#endif
#include "config.pb-c.h"
-void nsjail__id_map__init(Nsjail__IdMap * message) {
+void nsjail__id_map__init(Nsjail__IdMap * message)
+{
static Nsjail__IdMap init_value = NSJAIL__ID_MAP__INIT;
*message = init_value;
}
-size_t nsjail__id_map__get_packed_size(const Nsjail__IdMap * message) {
+size_t nsjail__id_map__get_packed_size(const Nsjail__IdMap * message)
+{
assert(message->base.descriptor == &nsjail__id_map__descriptor);
return protobuf_c_message_get_packed_size((const ProtobufCMessage *)(message));
}
-size_t nsjail__id_map__pack(const Nsjail__IdMap * message, uint8_t * out) {
+size_t nsjail__id_map__pack(const Nsjail__IdMap * message, uint8_t * out)
+{
assert(message->base.descriptor == &nsjail__id_map__descriptor);
return protobuf_c_message_pack((const ProtobufCMessage *)message, out);
}
-size_t nsjail__id_map__pack_to_buffer(const Nsjail__IdMap * message, ProtobufCBuffer * buffer) {
+size_t nsjail__id_map__pack_to_buffer(const Nsjail__IdMap * message, ProtobufCBuffer * buffer)
+{
assert(message->base.descriptor == &nsjail__id_map__descriptor);
return protobuf_c_message_pack_to_buffer((const ProtobufCMessage *)message, buffer);
}
protobuf_c_message_unpack(&nsjail__id_map__descriptor, allocator, len, data);
}
-void nsjail__id_map__free_unpacked(Nsjail__IdMap * message, ProtobufCAllocator * allocator) {
+void nsjail__id_map__free_unpacked(Nsjail__IdMap * message, ProtobufCAllocator * allocator)
+{
assert(message->base.descriptor == &nsjail__id_map__descriptor);
protobuf_c_message_free_unpacked((ProtobufCMessage *) message, allocator);
}
-void nsjail__mount_pt__init(Nsjail__MountPt * message) {
+void nsjail__mount_pt__init(Nsjail__MountPt * message)
+{
static Nsjail__MountPt init_value = NSJAIL__MOUNT_PT__INIT;
*message = init_value;
}
-size_t nsjail__mount_pt__get_packed_size(const Nsjail__MountPt * message) {
+size_t nsjail__mount_pt__get_packed_size(const Nsjail__MountPt * message)
+{
assert(message->base.descriptor == &nsjail__mount_pt__descriptor);
return protobuf_c_message_get_packed_size((const ProtobufCMessage *)(message));
}
-size_t nsjail__mount_pt__pack(const Nsjail__MountPt * message, uint8_t * out) {
+size_t nsjail__mount_pt__pack(const Nsjail__MountPt * message, uint8_t * out)
+{
assert(message->base.descriptor == &nsjail__mount_pt__descriptor);
return protobuf_c_message_pack((const ProtobufCMessage *)message, out);
}
-size_t nsjail__mount_pt__pack_to_buffer(const Nsjail__MountPt * message, ProtobufCBuffer * buffer) {
+size_t nsjail__mount_pt__pack_to_buffer(const Nsjail__MountPt * message, ProtobufCBuffer * buffer)
+{
assert(message->base.descriptor == &nsjail__mount_pt__descriptor);
return protobuf_c_message_pack_to_buffer((const ProtobufCMessage *)message, buffer);
}
protobuf_c_message_unpack(&nsjail__mount_pt__descriptor, allocator, len, data);
}
-void nsjail__mount_pt__free_unpacked(Nsjail__MountPt * message, ProtobufCAllocator * allocator) {
+void nsjail__mount_pt__free_unpacked(Nsjail__MountPt * message, ProtobufCAllocator * allocator)
+{
assert(message->base.descriptor == &nsjail__mount_pt__descriptor);
protobuf_c_message_free_unpacked((ProtobufCMessage *) message, allocator);
}
-void nsjail__exe__init(Nsjail__Exe * message) {
+void nsjail__exe__init(Nsjail__Exe * message)
+{
static Nsjail__Exe init_value = NSJAIL__EXE__INIT;
*message = init_value;
}
-size_t nsjail__exe__get_packed_size(const Nsjail__Exe * message) {
+size_t nsjail__exe__get_packed_size(const Nsjail__Exe * message)
+{
assert(message->base.descriptor == &nsjail__exe__descriptor);
return protobuf_c_message_get_packed_size((const ProtobufCMessage *)(message));
}
-size_t nsjail__exe__pack(const Nsjail__Exe * message, uint8_t * out) {
+size_t nsjail__exe__pack(const Nsjail__Exe * message, uint8_t * out)
