2017-05-26 07:55:02 +08:00
/* Generated by the protocol buffer compiler. DO NOT EDIT! */
/* Generated from: config.proto */
# ifndef PROTOBUF_C_config_2eproto__INCLUDED
# define PROTOBUF_C_config_2eproto__INCLUDED
# include <protobuf-c/protobuf-c.h>
PROTOBUF_C__BEGIN_DECLS
# if PROTOBUF_C_VERSION_NUMBER < 1000000
2017-05-27 09:21:59 +08:00
# error This file was generated by a newer version of protoc-c which is incompatible with your libprotobuf-c headers. Please update your headers.
2017-05-26 07:55:02 +08:00
# elif 1002001 < PROTOBUF_C_MIN_COMPILER_VERSION
2017-05-27 09:21:59 +08:00
# error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c.
2017-05-26 07:55:02 +08:00
# endif
2017-05-26 23:50:28 +08:00
typedef struct _Nsjail__IdMap Nsjail__IdMap ;
2017-05-27 07:16:12 +08:00
typedef struct _Nsjail__MountPt Nsjail__MountPt ;
2017-05-27 08:24:41 +08:00
typedef struct _Nsjail__Exe Nsjail__Exe ;
2017-05-26 07:55:02 +08:00
typedef struct _Nsjail__NsJailConfig Nsjail__NsJailConfig ;
/* --- enums --- */
2017-05-26 10:37:50 +08:00
typedef enum _Nsjail__Mode {
2017-05-27 09:21:59 +08:00
/*
2017-05-28 01:05:42 +08:00
* Listening on a TCP port
2017-05-27 09:21:59 +08:00
*/
NSJAIL__MODE__LISTEN = 0 ,
/*
2017-05-28 01:05:42 +08:00
* Running the command once only
2017-05-27 09:21:59 +08:00
*/
NSJAIL__MODE__ONCE = 1 ,
/*
2017-05-28 01:05:42 +08:00
* Re - executing the command ( forever )
2017-05-27 09:21:59 +08:00
*/
NSJAIL__MODE__RERUN = 2 ,
/*
* Executing command w / o the supervisor
*/
NSJAIL__MODE__EXECVE = 3 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE ( NSJAIL__MODE )
2017-05-26 10:37:50 +08:00
} Nsjail__Mode ;
2017-05-27 09:20:10 +08:00
/*
* Should be self explanatory
*/
2017-05-26 20:08:09 +08:00
typedef enum _Nsjail__LogLevel {
2017-05-28 01:05:42 +08:00
/*
* Equivalent to the ' - v ' cmd - line option
*/
2017-05-27 09:21:59 +08:00
NSJAIL__LOG_LEVEL__DEBUG = 0 ,
2017-05-28 01:05:42 +08:00
/*
* Default level
*/
2017-05-27 09:21:59 +08:00
NSJAIL__LOG_LEVEL__INFO = 1 ,
2017-05-28 01:05:42 +08:00
/*
* Equivalent to the ' - q ' cmd - line option
*/
2017-05-27 09:21:59 +08:00
NSJAIL__LOG_LEVEL__WARNING = 2 ,
NSJAIL__LOG_LEVEL__ERROR = 3 ,
NSJAIL__LOG_LEVEL__FATAL = 4 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE ( NSJAIL__LOG_LEVEL )
2017-05-26 20:08:09 +08:00
} Nsjail__LogLevel ;
2017-05-26 10:37:50 +08:00
2017-05-26 07:55:02 +08:00
/* --- messages --- */
2017-05-27 09:21:59 +08:00
struct _Nsjail__IdMap {
ProtobufCMessage base ;
/*
* Empty string means " current uid/gid "
*/
char * inside_id ;
char * outside_id ;
/*
2017-05-28 01:05:42 +08:00
* See ' man user_namespaces ' for the meaning of count
2017-05-27 09:21:59 +08:00
*/
uint32_t count ;
/*
* Does this map use / usr / bin / new [ u | g ] idmap binary ?
