woj/nsjail
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

config: switch is_ro to rw

Browse Source
This commit is contained in:
Robert Swiecki 2017-05-28 01:24:55 +02:00
parent b5b47938d9
commit a2bbe667b9
7 changed files with 1667 additions and 1585 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config.c
View File

@ -180,7 +180,7 @@ static bool configParseInternal(struct nsjconf_t *nsjconf, Nsjail__NsJailConfig
const char *fstype = njc->mount[i]->fstype; const char *fstype = njc->mount[i]->fstype;
const char *options = njc->mount[i]->options; const char *options = njc->mount[i]->options;
uintptr_t flags = njc->mount[i]->is_ro ? MS_RDONLY : 0; uintptr_t flags = (njc->mount[i]->rw == false) ? MS_RDONLY : 0;
flags |= njc->mount[i]->is_bind ? (MS_BIND | MS_REC) : 0; flags |= njc->mount[i]->is_bind ? (MS_BIND | MS_REC) : 0;
bool mandatory = njc->mount[i]->mandatory; bool mandatory = njc->mount[i]->mandatory;

234
config.pb-c.c
View File

@ -7,155 +7,184 @@
#endif #endif
#include "config.pb-c.h" #include "config.pb-c.h"
void nsjail__id_map__init(Nsjail__IdMap * message) void nsjail__id_map__init
(Nsjail__IdMap *message)
{ {
static Nsjail__IdMap init_value = NSJAIL__ID_MAP__INIT; static Nsjail__IdMap init_value = NSJAIL__ID_MAP__INIT;
*message = init_value; *message = init_value;
} }
size_t nsjail__id_map__get_packed_size
size_t nsjail__id_map__get_packed_size(const Nsjail__IdMap * message) (const Nsjail__IdMap *message)
{ {
assert(message->base.descriptor == &nsjail__id_map__descriptor); assert(message->base.descriptor == &nsjail__id_map__descriptor);
return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message));
} }
size_t nsjail__id_map__pack
size_t nsjail__id_map__pack(const Nsjail__IdMap * message, uint8_t * out) (const Nsjail__IdMap *message,
uint8_t *out)
{ {
assert(message->base.descriptor == &nsjail__id_map__descriptor); assert(message->base.descriptor == &nsjail__id_map__descriptor);
return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); return protobuf_c_message_pack ((const ProtobufCMessage*)message, out);
} }
size_t nsjail__id_map__pack_to_buffer
size_t nsjail__id_map__pack_to_buffer(const Nsjail__IdMap * message, ProtobufCBuffer * buffer) (const Nsjail__IdMap *message,
ProtobufCBuffer *buffer)
{ {
assert(message->base.descriptor == &nsjail__id_map__descriptor); assert(message->base.descriptor == &nsjail__id_map__descriptor);
return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer);
} }
Nsjail__IdMap *
Nsjail__IdMap *nsjail__id_map__unpack nsjail__id_map__unpack
(ProtobufCAllocator * allocator, size_t len, const uint8_t * data) { (ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data)
{
return (Nsjail__IdMap *) return (Nsjail__IdMap *)
protobuf_c_message_unpack(&nsjail__id_map__descriptor, allocator, len, data); protobuf_c_message_unpack (&nsjail__id_map__descriptor,
allocator, len, data);
} }
void nsjail__id_map__free_unpacked
void nsjail__id_map__free_unpacked(Nsjail__IdMap * message, ProtobufCAllocator * allocator) (Nsjail__IdMap *message,
ProtobufCAllocator *allocator)
{ {
assert(message->base.descriptor == &nsjail__id_map__descriptor); assert(message->base.descriptor == &nsjail__id_map__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
} }
void nsjail__mount_pt__init
void nsjail__mount_pt__init(Nsjail__MountPt * message) (Nsjail__MountPt *message)
{ {
static Nsjail__MountPt init_value = NSJAIL__MOUNT_PT__INIT; static Nsjail__MountPt init_value = NSJAIL__MOUNT_PT__INIT;
*message = init_value; *message = init_value;
} }
size_t nsjail__mount_pt__get_packed_size
size_t nsjail__mount_pt__get_packed_size(const Nsjail__MountPt * message) (const Nsjail__MountPt *message)
{ {
assert(message->base.descriptor == &nsjail__mount_pt__descriptor); assert(message->base.descriptor == &nsjail__mount_pt__descriptor);
return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message));
} }
size_t nsjail__mount_pt__pack
size_t nsjail__mount_pt__pack(const Nsjail__MountPt * message, uint8_t * out) (const Nsjail__MountPt *message,
uint8_t *out)
{ {
assert(message->base.descriptor == &nsjail__mount_pt__descriptor); assert(message->base.descriptor == &nsjail__mount_pt__descriptor);
return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); return protobuf_c_message_pack ((const ProtobufCMessage*)message, out);
} }
size_t nsjail__mount_pt__pack_to_buffer
size_t nsjail__mount_pt__pack_to_buffer(const Nsjail__MountPt * message, ProtobufCBuffer * buffer) (const Nsjail__MountPt *message,
ProtobufCBuffer *buffer)
{ {
assert(message->base.descriptor == &nsjail__mount_pt__descriptor); assert(message->base.descriptor == &nsjail__mount_pt__descriptor);
return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer);
} }
Nsjail__MountPt *
