src/nspawn/nspawn-settings.h

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 #pragma once
   3
   4 #include <sched.h>
   5 #include <stdio.h>
   6
   7 #include "sd-id128.h"
   8
   9 #include "conf-parser.h"
  10 #include "macro.h"
  11 #include "missing_resource.h"
  12 #include "nspawn-expose-ports.h"
  13 #include "nspawn-mount.h"
  14
  15 typedef enum StartMode {
  16         START_PID1, /* Run parameters as command line as process 1 */
  17         START_PID2, /* Use stub init process as PID 1, run parameters as command line as process 2 */
  18         START_BOOT, /* Search for init system, pass arguments as parameters */
  19         _START_MODE_MAX,
  20         _START_MODE_INVALID = -1
  21 } StartMode;
  22
  23 typedef enum UserNamespaceMode {
  24         USER_NAMESPACE_NO,
  25         USER_NAMESPACE_FIXED,
  26         USER_NAMESPACE_PICK,
  27         _USER_NAMESPACE_MODE_MAX,
  28         _USER_NAMESPACE_MODE_INVALID = -1,
  29 } UserNamespaceMode;
  30
  31 typedef enum ResolvConfMode {
  32         RESOLV_CONF_OFF,
  33         RESOLV_CONF_COPY_HOST,
  34         RESOLV_CONF_COPY_STATIC,
  35         RESOLV_CONF_BIND_HOST,
  36         RESOLV_CONF_BIND_STATIC,
  37         RESOLV_CONF_DELETE,
  38         RESOLV_CONF_AUTO,
  39         _RESOLV_CONF_MODE_MAX,
  40         _RESOLV_CONF_MODE_INVALID = -1
  41 } ResolvConfMode;
  42
  43 typedef enum LinkJournal {
  44         LINK_NO,
  45         LINK_AUTO,
  46         LINK_HOST,
  47         LINK_GUEST,
  48         _LINK_JOURNAL_MAX,
  49         _LINK_JOURNAL_INVALID = -1
  50 } LinkJournal;
  51
  52 typedef enum TimezoneMode {
  53         TIMEZONE_OFF,
  54         TIMEZONE_COPY,
  55         TIMEZONE_BIND,
  56         TIMEZONE_SYMLINK,
  57         TIMEZONE_DELETE,
  58         TIMEZONE_AUTO,
  59         _TIMEZONE_MODE_MAX,
  60         _TIMEZONE_MODE_INVALID = -1
  61 } TimezoneMode;
  62
  63 typedef enum SettingsMask {
  64         SETTING_START_MODE        = UINT64_C(1) << 0,
  65         SETTING_ENVIRONMENT       = UINT64_C(1) << 1,
  66         SETTING_USER              = UINT64_C(1) << 2,
  67         SETTING_CAPABILITY        = UINT64_C(1) << 3,
  68         SETTING_KILL_SIGNAL       = UINT64_C(1) << 4,
  69         SETTING_PERSONALITY       = UINT64_C(1) << 5,
  70         SETTING_MACHINE_ID        = UINT64_C(1) << 6,
  71         SETTING_NETWORK           = UINT64_C(1) << 7,
  72         SETTING_EXPOSE_PORTS      = UINT64_C(1) << 8,
  73         SETTING_READ_ONLY         = UINT64_C(1) << 9,
  74         SETTING_VOLATILE_MODE     = UINT64_C(1) << 10,
  75         SETTING_CUSTOM_MOUNTS     = UINT64_C(1) << 11,
  76         SETTING_WORKING_DIRECTORY = UINT64_C(1) << 12,
  77         SETTING_USERNS            = UINT64_C(1) << 13,
  78         SETTING_NOTIFY_READY      = UINT64_C(1) << 14,
  79         SETTING_PIVOT_ROOT        = UINT64_C(1) << 15,
  80         SETTING_SYSCALL_FILTER    = UINT64_C(1) << 16,
  81         SETTING_HOSTNAME          = UINT64_C(1) << 17,
  82         SETTING_NO_NEW_PRIVILEGES = UINT64_C(1) << 18,
  83         SETTING_OOM_SCORE_ADJUST  = UINT64_C(1) << 19,
  84         SETTING_CPU_AFFINITY      = UINT64_C(1) << 20,
  85         SETTING_RESOLV_CONF       = UINT64_C(1) << 21,
  86         SETTING_LINK_JOURNAL      = UINT64_C(1) << 22,
  87         SETTING_TIMEZONE          = UINT64_C(1) << 23,
  88         SETTING_EPHEMERAL         = UINT64_C(1) << 24,
  89         SETTING_RLIMIT_FIRST      = UINT64_C(1) << 25, /* we define one bit per resource limit here */
  90         SETTING_RLIMIT_LAST       = UINT64_C(1) << (25 + _RLIMIT_MAX - 1),
  91         _SETTINGS_MASK_ALL        = (UINT64_C(1) << (25 + _RLIMIT_MAX)) -1,
  92         _SETTING_FORCE_ENUM_WIDTH = UINT64_MAX
  93 } SettingsMask;
  94
  95 /* We want to use SETTING_RLIMIT_FIRST in shifts, so make sure it is really 64 bits
