[thirdparty/systemd.git] / src / nspawn / nspawn-settings.h

/* SPDX-License-Identifier: LGPL-2.1+ */
#pragma once

#include <sched.h>
#include <stdio.h>

#include "sd-id128.h"

#include "conf-parser.h"
#include "macro.h"
#include "missing_resource.h"
#include "nspawn-expose-ports.h"
#include "nspawn-mount.h"

typedef enum StartMode {
        START_PID1, /* Run parameters as command line as process 1 */
        START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */
        START_BOOT, /* Search for init system, pass arguments as parameters */
        _START_MODE_MAX,
        _START_MODE_INVALID = -1
} StartMode;

typedef enum UserNamespaceMode {
        USER_NAMESPACE_NO,
        USER_NAMESPACE_FIXED,
        USER_NAMESPACE_PICK,
        _USER_NAMESPACE_MODE_MAX,
        _USER_NAMESPACE_MODE_INVALID = -1,
} UserNamespaceMode;

typedef enum ResolvConfMode {
        RESOLV_CONF_OFF,
        RESOLV_CONF_COPY_HOST,
        RESOLV_CONF_COPY_STATIC,
        RESOLV_CONF_BIND_HOST,
        RESOLV_CONF_BIND_STATIC,
        RESOLV_CONF_DELETE,
        RESOLV_CONF_AUTO,
        _RESOLV_CONF_MODE_MAX,
        _RESOLV_CONF_MODE_INVALID = -1
} ResolvConfMode;

typedef enum LinkJournal {
        LINK_NO,
        LINK_AUTO,
        LINK_HOST,
        LINK_GUEST,
        _LINK_JOURNAL_MAX,
        _LINK_JOURNAL_INVALID = -1
} LinkJournal;

typedef enum TimezoneMode {
        TIMEZONE_OFF,
        TIMEZONE_COPY,
        TIMEZONE_BIND,
        TIMEZONE_SYMLINK,
        TIMEZONE_DELETE,
        TIMEZONE_AUTO,
        _TIMEZONE_MODE_MAX,
        _TIMEZONE_MODE_INVALID = -1
} TimezoneMode;

typedef enum SettingsMask {
        SETTING_START_MODE        = UINT64_C(1) << 0,
        SETTING_ENVIRONMENT       = UINT64_C(1) << 1,
        SETTING_USER              = UINT64_C(1) << 2,
        SETTING_CAPABILITY        = UINT64_C(1) << 3,
        SETTING_KILL_SIGNAL       = UINT64_C(1) << 4,
        SETTING_PERSONALITY       = UINT64_C(1) << 5,
        SETTING_MACHINE_ID        = UINT64_C(1) << 6,
        SETTING_NETWORK           = UINT64_C(1) << 7,
        SETTING_EXPOSE_PORTS      = UINT64_C(1) << 8,
        SETTING_READ_ONLY         = UINT64_C(1) << 9,
        SETTING_VOLATILE_MODE     = UINT64_C(1) << 10,
        SETTING_CUSTOM_MOUNTS     = UINT64_C(1) << 11,
        SETTING_WORKING_DIRECTORY = UINT64_C(1) << 12,
        SETTING_USERNS            = UINT64_C(1) << 13,
        SETTING_NOTIFY_READY      = UINT64_C(1) << 14,
        SETTING_PIVOT_ROOT        = UINT64_C(1) << 15,
        SETTING_SYSCALL_FILTER    = UINT64_C(1) << 16,
        SETTING_HOSTNAME          = UINT64_C(1) << 17,
        SETTING_NO_NEW_PRIVILEGES = UINT64_C(1) << 18,
        SETTING_OOM_SCORE_ADJUST  = UINT64_C(1) << 19,
        SETTING_CPU_AFFINITY      = UINT64_C(1) << 20,
        SETTING_RESOLV_CONF       = UINT64_C(1) << 21,
        SETTING_LINK_JOURNAL      = UINT64_C(1) << 22,
        SETTING_TIMEZONE          = UINT64_C(1) << 23,
        SETTING_EPHEMERAL         = UINT64_C(1) << 24,
        SETTING_RLIMIT_FIRST      = UINT64_C(1) << 25, /* we define one bit per resource limit here */
        SETTING_RLIMIT_LAST       = UINT64_C(1) << (25 + _RLIMIT_MAX - 1),
        _SETTINGS_MASK_ALL        = (UINT64_C(1) << (25 + _RLIMIT_MAX)) -1,
        _SETTING_FORCE_ENUM_WIDTH = UINT64_MAX
} SettingsMask;

