lxc/html/attach__options_8h_source.html

/* SPDX-License-Identifier: LGPL-2.1+ */


#ifndef __LXC_ATTACH_OPTIONS_H

#define __LXC_ATTACH_OPTIONS_H


#include <sys/types.h>


#ifdef  __cplusplus

extern "C" {

#endif


typedef enum lxc_attach_env_policy_t {

    LXC_ATTACH_KEEP_ENV     = 0,

#define LXC_ATTACH_KEEP_ENV     LXC_ATTACH_KEEP_ENV


    LXC_ATTACH_CLEAR_ENV    = 1,

#define LXC_ATTACH_CLEAR_ENV    LXC_ATTACH_CLEAR_ENV

} lxc_attach_env_policy_t;


enum {

    /* The following are on by default: */

    LXC_ATTACH_MOVE_TO_CGROUP        = 0x00000001,

#define LXC_ATTACH_MOVE_TO_CGROUP        LXC_ATTACH_MOVE_TO_CGROUP


    LXC_ATTACH_DROP_CAPABILITIES     = 0x00000002,

#define LXC_ATTACH_DROP_CAPABILITIES     LXC_ATTACH_DROP_CAPABILITIES


    LXC_ATTACH_SET_PERSONALITY       = 0x00000004,

#define LXC_ATTACH_SET_PERSONALITY       LXC_ATTACH_SET_PERSONALITY


    LXC_ATTACH_LSM_EXEC              = 0x00000008,

#define LXC_ATTACH_LSM_EXEC              LXC_ATTACH_LSM_EXEC


    /* The following are off by default: */

    LXC_ATTACH_REMOUNT_PROC_SYS      = 0x00010000,

#define LXC_ATTACH_REMOUNT_PROC_SYS      LXC_ATTACH_REMOUNT_PROC_SYS


    LXC_ATTACH_LSM_NOW               = 0x00020000,

#define LXC_ATTACH_LSM_NOW               LXC_ATTACH_LSM_NOW


    /* Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges. */

    LXC_ATTACH_NO_NEW_PRIVS          = 0x00040000,

#define LXC_ATTACH_NO_NEW_PRIVS          LXC_ATTACH_NO_NEW_PRIVS


    LXC_ATTACH_TERMINAL              = 0x00080000,

#define LXC_ATTACH_TERMINAL              LXC_ATTACH_TERMINAL


    LXC_ATTACH_LSM_LABEL             = 0x00100000,

#define LXC_ATTACH_LSM_LABEL             LXC_ATTACH_LSM_LABEL


    LXC_ATTACH_SETGROUPS             = 0x00200000,

#define LXC_ATTACH_SETGROUPS             LXC_ATTACH_SETGROUPS


    /* We have 16 bits for things that are on by default and 16 bits that

     * are off by default, that should be sufficient to keep binary

     * compatibility for a while

     */

    LXC_ATTACH_DEFAULT               = 0x0000FFFF

#define LXC_ATTACH_DEFAULT               LXC_ATTACH_DEFAULT

};


#define LXC_ATTACH_LSM (LXC_ATTACH_LSM_EXEC | LXC_ATTACH_LSM_NOW | LXC_ATTACH_LSM_LABEL)


typedef int (*lxc_attach_exec_t)(void* payload);


typedef struct lxc_groups_t {

    size_t size;

    gid_t *list;