*/
protobuf_c_boolean use_newidmap ;
2017-05-26 23:50:28 +08:00
} ;
2017-05-27 06:16:28 +08:00
extern char nsjail__id_map__inside_id__default_value [ ] ;
extern char nsjail__id_map__outside_id__default_value [ ] ;
2017-05-26 23:50:28 +08:00
# define NSJAIL__ID_MAP__INIT \
{ PROTOBUF_C_MESSAGE_INIT ( & nsjail__id_map__descriptor ) \
2017-05-27 06:33:25 +08:00
, nsjail__id_map__inside_id__default_value , nsjail__id_map__outside_id__default_value , 1u , 0 }
2017-05-26 23:50:28 +08:00
2017-05-27 09:21:59 +08:00
struct _Nsjail__MountPt {
ProtobufCMessage base ;
/*
2017-05-27 21:01:34 +08:00
* Can be skipped for filesystems like ' proc '
2017-05-27 09:21:59 +08:00
*/
char * src ;
char * dst ;
/*
* Can be empty for mount - - bind mounts
*/
char * fstype ;
/*
* E . g . size = 5000000 for ' tmpfs '
*/
char * options ;
/*
* Is it ' mount - - bind src dst ' type of mount
*/
protobuf_c_boolean is_bind ;
/*
* It it RO mount
*/
protobuf_c_boolean is_ro ;
/*
* Is it directory ? If not specified an internal
2017-05-28 01:05:42 +08:00
* heuristics will be used to determine that
2017-05-27 09:21:59 +08:00
*/
protobuf_c_boolean has_is_dir ;
protobuf_c_boolean is_dir ;
2017-05-27 21:17:11 +08:00
/*
* Should the sandboxing fail if we cannot mount this resource ?
*/
protobuf_c_boolean mandatory ;
2017-05-27 07:16:12 +08:00
} ;
2017-05-27 21:17:11 +08:00
extern char nsjail__mount_pt__fstype__default_value [ ] ;
2017-05-27 07:16:12 +08:00
extern char nsjail__mount_pt__options__default_value [ ] ;
# define NSJAIL__MOUNT_PT__INIT \
{ PROTOBUF_C_MESSAGE_INIT ( & nsjail__mount_pt__descriptor ) \
2017-05-27 21:17:11 +08:00
, NULL , NULL , nsjail__mount_pt__fstype__default_value , nsjail__mount_pt__options__default_value , 0 , 0 , 0 , 0 , 1 }
2017-05-27 07:16:12 +08:00
2017-05-27 09:21:59 +08:00
struct _Nsjail__Exe {
ProtobufCMessage base ;
/*
2017-05-28 01:05:42 +08:00
* Will be used both as execv ' s path and as argv [ 0 ]
2017-05-27 09:21:59 +08:00
*/
char * path ;
/*
* This will be argv [ 1 ] and so on . .
*/
size_t n_arg ;
char * * arg ;
2017-05-27 08:24:41 +08:00
} ;
# define NSJAIL__EXE__INIT \
{ PROTOBUF_C_MESSAGE_INIT ( & nsjail__exe__descriptor ) \
, NULL , 0 , NULL }
2017-05-27 09:21:59 +08:00
struct _Nsjail__NsJailConfig {
ProtobufCMessage base ;
2017-05-28 01:05:42 +08:00
/*
* Optional name and description for this config
*/
char * name ;
char * description ;
2017-05-27 09:21:59 +08:00
/*
* Execution mode : see ' msg Mode ' description for more
*/
Nsjail__Mode mode ;
/*
2017-05-28 01:05:42 +08:00
* Equivalent to a bind mount with dst = ' / '
2017-05-27 09:21:59 +08:00
*/
char * chroot_dir ;
/*
* Applies both to the chroot_dir and to / proc mounts
*/
protobuf_c_boolean is_root_rw ;
/*
* Hostname inside jail
*/
char * hostname ;
/*
* Initial current working directory for the binary
*/
char * cwd ;
/*
* TCP port to listen to . Valid with mode = LISTEN only
*/
uint32_t port ;
/*
* Host to bind to for mode = LISTEN . Must be in IPv6 format
*/
char * bindhost ;
/*
* For mode = LISTEN , maximum number of connections from a single IP
*/
uint32_t max_conns_per_ip ;
/*
* Wall - time time limit for commands
*/
uint32_t time_limit ;
/*
* Should nsjail go into background ?
*/
protobuf_c_boolean daemon ;
/*
* File to save lofs to
*/
char * log_file ;
/*
* Minimum log level displayed .
* See ' msg LogLevel ' description for more
*/
protobuf_c_boolean has_log_level ;
Nsjail__LogLevel log_level ;
/*
* Should the current environment variables be kept
* when executing the binary
*/
protobuf_c_boolean keep_env ;
2017-05-27 10:06:28 +08:00
/*
* EnvVars to be set before executing binaries
*/
size_t n_envar ;
char * * envar ;
2017-05-27 09:21:59 +08:00
/*
* Should nsjail close FD = 0 , 1 , 2 before executing the process
*/
protobuf_c_boolean silent ;
/*
* Should the child process have control over terminal ?