/* We want to use SETTING_RLIMIT_FIRST in shifts, so make sure it is really 64 bits
 * when used in expressions. */
#define SETTING_RLIMIT_FIRST ((uint64_t) SETTING_RLIMIT_FIRST)
#define SETTING_RLIMIT_LAST ((uint64_t) SETTING_RLIMIT_LAST)

assert_cc(sizeof(SettingsMask) == 8);
assert_cc(sizeof(SETTING_RLIMIT_FIRST) == 8);
assert_cc(sizeof(SETTING_RLIMIT_LAST) == 8);

typedef struct Settings {
        /* [Run] */
        StartMode start_mode;
        bool ephemeral;
        char **parameters;
        char **environment;
        char *user;
        uint64_t capability;
        uint64_t drop_capability;
        int kill_signal;
        unsigned long personality;
        sd_id128_t machine_id;
        char *working_directory;
        char *pivot_root_new;
        char *pivot_root_old;
        UserNamespaceMode userns_mode;
        uid_t uid_shift, uid_range;
        bool notify_ready;
        char **syscall_whitelist;
        char **syscall_blacklist;
        struct rlimit *rlimit[_RLIMIT_MAX];
        char *hostname;
        int no_new_privileges;
        int oom_score_adjust;
        bool oom_score_adjust_set;
        cpu_set_t *cpuset;
        unsigned cpuset_ncpus;
        ResolvConfMode resolv_conf;
        LinkJournal link_journal;
        bool link_journal_try;
        TimezoneMode timezone;

        /* [Image] */
        int read_only;
        VolatileMode volatile_mode;
        CustomMount *custom_mounts;
        size_t n_custom_mounts;
        int userns_chown;

        /* [Network] */
        int private_network;
        int network_veth;
        char *network_bridge;
        char *network_zone;
        char **network_interfaces;
        char **network_macvlan;
        char **network_ipvlan;
        char **network_veth_extra;
        ExposePort *expose_ports;
} Settings;

int settings_load(FILE *f, const char *path, Settings **ret);
Settings* settings_free(Settings *s);

bool settings_network_veth(Settings *s);
bool settings_private_network(Settings *s);

DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);

const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);

CONFIG_PARSER_PROTOTYPE(config_parse_capability);
CONFIG_PARSER_PROTOTYPE(config_parse_id128);
CONFIG_PARSER_PROTOTYPE(config_parse_expose_port);
CONFIG_PARSER_PROTOTYPE(config_parse_volatile_mode);
CONFIG_PARSER_PROTOTYPE(config_parse_pivot_root);
CONFIG_PARSER_PROTOTYPE(config_parse_bind);
CONFIG_PARSER_PROTOTYPE(config_parse_tmpfs);
CONFIG_PARSER_PROTOTYPE(config_parse_overlay);
CONFIG_PARSER_PROTOTYPE(config_parse_veth_extra);
CONFIG_PARSER_PROTOTYPE(config_parse_network_zone);
CONFIG_PARSER_PROTOTYPE(config_parse_boot);
CONFIG_PARSER_PROTOTYPE(config_parse_pid2);
CONFIG_PARSER_PROTOTYPE(config_parse_private_users);
CONFIG_PARSER_PROTOTYPE(config_parse_syscall_filter);
CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
CONFIG_PARSER_PROTOTYPE(config_parse_oom_score_adjust);
CONFIG_PARSER_PROTOTYPE(config_parse_cpu_affinity);
CONFIG_PARSER_PROTOTYPE(config_parse_resolv_conf);
CONFIG_PARSER_PROTOTYPE(config_parse_link_journal);
CONFIG_PARSER_PROTOTYPE(config_parse_timezone);

