config: more options in the config #7
This commit is contained in:
parent
8409cd9970
commit
a2a497f089
40
config.c
40
config.c
@ -20,12 +20,14 @@
|
||||
*/
|
||||
|
||||
#include "common.h"
|
||||
|
||||
#include <stdio.h>
|
||||
#include <sys/personality.h>
|
||||
|
||||
#include "config.h"
|
||||
#include "log.h"
|
||||
#include "util.h"
|
||||
|
||||
#include <stdio.h>
|
||||
|
||||
#if !defined(NSJAIL_WITH_PROTOBUF)
|
||||
bool configParse(struct nsjconf_t * nsjconf UNUSED, const char *file UNUSED)
|
||||
{
|
||||
@ -56,8 +58,8 @@ static bool configParseInternal(struct nsjconf_t *nsjconf, Nsjail__NsJailConfig
|
||||
LOG_E("Uknown running mode: %d", njc->mode);
|
||||
return false;
|
||||
}
|
||||
if (njc->has_chroot) {
|
||||
nsjconf->chroot = utilStrDupLen((char *)njc->chroot.data, njc->chroot.len);
|
||||
if (njc->has_chroot_dir) {
|
||||
nsjconf->chroot = utilStrDupLen((char *)njc->chroot_dir.data, njc->chroot_dir.len);
|
||||
}
|
||||
nsjconf->hostname = utilStrDupLen((char *)njc->hostname.data, njc->hostname.len);
|
||||
nsjconf->cwd = utilStrDupLen((char *)njc->cwd.data, njc->cwd.len);
|
||||
@ -124,6 +126,36 @@ static bool configParseInternal(struct nsjconf_t *nsjconf, Nsjail__NsJailConfig
|
||||
nsjconf->rl_stack = njc->rlimit_stack * 1024ULL * 1024ULL;
|
||||
}
|
||||
|
||||
if (njc->persona_addr_compat_layout) {
|
||||
nsjconf->personality |= ADDR_COMPAT_LAYOUT;
|
||||
}
|
||||
if (njc->persona_mmap_page_zero) {
|
||||
nsjconf->personality |= MMAP_PAGE_ZERO;
|
||||
}
|
||||
if (njc->persona_read_implies_exec) {
|
||||
nsjconf->personality |= READ_IMPLIES_EXEC;
|
||||
}
|
||||
if (njc->persona_addr_limit_3gb) {
|
||||
nsjconf->personality |= ADDR_LIMIT_3GB;
|
||||
}
|
||||
if (njc->persona_addr_no_randomize) {
|
||||
nsjconf->personality |= ADDR_NO_RANDOMIZE;
|
||||
}
|
||||
|
||||
nsjconf->clone_newnet = njc->clone_newnet;
|
||||
nsjconf->clone_newuser = njc->clone_newuser;
|
||||
nsjconf->clone_newns = njc->clone_newns;
|
||||
nsjconf->clone_newpid = njc->clone_newpid;
|
||||
nsjconf->clone_newipc = njc->clone_newipc;
|
||||
nsjconf->clone_newuts = njc->clone_newuts;
|
||||
nsjconf->clone_newcgroup = njc->clone_newcgroup;
|
||||
|
||||
/* TODO
|
||||
for (size_t i = 0; i < njc->n_uid_mappings; i++) {
|
||||
struct mapping_t *p = utilMalloc(sizeof(struct mapping_t));
|
||||
}
|
||||
*/
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -1,10 +1,13 @@
|
||||
mode: ONCE
|
||||
chroot: "/"
|
||||
chroot_dir: "/"
|
||||
is_root_rw: false
|
||||
hostname: "TEST-NS"
|
||||
cwd: "/lib"
|
||||
|
||||
bindhost: "::1"
|
||||
max_conns_per_ip: 10
|
||||
port: 31337
|
||||
|
||||
time_limit: 100
|
||||
daemon: false
|
||||
keep_env: true
|
||||
@ -14,9 +17,24 @@ pass_fd: 100
|
||||
pass_fd: 3
|
||||
pivot_root_only: false
|
||||
disable_no_new_privs: false
|
||||
|
||||
rlimit_as: 128
|
||||
rlimit_core: 0
|
||||
rlimit_cpu: 10
|
||||
rlimit_fsize: 0
|
||||
rlimit_nofile: 5
|
||||
rlimit_stack: 1
|
||||
|
||||
persona_addr_compat_layout: false
|
||||
persona_mmap_page_zero: false
|
||||
persona_read_implies_exec: false
|
||||
persona_addr_limit_3gb: false
|
||||
persona_addr_no_randomize: false
|
||||
|
||||
clone_newnet: true
|
||||
clone_newuser: true
|
||||
clone_newns: true
|
||||
clone_newpid: true
|
||||
clone_newipc: true
|
||||
clone_newuts: true
|
||||
clone_newcgroup: true
|
||||
|
314
config.pb-c.c
314
config.pb-c.c
@ -7,6 +7,42 @@
|
||||
#endif
|
||||
|
||||
#include "config.pb-c.h"
|
||||
void nsjail__id_map__init(Nsjail__IdMap * message)
|
||||
{
|
||||
static Nsjail__IdMap init_value = NSJAIL__ID_MAP__INIT;
|
||||
*message = init_value;
|
||||
}
|
||||
|
||||
size_t nsjail__id_map__get_packed_size(const Nsjail__IdMap * message)
|
||||
{
|
||||
assert(message->base.descriptor == &nsjail__id_map__descriptor);
|
