[thirdparty/systemd.git] / src / core / namespace.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

/***
  Copyright © 2016 Djalal Harouni
***/

typedef struct NamespaceParameters NamespaceParameters;
typedef struct BindMount BindMount;
typedef struct TemporaryFileSystem TemporaryFileSystem;
typedef struct MountImage MountImage;

#include <stdbool.h>

#include "dissect-image.h"
#include "fs-util.h"
#include "macro.h"
#include "namespace-util.h"
#include "runtime-scope.h"
#include "string-util.h"

typedef enum ProtectHome {
        PROTECT_HOME_NO,
        PROTECT_HOME_YES,
        PROTECT_HOME_READ_ONLY,
        PROTECT_HOME_TMPFS,
        _PROTECT_HOME_MAX,
        _PROTECT_HOME_INVALID = -EINVAL,
} ProtectHome;

typedef enum ProtectSystem {
        PROTECT_SYSTEM_NO,
        PROTECT_SYSTEM_YES,
        PROTECT_SYSTEM_FULL,
        PROTECT_SYSTEM_STRICT,
        _PROTECT_SYSTEM_MAX,
        _PROTECT_SYSTEM_INVALID = -EINVAL,
} ProtectSystem;

typedef enum ProtectProc {
        PROTECT_PROC_DEFAULT,
        PROTECT_PROC_NOACCESS,   /* hidepid=noaccess */
        PROTECT_PROC_INVISIBLE,  /* hidepid=invisible */
        PROTECT_PROC_PTRACEABLE, /* hidepid=ptraceable */
        _PROTECT_PROC_MAX,
        _PROTECT_PROC_INVALID = -EINVAL,
} ProtectProc;

typedef enum ProcSubset {
        PROC_SUBSET_ALL,
        PROC_SUBSET_PID, /* subset=pid */
        _PROC_SUBSET_MAX,
        _PROC_SUBSET_INVALID = -EINVAL,
} ProcSubset;

struct BindMount {
        char *source;
        char *destination;
        bool read_only;
        bool nosuid;
        bool recursive;
        bool ignore_enoent;
};

struct TemporaryFileSystem {
        char *path;
        char *options;
};

typedef enum MountImageType {
        MOUNT_IMAGE_DISCRETE,
        MOUNT_IMAGE_EXTENSION,
        _MOUNT_IMAGE_TYPE_MAX,
        _MOUNT_IMAGE_TYPE_INVALID = -EINVAL,
} MountImageType;

struct MountImage {
        char *source;
        char *destination; /* Unused if MountImageType == MOUNT_IMAGE_EXTENSION */
        LIST_HEAD(MountOptions, mount_options);
        bool ignore_enoent;
        MountImageType type;
};

struct NamespaceParameters {
        RuntimeScope runtime_scope;

        const char *root_directory;
        const char *root_image;
        const MountOptions *root_image_options;
        const ImagePolicy *root_image_policy;

        char **read_write_paths;
        char **read_only_paths;
        char **inaccessible_paths;

        char **exec_paths;
        char **no_exec_paths;

        char **empty_directories;
        char **symlinks;

        const BindMount *bind_mounts;
        size_t n_bind_mounts;

        const TemporaryFileSystem *temporary_filesystems;
        size_t n_temporary_filesystems;

        const MountImage *mount_images;
        size_t n_mount_images;
        const ImagePolicy *mount_image_policy;

        const char *tmp_dir;
        const char *var_tmp_dir;

        const char *creds_path;
        const char *log_namespace;

        unsigned long mount_propagation_flag;
        VeritySettings *verity;

        const MountImage *extension_images;
        size_t n_extension_images;
        const ImagePolicy *extension_image_policy;
        char **extension_directories;

        const char *propagate_dir;
        const char *incoming_dir;

        const char *extension_dir;
        const char *notify_socket;
        const char *host_os_release_stage;

        bool ignore_protect_paths;

        bool protect_control_groups;
        bool protect_kernel_tunables;
        bool protect_kernel_modules;
        bool protect_kernel_logs;
        bool protect_hostname;

        bool private_dev;
        bool private_network;
        bool private_ipc;

        bool mount_apivfs;
        bool mount_nosuid;

        ProtectHome protect_home;
        ProtectSystem protect_system;
        ProtectProc protect_proc;
        ProcSubset proc_subset;
};

int setup_namespace(const NamespaceParameters *p, char **error_path);

