From b7249ea2dc86d5ec5494ae1b82cba8fa23cafb8b Mon Sep 17 00:00:00 2001 From: Mark Huang Date: Sun, 21 Aug 2005 22:10:13 +0000 Subject: [PATCH] - sync to util-vserver-0.30.208 - I'm not really sure why this keeps happening. The immutable unlink ext2 flag is bit 27, damn it, at least according to the kernel. --- lib/Makefile-files | 216 +++++++++-- lib/getinsecurebcaps.c | 3 +- lib/ioctl-getext2flags.hc | 2 +- lib/ioctl-setext2flags.hc | 2 +- lib/virtual.h | 161 ++------ lib/vserver-internal.h | 191 ++++++++-- lib/vserver.h | 757 ++++++++++++++++++++++++++++++++++++-- 7 files changed, 1110 insertions(+), 222 deletions(-) diff --git a/lib/Makefile-files b/lib/Makefile-files index 5404f72..7a74672 100644 --- a/lib/Makefile-files +++ b/lib/Makefile-files @@ -1,4 +1,4 @@ -## $Id: Makefile-files,v 1.1.4.6 2004/03/04 03:23:09 ensc Exp $ -*- makefile -*- +## $Id: Makefile-files,v 1.55 2005/05/05 09:17:25 ensc Exp $ -*- makefile -*- ## Copyright (C) 2003 Enrico Scholz ## @@ -17,30 +17,190 @@ ## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ## -lib_SRCS = lib/syscall.c \ - lib/syscall_rlimit.c \ - lib/syscall_setsched.c \ - lib/syscall_kill.c \ - lib/checkversion.c \ - lib/getctx.c \ - lib/getversion.c \ - lib/uint2str.c - -lib_HDRS = lib/vserver.h - -lib_XHDRS = lib/syscall-compat.hc \ - lib/syscall-legacy.hc \ - lib/syscall_rlimit-v11.hc \ - lib/syscall_setsched-v13.hc \ - lib/syscall_kill-v11.hc \ - lib/getctx-compat.hc \ - lib/getctx-legacy.hc \ - lib/getversion-internal.hc \ - lib/safechroot-internal.hc \ - lib/virtual.h \ - lib/vserver-internal.h - -lib_lib_LIBS = lib/libvserver.a - -lib_libvserver_a_SOURCES = $(lib_SRCS) -lib_libvserver_a_CPPFLAGS = -D_GNU_SOURCE +lib_VERSION = 0.0.0 + +lib_compat_SRCS = lib/cflags-compat.c \ + lib/cflags_list-compat.c +lib_legacy_SRCS = lib/getprocentry-legacy.c +lib_management_SRCS = lib/createskeleton.c \ + lib/getvserverbyctx.c \ + lib/getvserverbyctx-compat.hc \ + lib/getvserverbyctx-v13.hc \ + lib/getvservercfgstyle.c \ + lib/getvserverappdir.c \ + lib/getvservercfgdir.c \ + lib/getvserverctx.c \ + lib/getvservername.c \ + lib/getvservervdir.c \ + lib/xidopt2xid.c +lib_v11_SRCS = lib/syscall_rlimit.c \ + lib/syscall_rlimit-v11.hc \ + lib/syscall_kill.c \ + lib/syscall_kill-v11.hc +lib_v13_SRCS = lib/syscall_ctxcreate.c \ + lib/syscall_ctxcreate-v13.hc \ + lib/syscall_ctxmigrate.c \ + lib/syscall_ctxmigrate-v13.hc \ + lib/syscall_cleanupnamespace-v13.hc \ + lib/syscall_cleanupnamespace.c \ + lib/syscall_enternamespace-v13.hc \ + lib/syscall_enternamespace.c \ + lib/syscall_getccaps-v13.hc \ + lib/syscall_getccaps.c \ + lib/syscall_getcflags-v13.hc \ + lib/syscall_getcflags.c \ + lib/syscall_getiattr-fscompat.hc \ + lib/syscall_getiattr-v13.hc \ + lib/syscall_getiattr.c \ + lib/syscall_getncaps-net.hc \ + lib/syscall_getncaps.c \ + lib/syscall_getnflags-net.hc \ + lib/syscall_getnflags.c \ + lib/syscall_getnxinfo-net.hc \ + lib/syscall_getnxinfo.c \ + lib/syscall_gettasknid-net.hc \ + lib/syscall_gettasknid.c \ + lib/syscall_gettaskxid-oldproc.hc \ + lib/syscall_gettaskxid-v13.hc \ + lib/syscall_gettaskxid.c \ + lib/syscall_getvhiname-olduts.hc \ + lib/syscall_getvhiname-v13.hc \ + lib/syscall_getvhiname.c \ + lib/syscall_getvxinfo-oldproc.hc \ + lib/syscall_getvxinfo-v13.hc \ + lib/syscall_getvxinfo.c \ + lib/syscall_netadd-net.hc \ + lib/syscall_netadd.c \ + lib/syscall_netcreate-net.hc \ + lib/syscall_netcreate.c \ + lib/syscall_netmigrate-net.hc \ + lib/syscall_netmigrate.c \ + lib/syscall_netremove-net.hc \ + lib/syscall_netremove.c \ + lib/syscall_setccaps-v13.hc \ + lib/syscall_setccaps.c \ + lib/syscall_setcflags-v13.hc \ + lib/syscall_setcflags.c \ + lib/syscall_setiattr-fscompat.hc \ + lib/syscall_setiattr-v13.hc \ + lib/syscall_setiattr.c \ + lib/syscall_setnamespace-v13.hc \ + lib/syscall_setnamespace.c \ + lib/syscall_setncaps-net.hc \ + lib/syscall_setncaps.c \ + lib/syscall_setnflags-net.hc \ + lib/syscall_setnflags.c \ + lib/syscall_setsched-v13.hc \ + lib/syscall_setsched.c \ + lib/syscall_setvhiname-olduts.hc \ + lib/syscall_setvhiname-v13.hc \ + lib/syscall_setvhiname.c \ + lib/syscall_waitexit.c \ + lib/syscall_waitexit-v13.hc \ + lib/bcaps-v13.c \ + lib/bcaps_list-v13.c \ + lib/ccaps-v13.c \ + lib/ccaps_list-v13.c \ + lib/cflags-v13.c \ + lib/cflags_list-v13.c \ + lib/ncaps-net.c \ + lib/ncaps_list-net.c \ + lib/nflags-net.c \ + lib/nflags_list-net.c + +if ENSC_HAVE_C99_COMPILER +lib_v13_SRCS += lib/syscall_adddlimit-v13.hc \ + lib/syscall_adddlimit.c \ + lib/syscall_getdlimit-v13.hc \ + lib/syscall_getdlimit.c \ + lib/syscall_remdlimit-v13.hc \ + lib/syscall_remdlimit.c \ + lib/syscall_setdlimit-v13.hc \ + lib/syscall_setdlimit.c +endif + +PKGCONFIG_FILES = lib/util-vserver + +lib_SRCS = lib/syscall.c \ + lib/checkversion.c \ + lib/isdirectory.c \ + lib/isfile.c \ + lib/islink.c \ + lib/getnbipv4root.c \ + lib/getversion.c \ + lib/capabilities.c \ + lib/getfilecontext.c \ + lib/getinsecurebcaps.c \ + lib/getxidtype.c \ + lib/isdynamicxid.c \ + lib/issupported.c \ + lib/issupportedstring.c \ + lib/listparser_uint32.c \ + lib/listparser_uint64.c \ + lib/personalityflag.c \ + lib/personalityflag_list.c \ + lib/personalitytype.c \ + lib/syscall-syscall.c \ + lib/val2text-t2v-uint32.c \ + lib/val2text-t2v-uint64.c \ + lib/val2text-v2t-uint32.c \ + lib/val2text-v2t-uint64.c \ + lib/parselimit.c \ + $(lib_legacy_SRCS) \ + $(lib_compat_SRCS) \ + $(lib_management_SRCS) \ + $(lib_v11_SRCS) \ + $(lib_v13_SRCS) \ + $(ensc_fmt_SRCS) + +include_HEADERS += lib/vserver.h + +noinst_HEADERS += lib/syscall-compat.hc \ + lib/syscall-legacy.hc \ + lib/createskeleton-full.hc \ + lib/createskeleton-short.hc \ + lib/fmt.h \ + lib/getversion-internal.hc \ + lib/safechroot-internal.hc \ + lib/ioctl-getext2flags.hc \ + lib/ioctl-getfilecontext.hc \ + lib/ioctl-setext2flags.hc \ + lib/ioctl-setfilecontext.hc \ + lib/ioctl-getxflg.hc \ + lib/ioctl-setxflg.hc \ + lib/ext2fs.h \ + lib/listparser.hc \ + lib/val2text.hc \ + lib/virtual.h \ + lib/internal.h \ + lib/syscall-alternative.h \ + lib/syscall-wrap.h \ + lib/utils-legacy.h \ + lib/vserver-internal.h + +LIBVSERVER_GLIBC = lib/libvserver.la +lib_LTLIBRARIES += $(LIBVSERVER_GLIBC) + +if USE_DIETLIBC +LIBVSERVER_DIET = lib/libvserver.a +LIBVSERVER = $(LIBVSERVER_DIET) +lib_LIBRARIES += $(LIBVSERVER_DIET) +else +LIBVSERVER_DIET = lib-dietlibc-not-enabled-error.a +LIBVSERVER = lib/libvserver.la +endif + +lib_libvserver_la_SOURCES = $(lib_SRCS) +lib_libvserver_la_CPPFLAGS = $(AM_CPPFLAGS) $(LIB_DEBUG_CPPFLAGS) +lib_libvserver_la_LDFLAGS = -version $(lib_VERSION) + +lib_libvserver_a_SOURCES = $(lib_SRCS) +lib_libvserver_a_CPPFLAGS = $(AM_CPPFLAGS) $(LIB_DEBUG_CPPFLAGS) + +DIETPROGS += lib/lib_libvserver_a-% + +CLEANFILES += lib/libvserver.la \ + lib/libvserver.a + +include $(srcdir)/lib/apidoc/Makefile-files +include $(srcdir)/lib/testsuite/Makefile-files diff --git a/lib/getinsecurebcaps.c b/lib/getinsecurebcaps.c index 760dff0..8ffcb7f 100644 --- a/lib/getinsecurebcaps.c +++ b/lib/getinsecurebcaps.c @@ -1,4 +1,4 @@ -// $Id: getinsecurebcaps.c,v 1.2 2005/07/15 18:59:55 ensc Exp $ --*- c -*-- +// $Id: getinsecurebcaps.c,v 1.1.1.1 2005/08/17 17:58:04 mlhuang Exp $ --*- c -*-- // Copyright (C) 2004 Enrico Scholz // @@ -26,6 +26,7 @@ uint_least64_t vc_get_insecurebcaps() { return ( (1<> 24) & 0x3F) -#define VC_COMMAND(c) (((c) >> 16) & 0xFF) -#define VC_VERSION(c) ((c) & 0xFFF) - -#define VC_CMD(c,i,v) ((((VC_CAT_ ## c) & 0x3F) << 24) \ - | (((i) & 0xFF) << 16) | ((v) & 0xFFF)) - -/* - - Syscall Matrix V2.2 - - |VERSION|CREATE |MODIFY |MIGRATE|CONTROL|EXPERIM| |SPECIAL|SPECIAL| - |STATS |DESTROY|ALTER |CHANGE |LIMIT |TEST | | | | - |INFO |SETUP | |MOVE | | | | | | - -------+-------+-------+-------+-------+-------+-------+ +-------+-------+ - SYSTEM |VERSION| | | | | | |DEVICES| | - HOST | 00| 01| 02| 03| 