Nsjail__MountPt *nsjail__mount_pt__unpack nsjail__mount_pt__unpack
(ProtobufCAllocator * allocator, size_t len, const uint8_t * data) { (ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data)
{
return (Nsjail__MountPt *) return (Nsjail__MountPt *)
protobuf_c_message_unpack(&nsjail__mount_pt__descriptor, allocator, len, data); protobuf_c_message_unpack (&nsjail__mount_pt__descriptor,
allocator, len, data);
} }
void nsjail__mount_pt__free_unpacked
void nsjail__mount_pt__free_unpacked(Nsjail__MountPt * message, ProtobufCAllocator * allocator) (Nsjail__MountPt *message,
ProtobufCAllocator *allocator)
{ {
assert(message->base.descriptor == &nsjail__mount_pt__descriptor); assert(message->base.descriptor == &nsjail__mount_pt__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
} }
void nsjail__exe__init
void nsjail__exe__init(Nsjail__Exe * message) (Nsjail__Exe *message)
{ {
static Nsjail__Exe init_value = NSJAIL__EXE__INIT; static Nsjail__Exe init_value = NSJAIL__EXE__INIT;
*message = init_value; *message = init_value;
} }
size_t nsjail__exe__get_packed_size
size_t nsjail__exe__get_packed_size(const Nsjail__Exe * message) (const Nsjail__Exe *message)
{ {
assert(message->base.descriptor == &nsjail__exe__descriptor); assert(message->base.descriptor == &nsjail__exe__descriptor);
return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message));
} }
size_t nsjail__exe__pack
size_t nsjail__exe__pack(const Nsjail__Exe * message, uint8_t * out) (const Nsjail__Exe *message,
uint8_t *out)
{ {
assert(message->base.descriptor == &nsjail__exe__descriptor); assert(message->base.descriptor == &nsjail__exe__descriptor);
return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); return protobuf_c_message_pack ((const ProtobufCMessage*)message, out);
} }
size_t nsjail__exe__pack_to_buffer
size_t nsjail__exe__pack_to_buffer(const Nsjail__Exe * message, ProtobufCBuffer * buffer) (const Nsjail__Exe *message,
ProtobufCBuffer *buffer)
{ {
assert(message->base.descriptor == &nsjail__exe__descriptor); assert(message->base.descriptor == &nsjail__exe__descriptor);
return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer);
} }
Nsjail__Exe *
Nsjail__Exe *nsjail__exe__unpack(ProtobufCAllocator * allocator, size_t len, const uint8_t * data) nsjail__exe__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data)
{ {
return (Nsjail__Exe *) return (Nsjail__Exe *)
protobuf_c_message_unpack(&nsjail__exe__descriptor, allocator, len, data); protobuf_c_message_unpack (&nsjail__exe__descriptor,
allocator, len, data);
} }
void nsjail__exe__free_unpacked
void nsjail__exe__free_unpacked(Nsjail__Exe * message, ProtobufCAllocator * allocator) (Nsjail__Exe *message,
ProtobufCAllocator *allocator)
{ {
assert(message->base.descriptor == &nsjail__exe__descriptor); assert(message->base.descriptor == &nsjail__exe__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
} }
void nsjail__ns_jail_config__init
void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message) (Nsjail__NsJailConfig *message)
{ {
static Nsjail__NsJailConfig init_value = NSJAIL__NS_JAIL_CONFIG__INIT; static Nsjail__NsJailConfig init_value = NSJAIL__NS_JAIL_CONFIG__INIT;
*message = init_value; *message = init_value;
} }
size_t nsjail__ns_jail_config__get_packed_size
size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message) (const Nsjail__NsJailConfig *message)
{ {
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor); assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message)); return protobuf_c_message_get_packed_size ((const ProtobufCMessage*)(message));
} }
size_t nsjail__ns_jail_config__pack
size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out) (const Nsjail__NsJailConfig *message,
uint8_t *out)
{ {
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor); assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
return protobuf_c_message_pack ((const ProtobufCMessage*)message, out); return protobuf_c_message_pack ((const ProtobufCMessage*)message, out);
} }
size_t nsjail__ns_jail_config__pack_to_buffer size_t nsjail__ns_jail_config__pack_to_buffer
(const Nsjail__NsJailConfig * message, ProtobufCBuffer * buffer) { (const Nsjail__NsJailConfig *message,
ProtobufCBuffer *buffer)
{
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor); assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer); return protobuf_c_message_pack_to_buffer ((const ProtobufCMessage*)message, buffer);
} }
Nsjail__NsJailConfig *
Nsjail__NsJailConfig *nsjail__ns_jail_config__unpack nsjail__ns_jail_config__unpack
(ProtobufCAllocator * allocator, size_t len, const uint8_t * data) { (ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data)
{
return (Nsjail__NsJailConfig *) return (Nsjail__NsJailConfig *)
protobuf_c_message_unpack(&nsjail__ns_jail_config__descriptor, allocator, len, data); protobuf_c_message_unpack (&nsjail__ns_jail_config__descriptor,
