-
Notifications
You must be signed in to change notification settings - Fork 10
/
enter.h
126 lines (99 loc) · 2.29 KB
/
enter.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
/* Copyright © 2020 Arista Networks, Inc. All rights reserved.
*
* Use of this source code is governed by the MIT license that can be found
* in the LICENSE file.
*/
#ifndef ENTER_H_
# define ENTER_H_
# include <limits.h>
# include <stdbool.h>
# include <sys/resource.h>
# include <sys/stat.h>
# include <time.h>
# include <unistd.h>
# include "bst_limits.h"
# include "cgroup.h"
# include "mount.h"
# include "net.h"
# include "ns.h"
# include "timens.h"
# include "userns.h"
# include "tty.h"
struct bst_rlimit {
bool present;
struct rlimit rlim;
};
struct climit {
char *limit;
char *fname;
bool critical;
};
struct close_range {
int from;
int to;
};
enum {
MAX_MOUNT = 4096,
MAX_NICS = 4096,
MAX_ADDRS = 4096,
MAX_ROUTES = 4096,
MAX_CGROUPS = 4096,
MAX_CLOSE_FDS = 4096,
};
/* SHARE_WITH_PARENT is a special value for entry_settings.shares[ns]. */
# define SHARE_WITH_PARENT ((char *) -1)
struct entry_settings {
/* shares[] is indexed by SHARE_CGROUP, etc. Legal values are:
NULL: unshare.
SHARE_WITH_PARENT: special marker meaning don't unshare or setns.
filename: setns to the given namespace file. */
const char *shares[MAX_NS];
const char *persist[MAX_NS];
const char *pathname;
char *const *argv;
char *const *envp;
const char *init;
char *root;
char *workdir;
char *hostname;
char *domainname;
uid_t uid;
gid_t gid;
gid_t groups[NGROUPS_MAX];
size_t ngroups;
id_map uid_map;
id_map gid_map;
struct mount_entry mounts[MAX_MOUNT];
size_t nmounts;
struct timespec clockspecs[MAX_CLOCK];
struct nic_options nics[MAX_NICS];
size_t nnics;
struct addr_options addrs[MAX_ADDRS];
size_t naddrs;
struct route_options routes[MAX_ROUTES];
size_t nroutes;
mode_t umask;
enum cgroup_driver cgroup_driver;
char *cgroup_path;
struct climit climits[MAX_CGROUPS];
size_t nactiveclimits;
const char *arch;
struct bst_rlimit rlimits[BST_NLIMIT];
const char *setup_program;
char *const *setup_argv;
const char *pidfile;
bool tty;
struct tty_opts ttyopts;
size_t nclose_fds;
struct close_range close_fds[MAX_CLOSE_FDS];
int no_copy_hard_rlimits;
int no_fake_devtmpfs;
int no_derandomize;
int no_proc_remount;
int no_cgroup_remount;
int no_init;
int no_loopback_setup;
int no_env;
};
int enter(struct entry_settings *opts);
#endif /* !ENTER_H_ */