* Can be useful to allow / bin / sh to provide
* job control / signals
*/
protobuf_c_boolean skip_setsid ;
/*
* Which FDs should be passed to the newly executed process
* By default only FD = 0 , 1 , 2 are passed
*/
size_t n_pass_fd ;
int32_t * pass_fd ;
/*
* Should pivot_root be used instead of chroot ?
* Using pivot_root allows to have subnamespaces
*/
protobuf_c_boolean pivot_root_only ;
/*
* Setting it to true will allow to have set - uid binaries
* inside the jail
*/
protobuf_c_boolean disable_no_new_privs ;
/*
2017-05-28 01:05:42 +08:00
* In MiB
2017-05-27 09:21:59 +08:00
*/
uint64_t rlimit_as ;
/*
2017-05-28 01:05:42 +08:00
* In MiB
2017-05-27 09:21:59 +08:00
*/
uint64_t rlimit_core ;
/*
* In seconds
*/
uint64_t rlimit_cpu ;
/*
2017-05-28 01:05:42 +08:00
* In MiB
2017-05-27 09:21:59 +08:00
*/
uint64_t rlimit_fsize ;
uint64_t rlimit_nofile ;
2017-05-28 01:05:42 +08:00
/*
* This is system - wide : tricky to use
*/
2017-05-27 09:21:59 +08:00
protobuf_c_boolean has_rlimit_nproc ;
uint64_t rlimit_nproc ;
/*
2017-05-28 01:05:42 +08:00
* In MiB
2017-05-27 09:21:59 +08:00
*/
protobuf_c_boolean has_rlimit_stack ;
uint64_t rlimit_stack ;
/*
* See ' man personality ' for more
*/
protobuf_c_boolean persona_addr_compat_layout ;
protobuf_c_boolean persona_mmap_page_zero ;
protobuf_c_boolean persona_read_implies_exec ;
protobuf_c_boolean persona_addr_limit_3gb ;
protobuf_c_boolean persona_addr_no_randomize ;
/*
* Which name - spaces should be used ?
*/
protobuf_c_boolean clone_newnet ;
protobuf_c_boolean clone_newuser ;
protobuf_c_boolean clone_newns ;
protobuf_c_boolean clone_newpid ;
protobuf_c_boolean clone_newipc ;
protobuf_c_boolean clone_newuts ;
/*
* It ' s only supported in newer kernels , hence disabled by default
*/
protobuf_c_boolean clone_newcgroup ;
/*
* Mappings for UIDs and GIDs . See the description for ' msg IdMap '
* for more
*/
size_t n_uidmap ;
Nsjail__IdMap * * uidmap ;
size_t n_gidmap ;
Nsjail__IdMap * * gidmap ;
2017-05-28 01:05:42 +08:00
/*
* Should / proc be mounted ( R / O ) ? This can also be added in the ' mount '
* section below
*/
protobuf_c_boolean mount_proc ;
2017-05-27 09:21:59 +08:00
/*
* Mount points inside the jail . See the description for ' msg MountPt '
* for more
*/
size_t n_mount ;
Nsjail__MountPt * * mount ;
/*
2017-05-28 01:05:42 +08:00
* Kafel seccomp - bpf policy file or a string :
2017-05-27 09:21:59 +08:00
* Homepage of the project : https : //github.com/google/kafel
*/
char * seccomp_policy_file ;
char * seccomp_string ;
/*
2017-05-28 01:05:42 +08:00
* If > 0 , maximum cumulative size of RAM used inside any jail
2017-05-27 09:21:59 +08:00
*/
/*
* In MiB
*/
uint64_t cgroup_mem_max ;
/*
2017-05-28 01:05:42 +08:00
* Mount point for cgroups - memory in your system
2017-05-27 09:21:59 +08:00
*/
char * cgroup_mem_mount ;
/*
* Writeable directory ( for the nsjail user ) under cgroup_mem_mount
*/
char * cgroup_mem_parent ;
/*
* If > 0 , maximum number of PIDs ( threads / processes ) inside jail
*/
uint64_t cgroup_pids_max ;
/*
2017-05-28 01:05:42 +08:00
* Mount point for cgroups - pids in your system
2017-05-27 09:21:59 +08:00
*/
char * cgroup_pids_mount ;
/*
* Writeable directory ( for the nsjail user ) under cgroup_pids_mount
*/
char * cgroup_pids_parent ;
/*
2017-05-28 01:05:42 +08:00
* Should the ' lo ' interface be brought up ( active ) inside this jail ?