allocator, len, data);
} }
void nsjail__ns_jail_config__free_unpacked void nsjail__ns_jail_config__free_unpacked
(Nsjail__NsJailConfig * message, ProtobufCAllocator * allocator) { (Nsjail__NsJailConfig *message,
ProtobufCAllocator *allocator)
{
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor); assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator); protobuf_c_message_free_unpacked ((ProtobufCMessage*)message, allocator);
} }
char nsjail__id_map__inside_id__default_value[] = ""; char nsjail__id_map__inside_id__default_value[] = "";
char nsjail__id_map__outside_id__default_value[] = ""; char nsjail__id_map__outside_id__default_value[] = "";
static const uint32_t nsjail__id_map__count__default_value = 1u; static const uint32_t nsjail__id_map__count__default_value = 1u;
static const protobuf_c_boolean nsjail__id_map__use_newidmap__default_value = 0; static const protobuf_c_boolean nsjail__id_map__use_newidmap__default_value = 0;
static const ProtobufCFieldDescriptor nsjail__id_map__field_descriptors[4] = { static const ProtobufCFieldDescriptor nsjail__id_map__field_descriptors[4] =
{
{ {
"inside_id", "inside_id",
1, 1,
@ -205,20 +234,19 @@ static const ProtobufCFieldDescriptor nsjail__id_map__field_descriptors[4] = {
0,NULL,NULL /* reserved1,reserved2, etc */ 0,NULL,NULL /* reserved1,reserved2, etc */
}, },
}; };
static const unsigned nsjail__id_map__field_indices_by_name[] = { static const unsigned nsjail__id_map__field_indices_by_name[] = {
2, /* field[2] = count */ 2, /* field[2] = count */
0, /* field[0] = inside_id */ 0, /* field[0] = inside_id */
1, /* field[1] = outside_id */ 1, /* field[1] = outside_id */
3, /* field[3] = use_newidmap */ 3, /* field[3] = use_newidmap */
}; };
static const ProtobufCIntRange nsjail__id_map__number_ranges[1 + 1] =
static const ProtobufCIntRange nsjail__id_map__number_ranges[1 + 1] = { {
{ 1, 0 }, { 1, 0 },
{ 0, 4 } { 0, 4 }
}; };
const ProtobufCMessageDescriptor nsjail__id_map__descriptor =
const ProtobufCMessageDescriptor nsjail__id_map__descriptor = { {
PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC,
"nsjail.IdMap", "nsjail.IdMap",
"IdMap", "IdMap",
@ -232,13 +260,13 @@ const ProtobufCMessageDescriptor nsjail__id_map__descriptor = {
(ProtobufCMessageInit) nsjail__id_map__init, (ProtobufCMessageInit) nsjail__id_map__init,
NULL,NULL,NULL /* reserved[123] */ NULL,NULL,NULL /* reserved[123] */
}; };
char nsjail__mount_pt__fstype__default_value[] = ""; char nsjail__mount_pt__fstype__default_value[] = "";
char nsjail__mount_pt__options__default_value[] = ""; char nsjail__mount_pt__options__default_value[] = "";
static const protobuf_c_boolean nsjail__mount_pt__is_bind__default_value = 0; static const protobuf_c_boolean nsjail__mount_pt__is_bind__default_value = 0;
static const protobuf_c_boolean nsjail__mount_pt__is_ro__default_value = 0; static const protobuf_c_boolean nsjail__mount_pt__rw__default_value = 0;
static const protobuf_c_boolean nsjail__mount_pt__mandatory__default_value = 1; static const protobuf_c_boolean nsjail__mount_pt__mandatory__default_value = 1;
static const ProtobufCFieldDescriptor nsjail__mount_pt__field_descriptors[10] = { static const ProtobufCFieldDescriptor nsjail__mount_pt__field_descriptors[10] =
{
{ {
"src", "src",
1, 1,
@ -324,14 +352,14 @@ static const ProtobufCFieldDescriptor nsjail__mount_pt__field_descriptors[10] =
0,NULL,NULL /* reserved1,reserved2, etc */ 0,NULL,NULL /* reserved1,reserved2, etc */
}, },
{ {
"is_ro", "rw",
8, 8,
PROTOBUF_C_LABEL_REQUIRED, PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL, PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */ 0, /* quantifier_offset */
offsetof(Nsjail__MountPt, is_ro), offsetof(Nsjail__MountPt, rw),
NULL, NULL,
&nsjail__mount_pt__is_ro__default_value, &nsjail__mount_pt__rw__default_value,
0, /* flags */ 0, /* flags */
0,NULL,NULL /* reserved1,reserved2, etc */ 0,NULL,NULL /* reserved1,reserved2, etc */
}, },
@ -360,26 +388,25 @@ static const ProtobufCFieldDescriptor nsjail__mount_pt__field_descriptors[10] =
0,NULL,NULL /* reserved1,reserved2, etc */ 0,NULL,NULL /* reserved1,reserved2, etc */
}, },
}; };
static const unsigned nsjail__mount_pt__field_indices_by_name[] = { static const unsigned nsjail__mount_pt__field_indices_by_name[] = {
2, /* field[2] = dst */ 2, /* field[2] = dst */
4, /* field[4] = fstype */ 4, /* field[4] = fstype */
6, /* field[6] = is_bind */ 6, /* field[6] = is_bind */
8, /* field[8] = is_dir */ 8, /* field[8] = is_dir */
7, /* field[7] = is_ro */
9, /* field[9] = mandatory */ 9, /* field[9] = mandatory */
5, /* field[5] = options */ 5, /* field[5] = options */
3, /* field[3] = prefix_dst_env */ 3, /* field[3] = prefix_dst_env */