+{
assert(message->base.descriptor == &nsjail__exe__descriptor);
return protobuf_c_message_pack((const ProtobufCMessage *)message, out);
}
-size_t nsjail__exe__pack_to_buffer(const Nsjail__Exe * message, ProtobufCBuffer * buffer) {
+size_t nsjail__exe__pack_to_buffer(const Nsjail__Exe * message, ProtobufCBuffer * buffer)
+{
assert(message->base.descriptor == &nsjail__exe__descriptor);
return protobuf_c_message_pack_to_buffer((const ProtobufCMessage *)message, buffer);
}
-Nsjail__Exe *nsjail__exe__unpack(ProtobufCAllocator * allocator, size_t len, const uint8_t * data) {
+Nsjail__Exe *nsjail__exe__unpack(ProtobufCAllocator * allocator, size_t len, const uint8_t * data)
+{
return (Nsjail__Exe *)
protobuf_c_message_unpack(&nsjail__exe__descriptor, allocator, len, data);
}
-void nsjail__exe__free_unpacked(Nsjail__Exe * message, ProtobufCAllocator * allocator) {
+void nsjail__exe__free_unpacked(Nsjail__Exe * message, ProtobufCAllocator * allocator)
+{
assert(message->base.descriptor == &nsjail__exe__descriptor);
protobuf_c_message_free_unpacked((ProtobufCMessage *) message, allocator);
}
-void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message) {
+void nsjail__ns_jail_config__init(Nsjail__NsJailConfig * message)
+{
static Nsjail__NsJailConfig init_value = NSJAIL__NS_JAIL_CONFIG__INIT;
*message = init_value;
}
-size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message) {
+size_t nsjail__ns_jail_config__get_packed_size(const Nsjail__NsJailConfig * message)
+{
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
return protobuf_c_message_get_packed_size((const ProtobufCMessage *)(message));
}
-size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out) {
+size_t nsjail__ns_jail_config__pack(const Nsjail__NsJailConfig * message, uint8_t * out)
+{
assert(message->base.descriptor == &nsjail__ns_jail_config__descriptor);
return protobuf_c_message_pack((const ProtobufCMessage *)message, out);
}
static const uint64_t nsjail__ns_jail_config__cgroup_mem_max__default_value = 0ull;
static const uint64_t nsjail__ns_jail_config__cgroup_pids_max__default_value = 0ull;
static const protobuf_c_boolean nsjail__ns_jail_config__iface_no_lo__default_value = 0;
-static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[55] = {
+static const ProtobufCFieldDescriptor nsjail__ns_jail_config__field_descriptors[56] = {
{
"mode",
1,
0, NULL, NULL /* reserved1,reserved2, etc */
},
{
- "silent",
+ "envar",
16,
+ PROTOBUF_C_LABEL_REPEATED,
+ PROTOBUF_C_TYPE_STRING,
+ offsetof(Nsjail__NsJailConfig, n_envar),
+ offsetof(Nsjail__NsJailConfig, envar),
+ NULL,
+ NULL,
+ 0, /* flags */
+ 0, NULL, NULL /* reserved1,reserved2, etc */
+ },
+ {
+ "silent",
+ 17,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"skip_setsid",
- 17,
+ 18,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"pass_fd",
- 18,
+ 19,
PROTOBUF_C_LABEL_REPEATED,
PROTOBUF_C_TYPE_INT32,
offsetof(Nsjail__NsJailConfig, n_pass_fd),
},
{
"pivot_root_only",
- 19,
+ 20,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"disable_no_new_privs",
- 20,
+ 21,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"rlimit_as",
- 21,
+ 22,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_UINT64,
0, /* quantifier_offset */
},
{
"rlimit_core",
- 22,
+ 23,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_UINT64,
0, /* quantifier_offset */
},
{
"rlimit_cpu",
- 23,
+ 24,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_UINT64,
0, /* quantifier_offset */
},
{
"rlimit_fsize",
- 24,
+ 25,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_UINT64,
0, /* quantifier_offset */
},
{
"rlimit_nofile",
- 25,
+ 26,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_UINT64,
0, /* quantifier_offset */
},
{
"rlimit_nproc",
- 26,
+ 27,