  96  * when used in expressions. */
  97 #define SETTING_RLIMIT_FIRST ((uint64_t) SETTING_RLIMIT_FIRST)
  98 #define SETTING_RLIMIT_LAST ((uint64_t) SETTING_RLIMIT_LAST)
  99
 100 assert_cc(sizeof(SettingsMask) == 8);
 101 assert_cc(sizeof(SETTING_RLIMIT_FIRST) == 8);
 102 assert_cc(sizeof(SETTING_RLIMIT_LAST) == 8);
 103
 104 typedef struct Settings {
 105         /* [Run] */
 106         StartMode start_mode;
 107         bool ephemeral;
 108         char **parameters;
 109         char **environment;
 110         char *user;
 111         uint64_t capability;
 112         uint64_t drop_capability;
 113         int kill_signal;
 114         unsigned long personality;
 115         sd_id128_t machine_id;
 116         char *working_directory;
 117         char *pivot_root_new;
 118         char *pivot_root_old;
 119         UserNamespaceMode userns_mode;
 120         uid_t uid_shift, uid_range;
 121         bool notify_ready;
 122         char **syscall_whitelist;
 123         char **syscall_blacklist;
 124         struct rlimit *rlimit[_RLIMIT_MAX];
 125         char *hostname;
 126         int no_new_privileges;
 127         int oom_score_adjust;
 128         bool oom_score_adjust_set;
 129         cpu_set_t *cpuset;
 130         unsigned cpuset_ncpus;
 131         ResolvConfMode resolv_conf;
 132         LinkJournal link_journal;
 133         bool link_journal_try;
 134         TimezoneMode timezone;
 135
 136         /* [Image] */
 137         int read_only;
 138         VolatileMode volatile_mode;
 139         CustomMount *custom_mounts;
 140         size_t n_custom_mounts;
 141         int userns_chown;
 142
 143         /* [Network] */
 144         int private_network;
 145         int network_veth;
 146         char *network_bridge;
 147         char *network_zone;
 148         char **network_interfaces;
 149         char **network_macvlan;
 150         char **network_ipvlan;
 151         char **network_veth_extra;
 152         ExposePort *expose_ports;
 153 } Settings;
 154
 155 int settings_load(FILE *f, const char *path, Settings **ret);
 156 Settings* settings_free(Settings *s);
 157
 158 bool settings_network_veth(Settings *s);
 159 bool settings_private_network(Settings *s);
 160
 161 DEFINE_TRIVIAL_CLEANUP_FUNC(Settings*, settings_free);
 162
 163 const struct ConfigPerfItem* nspawn_gperf_lookup(const char *key, GPERF_LEN_TYPE length);
 164
 165 CONFIG_PARSER_PROTOTYPE(config_parse_capability);
 166 CONFIG_PARSER_PROTOTYPE(config_parse_id128);
 167 CONFIG_PARSER_PROTOTYPE(config_parse_expose_port);
 168 CONFIG_PARSER_PROTOTYPE(config_parse_volatile_mode);
 169 CONFIG_PARSER_PROTOTYPE(config_parse_pivot_root);
 170 CONFIG_PARSER_PROTOTYPE(config_parse_bind);
 171 CONFIG_PARSER_PROTOTYPE(config_parse_tmpfs);
 172 CONFIG_PARSER_PROTOTYPE(config_parse_overlay);
 173 CONFIG_PARSER_PROTOTYPE(config_parse_veth_extra);
 174 CONFIG_PARSER_PROTOTYPE(config_parse_network_zone);
 175 CONFIG_PARSER_PROTOTYPE(config_parse_boot);
 176 CONFIG_PARSER_PROTOTYPE(config_parse_pid2);
 177 CONFIG_PARSER_PROTOTYPE(config_parse_private_users);
 178 CONFIG_PARSER_PROTOTYPE(config_parse_syscall_filter);
 179 CONFIG_PARSER_PROTOTYPE(config_parse_hostname);
 180 CONFIG_PARSER_PROTOTYPE(config_parse_oom_score_adjust);
 181 CONFIG_PARSER_PROTOTYPE(config_parse_cpu_affinity);
 182 CONFIG_PARSER_PROTOTYPE(config_parse_resolv_conf);
 183 CONFIG_PARSER_PROTOTYPE(config_parse_link_journal);
 184 CONFIG_PARSER_PROTOTYPE(config_parse_timezone);
 185
 186 const char *resolv_conf_mode_to_string(ResolvConfMode a) _const_;
 187 ResolvConfMode resolv_conf_mode_from_string(const char *s) _pure_;
 188
 189 const char *timezone_mode_to_string(TimezoneMode a) _const_;
 190 TimezoneMode timezone_mode_from_string(const char *s) _pure_;
 191
 192 int parse_link_journal(const char *s, LinkJournal *ret_mode, bool *ret_try);