src/nspawn/nspawn-settings.h

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 #pragma once
   3
   4 /***
   5   This file is part of systemd.
   6
   7   Copyright 2015 Lennart Poettering
   8 ***/
   9
  10 #include <sched.h>
  11 #include <stdio.h>
  12
  13 #include "sd-id128.h"
  14
  15 #include "conf-parser.h"
  16 #include "macro.h"
  17 #include "nspawn-expose-ports.h"
  18 #include "nspawn-mount.h"
  19
  20 typedef enum StartMode {
  21         START_PID1, /* Run parameters as command line as process 1 */
  22         START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */
  23         START_BOOT, /* Search for init system, pass arguments as parameters */
  24         _START_MODE_MAX,
  25         _START_MODE_INVALID = -1
  26 } StartMode;
  27
  28 typedef enum UserNamespaceMode {
  29         USER_NAMESPACE_NO,
  30         USER_NAMESPACE_FIXED,
  31         USER_NAMESPACE_PICK,
  32         _USER_NAMESPACE_MODE_MAX,
  33         _USER_NAMESPACE_MODE_INVALID = -1,
  34 } UserNamespaceMode;
  35
  36 typedef enum SettingsMask {
  37         SETTING_START_MODE        = UINT64_C(1) << 0,
  38         SETTING_ENVIRONMENT       = UINT64_C(1) << 1,
  39         SETTING_USER              = UINT64_C(1) << 2,
  40         SETTING_CAPABILITY        = UINT64_C(1) << 3,
  41         SETTING_KILL_SIGNAL       = UINT64_C(1) << 4,
  42         SETTING_PERSONALITY       = UINT64_C(1) << 5,
  43         SETTING_MACHINE_ID        = UINT64_C(1) << 6,
  44         SETTING_NETWORK           = UINT64_C(1) << 7,
  45         SETTING_EXPOSE_PORTS      = UINT64_C(1) << 8,
  46         SETTING_READ_ONLY         = UINT64_C(1) << 9,
  47         SETTING_VOLATILE_MODE     = UINT64_C(1) << 10,
  48         SETTING_CUSTOM_MOUNTS     = UINT64_C(1) << 11,
  49         SETTING_WORKING_DIRECTORY = UINT64_C(1) << 12,
  50         SETTING_USERNS            = UINT64_C(1) << 13,
  51         SETTING_NOTIFY_READY      = UINT64_C(1) << 14,
  52         SETTING_PIVOT_ROOT        = UINT64_C(1) << 15,
  53         SETTING_SYSCALL_FILTER    = UINT64_C(1) << 16,
  54         SETTING_HOSTNAME          = UINT64_C(1) << 17,
  55         SETTING_NO_NEW_PRIVILEGES = UINT64_C(1) << 18,
  56         SETTING_OOM_SCORE_ADJUST  = UINT64_C(1) << 19,
  57         SETTING_CPU_AFFINITY      = UINT64_C(1) << 20,
  58         SETTING_RLIMIT_FIRST      = UINT64_C(1) << 21, /* we define one bit per resource limit here */
  59         SETTING_RLIMIT_LAST       = UINT64_C(1) << (21 + _RLIMIT_MAX - 1),
  60         _SETTINGS_MASK_ALL        = (UINT64_C(1) << (21 + _RLIMIT_MAX)) - 1
  61 } SettingsMask;
  62
  63 typedef struct Settings {
  64         /* [Run] */
  65         StartMode start_mode;
  66         char **parameters;
  67         char **environment;
  68         char *user;
  69         uint64_t capability;
  70         uint64_t drop_capability;
  71         int kill_signal;
  72         unsigned long personality;
  73         sd_id128_t machine_id;
  74         char *working_directory;
  75         char *pivot_root_new;
  76         char *pivot_root_old;
  77         UserNamespaceMode userns_mode;
  78         uid_t uid_shift, uid_range;
  79         bool notify_ready;
  80         char **syscall_whitelist;
  81         char **syscall_blacklist;
  82         struct rlimit *rlimit[_RLIMIT_MAX];
  83         char *hostname;
  84         int no_new_privileges;
  85         int oom_score_adjust;
  86         bool oom_score_adjust_set;
  87         cpu_set_t *cpuset;
  88         unsigned cpuset_ncpus;
  89
  90         /* [Image] */
  91         int read_only;
  92         VolatileMode volatile_mode;
  93         CustomMount *custom_mounts;
  94         size_t n_custom_mounts;
  95         int userns_chown;
  96
  97         /* [Network] */
  98         int private_network;
  99         int network_veth;
 100         char *network_bridge;
 101         char *network_zone;
 102         char **network_interfaces;
 103         char **network_macvlan;
 104         char **network_ipvlan;
 105         char **network_veth_extra;
 106         ExposePort *expose_ports;
 107 } Settings;
 108
 109 int settings_load(FILE *f, const char *path, Settings **ret);
 110 Settings* settings_free(Settings *s);
 111
 112 bool settings_network_veth(Settings *s);
 113 bool settings_private_network(Settings *s);
 114
 115 DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);
 116
 117 const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
 118
 119 CONFIG_PARSER_PROTOTYPE(config_parse_capability);
 120 CONFIG_PARSER_PROTOTYPE(config_parse_id128);
 121 CONFIG_PARSER_PROTOTYPE(config_parse_expose_port);
 122 CONFIG_PARSER_PROTOTYPE(config_parse_volatile_mode);
 123 CONFIG_PARSER_PROTOTYPE(config_parse_pivot_root);
 124 CONFIG_PARSER_PROTOTYPE(config_parse_bind);
 125 CONFIG_PARSER_PROTOTYPE(config_parse_tmpfs);
 126 CONFIG_PARSER_PROTOTYPE(config_parse_overlay);
 127 CONFIG_PARSER_PROTOTYPE(config_parse_veth_extra);
 128 CONFIG_PARSER_PROTOTYPE(config_parse_network_zone);
 129 CONFIG_PARSER_PROTOTYPE(config_parse_boot);
 130 CONFIG_PARSER_PROTOTYPE(config_parse_pid2);
 131 CONFIG_PARSER_PROTOTYPE(config_parse_private_users);
 132 CONFIG_PARSER_PROTOTYPE(config_parse_syscall_filter);
 133 CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
 134 CONFIG_PARSER_PROTOTYPE(config_parse_oom_score_adjust);
 135 CONFIG_PARSER_PROTOTYPE(config_parse_cpu_affinity);