||||
return protobuf_c_message_get_packed_size((const ProtobufCMessage *)(message));
|
||||
}
|
||||
|
||||
size_t nsjail__id_map__pack(const Nsjail__IdMap * message, uint8_t * out)
|
||||
{
|
||||
assert(message->base.descriptor == &nsjail__id_map__descriptor);
|
||||
return protobuf_c_message_pack((const ProtobufCMessage *)message, out);
|
||||
}
|
||||
|
||||
size_t nsjail__id_map__pack_to_buffer(const Nsjail__IdMap * message, ProtobufCBuffer * buffer)
|
||||
{
|
||||
assert(message->base.descriptor == &nsjail__id_map__descriptor);
|
||||
return protobuf_c_message_pack_to_buffer((const ProtobufCMessage *)message, buffer);
|
||||
}
|
||||
|
||||
Nsjail__IdMap *nsjail__id_map__unpack
|
||||
(ProtobufCAllocator * allocator, size_t len, const uint8_t * data) {
|
||||
return (Nsjail__IdMap *)
|
||||
protobuf_c_message_unpack(&nsjail__id_map__descriptor, allocator, len, data);
|
||||
}
|
||||
|
||||
void nsjail__id_map__free_unpacked(Nsjail__IdMap * message, ProtobufCAllocator * allocator)
|
||||
{
|
||||
assert(message->base.descriptor == &nsjail__id_map__descriptor);
|
||||
protobuf_c_message_free_unpacked((ProtobufCMessage *) message, allocator);
|
||||
}
|
||||
|
||||
void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message)
|
||||
{
|
||||
static Nsjail__NsJailConfig init_value = NSJAIL__NS_JAIL_CONFIG__INIT;
|
||||
@ -43,6 +79,73 @@ void nsjail__ns_jail_config__free_unpacked
|
||||
protobuf_c_message_free_unpacked((ProtobufCMessage *) message, allocator);
|
||||
}
|
||||
|
||||
static const int32_t nsjail__id_map__global_id__default_value = -1;
|
||||
static const uint32_t nsjail__id_map__count__default_value = 1u;
|
||||
static const ProtobufCFieldDescriptor nsjail__id_map__field_descriptors[3] = {
|
||||
{
|
||||
"inside_id",
|
||||
1,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_UINT32,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__IdMap, inside_id),
|
||||
NULL,
|
||||
NULL,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"global_id",
|
||||
2,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_INT32,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__IdMap, global_id),
|
||||
NULL,
|
||||
&nsjail__id_map__global_id__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"count",
|
||||
3,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_UINT32,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__IdMap, count),
|
||||
NULL,
|
||||
&nsjail__id_map__count__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
};
|
||||
|
||||
static const unsigned nsjail__id_map__field_indices_by_name[] = {
|
||||
2, /* field[2] = count */
|
||||
1, /* field[1] = global_id */
|
||||
0, /* field[0] = inside_id */
|
||||
};
|
||||
|
||||
static const ProtobufCIntRange nsjail__id_map__number_ranges[1 + 1] = {
|
||||
{1, 0},
|
||||
{0, 3}
|
||||
};
|
||||
|
||||
const ProtobufCMessageDescriptor nsjail__id_map__descriptor = {
|
||||
PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC,
|
||||
"nsjail.IdMap",
|
||||
"IdMap",
|
||||
"Nsjail__IdMap",
|
||||
"nsjail",
|
||||
sizeof(Nsjail__IdMap),
|
||||
3,
|
||||
nsjail__id_map__field_descriptors,
|
||||
nsjail__id_map__field_indices_by_name,
|
||||
1, nsjail__id_map__number_ranges,
|
||||
(ProtobufCMessageInit) nsjail__id_map__init,
|
||||
NULL, NULL, NULL /* reserved[123] */
|
||||
};
|
||||
|
||||
uint8_t nsjail__ns_jail_config__hostname__default_value_data[] = "NSJAIL";
|
||||
uint8_t nsjail__ns_jail_config__cwd__default_value_data[] = "/";
|
||||
uint8_t nsjail__ns_jail_config__bindhost__default_value_data[] = "::";
|
||||
@ -68,7 +171,22 @@ static const uint64_t nsjail__ns_jail_config__rlimit_core__default_value = 0ull;
|
||||
static const uint64_t nsjail__ns_jail_config__rlimit_cpu__default_value = 600ull;
|
||||