1, /* field[1] = prefix_src_env */ 1, /* field[1] = prefix_src_env */
7, /* field[7] = rw */
0, /* field[0] = src */ 0, /* field[0] = src */
}; };
static const ProtobufCIntRange nsjail__mount_pt__number_ranges[1 + 1] =
static const ProtobufCIntRange nsjail__mount_pt__number_ranges[1 + 1] = { {
{ 1, 0 }, { 1, 0 },
{ 0, 10 } { 0, 10 }
}; };
const ProtobufCMessageDescriptor nsjail__mount_pt__descriptor =
const ProtobufCMessageDescriptor nsjail__mount_pt__descriptor = { {
PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC,
"nsjail.MountPt", "nsjail.MountPt",
"MountPt", "MountPt",
@ -393,8 +420,8 @@ const ProtobufCMessageDescriptor nsjail__mount_pt__descriptor = {
(ProtobufCMessageInit) nsjail__mount_pt__init, (ProtobufCMessageInit) nsjail__mount_pt__init,
NULL,NULL,NULL /* reserved[123] */ NULL,NULL,NULL /* reserved[123] */
}; };
static const ProtobufCFieldDescriptor nsjail__exe__field_descriptors[2] =
static const ProtobufCFieldDescriptor nsjail__exe__field_descriptors[2] = { {
{ {
"path", "path",
1, 1,
@ -420,18 +447,17 @@ static const ProtobufCFieldDescriptor nsjail__exe__field_descriptors[2] = {
0,NULL,NULL /* reserved1,reserved2, etc */ 0,NULL,NULL /* reserved1,reserved2, etc */
}, },
}; };
static const unsigned nsjail__exe__field_indices_by_name[] = { static const unsigned nsjail__exe__field_indices_by_name[] = {
1, /* field[1] = arg */ 1, /* field[1] = arg */
0, /* field[0] = path */ 0, /* field[0] = path */
}; };
static const ProtobufCIntRange nsjail__exe__number_ranges[1 + 1] =
static const ProtobufCIntRange nsjail__exe__number_ranges[1 + 1] = { {
{ 1, 0 }, { 1, 0 },
{ 0, 2 } { 0, 2 }
}; };
const ProtobufCMessageDescriptor nsjail__exe__descriptor =
const ProtobufCMessageDescriptor nsjail__exe__descriptor = { {
PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC,
"nsjail.Exe", "nsjail.Exe",
"Exe", "Exe",
@ -445,7 +471,6 @@ const ProtobufCMessageDescriptor nsjail__exe__descriptor = {
(ProtobufCMessageInit) nsjail__exe__init, (ProtobufCMessageInit) nsjail__exe__init,
NULL,NULL,NULL /* reserved[123] */ NULL,NULL,NULL /* reserved[123] */
}; };
char nsjail__ns_jail_config__name__default_value[] = ""; char nsjail__ns_jail_config__name__default_value[] = "";
char nsjail__ns_jail_config__description__default_value[] = ""; char nsjail__ns_jail_config__description__default_value[] = "";
char nsjail__ns_jail_config__hostname__default_value[] = "NSJAIL"; char nsjail__ns_jail_config__hostname__default_value[] = "NSJAIL";
@ -474,14 +499,11 @@ static const uint64_t nsjail__ns_jail_config__rlimit_core__default_value = 0ull;
static const uint64_t nsjail__ns_jail_config__rlimit_cpu__default_value = 600ull; static const uint64_t nsjail__ns_jail_config__rlimit_cpu__default_value = 600ull;
static const uint64_t nsjail__ns_jail_config__rlimit_fsize__default_value = 1ull; static const uint64_t nsjail__ns_jail_config__rlimit_fsize__default_value = 1ull;
static const uint64_t nsjail__ns_jail_config__rlimit_nofile__default_value = 32ull; static const uint64_t nsjail__ns_jail_config__rlimit_nofile__default_value = 32ull;
static const protobuf_c_boolean nsjail__ns_jail_config__persona_addr_compat_layout__default_value = static const protobuf_c_boolean nsjail__ns_jail_config__persona_addr_compat_layout__default_value = 0;
0;
static const protobuf_c_boolean nsjail__ns_jail_config__persona_mmap_page_zero__default_value = 0; static const protobuf_c_boolean nsjail__ns_jail_config__persona_mmap_page_zero__default_value = 0;
static const protobuf_c_boolean nsjail__ns_jail_config__persona_read_implies_exec__default_value = static const protobuf_c_boolean nsjail__ns_jail_config__persona_read_implies_exec__default_value = 0;
0;
static const protobuf_c_boolean nsjail__ns_jail_config__persona_addr_limit_3gb__default_value = 0; static const protobuf_c_boolean nsjail__ns_jail_config__persona_addr_limit_3gb__default_value = 0;
static const protobuf_c_boolean nsjail__ns_jail_config__persona_addr_no_randomize__default_value = static const protobuf_c_boolean nsjail__ns_jail_config__persona_addr_no_randomize__default_value = 0;
0;
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newnet__default_value = 1; static const protobuf_c_boolean nsjail__ns_jail_config__clone_newnet__default_value = 1;
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newuser__default_value = 1; static const protobuf_c_boolean nsjail__ns_jail_config__clone_newuser__default_value = 1;
static const protobuf_c_boolean nsjail__ns_jail_config__clone_newns__default_value = 1; static const protobuf_c_boolean nsjail__ns_jail_config__clone_newns__default_value = 1;
@ -493,7 +515,8 @@ static const protobuf_c_boolean nsjail__ns_jail_config__mount_proc__default_valu
static const uint64_t nsjail__ns_jail_config__cgroup_mem_max__default_value = 0ull; static const uint64_t nsjail__ns_jail_config__cgroup_mem_max__default_value = 0ull;
