/* Generated by the protocol buffer compiler. DO NOT EDIT! */ /* Generated from: config.proto */ #ifndef PROTOBUF_C_config_2eproto__INCLUDED #define PROTOBUF_C_config_2eproto__INCLUDED #include PROTOBUF_C__BEGIN_DECLS #if PROTOBUF_C_VERSION_NUMBER < 1000000 #error This file was generated by a newer version of protoc-c which is incompatible with your libprotobuf-c headers. Please update your headers. #elif 1002001 < PROTOBUF_C_MIN_COMPILER_VERSION #error This file was generated by an older version of protoc-c which is incompatible with your libprotobuf-c headers. Please regenerate this file with a newer version of protoc-c. #endif typedef struct _Nsjail__IdMap Nsjail__IdMap; typedef struct _Nsjail__MountPt Nsjail__MountPt; typedef struct _Nsjail__Exe Nsjail__Exe; typedef struct _Nsjail__NsJailConfig Nsjail__NsJailConfig; /* --- enums --- */ typedef enum _Nsjail__Mode { /* * Listening on a TCP port */ NSJAIL__MODE__LISTEN = 0, /* * Running the command once only */ NSJAIL__MODE__ONCE = 1, /* * Re-executing the command (forever) */ NSJAIL__MODE__RERUN = 2, /* * Executing command w/o the supervisor */ NSJAIL__MODE__EXECVE = 3 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__MODE) } Nsjail__Mode; /* * Should be self explanatory */ typedef enum _Nsjail__LogLevel { NSJAIL__LOG_LEVEL__DEBUG = 0, NSJAIL__LOG_LEVEL__INFO = 1, NSJAIL__LOG_LEVEL__WARNING = 2, NSJAIL__LOG_LEVEL__ERROR = 3, NSJAIL__LOG_LEVEL__FATAL = 4 PROTOBUF_C__FORCE_ENUM_TO_BE_INT_SIZE(NSJAIL__LOG_LEVEL) } Nsjail__LogLevel; /* --- messages --- */ struct _Nsjail__IdMap { ProtobufCMessage base; /* * Empty string means "current uid/gid" */ char *inside_id; char *outside_id; /* * 'man user_namespaces' for the meaning of count */ uint32_t count; /* * Does this map use /usr/bin/new[u|g]idmap binary? */ protobuf_c_boolean use_newidmap; }; extern char nsjail__id_map__inside_id__default_value[]; extern char nsjail__id_map__outside_id__default_value[]; #define NSJAIL__ID_MAP__INIT \ { PROTOBUF_C_MESSAGE_INIT (&nsjail__id_map__descriptor) \ , nsjail__id_map__inside_id__default_value, nsjail__id_map__outside_id__default_value, 1u, 0 } struct _Nsjail__MountPt { ProtobufCMessage base; /* * Can be skipped for filesystems like 'proc' */ char *src; char *dst; /* * Can be empty for mount --bind mounts */ char *fstype; /* * E.g. size=5000000 for 'tmpfs' */ char *options; /* * Is it 'mount --bind src dst' type of mount */ protobuf_c_boolean is_bind; /* * It it RO mount */ protobuf_c_boolean is_ro; /* * Is it directory? If not specified an internal * heuristics will be used to determine that */ protobuf_c_boolean has_is_dir; protobuf_c_boolean is_dir; /* * Should the sandboxing fail if we cannot mount this resource? */ protobuf_c_boolean mandatory; }; extern char nsjail__mount_pt__fstype__default_value[]; extern char nsjail__mount_pt__options__default_value[]; #define NSJAIL__MOUNT_PT__INIT \ { PROTOBUF_C_MESSAGE_INIT (&nsjail__mount_pt__descriptor) \ , NULL, NULL, nsjail__mount_pt__fstype__default_value, nsjail__mount_pt__options__default_value, 0, 0, 0,0, 1 } struct _Nsjail__Exe { ProtobufCMessage base; /* * This will be usef both for path and for argv[0] */ char *path; /* * This will be argv[1] and so on.. */ size_t n_arg; char **arg; }; #define NSJAIL__EXE__INIT \ { PROTOBUF_C_MESSAGE_INIT (&nsjail__exe__descriptor) \ , NULL, 0,NULL } struct _Nsjail__NsJailConfig { ProtobufCMessage base; /* * Execution mode: see 'msg Mode' description for more */ Nsjail__Mode mode; /* * Equivalent to a bind mount with src='/', dst='/' */ char *chroot_dir; /* * Applies both to the chroot_dir and to /proc mounts */ protobuf_c_boolean is_root_rw; /* * Hostname inside jail */ char *hostname; /* * Initial current working directory for the binary */ char *cwd; /* * TCP port to listen to. Valid with mode=LISTEN only */ uint32_t port; /* * Host to bind to for mode=LISTEN. Must be in IPv6 format */ char *bindhost; /* * For mode=LISTEN, maximum number of connections from a single IP */ uint32_t max_conns_per_ip; /* * Wall-time time limit for commands */ uint32_t time_limit; /* * Should nsjail