| Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 1 | /* libminijail-private.h |
| 2 | * Copyright (c) 2011 The Chromium OS Authors. All rights reserved. |
| 3 | * Use of this source code is governed by a BSD-style license that can be |
| 4 | * found in the LICENSE file. |
| 5 | * |
| 6 | * Values shared between libminijailpreload and libminijail, but not visible to |
| 7 | * the outside world. |
| 8 | */ |
| 9 | |
| 10 | #ifndef LIBMINIJAIL_PRIVATE_H |
| 11 | #define LIBMINIJAIL_PRIVATE_H |
| 12 | |
| Will Drewry | 2f54b6a | 2011-09-16 13:45:31 -0500 | [diff] [blame] | 13 | static const char *kFdEnvVar = "__MINIJAIL_FD"; |
| Ben Chan | 541c7e5 | 2011-08-26 14:55:53 -0700 | [diff] [blame] | 14 | static const char *kLdPreloadEnvVar = "LD_PRELOAD"; |
| Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 15 | |
| Will Drewry | 32ac9f5 | 2011-08-18 21:36:27 -0500 | [diff] [blame] | 16 | #define MINIJAIL_MAX_SECCOMP_FILTER_LINE 512 |
| Will Drewry | 2f54b6a | 2011-09-16 13:45:31 -0500 | [diff] [blame] | 17 | #define MINIJAIL_MAX_ARG_LINE (MINIJAIL_MAX_SECCOMP_FILTER_LINE + 64) |
| Will Drewry | 32ac9f5 | 2011-08-18 21:36:27 -0500 | [diff] [blame] | 18 | |
| Will Drewry | 2ddaad0 | 2011-09-16 11:36:08 -0500 | [diff] [blame] | 19 | struct seccomp_filter { |
| 20 | int nr; |
| 21 | char *filter; |
| 22 | struct seccomp_filter *next, *prev; |
| 23 | }; |
| 24 | |
| 25 | struct minijail { |
| 26 | struct { |
| 27 | int uid : 1; |
| 28 | int gid : 1; |
| 29 | int caps : 1; |
| 30 | int vfs : 1; |
| 31 | int pids : 1; |
| 32 | int seccomp : 1; |
| 33 | int readonly : 1; |
| 34 | int usergroups : 1; |
| 35 | int ptrace : 1; |
| 36 | int seccomp_filter : 1; |
| 37 | } flags; |
| 38 | uid_t uid; |
| 39 | gid_t gid; |
| 40 | gid_t usergid; |
| 41 | char *user; |
| 42 | uint64_t caps; |
| 43 | pid_t initpid; |
| 44 | struct seccomp_filter *filters; |
| 45 | }; |
| 46 | |
| 47 | /* minijail_size returns the size of |j| if marshalled. |
| 48 | * 0 is returned on error. |
| 49 | */ |
| 50 | extern size_t minijail_size(const struct minijail *j); |
| 51 | /* minijail_marshal: serializes |j| to |buf| |
| 52 | * Writes |j| to |buf| such that it can be reparsed by the same |
| 53 | * library on the same architecture. This is meant to be used |
| 54 | * by minijail0.c and libminijailpreload.c. minijail flags that |
| 55 | * require minijail_run() will be excluded. |
| 56 | * |
| 57 | * The marshalled data is not robust to differences between the child |
| 58 | * and parent process (personality, etc). |
| 59 | * |
| 60 | * Returns 0 on success. |
| 61 | */ |
| 62 | extern int minijail_marshal(const struct minijail *j, |
| 63 | char *buf, |
| 64 | size_t available); |
| 65 | /* minijail_unmarshal: initializes minijail |j| from |serialized|. */ |
| 66 | extern int minijail_unmarshal(struct minijail *j, |
| 67 | char *serialized, |
| 68 | size_t length); |
| Will Drewry | fe4a372 | 2011-09-16 14:50:50 -0500 | [diff] [blame^] | 69 | /* Using minijail_unmarshal, build |j| from |fd|. */ |
| 70 | extern int minijail_from_fd(int fd, struct minijail *j); |
| 71 | /* Using minijail_marshal, sends |j| to |fd|. */ |
| 72 | extern int minijail_to_fd(struct minijail *j, int fd); |
| 73 | /* minijail_preexec: strips |j| of all options handled by minijail_enter(). */ |
| 74 | extern void minijail_preexec(struct minijail *j); |
| Will Drewry | 2ddaad0 | 2011-09-16 11:36:08 -0500 | [diff] [blame] | 75 | /* minijail_preenter: strips |j| of all options handled by minijail_run(). */ |
| 76 | extern void minijail_preenter(struct minijail *j); |
| 77 | |
| Elly Jones | cd7a904 | 2011-07-22 13:56:51 -0400 | [diff] [blame] | 78 | #endif /* !LIBMINIJAIL_PRIVATE_H */ |