2015-05-15 05:44:48 +08:00
|
|
|
/*
|
|
|
|
|
|
|
|
nsjail - common structures
|
|
|
|
-----------------------------------------
|
|
|
|
|
|
|
|
Copyright 2014 Google Inc. All Rights Reserved.
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
limitations under the License.
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
2016-03-11 09:45:43 +08:00
|
|
|
#ifndef NS_COMMON_H
|
|
|
|
#define NS_COMMON_H
|
2015-05-15 05:44:48 +08:00
|
|
|
|
2015-10-17 22:48:30 +08:00
|
|
|
#include <limits.h>
|
2015-05-15 05:44:48 +08:00
|
|
|
#include <netinet/ip6.h>
|
|
|
|
#include <stdbool.h>
|
2016-10-12 09:15:33 +08:00
|
|
|
#include <stdio.h>
|
2015-05-15 05:44:48 +08:00
|
|
|
#include <sys/queue.h>
|
|
|
|
#include <sys/resource.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
|
|
|
|
#define ARRAYSIZE(array) (sizeof(array) / sizeof(*array))
|
2017-02-08 07:36:32 +08:00
|
|
|
#define UNUSED __attribute__((unused))
|
2015-05-15 05:44:48 +08:00
|
|
|
|
2016-07-29 21:38:22 +08:00
|
|
|
#if 0 /* Works, but needs -fblocks and libBlocksRuntime with clang */
|
2016-03-11 05:56:26 +08:00
|
|
|
/* Go-style defer implementation */
|
2016-03-09 05:40:29 +08:00
|
|
|
#define __STRMERGE(a, b) a##b
|
|
|
|
#define _STRMERGE(a, b) __STRMERGE(a, b)
|
2016-03-09 01:22:50 +08:00
|
|
|
|
|
|
|
#ifdef __clang__
|
2016-04-23 10:22:31 +08:00
|
|
|
static void __attribute__ ((unused)) __clang_cleanup_func(void (^*dfunc) (void))
|
2016-03-09 01:23:26 +08:00
|
|
|
{
|
2016-03-11 09:45:43 +08:00
|
|
|
(*dfunc) ();
|
2016-03-09 01:23:26 +08:00
|
|
|
}
|
|
|
|
|
2016-04-23 10:22:31 +08:00
|
|
|
#define defer void (^_STRMERGE(__defer_f_, __COUNTER__))(void) __attribute__((cleanup(__clang_cleanup_func))) __attribute__((unused)) = ^
|
2016-03-09 01:22:50 +08:00
|
|
|
#else
|
2016-03-09 01:23:26 +08:00
|
|
|
#define __block
|
2017-09-14 04:03:21 +08:00
|
|
|
#define _DEFER(a, count) \
|
|
|
|
auto void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused))); \
|
2016-04-23 10:22:31 +08:00
|
|
|
int _STRMERGE(__defer_var_, count) __attribute__((cleanup(_STRMERGE(__defer_f_, count)))) __attribute__((unused)); \
|
2017-09-14 04:03:21 +08:00
|
|
|
void _STRMERGE(__defer_f_, count)(void* _defer_arg __attribute__((unused)))
|
2016-04-23 10:22:31 +08:00
|
|
|
#define defer _DEFER(a, __COUNTER__)
|
2016-03-09 01:22:50 +08:00
|
|
|
#endif
|
2016-07-29 21:38:22 +08:00
|
|
|
#endif
|
2016-03-09 01:22:50 +08:00
|
|
|
|
2015-05-15 05:44:48 +08:00
|
|
|
struct pids_t {
|
|
|
|
pid_t pid;
|
|
|
|
time_t start;
|
|
|
|