#define RUN_SYSTEMD_EMPTY "/run/systemd/empty"

static inline char* namespace_cleanup_tmpdir(char *p) {
        PROTECT_ERRNO;
        if (!streq_ptr(p, RUN_SYSTEMD_EMPTY))
                (void) rmdir(p);
        return mfree(p);
}
DEFINE_TRIVIAL_CLEANUP_FUNC(char*, namespace_cleanup_tmpdir);

int setup_tmp_dirs(
                const char *id,
                char **tmp_dir,
                char **var_tmp_dir);

int setup_shareable_ns(int ns_storage_socket[static 2], unsigned long nsflag);
int open_shareable_ns_path(int netns_storage_socket[static 2], const char *path, unsigned long nsflag);

const char* protect_home_to_string(ProtectHome p) _const_;
ProtectHome protect_home_from_string(const char *s) _pure_;

const char* protect_system_to_string(ProtectSystem p) _const_;
ProtectSystem protect_system_from_string(const char *s) _pure_;

const char* protect_proc_to_string(ProtectProc i) _const_;
ProtectProc protect_proc_from_string(const char *s) _pure_;

const char* proc_subset_to_string(ProcSubset i) _const_;
ProcSubset proc_subset_from_string(const char *s) _pure_;

void bind_mount_free_many(BindMount *b, size_t n);
int bind_mount_add(BindMount **b, size_t *n, const BindMount *item);

void temporary_filesystem_free_many(TemporaryFileSystem *t, size_t n);
int temporary_filesystem_add(TemporaryFileSystem **t, size_t *n,
                             const char *path, const char *options);

MountImage* mount_image_free_many(MountImage *m, size_t *n);
int mount_image_add(MountImage **m, size_t *n, const MountImage *item);

const char* namespace_type_to_string(NamespaceType t) _const_;
NamespaceType namespace_type_from_string(const char *s) _pure_;

