[thirdparty/systemd.git] / src / nspawn / nspawn-settings.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

/***
  This file is part of systemd.

  Copyright 2015 Lennart Poettering

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <stdio.h>

#include "macro.h"
#include "nspawn-expose-ports.h"
#include "nspawn-mount.h"

typedef enum StartMode {
        START_PID1, /* Run parameters as command line as process 1 */
        START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */
        START_BOOT, /* Search for init system, pass arguments as parameters */
        _START_MODE_MAX,
        _START_MODE_INVALID = -1
} StartMode;

typedef enum UserNamespaceMode {
        USER_NAMESPACE_NO,
        USER_NAMESPACE_FIXED,
        USER_NAMESPACE_PICK,
        _USER_NAMESPACE_MODE_MAX,
        _USER_NAMESPACE_MODE_INVALID = -1,
} UserNamespaceMode;

typedef enum SettingsMask {
        SETTING_START_MODE        = 1 << 0,
        SETTING_ENVIRONMENT       = 1 << 1,
        SETTING_USER              = 1 << 2,
        SETTING_CAPABILITY        = 1 << 3,
        SETTING_KILL_SIGNAL       = 1 << 4,
        SETTING_PERSONALITY       = 1 << 5,
        SETTING_MACHINE_ID        = 1 << 6,
        SETTING_NETWORK           = 1 << 7,
        SETTING_EXPOSE_PORTS      = 1 << 8,
        SETTING_READ_ONLY         = 1 << 9,
        SETTING_VOLATILE_MODE     = 1 << 10,
        SETTING_CUSTOM_MOUNTS     = 1 << 11,
        SETTING_WORKING_DIRECTORY = 1 << 12,
        SETTING_USERNS            = 1 << 13,
        SETTING_NOTIFY_READY      = 1 << 14,
        SETTING_PIVOT_ROOT        = 1 << 15,
        SETTING_SYSCALL_FILTER    = 1 << 16,
        _SETTINGS_MASK_ALL        = (1 << 17) -1
} SettingsMask;

typedef struct Settings {
        /* [Run] */
        StartMode start_mode;
        char **parameters;
        char **environment;
        char *user;
        uint64_t capability;
        uint64_t drop_capability;
        int kill_signal;
        unsigned long personality;
        sd_id128_t machine_id;
        char *working_directory;
        char *pivot_root_new;
        char *pivot_root_old;
        UserNamespaceMode userns_mode;
        uid_t uid_shift, uid_range;
        bool notify_ready;
        char **syscall_whitelist;
        char **syscall_blacklist;

        /* [Image] */
        int read_only;
        VolatileMode volatile_mode;
        CustomMount *custom_mounts;
        unsigned n_custom_mounts;
        int userns_chown;

        /* [Network] */
        int private_network;
        int network_veth;
        char *network_bridge;
        char *network_zone;
        char **network_interfaces;
        char **network_macvlan;
        char **network_ipvlan;
        char **network_veth_extra;
        ExposePort *expose_ports;
} Settings;

int settings_load(FILE *f, const char *path, Settings **ret);
Settings* settings_free(Settings *s);

bool settings_network_veth(Settings *s);
bool settings_private_network(Settings *s);

DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);

const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);