PROTOBUF_C_LABEL_OPTIONAL,
PROTOBUF_C_TYPE_UINT64,
offsetof(Nsjail__NsJailConfig, has_rlimit_nproc),
},
{
"rlimit_stack",
- 27,
+ 28,
PROTOBUF_C_LABEL_OPTIONAL,
PROTOBUF_C_TYPE_UINT64,
offsetof(Nsjail__NsJailConfig, has_rlimit_stack),
},
{
"persona_addr_compat_layout",
- 28,
+ 29,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"persona_mmap_page_zero",
- 29,
+ 30,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"persona_read_implies_exec",
- 30,
+ 31,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"persona_addr_limit_3gb",
- 31,
+ 32,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"persona_addr_no_randomize",
- 32,
+ 33,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"clone_newnet",
- 33,
+ 34,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"clone_newuser",
- 34,
+ 35,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"clone_newns",
- 35,
+ 36,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"clone_newpid",
- 36,
+ 37,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"clone_newipc",
- 37,
+ 38,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"clone_newuts",
- 38,
+ 39,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"clone_newcgroup",
- 39,
+ 40,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"uidmap",
- 40,
+ 41,
PROTOBUF_C_LABEL_REPEATED,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(Nsjail__NsJailConfig, n_uidmap),
},
{
"gidmap",
- 41,
+ 42,
PROTOBUF_C_LABEL_REPEATED,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(Nsjail__NsJailConfig, n_gidmap),
},
{
"mount",
- 42,
+ 43,
PROTOBUF_C_LABEL_REPEATED,
PROTOBUF_C_TYPE_MESSAGE,
offsetof(Nsjail__NsJailConfig, n_mount),
},
{
"mount_proc",
- 43,
+ 44,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"seccomp_policy_file",
- 44,
+ 45,
PROTOBUF_C_LABEL_OPTIONAL,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"seccomp_string",
- 45,
+ 46,
PROTOBUF_C_LABEL_OPTIONAL,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"cgroup_mem_max",
- 46,
+ 47,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_UINT64,
0, /* quantifier_offset */
},
{
"cgroup_mem_mount",
- 47,
+ 48,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"cgroup_mem_parent",
- 48,
+ 49,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"cgroup_pids_max",
- 49,
+ 50,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_UINT64,
0, /* quantifier_offset */
},
{
"cgroup_pids_mount",
- 50,
+ 51,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"cgroup_pids_parent",
- 51,
+ 52,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"iface_no_lo",
- 52,
+ 53,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_BOOL,
0, /* quantifier_offset */
},
{
"macvlan_iface",
- 53,
+ 54,
PROTOBUF_C_LABEL_OPTIONAL,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"macvlan_vs_ip",
- 54,
+ 55,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"macvlan_vs_nm",
- 55,
+ 56,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"macvlan_vs_gw",
- 56,
+ 57,
PROTOBUF_C_LABEL_REQUIRED,
PROTOBUF_C_TYPE_STRING,
0, /* quantifier_offset */
},
{
"exec_bin",
- 57,
+ 58,
PROTOBUF_C_LABEL_OPTIONAL,
PROTOBUF_C_TYPE_MESSAGE,
0, /* quantifier_offset */
static const unsigned nsjail__ns_jail_config__field_indices_by_name[] = {
6, /* field[6] = bindhost */
- 43, /* field[43] = cgroup_mem_max */
- 44, /* field[44] = cgroup_mem_mount */
- 45, /* field[45] = cgroup_mem_parent */
- 46, /* field[46] = cgroup_pids_max */
- 47, /* field[47] = cgroup_pids_mount */
- 48, /* field[48] = cgroup_pids_parent */
+ 44, /* field[44] = cgroup_mem_max */
+ 45, /* field[45] = cgroup_mem_mount */
+ 46, /* field[46] = cgroup_mem_parent */
+ 47, /* field[47] = cgroup_pids_max */
+ 48, /* field[48] = cgroup_pids_mount */
+ 49, /* field[49] = cgroup_pids_parent */
