1 /* SPDX-License-Identifier: LGPL-2.1+ */
9 #include "conf-parser.h"
11 #include "nspawn-expose-ports.h"
12 #include "nspawn-mount.h"
14 typedef enum StartMode
{
15 START_PID1
, /* Run parameters as command line as process 1 */
16 START_PID2
, /* Use stub init process as PID 1, run parameters as command line as process 2 */
17 START_BOOT
, /* Search for init system, pass arguments as parameters */
19 _START_MODE_INVALID
= -1
22 typedef enum UserNamespaceMode
{
26 _USER_NAMESPACE_MODE_MAX
,
27 _USER_NAMESPACE_MODE_INVALID
= -1,
30 typedef enum ResolvConfMode
{
32 RESOLV_CONF_COPY_HOST
,
33 RESOLV_CONF_COPY_STATIC
,
34 RESOLV_CONF_BIND_HOST
,
35 RESOLV_CONF_BIND_STATIC
,
38 _RESOLV_CONF_MODE_MAX
,
39 _RESOLV_CONF_MODE_INVALID
= -1
42 typedef enum LinkJournal
{
48 _LINK_JOURNAL_INVALID
= -1
51 typedef enum TimezoneMode
{
59 _TIMEZONE_MODE_INVALID
= -1
62 typedef enum SettingsMask
{
63 SETTING_START_MODE
= UINT64_C(1) << 0,
64 SETTING_ENVIRONMENT
= UINT64_C(1) << 1,
65 SETTING_USER
= UINT64_C(1) << 2,
66 SETTING_CAPABILITY
= UINT64_C(1) << 3,
67 SETTING_KILL_SIGNAL
= UINT64_C(1) << 4,
68 SETTING_PERSONALITY
= UINT64_C(1) << 5,
69 SETTING_MACHINE_ID
= UINT64_C(1) << 6,
70 SETTING_NETWORK
= UINT64_C(1) << 7,
71 SETTING_EXPOSE_PORTS
= UINT64_C(1) << 8,
72 SETTING_READ_ONLY
= UINT64_C(1) << 9,
73 SETTING_VOLATILE_MODE
= UINT64_C(1) << 10,
74 SETTING_CUSTOM_MOUNTS
= UINT64_C(1) << 11,
75 SETTING_WORKING_DIRECTORY
= UINT64_C(1) << 12,
76 SETTING_USERNS
= UINT64_C(1) << 13,
77 SETTING_NOTIFY_READY
= UINT64_C(1) << 14,
78 SETTING_PIVOT_ROOT
= UINT64_C(1) << 15,
79 SETTING_SYSCALL_FILTER
= UINT64_C(1) << 16,
80 SETTING_HOSTNAME
= UINT64_C(1) << 17,
81 SETTING_NO_NEW_PRIVILEGES
= UINT64_C(1) << 18,
82 SETTING_OOM_SCORE_ADJUST
= UINT64_C(1) << 19,
83 SETTING_CPU_AFFINITY
= UINT64_C(1) << 20,
84 SETTING_RESOLV_CONF
= UINT64_C(1) << 21,
85 SETTING_LINK_JOURNAL
= UINT64_C(1) << 22,
86 SETTING_TIMEZONE
= UINT64_C(1) << 23,
87 SETTING_RLIMIT_FIRST
= UINT64_C(1) << 24, /* we define one bit per resource limit here */
88 SETTING_RLIMIT_LAST
= UINT64_C(1) << (24 + _RLIMIT_MAX
- 1),
89 _SETTINGS_MASK_ALL
= (UINT64_C(1) << (24 + _RLIMIT_MAX
)) -1,
90 _SETTING_FORCE_ENUM_WIDTH
= UINT64_MAX
93 /* We want to use SETTING_RLIMIT_FIRST in shifts, so make sure it is really 64 bits
94 * when used in expressions. */
95 #define SETTING_RLIMIT_FIRST ((uint64_t) SETTING_RLIMIT_FIRST)
96 #define SETTING_RLIMIT_LAST ((uint64_t) SETTING_RLIMIT_LAST)
98 assert_cc(sizeof(SettingsMask
) == 8);
99 assert_cc(sizeof(SETTING_RLIMIT_FIRST
) == 8);
100 assert_cc(sizeof(SETTING_RLIMIT_LAST
) == 8);
102 typedef struct Settings
{
104 StartMode start_mode
;