const char *resolv_conf_mode_to_string(ResolvConfMode a) _const_;
ResolvConfMode resolv_conf_mode_from_string(const char *s) _pure_;

const char *timezone_mode_to_string(TimezoneMode a) _const_;
TimezoneMode timezone_mode_from_string(const char *s) _pure_;

int parse_link_journal(const char *s, LinkJournal *ret_mode, bool *ret_try);
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
f757855e LP	2	#pragma once
f757855e LP	3
d107bb7d	4	#include <sched.h>
f757855e LP	5	#include <stdio.h>
f757855e LP	6
dccca82b LP	7	#include "sd-id128.h"
dccca82b LP	8
a2106925	9	#include "conf-parser.h"
f757855e	10	#include "macro.h"
e93672ee	11	#include "missing_resource.h"
7a8f6325	12	#include "nspawn-expose-ports.h"
71d35b6b	13	#include "nspawn-mount.h"
f757855e	14
7732f92b LP	15	typedef enum StartMode {
	16	START_PID1, /* Run parameters as command line as process 1 */
	17	START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */
	18	START_BOOT, /* Search for init system, pass arguments as parameters */
	19	_START_MODE_MAX,
	20	_START_MODE_INVALID = -1
	21	} StartMode;
	22
0de7acce LP	23	typedef enum UserNamespaceMode {
	24	USER_NAMESPACE_NO,
	25	USER_NAMESPACE_FIXED,
	26	USER_NAMESPACE_PICK,
	27	_USER_NAMESPACE_MODE_MAX,
	28	_USER_NAMESPACE_MODE_INVALID = -1,
	29	} UserNamespaceMode;
	30
09d423e9 LP	31	typedef enum ResolvConfMode {
	32	RESOLV_CONF_OFF,
	33	RESOLV_CONF_COPY_HOST,
	34	RESOLV_CONF_COPY_STATIC,
	35	RESOLV_CONF_BIND_HOST,
	36	RESOLV_CONF_BIND_STATIC,
	37	RESOLV_CONF_DELETE,
	38	RESOLV_CONF_AUTO,
	39	_RESOLV_CONF_MODE_MAX,
	40	_RESOLV_CONF_MODE_INVALID = -1
	41	} ResolvConfMode;
	42
4e1d6aa9 LP	43	typedef enum LinkJournal {
	44	LINK_NO,
	45	LINK_AUTO,
	46	LINK_HOST,
	47	LINK_GUEST,
	48	_LINK_JOURNAL_MAX,
	49	_LINK_JOURNAL_INVALID = -1
	50	} LinkJournal;
	51
1688841f LP	52	typedef enum TimezoneMode {
	53	TIMEZONE_OFF,
	54	TIMEZONE_COPY,
	55	TIMEZONE_BIND,
	56	TIMEZONE_SYMLINK,
	57	TIMEZONE_DELETE,
	58	TIMEZONE_AUTO,
	59	_TIMEZONE_MODE_MAX,
	60	_TIMEZONE_MODE_INVALID = -1
	61	} TimezoneMode;
	62
f757855e	63	typedef enum SettingsMask {
bf428efb LP	64	SETTING_START_MODE = UINT64_C(1) << 0,
	65	SETTING_ENVIRONMENT = UINT64_C(1) << 1,
	66	SETTING_USER = UINT64_C(1) << 2,
	67	SETTING_CAPABILITY = UINT64_C(1) << 3,
	68	SETTING_KILL_SIGNAL = UINT64_C(1) << 4,
	69	SETTING_PERSONALITY = UINT64_C(1) << 5,
	70	SETTING_MACHINE_ID = UINT64_C(1) << 6,
	71	SETTING_NETWORK = UINT64_C(1) << 7,
	72	SETTING_EXPOSE_PORTS = UINT64_C(1) << 8,
	73	SETTING_READ_ONLY = UINT64_C(1) << 9,