static const uint64_t nsjail__ns_jail_config__rlimit_fsize__default_value = 1ull;
|
||||
static const uint64_t nsjail__ns_jail_config__rlimit_nofile__default_value = 32ull;
|
||||
static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[25] = {
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__persona_addr_compat_layout__default_value =
|
||||
0;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__persona_mmap_page_zero__default_value = 0;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__persona_read_implies_exec__default_value =
|
||||
0;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__persona_addr_limit_3gb__default_value = 0;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__persona_addr_no_randomize__default_value =
|
||||
0;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newnet__default_value = 1;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newuser__default_value = 1;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newns__default_value = 1;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newpid__default_value = 1;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newipc__default_value = 1;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newuts__default_value = 1;
|
||||
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newcgroup__default_value = 0;
|
||||
static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[39] = {
|
||||
{
|
||||
"mode",
|
||||
1,
|
||||
@ -82,12 +200,12 @@ static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"chroot",
|
||||
"chroot_dir",
|
||||
2,
|
||||
PROTOBUF_C_LABEL_OPTIONAL,
|
||||
PROTOBUF_C_TYPE_BYTES,
|
||||
offsetof(Nsjail__NsJailConfig, has_chroot),
|
||||
offsetof(Nsjail__NsJailConfig, chroot),
|
||||
offsetof(Nsjail__NsJailConfig, has_chroot_dir),
|
||||
offsetof(Nsjail__NsJailConfig, chroot_dir),
|
||||
NULL,
|
||||
NULL,
|
||||
0, /* flags */
|
||||
@ -369,11 +487,186 @@ static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"persona_addr_compat_layout",
|
||||
28,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, persona_addr_compat_layout),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__persona_addr_compat_layout__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"persona_mmap_page_zero",
|
||||
29,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, persona_mmap_page_zero),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__persona_mmap_page_zero__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"persona_read_implies_exec",
|
||||
30,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, persona_read_implies_exec),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__persona_read_implies_exec__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"persona_addr_limit_3gb",
|
||||
31,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, persona_addr_limit_3gb),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__persona_addr_limit_3gb__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"persona_addr_no_randomize",
|
||||
32,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, persona_addr_no_randomize),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__persona_addr_no_randomize__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"clone_newnet",
|
||||
33,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, clone_newnet),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__clone_newnet__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"clone_newuser",
|
||||
34,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, clone_newuser),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__clone_newuser__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"clone_newns",
|
||||
35,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, clone_newns),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__clone_newns__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"clone_newpid",
