Blame - libcontainer/libcontainer.h - chromium.googlesource.com/chromiumos/platform2

blob: e3f0e2f049ab6e9b4bfc8f5f5cfb6c37952f31c1 [file] [log] [blame]

Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	1	/* Copyright 2016 The Chromium OS Authors. All rights reserved.
				2	* Use of this source code is governed by a BSD-style license that can be
				3	* found in the LICENSE file.
				4	*/
				5
Luis Hector Chavez	479b95f	2016-06-06 08:01:05 -0700	[diff] [blame^]	6	#ifndef LIBCONTAINER_LIBCONTAINER_H_
				7	#define LIBCONTAINER_LIBCONTAINER_H_
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	8
Dylan Reid	2bd9ea9	2016-04-07 20:57:47 -0700	[diff] [blame]	9	#include <stddef.h>
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	10
				11	#ifdef __cplusplus
				12	extern "C" {
				13	#endif
				14
				15	struct container_config;
				16
				17	/* Create a container config. */
				18	struct container_config *container_config_create();
				19
				20	/* Destroy a config create with container_config_create. */
				21	void container_config_destroy(struct container_config *c);
				22
				23	/* rootfs - Path to the root of the container's filesystem. */
				24	int container_config_rootfs(struct container_config c, const char rootfs);
				25
Dylan Reid	1145672	2016-05-02 11:24:50 -0700	[diff] [blame]	26	/* Get the configured rootfs path. */
				27	const char container_config_get_rootfs(const struct container_config c);
				28
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	29	/* The program to run and args, e.g. "/sbin/init", "--second-stage". */
				30	int container_config_program_argv(struct container_config *c,
				31	char **argv, size_t num_args);
				32
Dylan Reid	1145672	2016-05-02 11:24:50 -0700	[diff] [blame]	33	/* Get the number of command line args for the program to be run. */
				34	size_t container_config_get_num_program_args(const struct container_config *c);
				35
				36	/* Get the program argument at the given index. */
				37	const char container_config_get_program_arg(const struct container_config c,
				38	size_t index);
				39
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	40	/* The pid of the program will be written here. */
				41	int container_config_pid_file(struct container_config c, const char path);
				42
				43	/* Mapping of UIDs in the container, e.g. "0 100000 1024" */
				44	int container_config_uid_map(struct container_config c, const char uid_map);
				45
				46	/* Mapping of GIDs in the container, e.g. "0 100000 1024" */
				47	int container_config_gid_map(struct container_config c, const char gid_map);
				48
				49	/* Alt-Syscall table to use or NULL if none. */
				50	int container_config_alt_syscall_table(struct container_config *c,
				51	const char *alt_syscall_table);
				52
				53	/*
				54	* Add a filesystem to mount in the new VFS namespace.
				55	*
				56	* c - The container config in which to add the mount.
				57	* source - Mount source, e.g. "tmpfs" or "/data".
				58	* destination - Mount point in the container, e.g. "/dev".
				59	* type - Mount type, e.g. "tmpfs", "selinuxfs", or "devpts".
				60	* data - Mount data for extra options, e.g. "newinstance" or "ptmxmode=0000".
				61	* flags - Mount flags as defined in mount(2);
				62	* uid - uid to chown mount point to if created.
				63	* gid - gid to chown mount point to if created.
				64	* mode - Permissions of mount point if created.
				65	* mount_in_ns - True if mount should happen in the process' vfs namespace.
				66	* create - If true, create mount destination if it doesn't exist.
				67	*/
				68	int container_config_add_mount(struct container_config *c,
				69	const char *name,
				70	const char *source,
				71	const char *destination,
				72	const char *type,
				73	const char *data,
				74	int flags,
				75	int uid,
				76	int gid,
				77	int mode,
				78	int mount_in_ns,
				79	int create);
				80
				81	/*
				82	* Add a device node to create.
				83	*
				84	* c - The container config in which to add the mount.
				85	* type - 'c' or 'b' for char or block respectively.
				86	* path - Where to mknod, "/dev/zero".
				87	* fs_permissions - Permissions to set on the node.
				88	* major - Major device number.
				89	* minor - Minor device number.
Dylan Reid	355d5e4	2016-04-29 16:53:31 -0700	[diff] [blame]	90	* copy_minor - Overwrite minor with the minor of the existing device node. If
				91	* this is true minor will be copied from an existing node. The \|minor\| param
				92	* should be set to -1 in this case.
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	93	* uid - User to own the device.
				94	* gid - Group to own the device.
				95	* read_allowed - If true allow reading from the device via "devices" cgroup.
				96	* write_allowed - If true allow writing to the device via "devices" cgroup.
				97	* modify_allowed - If true allow creation of the device via "devices" cgroup.
				98	*/
				99	int container_config_add_device(struct container_config *c,
				100	char type,
				101	const char *path,
				102	int fs_permissions,
				103	int major,
				104	int minor,
Dylan Reid	355d5e4	2016-04-29 16:53:31 -0700	[diff] [blame]	105	int copy_minor,
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	106	int uid,
				107	int gid,
				108	int read_allowed,
				109	int write_allowed,
				110	int modify_allowed);
				111
Dylan Reid	2bd9ea9	2016-04-07 20:57:47 -0700	[diff] [blame]	112	/*
				113	* Set to cause the given setfiles command to be run whenever a mount is made
				114	* in the parent mount namespace.
				115	*/
Luis Hector Chavez	479b95f	2016-06-06 08:01:05 -0700	[diff] [blame^]	116	int container_config_run_setfiles(struct container_config *c,
				117	const char *setfiles_cmd);
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	118
Dylan Reid	1145672	2016-05-02 11:24:50 -0700	[diff] [blame]	119	/* Get the setfiles command that is configured to be run. */
				120	const char container_config_get_run_setfiles(const struct container_config c);
				121
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	122	/* Container manipulation. */
				123	struct container;
				124
				125	/*
				126	* Create a container based on the given config.
				127	*
				128	* name - Name of the directory holding the container config files.
				129	* rundir - Where to build the temporary rootfs.
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	130	*/
				131	struct container container_new(const char name,
Dylan Reid	e040c6b	2016-05-02 18:49:02 -0700	[diff] [blame]	132	const char *rundir);
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	133
				134	/* Destroy a container created with container_new. */
				135	void container_destroy(struct container *c);
				136
Dylan Reid	e040c6b	2016-05-02 18:49:02 -0700	[diff] [blame]	137	/* Start the container. Returns 0 on success.
				138	* c - The container to run.
				139	* config - Details of how the container should be run.
				140	*/
				141	int container_start(struct container *c,
				142	const struct container_config *config);
Dylan Reid	837c74a	2016-01-22 17:25:21 -0800	[diff] [blame]	143
				144	/* Get the path to the root of the container. */
				145	const char container_root(struct container c);
				146
				147	/* Get the pid of the init process in the container. */
				148	int container_pid(struct container *c);
				149
				150	/* Wait for the container to exit. Returns 0 on success. */
				151	int container_wait(struct container *c);
				152
				153	/* Kill the container's init process, then wait for it to exit. */
				154	int container_kill(struct container *c);
				155
				156	#ifdef __cplusplus
				157	}; /* extern "C" */
				158	#endif
				159
Luis Hector Chavez	479b95f	2016-06-06 08:01:05 -0700	[diff] [blame^]	160	#endif /* LIBCONTAINER_LIBCONTAINER_H_ */