static const uint64_t nsjail__ns_jail_config__cgroup_pids_max__default_value = 0ull; static const uint64_t nsjail__ns_jail_config__cgroup_pids_max__default_value = 0ull;
static const protobuf_c_boolean nsjail__ns_jail_config__iface_no_lo__default_value = 0; static const protobuf_c_boolean nsjail__ns_jail_config__iface_no_lo__default_value = 0;
static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[58] = { static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[58] =
{
{ {
"name", "name",
1, 1,
@ -1191,7 +1214,6 @@ static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[
0,NULL,NULL /* reserved1,reserved2, etc */ 0,NULL,NULL /* reserved1,reserved2, etc */
}, },
}; };
static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = { static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = {
8, /* field[8] = bindhost */ 8, /* field[8] = bindhost */
46, /* field[46] = cgroup_mem_max */ 46, /* field[46] = cgroup_mem_max */
@ -1252,14 +1274,14 @@ static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = {
10, /* field[10] = time_limit */ 10, /* field[10] = time_limit */
40, /* field[40] = uidmap */ 40, /* field[40] = uidmap */
}; };
static const ProtobufCIntRange nsjail__ns_jail_config__number_ranges[2 + 1] =
static const ProtobufCIntRange nsjail__ns_jail_config__number_ranges[2 + 1] = { {
{ 1, 0 }, { 1, 0 },
{ 8, 5 }, { 8, 5 },
{ 0, 58 } { 0, 58 }
}; };
const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor =
const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = { {
PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC, PROTOBUF_C__MESSAGE_DESCRIPTOR_MAGIC,
"nsjail.NsJailConfig", "nsjail.NsJailConfig",
"NsJailConfig", "NsJailConfig",
@ -1273,26 +1295,25 @@ const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = {
(ProtobufCMessageInit) nsjail__ns_jail_config__init, (ProtobufCMessageInit) nsjail__ns_jail_config__init,
NULL,NULL,NULL /* reserved[123] */ NULL,NULL,NULL /* reserved[123] */
}; };
static const ProtobufCEnumValue nsjail__mode__enum_values_by_number[4] =
static const ProtobufCEnumValue nsjail__mode__enum_values_by_number[4] = { {
{ "LISTEN", "NSJAIL__MODE__LISTEN", 0 }, { "LISTEN", "NSJAIL__MODE__LISTEN", 0 },
{ "ONCE", "NSJAIL__MODE__ONCE", 1 }, { "ONCE", "NSJAIL__MODE__ONCE", 1 },
{ "RERUN", "NSJAIL__MODE__RERUN", 2 }, { "RERUN", "NSJAIL__MODE__RERUN", 2 },
{ "EXECVE", "NSJAIL__MODE__EXECVE", 3 }, { "EXECVE", "NSJAIL__MODE__EXECVE", 3 },
}; };
static const ProtobufCIntRange nsjail__mode__value_ranges[] = { static const ProtobufCIntRange nsjail__mode__value_ranges[] = {
{0, 0},{0, 4} {0, 0},{0, 4}
}; };
static const ProtobufCEnumValueIndex nsjail__mode__enum_values_by_name[4] =
static const ProtobufCEnumValueIndex nsjail__mode__enum_values_by_name[4] = { {
{ "EXECVE", 3 }, { "EXECVE", 3 },
{ "LISTEN", 0 }, { "LISTEN", 0 },
{ "ONCE", 1 }, { "ONCE", 1 },
{ "RERUN", 2 }, { "RERUN", 2 },
}; };
const ProtobufCEnumDescriptor nsjail__mode__descriptor =
const ProtobufCEnumDescriptor nsjail__mode__descriptor = { {
PROTOBUF_C__ENUM_DESCRIPTOR_MAGIC, PROTOBUF_C__ENUM_DESCRIPTOR_MAGIC,
"nsjail.Mode", "nsjail.Mode",
"Mode", "Mode",
@ -1306,28 +1327,27 @@ const ProtobufCEnumDescriptor nsjail__mode__descriptor = {
nsjail__mode__value_ranges, nsjail__mode__value_ranges,
NULL,NULL,NULL,NULL /* reserved[1234] */ NULL,NULL,NULL,NULL /* reserved[1234] */
}; };
static const ProtobufCEnumValue nsjail__log_level__enum_values_by_number[5] =
static const ProtobufCEnumValue nsjail__log_level__enum_values_by_number[5] = { {
{ "DEBUG", "NSJAIL__LOG_LEVEL__DEBUG", 0 }, { "DEBUG", "NSJAIL__LOG_LEVEL__DEBUG", 0 },
{ "INFO", "NSJAIL__LOG_LEVEL__INFO", 1 }, { "INFO", "NSJAIL__LOG_LEVEL__INFO", 1 },
{ "WARNING", "NSJAIL__LOG_LEVEL__WARNING", 2 }, { "WARNING", "NSJAIL__LOG_LEVEL__WARNING", 2 },
{ "ERROR", "NSJAIL__LOG_LEVEL__ERROR", 3 }, { "ERROR", "NSJAIL__LOG_LEVEL__ERROR", 3 },
{ "FATAL", "NSJAIL__LOG_LEVEL__FATAL", 4 }, { "FATAL", "NSJAIL__LOG_LEVEL__FATAL", 4 },
}; };
static const ProtobufCIntRange nsjail__log_level__value_ranges[] = { static const ProtobufCIntRange nsjail__log_level__value_ranges[] = {
{0, 0},{0, 5} {0, 0},{0, 5}
}; };
static const ProtobufCEnumValueIndex nsjail__log_level__enum_values_by_name[5] =
static const ProtobufCEnumValueIndex nsjail__log_level__enum_values_by_name[5] = { {
{ "DEBUG", 0 }, { "DEBUG", 0 },
{ "ERROR", 3 }, { "ERROR", 3 },
{ "FATAL", 4 }, { "FATAL", 4 },
{ "INFO", 1 }, { "INFO", 1 },
{ "WARNING", 2 }, { "WARNING", 2 },
}; };
const ProtobufCEnumDescriptor nsjail__log_level__descriptor =
const ProtobufCEnumDescriptor nsjail__log_level__descriptor = { {
PROTOBUF_C__ENUM_DESCRIPTOR_MAGIC, PROTOBUF_C__ENUM_DESCRIPTOR_MAGIC,
"nsjail.LogLevel", "nsjail.LogLevel",
"LogLevel", "LogLevel",