109 uint64_t drop_capability
;
111 unsigned long personality
;
112 sd_id128_t machine_id
;
113 char *working_directory
;
114 char *pivot_root_new
;
115 char *pivot_root_old
;
116 UserNamespaceMode userns_mode
;
117 uid_t uid_shift
, uid_range
;
119 char **syscall_whitelist
;
120 char **syscall_blacklist
;
121 struct rlimit
*rlimit
[_RLIMIT_MAX
];
123 int no_new_privileges
;
124 int oom_score_adjust
;
125 bool oom_score_adjust_set
;
127 unsigned cpuset_ncpus
;
128 ResolvConfMode resolv_conf
;
129 LinkJournal link_journal
;
130 bool link_journal_try
;
131 TimezoneMode timezone
;
135 VolatileMode volatile_mode
;
136 CustomMount
*custom_mounts
;
137 size_t n_custom_mounts
;
143 char *network_bridge
;
145 char **network_interfaces
;
146 char **network_macvlan
;
147 char **network_ipvlan
;
148 char **network_veth_extra
;
149 ExposePort
*expose_ports
;
152 int settings_load(FILE *f
, const char *path
, Settings
**ret
);
153 Settings
* settings_free(Settings
*s
);
155 bool settings_network_veth(Settings
*s
);
156 bool settings_private_network(Settings
*s
);
158 DEFINE_TRIVIAL_CLEANUP_FUNC(Settings
*, settings_free
);
160 const struct ConfigPerfItem
* nspawn_gperf_lookup(const char *key
, GPERF_LEN_TYPE length
);
162 CONFIG_PARSER_PROTOTYPE(config_parse_capability
);
163 CONFIG_PARSER_PROTOTYPE(config_parse_id128
);
164 CONFIG_PARSER_PROTOTYPE(config_parse_expose_port
);
165 CONFIG_PARSER_PROTOTYPE(config_parse_volatile_mode
);
166 CONFIG_PARSER_PROTOTYPE(config_parse_pivot_root
);
167 CONFIG_PARSER_PROTOTYPE(config_parse_bind
);
168 CONFIG_PARSER_PROTOTYPE(config_parse_tmpfs
);
169 CONFIG_PARSER_PROTOTYPE(config_parse_overlay
);
170 CONFIG_PARSER_PROTOTYPE(config_parse_veth_extra
);
171 CONFIG_PARSER_PROTOTYPE(config_parse_network_zone
);
172 CONFIG_PARSER_PROTOTYPE(config_parse_boot
);
173 CONFIG_PARSER_PROTOTYPE(config_parse_pid2
);
174 CONFIG_PARSER_PROTOTYPE(config_parse_private_users
);
175 CONFIG_PARSER_PROTOTYPE(config_parse_syscall_filter
);
176 CONFIG_PARSER_PROTOTYPE(config_parse_hostname
);
177 CONFIG_PARSER_PROTOTYPE(config_parse_oom_score_adjust
);
178 CONFIG_PARSER_PROTOTYPE(config_parse_cpu_affinity
);
179 CONFIG_PARSER_PROTOTYPE(config_parse_resolv_conf
);
180 CONFIG_PARSER_PROTOTYPE(config_parse_link_journal
);
181 CONFIG_PARSER_PROTOTYPE(config_parse_timezone
);
183 const char *resolv_conf_mode_to_string(ResolvConfMode a
) _const_
;
184 ResolvConfMode
resolv_conf_mode_from_string(const char *s
) _pure_
;
186 const char *timezone_mode_to_string(TimezoneMode a
) _const_
;
187 TimezoneMode
timezone_mode_from_string(const char *s
) _pure_
;
189 int parse_link_journal(const char *s
, LinkJournal
*ret_mode
, bool *ret_try
);