|
||||
36,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, clone_newpid),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__clone_newpid__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"clone_newipc",
|
||||
37,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, clone_newipc),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__clone_newipc__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"clone_newuts",
|
||||
38,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, clone_newuts),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__clone_newuts__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"clone_newcgroup",
|
||||
39,
|
||||
PROTOBUF_C_LABEL_REQUIRED,
|
||||
PROTOBUF_C_TYPE_BOOL,
|
||||
0, /* quantifier_offset */
|
||||
offsetof(Nsjail__NsJailConfig, clone_newcgroup),
|
||||
NULL,
|
||||
&nsjail__ns_jail_config__clone_newcgroup__default_value,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"newuidmap",
|
||||
40,
|
||||
PROTOBUF_C_LABEL_REPEATED,
|
||||
PROTOBUF_C_TYPE_MESSAGE,
|
||||
offsetof(Nsjail__NsJailConfig, n_newuidmap),
|
||||
offsetof(Nsjail__NsJailConfig, newuidmap),
|
||||
&nsjail__id_map__descriptor,
|
||||
NULL,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
{
|
||||
"newgidmap",
|
||||
41,
|
||||
PROTOBUF_C_LABEL_REPEATED,
|
||||
PROTOBUF_C_TYPE_MESSAGE,
|
||||
offsetof(Nsjail__NsJailConfig, n_newgidmap),
|
||||
offsetof(Nsjail__NsJailConfig, newgidmap),
|
||||
&nsjail__id_map__descriptor,
|
||||
NULL,
|
||||
0, /* flags */
|
||||
0, NULL, NULL /* reserved1,reserved2, etc */
|
||||
},
|
||||
};
|
||||
|
||||
static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = {
|
||||
6, /* field[6] = bindhost */
|
||||
1, /* field[1] = chroot */
|
||||
1, /* field[1] = chroot_dir */
|
||||
36, /* field[36] = clone_newcgroup */
|
||||
34, /* field[34] = clone_newipc */
|
||||
30, /* field[30] = clone_newnet */
|
||||
32, /* field[32] = clone_newns */
|
||||
33, /* field[33] = clone_newpid */
|
||||
31, /* field[31] = clone_newuser */
|
||||
35, /* field[35] = clone_newuts */
|
||||
4, /* field[4] = cwd */
|
||||
9, /* field[9] = daemon */
|
||||
17, /* field[17] = disable_no_new_privs */
|
||||
@ -384,7 +677,14 @@ static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = {
|
||||
11, /* field[11] = log_level */
|
||||
7, /* field[7] = max_conns_per_ip */
|
||||
0, /* field[0] = mode */
|
||||
38, /* field[38] = newgidmap */
|
||||
37, /* field[37] = newuidmap */
|
||||
15, /* field[15] = pass_fd */
|
||||
25, /* field[25] = persona_addr_compat_layout */
|
||||
28, /* field[28] = persona_addr_limit_3gb */
|
||||
29, /* field[29] = persona_addr_no_randomize */
|
||||
26, /* field[26] = persona_mmap_page_zero */
|
||||
27, /* field[27] = persona_read_implies_exec */
|
||||
16, /* field[16] = pivot_root_only */
|
||||
5, /* field[5] = port */
|
||||
18, /* field[18] = rlimit_as */
|
||||
@ -402,7 +702,7 @@ static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = {
|
||||
static const ProtobufCIntRange nsjail__ns_jail_config__number_ranges[2 + 1] = {
|
||||
{1, 0},
|
||||
{6, 3},
|
||||
{0, 25}
|
||||
{0, 39}
|
||||
};
|
||||
|
||||
const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = {
|
||||
@ -412,7 +712,7 @@ const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = {
|
||||
"Nsjail__NsJailConfig",
|
||||
"nsjail",
|
||||
sizeof(Nsjail__NsJailConfig),
|
||||
25,
|
||||
39,
|
||||
nsjail__ns_jail_config__field_descriptors,
|
||||
nsjail__ns_jail_config__field_indices_by_name,
|
||||
2, nsjail__ns_jail_config__number_ranges,
|
||||
|
@ -12,6 +12,7 @@ PROTOBUF_C__BEGIN_DECLS
|
||||
#elif 1002001 < PROTOBUF_C_MIN_COMPILER_VERSION
|
||||
#error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c.