	74	SETTING_VOLATILE_MODE = UINT64_C(1) << 10,
	75	SETTING_CUSTOM_MOUNTS = UINT64_C(1) << 11,
	76	SETTING_WORKING_DIRECTORY = UINT64_C(1) << 12,
	77	SETTING_USERNS = UINT64_C(1) << 13,
	78	SETTING_NOTIFY_READY = UINT64_C(1) << 14,
	79	SETTING_PIVOT_ROOT = UINT64_C(1) << 15,
	80	SETTING_SYSCALL_FILTER = UINT64_C(1) << 16,
3a9530e5	81	SETTING_HOSTNAME = UINT64_C(1) << 17,
66edd963	82	SETTING_NO_NEW_PRIVILEGES = UINT64_C(1) << 18,
81f345df	83	SETTING_OOM_SCORE_ADJUST = UINT64_C(1) << 19,
d107bb7d	84	SETTING_CPU_AFFINITY = UINT64_C(1) << 20,
09d423e9	85	SETTING_RESOLV_CONF = UINT64_C(1) << 21,
4e1d6aa9	86	SETTING_LINK_JOURNAL = UINT64_C(1) << 22,
1688841f	87	SETTING_TIMEZONE = UINT64_C(1) << 23,
a2f577fc JL	88	SETTING_EPHEMERAL = UINT64_C(1) << 24,
	89	SETTING_RLIMIT_FIRST = UINT64_C(1) << 25, /* we define one bit per resource limit here */
	90	SETTING_RLIMIT_LAST = UINT64_C(1) << (25 + _RLIMIT_MAX - 1),
	91	_SETTINGS_MASK_ALL = (UINT64_C(1) << (25 + _RLIMIT_MAX)) -1,
f728ab17	92	_SETTING_FORCE_ENUM_WIDTH = UINT64_MAX
f757855e LP	93	} SettingsMask;
f757855e LP	94
b49c6ca0 ZJS	95	/* We want to use SETTING_RLIMIT_FIRST in shifts, so make sure it is really 64 bits
	96	* when used in expressions. */
	97	#define SETTING_RLIMIT_FIRST ((uint64_t) SETTING_RLIMIT_FIRST)
	98	#define SETTING_RLIMIT_LAST ((uint64_t) SETTING_RLIMIT_LAST)
	99
	100	assert_cc(sizeof(SettingsMask) == 8);
	101	assert_cc(sizeof(SETTING_RLIMIT_FIRST) == 8);
	102	assert_cc(sizeof(SETTING_RLIMIT_LAST) == 8);
	103
f757855e LP	104	typedef struct Settings {
f757855e LP	105	/* [Run] */
7732f92b	106	StartMode start_mode;
a2f577fc	107	bool ephemeral;
f757855e LP	108	char **parameters;
	109	char **environment;
	110	char *user;
	111	uint64_t capability;
	112	uint64_t drop_capability;
	113	int kill_signal;
	114	unsigned long personality;
	115	sd_id128_t machine_id;
5f932eb9	116	char *working_directory;
b53ede69 PW	117	char *pivot_root_new;
b53ede69 PW	118	char *pivot_root_old;
0de7acce LP	119	UserNamespaceMode userns_mode;
0de7acce LP	120	uid_t uid_shift, uid_range;
9c1e04d0	121	bool notify_ready;
960e4569 LP	122	char **syscall_whitelist;
960e4569 LP	123	char **syscall_blacklist;
bf428efb	124	struct rlimit *rlimit[_RLIMIT_MAX];
3a9530e5	125	char *hostname;
66edd963	126	int no_new_privileges;
81f345df LP	127	int oom_score_adjust;
81f345df LP	128	bool oom_score_adjust_set;
d107bb7d LP	129	cpu_set_t *cpuset;
d107bb7d LP	130	unsigned cpuset_ncpus;
09d423e9	131	ResolvConfMode resolv_conf;
4e1d6aa9 LP	132	LinkJournal link_journal;
4e1d6aa9 LP	133	bool link_journal_try;