char remote_txt[64];
|
|
|
|
struct sockaddr_in6 remote_addr;
|
2016-05-08 09:09:43 +08:00
|
|
|
int pid_syscall_fd;
|
2017-09-14 04:03:21 +08:00
|
|
|
TAILQ_ENTRY(pids_t)
|
|
|
|
pointers;
|
2015-05-15 05:44:48 +08:00
|
|
|
};
|
|
|
|
|
2015-10-17 22:48:30 +08:00
|
|
|
struct mounts_t {
|
|
|
|
const char *src;
|
2017-05-28 22:56:16 +08:00
|
|
|
const uint8_t *src_content;
|
|
|
|
size_t src_content_len;
|
2015-10-17 22:48:30 +08:00
|
|
|
const char *dst;
|
|
|
|
const char *fs_type;
|
|
|
|
const char *options;
|
|
|
|
uintptr_t flags;
|
2017-05-24 20:46:44 +08:00
|
|
|
bool isDir;
|
2017-06-29 06:32:20 +08:00
|
|
|
bool isSymlink;
|
2017-05-27 21:17:11 +08:00
|
|
|
bool mandatory;
|
2017-09-14 04:03:21 +08:00
|
|
|
TAILQ_ENTRY(mounts_t)
|
|
|
|
pointers;
|
2015-06-18 09:00:39 +08:00
|
|
|
};
|
|
|
|
|
2017-02-08 07:36:32 +08:00
|
|
|
struct idmap_t {
|
2017-02-09 06:21:03 +08:00
|
|
|
uid_t inside_id;
|
|
|
|
uid_t outside_id;
|
2017-05-27 05:07:47 +08:00
|
|
|
size_t count;
|
2017-05-28 07:05:27 +08:00
|
|
|
bool is_newidmap;
|
2017-09-14 04:03:21 +08:00
|
|
|
TAILQ_ENTRY(idmap_t)
|
|
|
|
pointers;
|
2017-02-08 07:36:32 +08:00
|
|
|
};
|
|
|
|
|
2017-07-05 19:03:14 +08:00
|
|
|
struct ints_t {
|
|
|
|
int val;
|
2017-09-14 04:03:21 +08:00
|
|
|
TAILQ_ENTRY(ints_t)
|
|
|
|
pointers;
|
2016-06-18 06:46:57 +08:00
|
|
|
};
|
|
|
|
|
2016-07-21 21:34:46 +08:00
|
|
|
enum ns_mode_t {
|
2015-05-15 05:44:48 +08:00
|
|
|
MODE_LISTEN_TCP = 0,
|
|
|
|
MODE_STANDALONE_ONCE,
|
2015-08-15 22:02:38 +08:00
|
|
|
MODE_STANDALONE_EXECVE,
|
2015-05-15 05:44:48 +08:00
|
|
|
MODE_STANDALONE_RERUN
|
|
|
|
};
|
|
|
|
|
2016-01-27 00:42:10 +08:00
|
|
|
struct charptr_t {
|
2017-10-07 06:18:21 +08:00
|
|
|
const char *val;
|
2017-09-14 04:03:21 +08:00
|
|
|
TAILQ_ENTRY(charptr_t)
|
|
|
|
pointers;
|
2016-01-27 00:42:10 +08:00
|
|
|
};
|
|
|
|
|
2017-05-26 20:08:09 +08:00
|
|
|
enum llevel_t {
|
|
|
|
DEBUG = 0,
|
|
|
|
INFO,
|
|
|
|
WARNING,
|
|
|
|
ERROR,
|
|
|
|
FATAL,
|
|
|
|
HELP,
|
|
|
|
HELP_BOLD,
|
|
|
|
};
|
|
|
|
|
2015-05-15 05:44:48 +08:00
|
|
|
struct nsjconf_t {
|
2017-06-09 07:57:04 +08:00
|
|
|
const char *exec_file;
|
2015-05-15 05:44:48 +08:00
|
|
|
const char *hostname;
|
2015-11-07 20:01:44 +08:00
|
|
|
const char *cwd;
|
2017-10-07 06:18:21 +08:00
|
|
|
const char *const *argv;
|
2015-05-15 05:44:48 +08:00
|
|
|
int port;
|
2016-02-26 01:27:48 +08:00
|
|
|
const char *bindhost;
|
2017-06-12 06:06:13 +08:00
|
|
|
int log_fd;
|
2017-05-26 11:12:01 +08:00
|
|
|
const char *logfile;
|
2017-05-26 20:08:09 +08:00
