Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / platform2 / 1874feb4416af1cb8e48139db2f7f6fc11a8718b / . / libcontainer / libcontainer.h
blob: 1a9ab7c5537837f8331cc8046e0a0c181ec4583b [file] [log] [blame]
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]1/* Copyright 2016 The Chromium OS Authors. All rights reserved.
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 */
5
Luis Hector Chavez479b95f2016-06-06 08:01:05 -0700[diff] [blame]6#ifndef LIBCONTAINER_LIBCONTAINER_H_
7#define LIBCONTAINER_LIBCONTAINER_H_
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]8
Dylan Reid2bd9ea92016-04-07 20:57:47 -0700[diff] [blame]9#include <stddef.h>
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]10
11#ifdef __cplusplus
12extern "C" {
13#endif
14
15struct container_config;
16
17/* Create a container config. */
18struct container_config *container_config_create();
19
20/* Destroy a config create with container_config_create. */
21void container_config_destroy(struct container_config *c);
22
23/* rootfs - Path to the root of the container's filesystem. */
24int container_config_rootfs(struct container_config *c, const char *rootfs);
25
Dylan Reid11456722016-05-02 11:24:50 -0700[diff] [blame]26/* Get the configured rootfs path. */
27const char *container_config_get_rootfs(const struct container_config *c);
28
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]29/* The program to run and args, e.g. "/sbin/init", "--second-stage". */
30int container_config_program_argv(struct container_config *c,
31 char **argv, size_t num_args);
32
Dylan Reid11456722016-05-02 11:24:50 -0700[diff] [blame]33/* Get the number of command line args for the program to be run. */
34size_t container_config_get_num_program_args(const struct container_config *c);
35
36/* Get the program argument at the given index. */
37const char *container_config_get_program_arg(const struct container_config *c,
38 size_t index);
39
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]40/* The pid of the program will be written here. */
41int container_config_pid_file(struct container_config *c, const char *path);
42
Dylan Reid1874feb2016-06-22 17:53:50 -0700[diff] [blame^]43/* Sets/Gets the uid the container will run as. */
44void container_config_uid(struct container_config *c, uid_t uid);
45uid_t container_config_get_uid(const struct container_config *c);
46
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]47/* Mapping of UIDs in the container, e.g. "0 100000 1024" */
48int container_config_uid_map(struct container_config *c, const char *uid_map);
49
Dylan Reid1874feb2016-06-22 17:53:50 -0700[diff] [blame^]50/* Sets/Gets the gid the container will run as. */
51void container_config_gid(struct container_config *c, gid_t gid);
52gid_t container_config_get_gid(const struct container_config *c);
53
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]54/* Mapping of GIDs in the container, e.g. "0 100000 1024" */
55int container_config_gid_map(struct container_config *c, const char *gid_map);
56
57/* Alt-Syscall table to use or NULL if none. */
58int container_config_alt_syscall_table(struct container_config *c,
59 const char *alt_syscall_table);
60
61/*
62 * Add a filesystem to mount in the new VFS namespace.
63 *
64 * c - The container config in which to add the mount.
65 * source - Mount source, e.g. "tmpfs" or "/data".
66 * destination - Mount point in the container, e.g. "/dev".
67 * type - Mount type, e.g. "tmpfs", "selinuxfs", or "devpts".
68 * data - Mount data for extra options, e.g. "newinstance" or "ptmxmode=0000".
69 * flags - Mount flags as defined in mount(2);
70 * uid - uid to chown mount point to if created.
71 * gid - gid to chown mount point to if created.
72 * mode - Permissions of mount point if created.
73 * mount_in_ns - True if mount should happen in the process' vfs namespace.
74 * create - If true, create mount destination if it doesn't exist.
75 */
76int container_config_add_mount(struct container_config *c,
77 const char *name,
78 const char *source,
79 const char *destination,
80 const char *type,
81 const char *data,
82 int flags,
83 int uid,
84 int gid,
85 int mode,
86 int mount_in_ns,
87 int create);
88
89/*
90 * Add a device node to create.
91 *
92 * c - The container config in which to add the mount.
93 * type - 'c' or 'b' for char or block respectively.
94 * path - Where to mknod, "/dev/zero".
95 * fs_permissions - Permissions to set on the node.
96 * major - Major device number.
97 * minor - Minor device number.
Dylan Reid355d5e42016-04-29 16:53:31 -0700[diff] [blame]98 * copy_minor - Overwrite minor with the minor of the existing device node. If
99 * this is true minor will be copied from an existing node. The |minor| param
100 * should be set to -1 in this case.
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]101 * uid - User to own the device.
102 * gid - Group to own the device.
103 * read_allowed - If true allow reading from the device via "devices" cgroup.
104 * write_allowed - If true allow writing to the device via "devices" cgroup.
105 * modify_allowed - If true allow creation of the device via "devices" cgroup.
106 */
107int container_config_add_device(struct container_config *c,
108 char type,
109 const char *path,
110 int fs_permissions,
111 int major,
112 int minor,
Dylan Reid355d5e42016-04-29 16:53:31 -0700[diff] [blame]113 int copy_minor,
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]114 int uid,
115 int gid,
116 int read_allowed,
117 int write_allowed,
118 int modify_allowed);
119
Dylan Reid2bd9ea92016-04-07 20:57:47 -0700[diff] [blame]120/*
121 * Set to cause the given setfiles command to be run whenever a mount is made
122 * in the parent mount namespace.
123 */
Luis Hector Chavez479b95f2016-06-06 08:01:05 -0700[diff] [blame]124int container_config_run_setfiles(struct container_config *c,
125 const char *setfiles_cmd);
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]126
Dylan Reid11456722016-05-02 11:24:50 -0700[diff] [blame]127/* Get the setfiles command that is configured to be run. */
128const char *container_config_get_run_setfiles(const struct container_config *c);
129
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]130/* Container manipulation. */
131struct container;
132
133/*
134 * Create a container based on the given config.
135 *
136 * name - Name of the directory holding the container config files.
137 * rundir - Where to build the temporary rootfs.
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]138 */
139struct container *container_new(const char *name,
Dylan Reide040c6b2016-05-02 18:49:02 -0700[diff] [blame]140 const char *rundir);
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]141
142/* Destroy a container created with container_new. */
143void container_destroy(struct container *c);
144
Dylan Reide040c6b2016-05-02 18:49:02 -0700[diff] [blame]145/* Start the container. Returns 0 on success.
146 * c - The container to run.
147 * config - Details of how the container should be run.
148 */
149int container_start(struct container *c,
150 const struct container_config *config);
Dylan Reid837c74a2016-01-22 17:25:21 -0800[diff] [blame]151
152/* Get the path to the root of the container. */
153const char *container_root(struct container *c);
154
155/* Get the pid of the init process in the container. */
156int container_pid(struct container *c);
157
158/* Wait for the container to exit. Returns 0 on success. */
159int container_wait(struct container *c);
160
161/* Kill the container's init process, then wait for it to exit. */
162int container_kill(struct container *c);
163
164#ifdef __cplusplus
165}; /* extern "C" */
166#endif
167
Luis Hector Chavez479b95f2016-06-06 08:01:05 -0700[diff] [blame]168#endif /* LIBCONTAINER_LIBCONTAINER_H_ */