1, /* field[1] = chroot_dir */
- 36, /* field[36] = clone_newcgroup */
- 34, /* field[34] = clone_newipc */
- 30, /* field[30] = clone_newnet */
- 32, /* field[32] = clone_newns */
- 33, /* field[33] = clone_newpid */
- 31, /* field[31] = clone_newuser */
- 35, /* field[35] = clone_newuts */
+ 37, /* field[37] = clone_newcgroup */
+ 35, /* field[35] = clone_newipc */
+ 31, /* field[31] = clone_newnet */
+ 33, /* field[33] = clone_newns */
+ 34, /* field[34] = clone_newpid */
+ 32, /* field[32] = clone_newuser */
+ 36, /* field[36] = clone_newuts */
4, /* field[4] = cwd */
9, /* field[9] = daemon */
- 17, /* field[17] = disable_no_new_privs */
- 54, /* field[54] = exec_bin */
- 38, /* field[38] = gidmap */
+ 18, /* field[18] = disable_no_new_privs */
+ 13, /* field[13] = envar */
+ 55, /* field[55] = exec_bin */
+ 39, /* field[39] = gidmap */
3, /* field[3] = hostname */
- 49, /* field[49] = iface_no_lo */
+ 50, /* field[50] = iface_no_lo */
2, /* field[2] = is_root_rw */
12, /* field[12] = keep_env */
10, /* field[10] = log_file */
11, /* field[11] = log_level */
- 50, /* field[50] = macvlan_iface */
- 53, /* field[53] = macvlan_vs_gw */
- 51, /* field[51] = macvlan_vs_ip */
- 52, /* field[52] = macvlan_vs_nm */
+ 51, /* field[51] = macvlan_iface */
+ 54, /* field[54] = macvlan_vs_gw */
+ 52, /* field[52] = macvlan_vs_ip */
+ 53, /* field[53] = macvlan_vs_nm */
7, /* field[7] = max_conns_per_ip */
0, /* field[0] = mode */
- 39, /* field[39] = mount */
- 40, /* field[40] = mount_proc */
- 15, /* field[15] = pass_fd */
- 25, /* field[25] = persona_addr_compat_layout */
- 28, /* field[28] = persona_addr_limit_3gb */
- 29, /* field[29] = persona_addr_no_randomize */
- 26, /* field[26] = persona_mmap_page_zero */
- 27, /* field[27] = persona_read_implies_exec */
- 16, /* field[16] = pivot_root_only */
+ 40, /* field[40] = mount */
+ 41, /* field[41] = mount_proc */
+ 16, /* field[16] = pass_fd */
+ 26, /* field[26] = persona_addr_compat_layout */
+ 29, /* field[29] = persona_addr_limit_3gb */
+ 30, /* field[30] = persona_addr_no_randomize */
+ 27, /* field[27] = persona_mmap_page_zero */
+ 28, /* field[28] = persona_read_implies_exec */
+ 17, /* field[17] = pivot_root_only */
5, /* field[5] = port */
- 18, /* field[18] = rlimit_as */
- 19, /* field[19] = rlimit_core */
- 20, /* field[20] = rlimit_cpu */
- 21, /* field[21] = rlimit_fsize */
- 22, /* field[22] = rlimit_nofile */
- 23, /* field[23] = rlimit_nproc */
- 24, /* field[24] = rlimit_stack */
- 41, /* field[41] = seccomp_policy_file */
- 42, /* field[42] = seccomp_string */
- 13, /* field[13] = silent */
- 14, /* field[14] = skip_setsid */
+ 19, /* field[19] = rlimit_as */
+ 20, /* field[20] = rlimit_core */
+ 21, /* field[21] = rlimit_cpu */
+ 22, /* field[22] = rlimit_fsize */
+ 23, /* field[23] = rlimit_nofile */
+ 24, /* field[24] = rlimit_nproc */
+ 25, /* field[25] = rlimit_stack */
+ 42, /* field[42] = seccomp_policy_file */
+ 43, /* field[43] = seccomp_string */
+ 14, /* field[14] = silent */
+ 15, /* field[15] = skip_setsid */
8, /* field[8] = time_limit */
- 37, /* field[37] = uidmap */
+ 38, /* field[38] = uidmap */
};
static const ProtobufCIntRange nsjail__ns_jail_config__number_ranges[2 + 1] = {
{1, 0},
{6, 3},
- {0, 55}
+ {0, 56}
};
const ProtobufCMessageDescriptor nsjail__ns_jail_config__descriptor = {
"Nsjail__NsJailConfig",
"nsjail",
sizeof(Nsjail__NsJailConfig),
- 55,
+ 56,
nsjail__ns_jail_config__field_descriptors,
nsjail__ns_jail_config__field_indices_by_name,
2, nsjail__ns_jail_config__number_ranges,
required uint32 time_limit = 11 [ default = 600 ];
/* Should nsjail go into background? */
required bool daemon = 12 [ default = false ];
+
/* File to save lofs to */
optional string log_file = 13;
/* Minimum log level displayed.