|
|
|
enum llevel_t loglevel;
|
2015-05-15 05:44:48 +08:00
|
|
|
bool daemonize;
|
|
|
|
time_t tlimit;
|
2017-06-21 23:52:16 +08:00
|
|
|
size_t max_cpus;
|
2015-05-15 05:44:48 +08:00
|
|
|
bool keep_env;
|
2017-07-05 23:29:57 +08:00
|
|
|
bool keep_caps;
|
2016-09-25 21:56:28 +08:00
|
|
|
bool disable_no_new_privs;
|
2016-07-21 21:48:47 +08:00
|
|
|
__rlim64_t rl_as;
|
|
|
|
__rlim64_t rl_core;
|
|
|
|
__rlim64_t rl_cpu;
|
|
|
|
__rlim64_t rl_fsize;
|
|
|
|
__rlim64_t rl_nofile;
|
|
|
|
__rlim64_t rl_nproc;
|
|
|
|
__rlim64_t rl_stack;
|
2015-05-15 05:44:48 +08:00
|
|
|
unsigned long personality;
|
|
|
|
bool clone_newnet;
|
|
|
|
bool clone_newuser;
|
|
|
|
bool clone_newns;
|
|
|
|
bool clone_newpid;
|
|
|
|
bool clone_newipc;
|
|
|
|
bool clone_newuts;
|
2016-06-19 17:55:55 +08:00
|
|
|
bool clone_newcgroup;
|
2016-07-21 21:34:46 +08:00
|
|
|
enum ns_mode_t mode;
|
2015-10-17 22:48:30 +08:00
|
|
|
const char *chroot;
|
2015-05-15 05:44:48 +08:00
|
|
|
bool is_root_rw;
|
|
|
|
bool is_silent;
|
2016-01-26 01:09:32 +08:00
|
|
|
bool skip_setsid;
|
2015-05-15 05:44:48 +08:00
|
|
|
unsigned int max_conns_per_ip;
|
2015-07-08 06:54:59 +08:00
|
|
|
size_t tmpfs_size;
|
2015-08-15 22:02:38 +08:00
|
|
|
bool mount_proc;
|
2016-02-29 09:51:55 +08:00
|
|
|
bool iface_no_lo;
|
2017-06-13 04:20:21 +08:00
|
|
|
const char *iface_vs;
|
2016-02-29 09:51:55 +08:00
|
|
|
const char *iface_vs_ip;
|
|
|
|
const char *iface_vs_nm;
|
|
|
|
const char *iface_vs_gw;
|
2016-06-19 19:54:36 +08:00
|
|
|
const char *cgroup_mem_mount;
|
2016-06-19 20:58:18 +08:00
|
|
|
const char *cgroup_mem_parent;
|
2016-06-19 19:54:36 +08:00
|
|
|
size_t cgroup_mem_max;
|
2017-04-20 23:48:20 +08:00
|
|
|
const char *cgroup_pids_mount;
|
|
|
|
const char *cgroup_pids_parent;
|
|
|
|
size_t cgroup_pids_max;
|
2016-10-12 09:15:33 +08:00
|
|
|
FILE *kafel_file;
|
2016-10-12 09:52:08 +08:00
|
|
|
char *kafel_string;
|
2017-06-22 00:29:02 +08:00
|
|
|
uid_t orig_euid;
|
2017-06-22 09:06:53 +08:00
|
|
|
long num_cpus;
|
2017-09-14 04:03:21 +08:00
|
|
|
TAILQ_HEAD(udmaplist, idmap_t)
|
|
|
|
uids;
|
|
|
|
TAILQ_HEAD(gdmaplist, idmap_t)
|
|
|
|
gids;
|
|
|
|
TAILQ_HEAD(envlist, charptr_t)
|
|
|
|
envs;
|
|
|
|
TAILQ_HEAD(pidslist, pids_t)
|
|
|
|
pids;
|
|
|
|
TAILQ_HEAD(mountptslist, mounts_t)
|
|
|
|
mountpts;
|
|
|
|
TAILQ_HEAD(fdslistt, ints_t)
|
|
|
|
open_fds;
|
|
|
|
TAILQ_HEAD(capslistt, ints_t)
|
|
|
|
caps;
|
2015-05-15 05:44:48 +08:00
|
|
|
};
|
|
|
|
|
2016-03-11 09:45:43 +08:00
|
|
|
#endif /* NS_COMMON_H */
|