2017-05-27 09:21:59 +08:00
*/
protobuf_c_boolean iface_no_lo ;
/*
* Parameters for the cloned MACVLAN interface inside jail
*/
/*
* Interface to be cloned , eg ' eth0 '
*/
char * macvlan_iface ;
char * macvlan_vs_ip ;
char * macvlan_vs_nm ;
char * macvlan_vs_gw ;
/*
2017-05-28 01:05:42 +08:00
* Binary path ( with arguments ) to be executed . If not specified here , it
* can be specified with cmd - line as " -- /path/to/command arg1 arg2 "
2017-05-27 09:21:59 +08:00
*/
Nsjail__Exe * exec_bin ;
2017-05-26 07:55:02 +08:00
} ;
2017-05-28 01:05:42 +08:00
extern char nsjail__ns_jail_config__name__default_value [ ] ;
extern char nsjail__ns_jail_config__description__default_value [ ] ;
2017-05-27 06:09:08 +08:00
extern char nsjail__ns_jail_config__hostname__default_value [ ] ;
extern char nsjail__ns_jail_config__cwd__default_value [ ] ;
extern char nsjail__ns_jail_config__bindhost__default_value [ ] ;
2017-05-27 08:09:21 +08:00
extern char nsjail__ns_jail_config__cgroup_mem_mount__default_value [ ] ;
extern char nsjail__ns_jail_config__cgroup_mem_parent__default_value [ ] ;
extern char nsjail__ns_jail_config__cgroup_pids_mount__default_value [ ] ;
extern char nsjail__ns_jail_config__cgroup_pids_parent__default_value [ ] ;
extern char nsjail__ns_jail_config__macvlan_vs_ip__default_value [ ] ;
extern char nsjail__ns_jail_config__macvlan_vs_nm__default_value [ ] ;
extern char nsjail__ns_jail_config__macvlan_vs_gw__default_value [ ] ;
2017-05-26 07:55:02 +08:00
# define NSJAIL__NS_JAIL_CONFIG__INIT \
{ PROTOBUF_C_MESSAGE_INIT ( & nsjail__ns_jail_config__descriptor ) \
2017-05-28 01:05:42 +08:00
, nsjail__ns_jail_config__name__default_value , nsjail__ns_jail_config__description__default_value , NSJAIL__MODE__ONCE , NULL , 0 , nsjail__ns_jail_config__hostname__default_value , nsjail__ns_jail_config__cwd__default_value , 0u , nsjail__ns_jail_config__bindhost__default_value , 0u , 600u , 0 , NULL , 0 , 0 , 0 , 0 , NULL , 0 , 0 , 0 , NULL , 0 , 0 , 512ull , 0ull , 600ull , 1ull , 32ull , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 1 , 1 , 1 , 1 , 1 , 1 , 0 , 0 , NULL , 0 , NULL , 0 , 0 , NULL , NULL , NULL , 0ull , nsjail__ns_jail_config__cgroup_mem_mount__default_value , nsjail__ns_jail_config__cgroup_mem_parent__default_value , 0ull , nsjail__ns_jail_config__cgroup_pids_mount__default_value , nsjail__ns_jail_config__cgroup_pids_parent__default_value , 0 , NULL , nsjail__ns_jail_config__macvlan_vs_ip__default_value , nsjail__ns_jail_config__macvlan_vs_nm__default_value , nsjail__ns_jail_config__macvlan_vs_gw__default_value , NULL }
2017-05-26 07:55:02 +08:00
2017-05-26 23:50:28 +08:00
/* Nsjail__IdMap methods */
2017-05-27 09:21:59 +08:00
void nsjail__id_map__init ( Nsjail__IdMap * message ) ;
size_t nsjail__id_map__get_packed_size ( const Nsjail__IdMap * message ) ;
size_t nsjail__id_map__pack ( const Nsjail__IdMap * message , uint8_t * out ) ;
size_t nsjail__id_map__pack_to_buffer ( const Nsjail__IdMap * message , ProtobufCBuffer * buffer ) ;
Nsjail__IdMap * nsjail__id_map__unpack
( ProtobufCAllocator * allocator , size_t len , const uint8_t * data ) ;
void nsjail__id_map__free_unpacked ( Nsjail__IdMap * message , ProtobufCAllocator * allocator ) ;
2017-05-27 07:16:12 +08:00
/* Nsjail__MountPt methods */
2017-05-27 09:21:59 +08:00
