s
) _pure_
;
101 ProtectHome
protect_home_or_bool_from_string(const char *s
);
103 const char* protect_system_to_string(ProtectSystem p
) _const_
;
104 ProtectSystem
protect_system_from_string(const char *s
) _pure_
;
105 ProtectSystem
protect_system_or_bool_from_string(const char *s
);
107 void bind_mount_free_many(BindMount
*b
, size_t n
);
108 int bind_mount_add(BindMount
**b
, size_t *n
, const BindMount
*item
);
110 void temporary_filesystem_free_many(TemporaryFileSystem
*t
, size_t n
);
111 int temporary_filesystem_add(TemporaryFileSystem
**t
, size_t *n
,
112 const char *path
, const char *options
);
114 const char* namespace_type_to_string(NamespaceType t
) _const_
;
115 NamespaceType
namespace_type_from_string(const char *s
) _pure_
;
117 bool ns_type_supported(NamespaceType type
);