|
||||
#endif
|
||||
typedef struct _Nsjail__IdMap Nsjail__IdMap;
|
||||
typedef struct _Nsjail__NsJailConfig Nsjail__NsJailConfig;
|
||||
|
||||
/* --- enums --- */
|
||||
@ -32,11 +33,21 @@ typedef enum _Nsjail__LogLevel {
|
||||
|
||||
/* --- messages --- */
|
||||
|
||||
struct _Nsjail__IdMap {
|
||||
ProtobufCMessage base;
|
||||
uint32_t inside_id;
|
||||
int32_t global_id;
|
||||
uint32_t count;
|
||||
};
|
||||
#define NSJAIL__ID_MAP__INIT \
|
||||
{ PROTOBUF_C_MESSAGE_INIT (&nsjail__id_map__descriptor) \
|
||||
, 0, -1, 1u }
|
||||
|
||||
struct _Nsjail__NsJailConfig {
|
||||
ProtobufCMessage base;
|
||||
Nsjail__Mode mode;
|
||||
protobuf_c_boolean has_chroot;
|
||||
ProtobufCBinaryData chroot;
|
||||
protobuf_c_boolean has_chroot_dir;
|
||||
ProtobufCBinaryData chroot_dir;
|
||||
protobuf_c_boolean is_root_rw;
|
||||
ProtobufCBinaryData hostname;
|
||||
ProtobufCBinaryData cwd;
|
||||
@ -65,14 +76,38 @@ struct _Nsjail__NsJailConfig {
|
||||
uint64_t rlimit_nproc;
|
||||
protobuf_c_boolean has_rlimit_stack;
|
||||
uint64_t rlimit_stack;
|
||||
protobuf_c_boolean persona_addr_compat_layout;
|
||||
protobuf_c_boolean persona_mmap_page_zero;
|
||||
protobuf_c_boolean persona_read_implies_exec;
|
||||
protobuf_c_boolean persona_addr_limit_3gb;
|
||||
protobuf_c_boolean persona_addr_no_randomize;
|
||||
protobuf_c_boolean clone_newnet;
|
||||
protobuf_c_boolean clone_newuser;
|
||||
protobuf_c_boolean clone_newns;
|
||||
protobuf_c_boolean clone_newpid;
|
||||
protobuf_c_boolean clone_newipc;
|
||||
protobuf_c_boolean clone_newuts;
|
||||
protobuf_c_boolean clone_newcgroup;
|
||||
size_t n_newuidmap;
|
||||
Nsjail__IdMap **newuidmap;
|
||||
size_t n_newgidmap;
|
||||
Nsjail__IdMap **newgidmap;
|
||||
};
|
||||
extern uint8_t nsjail__ns_jail_config__hostname__default_value_data[];
|
||||
extern uint8_t nsjail__ns_jail_config__cwd__default_value_data[];
|
||||
extern uint8_t nsjail__ns_jail_config__bindhost__default_value_data[];
|
||||
#define NSJAIL__NS_JAIL_CONFIG__INIT \
|
||||
{ PROTOBUF_C_MESSAGE_INIT (&nsjail__ns_jail_config__descriptor) \
|
||||
, NSJAIL__MODE__ONCE, 0,{0,NULL}, 0, { 6, nsjail__ns_jail_config__hostname__default_value_data }, { 1, nsjail__ns_jail_config__cwd__default_value_data }, 0u, { 2, nsjail__ns_jail_config__bindhost__default_value_data }, 0u, 600u, 0, 0,{0,NULL}, 0,0, 0, 0, 0, 0,NULL, 0, 0, 512ull, 0ull, 600ull, 1ull, 32ull, 0,0, 0,0 }
|
||||
, NSJAIL__MODE__ONCE, 0,{0,NULL}, 0, { 6, nsjail__ns_jail_config__hostname__default_value_data }, { 1, nsjail__ns_jail_config__cwd__default_value_data }, 0u, { 2, nsjail__ns_jail_config__bindhost__default_value_data }, 0u, 600u, 0, 0,{0,NULL}, 0,0, 0, 0, 0, 0,NULL, 0, 0, 512ull, 0ull, 600ull, 1ull, 32ull, 0,0, 0,0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0,NULL, 0,NULL }
|
||||
|
||||
/* Nsjail__IdMap methods */
|
||||
void nsjail__id_map__init(Nsjail__IdMap * message);
|
||||
size_t nsjail__id_map__get_packed_size(const Nsjail__IdMap * message);
|
||||
size_t nsjail__id_map__pack(const Nsjail__IdMap * message, uint8_t * out);
|
||||
size_t nsjail__id_map__pack_to_buffer(const Nsjail__IdMap * message, ProtobufCBuffer * buffer);
|
||||
Nsjail__IdMap *nsjail__id_map__unpack
|
||||
(ProtobufCAllocator * allocator, size_t len, const uint8_t * data);
|
||||
void nsjail__id_map__free_unpacked(Nsjail__IdMap * message, ProtobufCAllocator * allocator);
|
||||
