Blame - libcontainer/libcontainer.h - chromium.googlesource.com/chromiumos/platform2

blob: 720815e004e1089db51a60401409819789eef5df [file] [log] [blame]

Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	1	/* Copyright 2016 The Chromium OS Authors. All rights reserved.
				2	* Use of this source code is governed by a BSD-style license that can be
				3	* found in the LICENSE file.
				4	*/
				5
Luis Hector Chavez	479b95f	2016-06-06 08:01:05 -0700	[diff] [blame]	6	#ifndef LIBCONTAINER_LIBCONTAINER_H_
				7	#define LIBCONTAINER_LIBCONTAINER_H_
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	8
Dylan Reid	2bd9ea9	2016-04-07 20:57:47 -0700	[diff] [blame]	9	#include <stddef.h>
Dylan Reid	0bb592b	2016-11-09 13:34:11 -0800	[diff] [blame^]	10	#include <sys/types.h>
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	11
				12	#ifdef __cplusplus
				13	extern "C" {
				14	#endif
				15
				16	struct container_config;
				17
				18	/* Create a container config. */
				19	struct container_config *container_config_create();
				20
				21	/* Destroy a config create with container_config_create. */
				22	void container_config_destroy(struct container_config *c);
				23
				24	/* rootfs - Path to the root of the container's filesystem. */
				25	int container_config_rootfs(struct container_config c, const char rootfs);
				26
Dylan Reid	1145672	2016-05-02 11:24:50 -0700	[diff] [blame]	27	/* Get the configured rootfs path. */
				28	const char container_config_get_rootfs(const struct container_config c);
				29
Luis Hector Chavez	c240e7e	2016-09-22 10:33:03 -0700	[diff] [blame]	30	/* rootfs_mount_flags - Flags that will be passed to the mount() call when
				31	* mounting the root of the container's filesystem. */
				32	void container_config_rootfs_mount_flags(struct container_config *c,
				33	unsigned long flags);
				34
				35	/* Get the configured rootfs mount() flags. */
				36	unsigned long container_config_get_rootfs_mount_flags(
				37	const struct container_config *c);
				38
Keshav Santhanam	0e4c328	2016-07-14 10:25:16 -0700	[diff] [blame]	39	/* runfs - Path to where the container filesystem has been mounted. */
Luis Hector Chavez	c32a2e6	2016-09-23 09:19:16 -0700	[diff] [blame]	40	int container_config_premounted_runfs(struct container_config *c,
				41	const char *runfs);
Keshav Santhanam	0e4c328	2016-07-14 10:25:16 -0700	[diff] [blame]	42
				43	/* Get the pre-mounted runfs path. */
Luis Hector Chavez	c32a2e6	2016-09-23 09:19:16 -0700	[diff] [blame]	44	const char *container_config_get_premounted_runfs(
				45	const struct container_config *c);
Keshav Santhanam	0e4c328	2016-07-14 10:25:16 -0700	[diff] [blame]	46
				47	/* The pid of the program will be written here. */
				48	int container_config_pid_file(struct container_config c, const char path);
				49
				50	/* Get the pid file path. */
				51	const char container_config_get_pid_file(const struct container_config c);
				52
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	53	/* The program to run and args, e.g. "/sbin/init", "--second-stage". */
				54	int container_config_program_argv(struct container_config *c,
				55	char **argv, size_t num_args);
				56
Dylan Reid	1145672	2016-05-02 11:24:50 -0700	[diff] [blame]	57	/* Get the number of command line args for the program to be run. */
				58	size_t container_config_get_num_program_args(const struct container_config *c);
				59
				60	/* Get the program argument at the given index. */
				61	const char container_config_get_program_arg(const struct container_config c,
				62	size_t index);
				63
Dylan Reid	1874feb	2016-06-22 17:53:50 -0700	[diff] [blame]	64	/* Sets/Gets the uid the container will run as. */
				65	void container_config_uid(struct container_config *c, uid_t uid);
				66	uid_t container_config_get_uid(const struct container_config *c);
				67
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	68	/* Mapping of UIDs in the container, e.g. "0 100000 1024" */
				69	int container_config_uid_map(struct container_config c, const char uid_map);
				70
Dylan Reid	1874feb	2016-06-22 17:53:50 -0700	[diff] [blame]	71	/* Sets/Gets the gid the container will run as. */
				72	void container_config_gid(struct container_config *c, gid_t gid);
				73	gid_t container_config_get_gid(const struct container_config *c);
				74
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	75	/* Mapping of GIDs in the container, e.g. "0 100000 1024" */
				76	int container_config_gid_map(struct container_config c, const char gid_map);
				77
				78	/* Alt-Syscall table to use or NULL if none. */
				79	int container_config_alt_syscall_table(struct container_config *c,
				80	const char *alt_syscall_table);
				81
				82	/*
				83	* Add a filesystem to mount in the new VFS namespace.