go into background? */ protobuf_c_boolean daemon; /* * File to save lofs to */ char *log_file; /* * Minimum log level displayed. *See 'msg LogLevel' description for more */ protobuf_c_boolean has_log_level; Nsjail__LogLevel log_level; /* * Should the current environment variables be kept *when executing the binary */ protobuf_c_boolean keep_env; /* * EnvVars to be set before executing binaries */ size_t n_envar; char **envar; /* * Should nsjail close FD=0,1,2 before executing the process */ protobuf_c_boolean silent; /* * Should the child process have control over terminal? *Can be useful to allow /bin/sh to provide *job control / signals */ protobuf_c_boolean skip_setsid; /* * Which FDs should be passed to the newly executed process *By default only FD=0,1,2 are passed */ size_t n_pass_fd; int32_t *pass_fd; /* * Should pivot_root be used instead of chroot? *Using pivot_root allows to have subnamespaces */ protobuf_c_boolean pivot_root_only; /* * Setting it to true will allow to have set-uid binaries *inside the jail */ protobuf_c_boolean disable_no_new_privs; /* * In MiB */ uint64_t rlimit_as; /* * In MiB */ uint64_t rlimit_core; /* * In seconds */ uint64_t rlimit_cpu; /* * In MiB */ uint64_t rlimit_fsize; uint64_t rlimit_nofile; protobuf_c_boolean has_rlimit_nproc; uint64_t rlimit_nproc; /* * In MiB */ protobuf_c_boolean has_rlimit_stack; uint64_t rlimit_stack; /* * See 'man personality' for more */ protobuf_c_boolean persona_addr_compat_layout; protobuf_c_boolean persona_mmap_page_zero; protobuf_c_boolean persona_read_implies_exec; protobuf_c_boolean persona_addr_limit_3gb; protobuf_c_boolean persona_addr_no_randomize; /* * Which name-spaces should be used? */ protobuf_c_boolean clone_newnet; protobuf_c_boolean clone_newuser; protobuf_c_boolean clone_newns; protobuf_c_boolean clone_newpid; protobuf_c_boolean clone_newipc; protobuf_c_boolean clone_newuts; /* * It's only supported in newer kernels, hence disabled by default */ protobuf_c_boolean clone_newcgroup; /* * Mappings for UIDs and GIDs. See the description for 'msg IdMap' *for more */ size_t n_uidmap; Nsjail__IdMap **uidmap; size_t n_gidmap; Nsjail__IdMap **gidmap; /* * Mount points inside the jail. See the description for 'msg MountPt' *for more */ size_t n_mount; Nsjail__MountPt **mount; /* * Should /proc be mounted? One can also force this in the 'mount' */ protobuf_c_boolean mount_proc; /* * Kafel seccomp policy file or string. *Homepage of the project: https://github.com/google/kafel */ char *seccomp_policy_file; char *seccomp_string; /* * If > 0, maximum cumulative size of RAM used inside jail */ /* * In MiB */ uint64_t cgroup_mem_max; /* * Mount point for cgroups-memory */ char *cgroup_mem_mount; /* * Writeable directory (for the nsjail user) under cgroup_mem_mount */ char *cgroup_mem_parent; /* * If > 0, maximum number of PIDs (threads/processes) inside jail */ uint64_t cgroup_pids_max; /* * Mount point for cgroups-memory */ char *cgroup_pids_mount; /* * Writeable directory (for the nsjail user) under cgroup_pids_mount */ char *cgroup_pids_parent; /* * Should the 'lo' interface be brought up inside jail? */ protobuf_c_boolean iface_no_lo; /* * Parameters for the cloned MACVLAN interface inside jail */ /* * Interface to be cloned, eg 'eth0' */ char *macvlan_iface; char *macvlan_vs_ip; char *macvlan_vs_nm; char *macvlan_vs_gw; /* * Binary with arguments to be executed. If not specified here, it can be *specified with the command-line as "-- /path/to/command arg1 arg2" */ Nsjail__Exe *exec_bin; }; extern char nsjail__ns_jail_config__hostname__default_value[]; extern char nsjail__ns_jail_config__cwd__default_value[]; extern char nsjail__ns_jail_config__bindhost__default_value[]; extern char nsjail__ns_jail_config__cgroup_mem_mount__default_value[]; extern char nsjail__ns_jail_config__cgroup_mem_parent__default_value[]; extern char nsjail__ns_jail_config__cgroup_pids_mount__default_value[]; extern char nsjail__ns_jail_config__cgroup_pids_parent__default_value[]; extern char nsjail__ns_jail_config__macvlan_vs_ip__default_value[]; extern char