1688841f	134	TimezoneMode timezone;
f757855e LP	135
	136	/* [Image] */
	137	int read_only;
	138	VolatileMode volatile_mode;
	139	CustomMount *custom_mounts;
88614c8a	140	size_t n_custom_mounts;
0de7acce	141	int userns_chown;
f757855e LP	142
	143	/* [Network] */
	144	int private_network;
	145	int network_veth;
	146	char *network_bridge;
22b28dfd	147	char *network_zone;
f757855e LP	148	char **network_interfaces;
	149	char **network_macvlan;
	150	char **network_ipvlan;
f6d6bad1	151	char **network_veth_extra;
f757855e LP	152	ExposePort *expose_ports;
	153	} Settings;
	154
	155	int settings_load(FILE f, const char path, Settings **ret);
	156	Settings* settings_free(Settings *s);
	157
0e265674 LP	158	bool settings_network_veth(Settings *s);
	159	bool settings_private_network(Settings *s);
	160
f757855e LP	161	DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);
f757855e LP	162
c9f7b4d3	163	const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
f757855e	164
a2106925 LP	165	CONFIG_PARSER_PROTOTYPE(config_parse_capability);
	166	CONFIG_PARSER_PROTOTYPE(config_parse_id128);
	167	CONFIG_PARSER_PROTOTYPE(config_parse_expose_port);
	168	CONFIG_PARSER_PROTOTYPE(config_parse_volatile_mode);
	169	CONFIG_PARSER_PROTOTYPE(config_parse_pivot_root);
	170	CONFIG_PARSER_PROTOTYPE(config_parse_bind);
	171	CONFIG_PARSER_PROTOTYPE(config_parse_tmpfs);
	172	CONFIG_PARSER_PROTOTYPE(config_parse_overlay);
	173	CONFIG_PARSER_PROTOTYPE(config_parse_veth_extra);
	174	CONFIG_PARSER_PROTOTYPE(config_parse_network_zone);
	175	CONFIG_PARSER_PROTOTYPE(config_parse_boot);
	176	CONFIG_PARSER_PROTOTYPE(config_parse_pid2);
	177	CONFIG_PARSER_PROTOTYPE(config_parse_private_users);
	178	CONFIG_PARSER_PROTOTYPE(config_parse_syscall_filter);
	179	CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
	180	CONFIG_PARSER_PROTOTYPE(config_parse_oom_score_adjust);
	181	CONFIG_PARSER_PROTOTYPE(config_parse_cpu_affinity);
09d423e9	182	CONFIG_PARSER_PROTOTYPE(config_parse_resolv_conf);
4e1d6aa9	183	CONFIG_PARSER_PROTOTYPE(config_parse_link_journal);
1688841f	184	CONFIG_PARSER_PROTOTYPE(config_parse_timezone);
09d423e9 LP	185
	186	const char *resolv_conf_mode_to_string(ResolvConfMode a) _const_;
	187	ResolvConfMode resolv_conf_mode_from_string(const char *s) _pure_;
4e1d6aa9	188
1688841f LP	189	const char *timezone_mode_to_string(TimezoneMode a) _const_;
	190	TimezoneMode timezone_mode_from_string(const char *s) _pure_;
	191
4e1d6aa9	192	int parse_link_journal(const char s, LinkJournal ret_mode, bool *ret_try);