See 'msg LogLevel' description for more */
optional LogLevel log_level = 14;
+
/* Should the current environment variables be kept
when executing the binary */
required bool keep_env = 15 [ default = false ];
+ /* EnvVars to be set before executing binaries */
+ repeated string envar = 16;
+
/* Should nsjail close FD=0,1,2 before executing the process */
- required bool silent = 16 [ default = false ];
+ required bool silent = 17 [ default = false ];
/* Should the child process have control over terminal?
Can be useful to allow /bin/sh to provide
job control / signals */
- required bool skip_setsid = 17 [ default = false ];
+ required bool skip_setsid = 18 [ default = false ];
/* Which FDs should be passed to the newly executed process
By default only FD=0,1,2 are passed */
- repeated int32 pass_fd = 18;
+ repeated int32 pass_fd = 19;
/* Should pivot_root be used instead of chroot?
Using pivot_root allows to have subnamespaces */
- required bool pivot_root_only = 19 [ default = false ];
+ required bool pivot_root_only = 20 [ default = false ];
/* Setting it to true will allow to have set-uid binaries
inside the jail */
- required bool disable_no_new_privs = 20 [ default = false ];
+ required bool disable_no_new_privs = 21 [ default = false ];
- required uint64 rlimit_as = 21 [ default = 512 ]; /* In MiB */
- required uint64 rlimit_core = 22 [ default = 0 ]; /* In MiB */
- required uint64 rlimit_cpu = 23 [ default = 600 ]; /* In seconds */
- required uint64 rlimit_fsize = 24 [ default = 1 ]; /* In MiB */
- required uint64 rlimit_nofile = 25 [ default = 32 ];
- optional uint64 rlimit_nproc = 26;
- optional uint64 rlimit_stack = 27; /* In MiB */
+ required uint64 rlimit_as = 22 [ default = 512 ]; /* In MiB */
+ required uint64 rlimit_core = 23 [ default = 0 ]; /* In MiB */
+ required uint64 rlimit_cpu = 24 [ default = 600 ]; /* In seconds */
+ required uint64 rlimit_fsize = 25 [ default = 1 ]; /* In MiB */
+ required uint64 rlimit_nofile = 26 [ default = 32 ];
+ optional uint64 rlimit_nproc = 27;
+ optional uint64 rlimit_stack = 28; /* In MiB */
/* See 'man personality' for more */
- required bool persona_addr_compat_layout = 28 [ default = false ];
- required bool persona_mmap_page_zero = 29 [ default = false ];
- required bool persona_read_implies_exec = 30 [ default = false ];
- required bool persona_addr_limit_3gb = 31 [ default = false ];
- required bool persona_addr_no_randomize = 32 [ default = false ];
+ required bool persona_addr_compat_layout = 29 [ default = false ];
+ required bool persona_mmap_page_zero = 30 [ default = false ];
+ required bool persona_read_implies_exec = 31 [ default = false ];
+ required bool persona_addr_limit_3gb = 32 [ default = false ];
+ required bool persona_addr_no_randomize = 33 [ default = false ];
/* Which name-spaces should be used? */
- required bool clone_newnet = 33 [ default = true ];
- required bool clone_newuser = 34 [ default = true ];
- required bool clone_newns = 35 [ default = true ];
- required bool clone_newpid = 36 [ default = true ];
- required bool clone_newipc = 37 [ default = true ];
- required bool clone_newuts = 38 [ default = true ];
+ required bool clone_newnet = 34 [ default = true ];
+ required bool clone_newuser = 35 [ default = true ];
+ required bool clone_newns = 36 [ default = true ];