bool ns_type_supported(NamespaceType type);
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
c2f1db8f	2	#pragma once
15ae422b LP	3
15ae422b LP	4	/***
96b2fb93	5	Copyright © 2016 Djalal Harouni
15ae422b LP	6	***/
15ae422b LP	7
79d956db	8	typedef struct NamespaceParameters NamespaceParameters;
d2d6c096	9	typedef struct BindMount BindMount;
2abd4e38	10	typedef struct TemporaryFileSystem TemporaryFileSystem;
b3d13314	11	typedef struct MountImage MountImage;
c575770b	12
15ae422b LP	13	#include <stdbool.h>
15ae422b LP	14
915e6d16	15	#include "dissect-image.h"
56a13a49	16	#include "fs-util.h"
417116f2	17	#include "macro.h"
c3b9c418	18	#include "namespace-util.h"
cd7f3702	19	#include "runtime-scope.h"
56a13a49	20	#include "string-util.h"
417116f2	21
1b8689f9 LP	22	typedef enum ProtectHome {
	23	PROTECT_HOME_NO,
	24	PROTECT_HOME_YES,
	25	PROTECT_HOME_READ_ONLY,
e4da7d8c	26	PROTECT_HOME_TMPFS,
1b8689f9	27	_PROTECT_HOME_MAX,
2d93c20e	28	_PROTECT_HOME_INVALID = -EINVAL,
1b8689f9 LP	29	} ProtectHome;
	30
	31	typedef enum ProtectSystem {
	32	PROTECT_SYSTEM_NO,
	33	PROTECT_SYSTEM_YES,
	34	PROTECT_SYSTEM_FULL,
3f815163	35	PROTECT_SYSTEM_STRICT,
1b8689f9	36	_PROTECT_SYSTEM_MAX,
2d93c20e	37	_PROTECT_SYSTEM_INVALID = -EINVAL,
1b8689f9	38	} ProtectSystem;
417116f2	39
4e399953 LP	40	typedef enum ProtectProc {
	41	PROTECT_PROC_DEFAULT,
	42	PROTECT_PROC_NOACCESS, /* hidepid=noaccess */
	43	PROTECT_PROC_INVISIBLE, /* hidepid=invisible */
	44	PROTECT_PROC_PTRACEABLE, /* hidepid=ptraceable */
	45	_PROTECT_PROC_MAX,
2d93c20e	46	_PROTECT_PROC_INVALID = -EINVAL,
4e399953 LP	47	} ProtectProc;
	48
	49	typedef enum ProcSubset {
	50	PROC_SUBSET_ALL,
	51	PROC_SUBSET_PID, /* subset=pid */
	52	_PROC_SUBSET_MAX,
2d93c20e	53	_PROC_SUBSET_INVALID = -EINVAL,
4e399953 LP	54	} ProcSubset;
4e399953 LP	55
d2d6c096 LP	56	struct BindMount {
	57	char *source;
	58	char *destination;
89de370e ZJS	59	bool read_only;
	60	bool nosuid;
	61	bool recursive;
	62	bool ignore_enoent;
d2d6c096 LP	63	};
d2d6c096 LP	64
2abd4e38 YW	65	struct TemporaryFileSystem {
	66	char *path;
	67	char *options;
	68	};
	69
93f59701 LB	70	typedef enum MountImageType {
	71	MOUNT_IMAGE_DISCRETE,
	72	MOUNT_IMAGE_EXTENSION,
	73	_MOUNT_IMAGE_TYPE_MAX,
	74	_MOUNT_IMAGE_TYPE_INVALID = -EINVAL,
	75	} MountImageType;
	76
b3d13314 LB	77	struct MountImage {
b3d13314 LB	78	char *source;
93f59701	79	char destination; / Unused if MountImageType == MOUNT_IMAGE_EXTENSION */
427353f6	80	LIST_HEAD(MountOptions, mount_options);
b3d13314	81	bool ignore_enoent;
93f59701	82	MountImageType type;
b3d13314 LB	83	};
b3d13314 LB	84
79d956db LP	85	struct NamespaceParameters {
	86	RuntimeScope runtime_scope;
	87
	88	const char *root_directory;
	89	const char *root_image;
	90	const MountOptions *root_image_options;
	91	const ImagePolicy *root_image_policy;
	92
	93	char **read_write_paths;
	94	char **read_only_paths;
	95	char **inaccessible_paths;
	96
	97	char **exec_paths;
	98	char **no_exec_paths;
	99
	100	char **empty_directories;
	101	char **symlinks;
	102
	103	const BindMount *bind_mounts;
	104	size_t n_bind_mounts;
	105
	106	const TemporaryFileSystem *temporary_filesystems;
	107	size_t n_temporary_filesystems;
	108
	109	const MountImage *mount_images;
	110	size_t n_mount_images;
	111	const ImagePolicy *mount_image_policy;
	112
	113	const char *tmp_dir;
	114	const char *var_tmp_dir;
	115
	116	const char *creds_path;
	117	const char *log_namespace;
	118
	119	unsigned long mount_propagation_flag;
	120	VeritySettings *verity;
	121
	122	const MountImage *extension_images;
	123	size_t n_extension_images;
	124	const ImagePolicy *extension_image_policy;
	125	char **extension_directories;
	126
	127	const char *propagate_dir;
	128	const char *incoming_dir;
	129
	130	const char *extension_dir;
	131	const char *notify_socket;
	132	const char *host_os_release_stage;
	133
	134	bool ignore_protect_paths;
	135
	136	bool protect_control_groups;
	137	bool protect_kernel_tunables;
	138	bool protect_kernel_modules;
	139	bool protect_kernel_logs;
	140	bool protect_hostname;
	141
	142	bool private_dev;
	143	bool private_network;
	144	bool private_ipc;
	145
	146	bool mount_apivfs;
	147	bool mount_nosuid;
	148
149	ProtectHome protect_home;
150	ProtectSystem protect_system;
151	ProtectProc protect_proc;
152	ProcSubset proc_subset;
153	};
154
155	int setup_namespace(const NamespaceParameters p, char *error_path);
d2d6c096	156
56a13a49 ZJS	157	#define RUN_SYSTEMD_EMPTY "/run/systemd/empty"
56a13a49 ZJS	158
75db809a	159	static inline char* namespace_cleanup_tmpdir(char *p) {
56a13a49 ZJS	160	PROTECT_ERRNO;
	161	if (!streq_ptr(p, RUN_SYSTEMD_EMPTY))
	162	(void) rmdir(p);
75db809a	163	return mfree(p);
56a13a49 ZJS	164	}
	165	DEFINE_TRIVIAL_CLEANUP_FUNC(char*, namespace_cleanup_tmpdir);
	166
d2d6c096 LP	167	int setup_tmp_dirs(
	168	const char *id,
	169	char **tmp_dir,
	170	char **var_tmp_dir);
613b411c	171
13339577 DDM	172	int setup_shareable_ns(int ns_storage_socket[static 2], unsigned long nsflag);
13339577 DDM	173	int open_shareable_ns_path(int netns_storage_socket[static 2], const char *path, unsigned long nsflag);
417116f2	174
1b8689f9 LP	175	const char* protect_home_to_string(ProtectHome p) _const_;
	176	ProtectHome protect_home_from_string(const char *s) _pure_;
	177
	178	const char* protect_system_to_string(ProtectSystem p) _const_;
	179	ProtectSystem protect_system_from_string(const char *s) _pure_;
d2d6c096	180
4e399953 LP	181	const char* protect_proc_to_string(ProtectProc i) _const_;
	182	ProtectProc protect_proc_from_string(const char *s) _pure_;
	183
	184	const char* proc_subset_to_string(ProcSubset i) _const_;
	185	ProcSubset proc_subset_from_string(const char *s) _pure_;
	186
da6053d0 LP	187	void bind_mount_free_many(BindMount *b, size_t n);
da6053d0 LP	188	int bind_mount_add(BindMount *b, size_t n, const BindMount *item);
6e2d7c4f	189
da6053d0 LP	190	void temporary_filesystem_free_many(TemporaryFileSystem *t, size_t n);
da6053d0 LP	191	int temporary_filesystem_add(TemporaryFileSystem *t, size_t n,
2abd4e38 YW	192	const char path, const char options);
2abd4e38 YW	193
b3d13314 LB	194	MountImage* mount_image_free_many(MountImage m, size_t n);
	195	int mount_image_add(MountImage *m, size_t n, const MountImage *item);
	196
6e2d7c4f MS	197	const char* namespace_type_to_string(NamespaceType t) _const_;
	198	NamespaceType namespace_type_from_string(const char *s) _pure_;
	199
	200	bool ns_type_supported(NamespaceType type);