142
config.pb-c.h
View File

@ -7,16 +7,20 @@
#include <protobuf-c/protobuf-c.h> #include <protobuf-c/protobuf-c.h>
PROTOBUF_C__BEGIN_DECLS PROTOBUF_C__BEGIN_DECLS
#if PROTOBUF_C_VERSION_NUMBER < 1000000 #if PROTOBUF_C_VERSION_NUMBER < 1000000
# error This file was generated by a newer version of protoc-c which is incompatible with your libprotobuf-c headers. Please update your headers. # error This file was generated by a newer version of protoc-c which is incompatible with your libprotobuf-c headers. Please update your headers.
#elif 1002001 < PROTOBUF_C_MIN_COMPILER_VERSION #elif 1002001 < PROTOBUF_C_MIN_COMPILER_VERSION
# error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c. # error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c.
#endif #endif
typedef struct _Nsjail__IdMap Nsjail__IdMap; typedef struct _Nsjail__IdMap Nsjail__IdMap;
typedef struct _Nsjail__MountPt Nsjail__MountPt; typedef struct _Nsjail__MountPt Nsjail__MountPt;
typedef struct _Nsjail__Exe Nsjail__Exe; typedef struct _Nsjail__Exe Nsjail__Exe;
typedef struct _Nsjail__NsJailConfig Nsjail__NsJailConfig; typedef struct _Nsjail__NsJailConfig Nsjail__NsJailConfig;
/* --- enums --- */ /* --- enums --- */
typedef enum _Nsjail__Mode { typedef enum _Nsjail__Mode {
@ -35,7 +39,8 @@ typedef enum _Nsjail__Mode {
/* /*
* Executing command w/o the supervisor * Executing command w/o the supervisor
*/ */
NSJAIL__MODE__EXECVE = 3 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__MODE) NSJAIL__MODE__EXECVE = 3
PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__MODE)
} Nsjail__Mode; } Nsjail__Mode;
/* /*
* Should be self explanatory * Should be self explanatory
@ -54,12 +59,14 @@ typedef enum _Nsjail__LogLevel {
*/ */
NSJAIL__LOG_LEVEL__WARNING = 2, NSJAIL__LOG_LEVEL__WARNING = 2,
NSJAIL__LOG_LEVEL__ERROR = 3, NSJAIL__LOG_LEVEL__ERROR = 3,
NSJAIL__LOG_LEVEL__FATAL = 4 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__LOG_LEVEL) NSJAIL__LOG_LEVEL__FATAL = 4
PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__LOG_LEVEL)
} Nsjail__LogLevel; } Nsjail__LogLevel;
/* --- messages --- */ /* --- messages --- */
struct _Nsjail__IdMap { struct _Nsjail__IdMap
{
ProtobufCMessage base; ProtobufCMessage base;
/* /*
* Empty string means "current uid/gid" * Empty string means "current uid/gid"
@ -81,7 +88,9 @@ extern char nsjail__id_map__outside_id__default_value[];
{ PROTOBUF_C_MESSAGE_INIT (&nsjail__id_map__descriptor) \ { PROTOBUF_C_MESSAGE_INIT (&nsjail__id_map__descriptor) \
, nsjail__id_map__inside_id__default_value, nsjail__id_map__outside_id__default_value, 1u, 0 } , nsjail__id_map__inside_id__default_value, nsjail__id_map__outside_id__default_value, 1u, 0 }
struct _Nsjail__MountPt {
struct _Nsjail__MountPt
{
ProtobufCMessage base; ProtobufCMessage base;
/* /*
* Can be skipped for filesystems like 'proc' * Can be skipped for filesystems like 'proc'
@ -112,9 +121,9 @@ struct _Nsjail__MountPt {
*/ */
protobuf_c_boolean is_bind; protobuf_c_boolean is_bind;
/* /*
* It it RO mount * It it R/W mount
*/ */
protobuf_c_boolean is_ro; protobuf_c_boolean rw;
/* /*
* Is it directory? If not specified an internal * Is it directory? If not specified an internal
*heuristics will be used to determine that *heuristics will be used to determine that
@ -132,7 +141,9 @@ extern char nsjail__mount_pt__options__default_value[];
{ PROTOBUF_C_MESSAGE_INIT (&nsjail__mount_pt__descriptor) \ { PROTOBUF_C_MESSAGE_INIT (&nsjail__mount_pt__descriptor) \
, NULL, NULL, NULL, NULL, nsjail__mount_pt__fstype__default_value, nsjail__mount_pt__options__default_value, 0, 0, 0,0, 1 } , NULL, NULL, NULL, NULL, nsjail__mount_pt__fstype__default_value, nsjail__mount_pt__options__default_value, 0, 0, 0,0, 1 }
struct _Nsjail__Exe {
struct _Nsjail__Exe
{
ProtobufCMessage base; ProtobufCMessage base;
/* /*
* Will be used both as execv's path and as argv[0] * Will be used both as execv's path and as argv[0]
@ -148,7 +159,9 @@ struct _Nsjail__Exe {
{ PROTOBUF_C_MESSAGE_INIT (&nsjail__exe__descriptor) \ { PROTOBUF_C_MESSAGE_INIT (&nsjail__exe__descriptor) \
, NULL, 0,NULL } , NULL, 0,NULL }
struct _Nsjail__NsJailConfig {
struct _Nsjail__NsJailConfig
{
ProtobufCMessage base; ProtobufCMessage base;
/* /*
* Optional name and description for this config * Optional name and description for this config
@ -377,52 +390,101 @@ extern char nsjail__ns_jail_config__macvlan_vs_gw__default_value[];
{ PROTOBUF_C_MESSAGE_INIT (&nsjail__ns_jail_config__descriptor) \ { PROTOBUF_C_MESSAGE_INIT (&nsjail__ns_jail_config__descriptor) \
, nsjail__ns_jail_config__name__default_value, nsjail__ns_jail_config__description__default_value, NSJAIL__MODE__ONCE, NULL, 0, nsjail__ns_jail_config__hostname__default_value, nsjail__ns_jail_config__cwd__default_value, 0u, nsjail__ns_jail_config__bindhost__default_value, 0u, 600u, 0, NULL, 0,0, 0, 0,NULL, 0, 0, 0,NULL, 0, 0, 512ull, 0ull, 600ull, 1ull, 32ull, 0,0, 0,0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0,NULL, 0,NULL, 0, 0,NULL, NULL, NULL, 0ull, nsjail__ns_jail_config__cgroup_mem_mount__default_value, nsjail__ns_jail_config__cgroup_mem_parent__default_value, 0ull, nsjail__ns_jail_config__cgroup_pids_mount__default_value, nsjail__ns_jail_config__cgroup_pids_parent__default_value, 0, NULL, nsjail__ns_jail_config__macvlan_vs_ip__default_value, nsjail__ns_jail_config__macvlan_vs_nm__default_value, nsjail__ns_jail_config__macvlan_vs_gw__default_value, NULL } , nsjail__ns_jail_config__name__default_value, nsjail__ns_jail_config__description__default_value, NSJAIL__MODE__ONCE, NULL, 0, nsjail__ns_jail_config__hostname__default_value, nsjail__ns_jail_config__cwd__default_value, 0u, nsjail__ns_jail_config__bindhost__default_value, 0u, 600u, 0, NULL, 0,0, 0, 0,NULL, 0, 0, 0,NULL, 0, 0, 512ull, 0ull, 600ull, 1ull, 32ull, 0,0, 0,0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0,NULL, 0,NULL, 0, 0,NULL, NULL, NULL, 0ull, nsjail__ns_jail_config__cgroup_mem_mount__default_value, nsjail__ns_jail_config__cgroup_mem_parent__default_value, 0ull, nsjail__ns_jail_config__cgroup_pids_mount__default_value, nsjail__ns_jail_config__cgroup_pids_parent__default_value, 0, NULL, nsjail__ns_jail_config__macvlan_vs_ip__default_value, nsjail__ns_jail_config__macvlan_vs_nm__default_value, nsjail__ns_jail_config__macvlan_vs_gw__default_value, NULL }