+ required bool clone_newpid = 37 [ default = true ];
+ required bool clone_newipc = 38 [ default = true ];
+ required bool clone_newuts = 39 [ default = true ];
/* It's only supported in newer kernels, hence disabled by default */
- required bool clone_newcgroup = 39 [ default = false ];
+ required bool clone_newcgroup = 40 [ default = false ];
/* Mappings for UIDs and GIDs. See the description for 'msg IdMap'
for more */
- repeated IdMap uidmap = 40;
- repeated IdMap gidmap = 41;
+ repeated IdMap uidmap = 41;
+ repeated IdMap gidmap = 42;
/* Mount points inside the jail. See the description for 'msg MountPt'
for more */
- repeated MountPt mount = 42;
+ repeated MountPt mount = 43;
/* Should /proc be mounted? One can also force this in the 'mount' */
- required bool mount_proc = 43 [ default = true ];
+ required bool mount_proc = 44 [ default = true ];
/* Kafel seccomp policy file or string.
Homepage of the project: https://github.com/google/kafel */
- optional string seccomp_policy_file = 44;
- optional string seccomp_string = 45;
+ optional string seccomp_policy_file = 45;
+ optional string seccomp_string = 46;
/* If > 0, maximum cumulative size of RAM used inside jail */
- required uint64 cgroup_mem_max = 46 [ default = 0 ]; /* In MiB */
+ required uint64 cgroup_mem_max = 47 [ default = 0 ]; /* In MiB */
/* Mount point for cgroups-memory */
- required string cgroup_mem_mount = 47 [ default = "/sys/fs/cgroup/memory" ];
+ required string cgroup_mem_mount = 48 [ default = "/sys/fs/cgroup/memory" ];
/* Writeable directory (for the nsjail user) under cgroup_mem_mount */
- required string cgroup_mem_parent = 48 [ default = "NSJAIL" ];
+ required string cgroup_mem_parent = 49 [ default = "NSJAIL" ];
/* If > 0, maximum number of PIDs (threads/processes) inside jail */
- required uint64 cgroup_pids_max = 49 [ default = 0 ];
+ required uint64 cgroup_pids_max = 50 [ default = 0 ];
/* Mount point for cgroups-memory */
- required string cgroup_pids_mount = 50 [ default = "/sys/fs/cgroup/pids" ];
+ required string cgroup_pids_mount = 51 [ default = "/sys/fs/cgroup/pids" ];
/* Writeable directory (for the nsjail user) under cgroup_pids_mount */
- required string cgroup_pids_parent = 51 [ default = "NSJAIL" ];
+ required string cgroup_pids_parent = 52 [ default = "NSJAIL" ];
/* Should the 'lo' interface be brought up inside jail? */
- required bool iface_no_lo = 52 [ default = false ];
+ required bool iface_no_lo = 53 [ default = false ];
/* Parameters for the cloned MACVLAN interface inside jail */
- optional string macvlan_iface = 53; /* Interface to be cloned, eg 'eth0' */
- required string macvlan_vs_ip = 54 [ default = "192.168.0.2" ];
- required string macvlan_vs_nm = 55 [ default = "255.255.255.0" ];
- required string macvlan_vs_gw = 56 [ default = "192.168.0.1" ];
+ optional string macvlan_iface = 54; /* Interface to be cloned, eg 'eth0' */
+ required string macvlan_vs_ip = 55 [ default = "192.168.0.2" ];
+ required string macvlan_vs_nm = 56 [ default = "255.255.255.0" ];
+ required string macvlan_vs_gw = 57 [ default = "192.168.0.1" ];
/* Binary with arguments to be executed. If not specified here, it can be
specified with the command-line as "-- /path/to/command arg1 arg2" */
- optional Exe exec_bin = 57;
+ optional Exe exec_bin = 58;
}
projects / platform / upstream / nsjail.git / commitdiff