				84	*
				85	* c - The container config in which to add the mount.
				86	* source - Mount source, e.g. "tmpfs" or "/data".
				87	* destination - Mount point in the container, e.g. "/dev".
				88	* type - Mount type, e.g. "tmpfs", "selinuxfs", or "devpts".
				89	* data - Mount data for extra options, e.g. "newinstance" or "ptmxmode=0000".
				90	* flags - Mount flags as defined in mount(2);
				91	* uid - uid to chown mount point to if created.
				92	* gid - gid to chown mount point to if created.
				93	* mode - Permissions of mount point if created.
				94	* mount_in_ns - True if mount should happen in the process' vfs namespace.
				95	* create - If true, create mount destination if it doesn't exist.
				96	*/
				97	int container_config_add_mount(struct container_config *c,
				98	const char *name,
				99	const char *source,
				100	const char *destination,
				101	const char *type,
				102	const char *data,
				103	int flags,
				104	int uid,
				105	int gid,
				106	int mode,
				107	int mount_in_ns,
				108	int create);
				109
				110	/*
				111	* Add a device node to create.
				112	*
				113	* c - The container config in which to add the mount.
				114	* type - 'c' or 'b' for char or block respectively.
				115	* path - Where to mknod, "/dev/zero".
				116	* fs_permissions - Permissions to set on the node.
				117	* major - Major device number.
				118	* minor - Minor device number.
Dylan Reid	355d5e4	2016-04-29 16:53:31 -0700	[diff] [blame]	119	* copy_minor - Overwrite minor with the minor of the existing device node. If
				120	* this is true minor will be copied from an existing node. The \|minor\| param
				121	* should be set to -1 in this case.
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	122	* uid - User to own the device.
				123	* gid - Group to own the device.
				124	* read_allowed - If true allow reading from the device via "devices" cgroup.
				125	* write_allowed - If true allow writing to the device via "devices" cgroup.
				126	* modify_allowed - If true allow creation of the device via "devices" cgroup.
				127	*/
				128	int container_config_add_device(struct container_config *c,
				129	char type,
				130	const char *path,
				131	int fs_permissions,
				132	int major,
				133	int minor,
Dylan Reid	355d5e4	2016-04-29 16:53:31 -0700	[diff] [blame]	134	int copy_minor,
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	135	int uid,
				136	int gid,
				137	int read_allowed,
				138	int write_allowed,
				139	int modify_allowed);
				140
Dylan Reid	2bd9ea9	2016-04-07 20:57:47 -0700	[diff] [blame]	141	/*
				142	* Set to cause the given setfiles command to be run whenever a mount is made
				143	* in the parent mount namespace.