/* Nsjail__IdMap methods */ /* Nsjail__IdMap methods */
void nsjail__id_map__init(Nsjail__IdMap * message); void nsjail__id_map__init
size_t nsjail__id_map__get_packed_size(const Nsjail__IdMap * message); (Nsjail__IdMap *message);
size_t nsjail__id_map__pack(const Nsjail__IdMap * message, uint8_t * out); size_t nsjail__id_map__get_packed_size
size_t nsjail__id_map__pack_to_buffer(const Nsjail__IdMap * message, ProtobufCBuffer * buffer); (const Nsjail__IdMap *message);
Nsjail__IdMap *nsjail__id_map__unpack size_t nsjail__id_map__pack
(ProtobufCAllocator * allocator, size_t len, const uint8_t * data); (const Nsjail__IdMap *message,
void nsjail__id_map__free_unpacked(Nsjail__IdMap * message, ProtobufCAllocator * allocator); uint8_t *out);
size_t nsjail__id_map__pack_to_buffer
(const Nsjail__IdMap *message,
ProtobufCBuffer *buffer);
Nsjail__IdMap *
nsjail__id_map__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void nsjail__id_map__free_unpacked
(Nsjail__IdMap *message,
ProtobufCAllocator *allocator);
/* Nsjail__MountPt methods */ /* Nsjail__MountPt methods */
void nsjail__mount_pt__init(Nsjail__MountPt * message); void nsjail__mount_pt__init
size_t nsjail__mount_pt__get_packed_size(const Nsjail__MountPt * message); (Nsjail__MountPt *message);
size_t nsjail__mount_pt__pack(const Nsjail__MountPt * message, uint8_t * out); size_t nsjail__mount_pt__get_packed_size
size_t nsjail__mount_pt__pack_to_buffer(const Nsjail__MountPt * message, ProtobufCBuffer * buffer); (const Nsjail__MountPt *message);
Nsjail__MountPt *nsjail__mount_pt__unpack size_t nsjail__mount_pt__pack
(ProtobufCAllocator * allocator, size_t len, const uint8_t * data); (const Nsjail__MountPt *message,
void nsjail__mount_pt__free_unpacked(Nsjail__MountPt * message, ProtobufCAllocator * allocator); uint8_t *out);
size_t nsjail__mount_pt__pack_to_buffer
(const Nsjail__MountPt *message,
ProtobufCBuffer *buffer);
Nsjail__MountPt *
nsjail__mount_pt__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void nsjail__mount_pt__free_unpacked
(Nsjail__MountPt *message,
ProtobufCAllocator *allocator);
/* Nsjail__Exe methods */ /* Nsjail__Exe methods */
void nsjail__exe__init(Nsjail__Exe * message); void nsjail__exe__init
size_t nsjail__exe__get_packed_size(const Nsjail__Exe * message); (Nsjail__Exe *message);
size_t nsjail__exe__pack(const Nsjail__Exe * message, uint8_t * out); size_t nsjail__exe__get_packed_size
size_t nsjail__exe__pack_to_buffer(const Nsjail__Exe * message, ProtobufCBuffer * buffer); (const Nsjail__Exe *message);
Nsjail__Exe *nsjail__exe__unpack(ProtobufCAllocator * allocator, size_t len, const uint8_t * data); size_t nsjail__exe__pack
void nsjail__exe__free_unpacked(Nsjail__Exe * message, ProtobufCAllocator * allocator); (const Nsjail__Exe *message,
uint8_t *out);
size_t nsjail__exe__pack_to_buffer
(const Nsjail__Exe *message,
ProtobufCBuffer *buffer);
Nsjail__Exe *
nsjail__exe__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void nsjail__exe__free_unpacked
(Nsjail__Exe *message,
ProtobufCAllocator *allocator);
/* Nsjail__NsJailConfig methods */ /* Nsjail__NsJailConfig methods */
void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message); void nsjail__ns_jail_config__init
size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message); (Nsjail__NsJailConfig *message);
size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out); size_t nsjail__ns_jail_config__get_packed_size
(const Nsjail__NsJailConfig *message);
size_t nsjail__ns_jail_config__pack
(const Nsjail__NsJailConfig *message,
uint8_t *out);
size_t nsjail__ns_jail_config__pack_to_buffer size_t nsjail__ns_jail_config__pack_to_buffer
(const Nsjail__NsJailConfig * message, ProtobufCBuffer * buffer); (const Nsjail__NsJailConfig *message,
Nsjail__NsJailConfig *nsjail__ns_jail_config__unpack ProtobufCBuffer *buffer);
(ProtobufCAllocator * allocator, size_t len, const uint8_t * data); Nsjail__NsJailConfig *
nsjail__ns_jail_config__unpack
(ProtobufCAllocator *allocator,
size_t len,
const uint8_t *data);
void nsjail__ns_jail_config__free_unpacked void nsjail__ns_jail_config__free_unpacked
(Nsjail__NsJailConfig * message, ProtobufCAllocator * allocator); (Nsjail__NsJailConfig *message,
ProtobufCAllocator *allocator);
/* --- per-message closures --- */ /* --- per-message closures --- */
typedef void (*Nsjail__IdMap_Closure) typedef void (*Nsjail__IdMap_Closure)
(const Nsjail__IdMap * message, void *closure_data); (const Nsjail__IdMap *message,
void *closure_data);
typedef void (*Nsjail__MountPt_Closure) typedef void (*Nsjail__MountPt_Closure)
(const Nsjail__MountPt * message, void *closure_data); (const Nsjail__MountPt *message,
void *closure_data);
typedef void (*Nsjail__Exe_Closure) typedef void (*Nsjail__Exe_Closure)
(const Nsjail__Exe * message, void *closure_data); (const Nsjail__Exe *message,
void *closure_data);
typedef void (*Nsjail__NsJailConfig_Closure) typedef void (*Nsjail__NsJailConfig_Closure)
(const Nsjail__NsJailConfig * message, void *closure_data); (const Nsjail__NsJailConfig *message,
void *closure_data);
/* --- services --- */ /* --- services --- */
/* --- descriptors --- */ /* --- descriptors --- */
extern const ProtobufCEnumDescriptor nsjail__mode__descriptor; extern const ProtobufCEnumDescriptor nsjail__mode__descriptor;
@ -433,4 +495,6 @@ extern const ProtobufCMessageDescriptor nsjail__exe__descriptor;
extern const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor; extern const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor;
PROTOBUF_C__END_DECLS PROTOBUF_C__END_DECLS
#endif /* PROTOBUF_C_config_2eproto__INCLUDED */ #endif /* PROTOBUF_C_config_2eproto__INCLUDED */