void nsjail__mount_pt__init ( Nsjail__MountPt * message ) ;
size_t nsjail__mount_pt__get_packed_size ( const Nsjail__MountPt * message ) ;
size_t nsjail__mount_pt__pack ( const Nsjail__MountPt * message , uint8_t * out ) ;
size_t nsjail__mount_pt__pack_to_buffer ( const Nsjail__MountPt * message , ProtobufCBuffer * buffer ) ;
Nsjail__MountPt * nsjail__mount_pt__unpack
( ProtobufCAllocator * allocator , size_t len , const uint8_t * data ) ;
void nsjail__mount_pt__free_unpacked ( Nsjail__MountPt * message , ProtobufCAllocator * allocator ) ;
2017-05-27 08:24:41 +08:00
/* Nsjail__Exe methods */
2017-05-27 09:21:59 +08:00
void nsjail__exe__init ( Nsjail__Exe * message ) ;
size_t nsjail__exe__get_packed_size ( const Nsjail__Exe * message ) ;
size_t nsjail__exe__pack ( const Nsjail__Exe * message , uint8_t * out ) ;
size_t nsjail__exe__pack_to_buffer ( const Nsjail__Exe * message , ProtobufCBuffer * buffer ) ;
Nsjail__Exe * nsjail__exe__unpack ( ProtobufCAllocator * allocator , size_t len , const uint8_t * data ) ;
void nsjail__exe__free_unpacked ( Nsjail__Exe * message , ProtobufCAllocator * allocator ) ;
2017-05-26 07:55:02 +08:00
/* Nsjail__NsJailConfig methods */
2017-05-27 09:21:59 +08:00
void nsjail__ns_jail_config__init ( Nsjail__NsJailConfig * message ) ;
size_t nsjail__ns_jail_config__get_packed_size ( const Nsjail__NsJailConfig * message ) ;
size_t nsjail__ns_jail_config__pack ( const Nsjail__NsJailConfig * message , uint8_t * out ) ;
2017-05-26 07:55:02 +08:00
size_t nsjail__ns_jail_config__pack_to_buffer
2017-05-27 09:21:59 +08:00
( const Nsjail__NsJailConfig * message , ProtobufCBuffer * buffer ) ;
Nsjail__NsJailConfig * nsjail__ns_jail_config__unpack
( ProtobufCAllocator * allocator , size_t len , const uint8_t * data ) ;
void nsjail__ns_jail_config__free_unpacked
( Nsjail__NsJailConfig * message , ProtobufCAllocator * allocator ) ;
2017-05-26 07:55:02 +08:00
/* --- per-message closures --- */
2017-05-26 23:50:28 +08:00
typedef void ( * Nsjail__IdMap_Closure )
2017-05-27 09:21:59 +08:00
( const Nsjail__IdMap * message , void * closure_data ) ;
2017-05-27 07:16:12 +08:00
typedef void ( * Nsjail__MountPt_Closure )
2017-05-27 09:21:59 +08:00
( const Nsjail__MountPt * message , void * closure_data ) ;
2017-05-27 08:24:41 +08:00
typedef void ( * Nsjail__Exe_Closure )
2017-05-27 09:21:59 +08:00
( const Nsjail__Exe * message , void * closure_data ) ;
2017-05-26 07:55:02 +08:00
typedef void ( * Nsjail__NsJailConfig_Closure )
2017-05-27 09:21:59 +08:00
( const Nsjail__NsJailConfig * message , void * closure_data ) ;
2017-05-26 07:55:02 +08:00
/* --- services --- */
/* --- descriptors --- */
2017-05-27 09:21:59 +08:00
extern const ProtobufCEnumDescriptor nsjail__mode__descriptor ;
extern const ProtobufCEnumDescriptor nsjail__log_level__descriptor ;
2017-05-26 23:50:28 +08:00
extern const ProtobufCMessageDescriptor nsjail__id_map__descriptor ;
2017-05-27 07:16:12 +08:00
extern const ProtobufCMessageDescriptor nsjail__mount_pt__descriptor ;
2017-05-27 08:24:41 +08:00
extern const ProtobufCMessageDescriptor nsjail__exe__descriptor ;
2017-05-26 07:55:02 +08:00
extern const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor ;
PROTOBUF_C__END_DECLS
2017-05-27 09:21:59 +08:00
# endif /* PROTOBUF_C_config_2eproto__INCLUDED */