nsjail__ns_jail_config__macvlan_vs_nm__default_value[]; extern char nsjail__ns_jail_config__macvlan_vs_gw__default_value[]; #define NSJAIL__NS_JAIL_CONFIG__INIT \ { PROTOBUF_C_MESSAGE_INIT (&nsjail__ns_jail_config__descriptor) \ , NSJAIL__MODE__ONCE, NULL, 0, nsjail__ns_jail_config__hostname__default_value, nsjail__ns_jail_config__cwd__default_value, 0u, nsjail__ns_jail_config__bindhost__default_value, 0u, 600u, 0, NULL, 0,0, 0, 0,NULL, 0, 0, 0,NULL, 0, 0, 512ull, 0ull, 600ull, 1ull, 32ull, 0,0, 0,0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 1, 1, 0, 0,NULL, 0,NULL, 0,NULL, 1, NULL, NULL, 0ull, nsjail__ns_jail_config__cgroup_mem_mount__default_value, nsjail__ns_jail_config__cgroup_mem_parent__default_value, 0ull, nsjail__ns_jail_config__cgroup_pids_mount__default_value, nsjail__ns_jail_config__cgroup_pids_parent__default_value, 0, NULL, nsjail__ns_jail_config__macvlan_vs_ip__default_value, nsjail__ns_jail_config__macvlan_vs_nm__default_value, nsjail__ns_jail_config__macvlan_vs_gw__default_value, NULL } /* Nsjail__IdMap methods */ void nsjail__id_map__init(Nsjail__IdMap * message); size_t nsjail__id_map__get_packed_size(const Nsjail__IdMap * message); size_t nsjail__id_map__pack(const Nsjail__IdMap * message, uint8_t * out); size_t nsjail__id_map__pack_to_buffer(const Nsjail__IdMap * message, ProtobufCBuffer * buffer); Nsjail__IdMap *nsjail__id_map__unpack (ProtobufCAllocator * allocator, size_t len, const uint8_t * data); void nsjail__id_map__free_unpacked(Nsjail__IdMap * message, ProtobufCAllocator * allocator); /* Nsjail__MountPt methods */ void nsjail__mount_pt__init(Nsjail__MountPt * message); size_t nsjail__mount_pt__get_packed_size(const Nsjail__MountPt * message); size_t nsjail__mount_pt__pack(const Nsjail__MountPt * message, uint8_t * out); size_t nsjail__mount_pt__pack_to_buffer(const Nsjail__MountPt * message, ProtobufCBuffer * buffer); Nsjail__MountPt *nsjail__mount_pt__unpack (ProtobufCAllocator * allocator, size_t len, const uint8_t * data); void nsjail__mount_pt__free_unpacked(Nsjail__MountPt * message, ProtobufCAllocator * allocator); /* Nsjail__Exe methods */ void nsjail__exe__init(Nsjail__Exe * message); size_t nsjail__exe__get_packed_size(const Nsjail__Exe * message); size_t nsjail__exe__pack(const Nsjail__Exe * message, uint8_t * out); size_t nsjail__exe__pack_to_buffer(const Nsjail__Exe * message, ProtobufCBuffer * buffer); Nsjail__Exe *nsjail__exe__unpack(ProtobufCAllocator * allocator, size_t len, const uint8_t * data); void nsjail__exe__free_unpacked(Nsjail__Exe * message, ProtobufCAllocator * allocator); /* Nsjail__NsJailConfig methods */ void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message); size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message); size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out); size_t nsjail__ns_jail_config__pack_to_buffer (const Nsjail__NsJailConfig * message, ProtobufCBuffer * buffer); Nsjail__NsJailConfig *nsjail__ns_jail_config__unpack (ProtobufCAllocator * allocator, size_t len, const uint8_t * data); void nsjail__ns_jail_config__free_unpacked (Nsjail__NsJailConfig * message, ProtobufCAllocator * allocator); /* --- per-message closures --- */ typedef void (*Nsjail__IdMap_Closure) (const Nsjail__IdMap * message, void *closure_data); typedef void (*Nsjail__MountPt_Closure) (const Nsjail__MountPt * message, void *closure_data); typedef void (*Nsjail__Exe_Closure) (const Nsjail__Exe * message, void *closure_data); typedef void (*Nsjail__NsJailConfig_Closure) (const Nsjail__NsJailConfig * message, void *closure_data); /* --- services --- */ /* --- descriptors --- */ extern const ProtobufCEnumDescriptor nsjail__mode__descriptor; extern const ProtobufCEnumDescriptor nsjail__log_level__descriptor; extern const ProtobufCMessageDescriptor nsjail__id_map__descriptor; extern const ProtobufCMessageDescriptor nsjail__mount_pt__descriptor; extern const ProtobufCMessageDescriptor nsjail__exe__descriptor; extern const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor; PROTOBUF_C__END_DECLS #endif /* PROTOBUF_C_config_2eproto__INCLUDED */