4
config.proto
View File

@ -42,8 +42,8 @@ message MountPt
required string options = 6 [ default = "" ]; required string options = 6 [ default = "" ];
/* Is it 'mount --bind src dst' type of mount */ /* Is it 'mount --bind src dst' type of mount */
required bool is_bind = 7 [ default = false ]; required bool is_bind = 7 [ default = false ];
/* It it RO mount */ /* It it R/W mount */
required bool is_ro = 8 [ default = false ]; required bool rw = 8 [ default = false ];
/* Is it directory? If not specified an internal /* Is it directory? If not specified an internal
heuristics will be used to determine that */ heuristics will be used to determine that */
optional bool is_dir = 9; optional bool is_dir = 9;

20
configs/bash-with-fake-geteuid.cfg
View File

@ -70,35 +70,35 @@ mount {
src: "/lib" src: "/lib"
dst: "/lib" dst: "/lib"
is_bind: true is_bind: true
is_ro: true rw: false
} }
mount { mount {
src: "/bin" src: "/bin"
dst: "/bin" dst: "/bin"
is_bind: true is_bind: true
is_ro: true rw: false
} }
mount { mount {
src: "/sbin" src: "/sbin"
dst: "/sbin" dst: "/sbin"
is_bind: true is_bind: true
is_ro: true rw: false
} }
mount { mount {
src: "/usr" src: "/usr"
dst: "/usr" dst: "/usr"
is_bind: true is_bind: true
is_ro: true rw: false
} }
mount { mount {
src: "/lib64" src: "/lib64"
dst: "/lib64" dst: "/lib64"
is_bind: true is_bind: true
is_ro: true rw: false
mandatory: false mandatory: false
} }
@ -106,14 +106,14 @@ mount {
src: "/lib32" src: "/lib32"
dst: "/lib32" dst: "/lib32"
is_bind: true is_bind: true
is_ro: true rw: false
mandatory: false mandatory: false
} }
mount { mount {
dst: "/tmp" dst: "/tmp"
fstype: "tmpfs" fstype: "tmpfs"
is_ro: false rw: true
is_bind: false is_bind: false
} }
@ -121,21 +121,21 @@ mount {
dst: "/dev" dst: "/dev"
fstype: "tmpfs" fstype: "tmpfs"
options: "size=8388608" options: "size=8388608"
is_ro: false rw: true
is_bind: false is_bind: false
} }
mount { mount {
src: "/dev/null" src: "/dev/null"
dst: "/dev/null" dst: "/dev/null"
is_ro: false rw: true
is_bind: true is_bind: true
} }
mount { mount {
dst: "/proc" dst: "/proc"
fstype: "proc" fstype: "proc"
is_ro: true rw: false
} }
mount { mount {

13
configs/firefox-with-net.cfg
View File

@ -83,7 +83,7 @@ mount {
src: "/dev/urandom" src: "/dev/urandom"
dst: "/dev/urandom" dst: "/dev/urandom"
is_bind: true is_bind: true
is_ro: false rw: true
} }
mount { mount {
@ -103,21 +103,21 @@ mount {
mount { mount {
dst: "/tmp" dst: "/tmp"
fstype: "tmpfs" fstype: "tmpfs"
is_ro: false rw: true
is_bind: false is_bind: false
} }
mount { mount {
dst: "/user" dst: "/user"
fstype: "tmpfs" fstype: "tmpfs"
is_ro: false rw: true
} }
mount { mount {
prefix_src_env: "HOME" prefix_src_env: "HOME"
src: "/Documents" src: "/Documents"
dst: "/user/Documents" dst: "/user/Documents"
is_ro: false rw: true
is_bind: true is_bind: true
mandatory: false mandatory: false
} }
@ -127,20 +127,19 @@ mount {
src: "/.mozilla" src: "/.mozilla"
dst: "/user/.mozilla" dst: "/user/.mozilla"
is_bind: true is_bind: true
is_ro: false rw: true
mandatory: false mandatory: false
} }
mount { mount {
dst: "/user/.cache" dst: "/user/.cache"
fstype: "tmpfs" fstype: "tmpfs"
is_ro: false rw: true
} }
mount { mount {
src: "/tmp/.X11-unix/X0" src: "/tmp/.X11-unix/X0"
dst: "/tmp/.X11-unix/X0" dst: "/tmp/.X11-unix/X0"
is_ro: false
is_bind: true is_bind: true
} }

5
configs/home-documents-with-xorg-no-net.cfg
View File

@ -64,13 +64,13 @@ mount {
mount { mount {
dst: "/tmp" dst: "/tmp"
fstype: "tmpfs" fstype: "tmpfs"
is_ro: false rw: true
} }
mount { mount {
dst: "/user" dst: "/user"
fstype: "tmpfs" fstype: "tmpfs"
is_ro: false rw: true
} }
mount { mount {
@ -83,7 +83,6 @@ mount {
mount { mount {
src: "/tmp/.X11-unix/X0" src: "/tmp/.X11-unix/X0"
dst: "/tmp/.X11-unix/X0" dst: "/tmp/.X11-unix/X0"
is_ro: false
is_bind: true is_bind: true
} }