/* Nsjail__NsJailConfig methods */
|
||||
void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message);
|
||||
size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message);
|
||||
@ -85,6 +120,8 @@ void nsjail__ns_jail_config__free_unpacked
|
||||
(Nsjail__NsJailConfig * message, ProtobufCAllocator * allocator);
|
||||
/* --- per-message closures --- */
|
||||
|
||||
typedef void (*Nsjail__IdMap_Closure)
|
||||
(const Nsjail__IdMap * message, void *closure_data);
|
||||
typedef void (*Nsjail__NsJailConfig_Closure)
|
||||
(const Nsjail__NsJailConfig * message, void *closure_data);
|
||||
|
||||
@ -94,6 +131,7 @@ typedef void (*Nsjail__NsJailConfig_Closure)
|
||||
|
||||
extern const ProtobufCEnumDescriptor nsjail__mode__descriptor;
|
||||
extern const ProtobufCEnumDescriptor nsjail__log_level__descriptor;
|
||||
extern const ProtobufCMessageDescriptor nsjail__id_map__descriptor;
|
||||
extern const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor;
|
||||
|
||||
PROTOBUF_C__END_DECLS
|
||||
|
29
config.proto
29
config.proto
@ -17,15 +17,23 @@ enum LogLevel {
|
||||
FATAL = 4;
|
||||
}
|
||||
|
||||
message IdMap {
|
||||
required uint32 inside_id = 1;
|
||||
required int32 global_id = 2 [default = -1];
|
||||
required uint32 count = 3 [default = 1];
|
||||
}
|
||||
|
||||
message NsJailConfig {
|
||||
required Mode mode = 1 [default = ONCE];
|
||||
optional bytes chroot = 2;
|
||||
optional bytes chroot_dir = 2;
|
||||
required bool is_root_rw = 3 [default = false];
|
||||
required bytes hostname = 6 [default = "NSJAIL"];
|
||||
required bytes cwd = 7 [default = "/"];
|
||||
|
||||
required uint32 port = 8 [default = 0];
|
||||
required bytes bindhost = 9 [default = "::"];
|
||||
required uint32 max_conns_per_ip = 10 [default = 0];
|
||||
|
||||
required uint32 time_limit = 11 [default = 600];
|
||||
required bool daemon = 12 [default = false];
|
||||
optional bytes log_file = 13;
|
||||
@ -36,6 +44,7 @@ message NsJailConfig {
|
||||
repeated int32 pass_fd = 18;
|
||||
required bool pivot_root_only = 19 [ default = false];
|
||||
required bool disable_no_new_privs = 20 [default = false];
|
||||
|
||||
required uint64 rlimit_as = 21 [default = 512];
|
||||
required uint64 rlimit_core = 22 [default = 0];
|
||||
required uint64 rlimit_cpu = 23 [default = 600];
|
||||
@ -43,5 +52,21 @@ message NsJailConfig {
|
||||
required uint64 rlimit_nofile = 25 [default = 32];
|
||||
optional uint64 rlimit_nproc = 26;
|
||||
optional uint64 rlimit_stack = 27;
|
||||
|
||||
|
||||
required bool persona_addr_compat_layout = 28 [default = false];
|
||||
required bool persona_mmap_page_zero = 29 [default = false];
|
||||
required bool persona_read_implies_exec = 30 [default = false];
|
||||
required bool persona_addr_limit_3gb = 31 [default = false];
|
||||
required bool persona_addr_no_randomize = 32 [default = false];
|
||||
|
||||
required bool clone_newnet = 33 [default = true];
|
||||
required bool clone_newuser = 34 [default = true];
|
||||
required bool clone_newns = 35 [default = true];
|
||||
required bool clone_newpid = 36 [default = true];
|
||||
required bool clone_newipc = 37 [default = true];
|
||||
required bool clone_newuts = 38 [default = true];
|
||||
required bool clone_newcgroup = 39 [default = false];
|
||||
|
||||
repeated IdMap newuidmap = 40;
|
||||
repeated IdMap newgidmap = 41;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user