int config_parse_capability(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_id128(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_expose_port(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_volatile_mode(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_pivot_root(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_bind(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_tmpfs(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_overlay(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_veth_extra(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_network_zone(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_boot(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_pid2(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_private_users(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
int config_parse_syscall_filter(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata);
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
f757855e LP	2	#pragma once
	3
	4	/***
	5	This file is part of systemd.
	6
	7	Copyright 2015 Lennart Poettering
	8
	9	systemd is free software; you can redistribute it and/or modify it
	10	under the terms of the GNU Lesser General Public License as published by
	11	the Free Software Foundation; either version 2.1 of the License, or
	12	(at your option) any later version.
	13
	14	systemd is distributed in the hope that it will be useful, but
	15	WITHOUT ANY WARRANTY; without even the implied warranty of
	16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	Lesser General Public License for more details.
	18
	19	You should have received a copy of the GNU Lesser General Public License
	20	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	21	***/
	22
	23	#include <stdio.h>
	24
	25	#include "macro.h"
7a8f6325	26	#include "nspawn-expose-ports.h"
71d35b6b	27	#include "nspawn-mount.h"
f757855e	28
7732f92b LP	29	typedef enum StartMode {
	30	START_PID1, /* Run parameters as command line as process 1 */
	31	START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */
	32	START_BOOT, /* Search for init system, pass arguments as parameters */
	33	_START_MODE_MAX,
	34	_START_MODE_INVALID = -1
	35	} StartMode;
	36
0de7acce LP	37	typedef enum UserNamespaceMode {
	38	USER_NAMESPACE_NO,
	39	USER_NAMESPACE_FIXED,
	40	USER_NAMESPACE_PICK,
	41	_USER_NAMESPACE_MODE_MAX,
	42	_USER_NAMESPACE_MODE_INVALID = -1,
	43	} UserNamespaceMode;
	44
f757855e	45	typedef enum SettingsMask {
7732f92b LP	46	SETTING_START_MODE = 1 << 0,
	47	SETTING_ENVIRONMENT = 1 << 1,
	48	SETTING_USER = 1 << 2,
	49	SETTING_CAPABILITY = 1 << 3,
	50	SETTING_KILL_SIGNAL = 1 << 4,
	51	SETTING_PERSONALITY = 1 << 5,
	52	SETTING_MACHINE_ID = 1 << 6,
	53	SETTING_NETWORK = 1 << 7,
	54	SETTING_EXPOSE_PORTS = 1 << 8,
	55	SETTING_READ_ONLY = 1 << 9,
	56	SETTING_VOLATILE_MODE = 1 << 10,
	57	SETTING_CUSTOM_MOUNTS = 1 << 11,
5f932eb9	58	SETTING_WORKING_DIRECTORY = 1 << 12,
0de7acce	59	SETTING_USERNS = 1 << 13,
9c1e04d0	60	SETTING_NOTIFY_READY = 1 << 14,
b53ede69	61	SETTING_PIVOT_ROOT = 1 << 15,
960e4569 LP	62	SETTING_SYSCALL_FILTER = 1 << 16,
960e4569 LP	63	_SETTINGS_MASK_ALL = (1 << 17) -1
f757855e LP	64	} SettingsMask;
	65
	66	typedef struct Settings {
	67	/* [Run] */
7732f92b	68	StartMode start_mode;
f757855e LP	69	char **parameters;
	70	char **environment;
	71	char *user;
	72	uint64_t capability;
	73	uint64_t drop_capability;
	74	int kill_signal;
	75	unsigned long personality;
	76	sd_id128_t machine_id;
5f932eb9	77	char *working_directory;
b53ede69 PW	78	char *pivot_root_new;
b53ede69 PW	79	char *pivot_root_old;
0de7acce LP	80	UserNamespaceMode userns_mode;
0de7acce LP	81	uid_t uid_shift, uid_range;
9c1e04d0	82	bool notify_ready;
960e4569 LP	83	char **syscall_whitelist;
960e4569 LP	84	char **syscall_blacklist;
f757855e LP	85
	86	/* [Image] */
	87	int read_only;
	88	VolatileMode volatile_mode;
	89	CustomMount *custom_mounts;
	90	unsigned n_custom_mounts;
0de7acce	91	int userns_chown;
f757855e LP	92
	93	/* [Network] */
	94	int private_network;
	95	int network_veth;
	96	char *network_bridge;
22b28dfd	97	char *network_zone;
f757855e LP	98	char **network_interfaces;
	99	char **network_macvlan;
	100	char **network_ipvlan;
f6d6bad1	101	char **network_veth_extra;
f757855e LP	102	ExposePort *expose_ports;
	103	} Settings;
	104
	105	int settings_load(FILE f, const char path, Settings **ret);
	106	Settings* settings_free(Settings *s);
	107
0e265674 LP	108	bool settings_network_veth(Settings *s);
	109	bool settings_private_network(Settings *s);
	110
f757855e LP	111	DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);
f757855e LP	112
c9f7b4d3	113	const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
f757855e LP	114
	115	int config_parse_capability(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
	116	int config_parse_id128(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
	117	int config_parse_expose_port(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
	118	int config_parse_volatile_mode(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
b53ede69	119	int config_parse_pivot_root(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
f757855e LP	120	int config_parse_bind(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
f757855e LP	121	int config_parse_tmpfs(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
7b4318b6	122	int config_parse_overlay(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
f6d6bad1	123	int config_parse_veth_extra(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
22b28dfd	124	int config_parse_network_zone(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
7732f92b LP	125	int config_parse_boot(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
7732f92b LP	126	int config_parse_pid2(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
0de7acce	127	int config_parse_private_users(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);
960e4569	128	int config_parse_syscall_filter(const char unit, const char filename, unsigned line, const char section, unsigned section_line, const char lvalue, int ltype, const char rvalue, void data, void *userdata);