				144	*/
Luis Hector Chavez	479b95f	2016-06-06 08:01:05 -0700	[diff] [blame]	145	int container_config_run_setfiles(struct container_config *c,
				146	const char *setfiles_cmd);
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	147
Dylan Reid	1145672	2016-05-02 11:24:50 -0700	[diff] [blame]	148	/* Get the setfiles command that is configured to be run. */
				149	const char container_config_get_run_setfiles(const struct container_config c);
				150
Chinyue Chen	fac909e	2016-06-24 14:17:42 +0800	[diff] [blame]	151	/* Set the CPU shares cgroup param for container. */
				152	int container_config_set_cpu_shares(struct container_config *c, int shares);
				153
				154	/* Set the CFS CPU cgroup params for container. */
				155	int container_config_set_cpu_cfs_params(struct container_config *c,
				156	int quota,
				157	int period);
				158
				159	/* Set the RT CPU cgroup params for container. */
				160	int container_config_set_cpu_rt_params(struct container_config *c,
				161	int rt_runtime,
				162	int rt_period);
				163
Chinyue Chen	4f3fd68	2016-07-01 14:11:42 +0800	[diff] [blame]	164	int container_config_get_cpu_shares(struct container_config *c);
				165	int container_config_get_cpu_quota(struct container_config *c);
				166	int container_config_get_cpu_period(struct container_config *c);
				167	int container_config_get_cpu_rt_runtime(struct container_config *c);
				168	int container_config_get_cpu_rt_period(struct container_config *c);
				169
Dylan Reid	9e724af	2016-07-21 09:58:07 -0700	[diff] [blame]	170	/*
				171	* Configure the owner of cgroups created for the container.
				172	*
				173	* This is needed so the container's cgroup namespace rootdir is accessible
				174	* inside the container.
				175	*
				176	* cgroup_parent - Parent directory under which to create the cgroup.
				177	* cgroup_owner - The uid that should own the cgroups that are created.
Dmitry Torokhov	14eef72	2016-09-27 16:40:37 -0700	[diff] [blame]	178	* cgroup_group - The gid that should own the cgroups that are created.
Dylan Reid	9e724af	2016-07-21 09:58:07 -0700	[diff] [blame]	179	*/
				180	int container_config_set_cgroup_parent(struct container_config *c,
				181	const char *parent,
Dmitry Torokhov	14eef72	2016-09-27 16:40:37 -0700	[diff] [blame]	182	uid_t cgroup_owner,
				183	gid_t cgroup_group);
Dylan Reid	9e724af	2016-07-21 09:58:07 -0700	[diff] [blame]	184
				185	/* Get the parent cgroup directory from the config. Here for UT only. */
				186	const char container_config_get_cgroup_parent(struct container_config c);
				187
Keshav Santhanam	1b6bf67	2016-08-10 18:35:12 -0700	[diff] [blame]	188	/* Enable sharing of the host's network namespace with the container */
				189	void container_config_share_host_netns(struct container_config *c);
				190	int get_container_config_share_host_netns(struct container_config *c);
				191
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	192	/* Container manipulation. */
				193	struct container;
				194
				195	/*
				196	* Create a container based on the given config.
				197	*
				198	* name - Name of the directory holding the container config files.
				199	* rundir - Where to build the temporary rootfs.
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	200	*/
				201	struct container container_new(const char name,
Dylan Reid	e040c6b	2016-05-02 18:49:02 -0700	[diff] [blame]	202	const char *rundir);
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	203
				204	/* Destroy a container created with container_new. */
				205	void container_destroy(struct container *c);
				206
Dylan Reid	e040c6b	2016-05-02 18:49:02 -0700	[diff] [blame]	207	/* Start the container. Returns 0 on success.
				208	* c - The container to run.
				209	* config - Details of how the container should be run.
				210	*/
				211	int container_start(struct container *c,
				212	const struct container_config *config);
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	213
				214	/* Get the path to the root of the container. */
				215	const char container_root(struct container c);
				216
				217	/* Get the pid of the init process in the container. */
				218	int container_pid(struct container *c);
				219
				220	/* Wait for the container to exit. Returns 0 on success. */
				221	int container_wait(struct container *c);
				222
				223	/* Kill the container's init process, then wait for it to exit. */
				224	int container_kill(struct container *c);
				225
				226	#ifdef __cplusplus
				227	}; /* extern "C" */
				228	#endif
				229
Luis Hector Chavez	479b95f	2016-06-06 08:01:05 -0700	[diff] [blame]	230	#endif /* LIBCONTAINER_LIBCONTAINER_H_ */