04| 05| | 06| 07| - -------+-------+-------+-------+-------+-------+-------+ +-------+-------+ - CPU | | | | | | | |SCHED. | | - PROCESS| 08| 09| 10| 11| 12| 13| | 14| 15| - -------+-------+-------+-------+-------+-------+-------+ +-------+-------+ - MEMORY | | | | | | | |SWAP | | - | 16| 17| 18| 19| 20| 21| | 22| 23| - -------+-------+-------+-------+-------+-------+-------+ +-------+-------+ - NETWORK| | | | | | | |SERIAL | | - | 24| 25| 26| 27| 28| 29| | 30| 31| - -------+-------+-------+-------+-------+-------+-------+ +-------+-------+ - DISK | | | | | | | | | | - VFS | 32| 33| 34| 35| 36| 37| | 38| 39| - -------+-------+-------+-------+-------+-------+-------+ +-------+-------+ - OTHER | | | | | | | | | | - | 40| 41| 42| 43| 44| 45| | 46| 47| - =======+=======+=======+=======+=======+=======+=======+ +=======+=======+ - SPECIAL| | | | | | | | | | - | 48| 49| 50| 51| 52| 53| | 54| 55| - -------+-------+-------+-------+-------+-------+-------+ +-------+-------+ - SPECIAL| | | | |RLIMIT |SYSCALL| | |COMPAT | - | 56| 57| 58| 59| 60|TEST 61| | 62| 63| - -------+-------+-------+-------+-------+-------+-------+ +-------+-------+ - -*/ - -#define VC_CAT_VERSION 0 - -#define VC_CAT_PROCTRL 12 - -#define VC_CAT_DLIMIT 36 - -#define VC_CAT_RLIMIT 60 - -#define VC_CAT_SYSTEST 61 -#define VC_CAT_COMPAT 63 - -/* interface version */ - -#define VCI_VERSION 0x00010001 - - - -/* query version */ - -#define VCMD_get_version VC_CMD(VERSION, 0, 0) - - -/* compatibiliy vserver commands */ - -#define VCMD_new_s_context VC_CMD(COMPAT, 1, 1) -#define VCMD_set_ipv4root VC_CMD(COMPAT, 2, 3) - -/* compatibiliy vserver arguments */ - -struct vcmd_new_s_context_v1 { - uint32_t remove_cap; - uint32_t flags; -}; - -#define NB_IPV4ROOT 16 - -struct vcmd_set_ipv4root_v3 { - /* number of pairs in id */ - uint32_t broadcast; - struct { - uint32_t ip; - uint32_t mask; - } ip_mask_pair[NB_IPV4ROOT]; -}; - -/* context signalling */ - -#define VCMD_ctx_kill VC_CMD(PROCTRL, 1, 0) - -struct vcmd_ctx_kill_v0 { - int32_t pid; - int32_t sig; -}; - -/* rlimit vserver commands */ - -#define VCMD_get_rlimit VC_CMD(RLIMIT, 1, 0) -#define VCMD_set_rlimit VC_CMD(RLIMIT, 2, 0) -#define VCMD_get_rlimit_mask VC_CMD(RLIMIT, 3, 0) - -struct vcmd_ctx_rlimit_v0 { - uint32_t id; - uint64_t minimum; - uint64_t softlimit; - uint64_t maximum; -}; - -struct vcmd_ctx_rlimit_mask_v0 { - uint32_t minimum; - uint32_t softlimit; - uint32_t maximum; -}; - -#define CRLIM_INFINITY (~0ULL) -#define CRLIM_KEEP (~1ULL) - - -#endif /* _LINUX_VIRTUAL_H */ +// $Id: virtual.h,v 1.24 2005/07/03 17:51:00 ensc Exp $ --*- c -*-- + +// Copyright (C) 2004 Enrico Scholz +// +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program; if not, write to the Free Software +// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + + +#ifndef H_UTIL_VSERVER_LIB_VIRTUAL_H +#define H_UTIL_VSERVER_LIB_VIRTUAL_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include +#include + +#endif // H_UTIL_VSERVER_LIB_VIRTUAL_H diff --git a/lib/vserver-internal.h b/lib/vserver-internal.h index 972f301..ceb5d46 100644 --- a/lib/vserver-internal.h +++ b/lib/vserver-internal.h @@ -1,4 +1,4 @@ -// $Id: vserver-internal.h,v 1.1.4.14 2004/02/14 00:25:34 ensc Exp $ --*- c++ -*-- +// $Id: vserver-internal.h,v 1.25 2005/05/02 21:42:37 ensc Exp $ --*- c++ -*-- // Copyright (C) 2003 Enrico Scholz // @@ -15,41 +15,50 @@ // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +#ifdef H_VSERVER_SYSCALL_INTERNAL_H +# error vserver-internal.h must not be included more than once +#endif #ifndef H_VSERVER_SYSCALL_INTERNAL_H #define H_VSERVER_SYSCALL_INTERNAL_H -#include -#include -#include -#include #include #include +#include +#include + +#include "internal.h" +#include "syscall-wrap.h" #if !defined(__NR_vserver) && defined(ENSC_SYSCALL__NR_vserver) # define __NR_vserver ENSC_SYSCALL__NR_vserver #endif +inline static ALWAYSINLINE void vc_noop0() {} + #define VC_PREFIX 0) -#define VC_SUFFIX else (void)((void)0 -#define CALL_VC_NOOP (void)0 +#define VC_SUFFIX else (void)(vc_noop0() +#define CALL_VC_NOOP vc_noop0() #define CALL_VC_GENERAL(ID, SUFFIX, FUNC, ...) \ VC_PREFIX; VC_SELECT(ID) return FUNC ## _ ## SUFFIX(__VA_ARGS__); VC_SUFFIX -#if 1 -# define VC_SELECT(ID) case ID: if(1) +#ifdef VC_MULTIVERSION_SYSCALL +# define VC_SELECT(ID) if (ver>=(ID)) # define CALL_VC(...) \ - switch (utilvserver_checkCompatVersion()&~0xff) { \ - case -1 & 0xff : if (1) break; \ - VC_SUFFIX, __VA_ARGS__ , VC_PREFIX; \ - default : errno = EINVAL; \ - } \ - return -1 + do { \ + int ver = utilvserver_checkCompatVersion(); \ + if (ver==-1) return -1; \ + VC_SUFFIX, __VA_ARGS__, VC_PREFIX; \ + errno = ENOSYS; \ + return -1; \ + } while (0) #else # define VC_SELECT(ID) if (1) -# define CALL_VC(...) \ - if (1) {} VC_SUFFIX, __VA_ARGS__, VC_PREFIX; \ - errno = ENOSYS; return -1 +# define CALL_VC(...) \ + do { \ + if (1) {} VC_SUFFIX, __VA_ARGS__, VC_PREFIX; \ + errno = ENOSYS; return -1; \ + } while (0) #endif #ifdef VC_ENABLE_API_COMPAT @@ -70,23 +79,145 @@ # define CALL_VC_V11(F,...) CALL_VC_NOOP #endif +#ifdef VC_ENABLE_API_V13 +# define CALL_VC_V13(F,...) CALL_VC_GENERAL(0x00010011, v13, F, __VA_ARGS__) +#else +# define CALL_VC_V13(F,...) CALL_VC_NOOP +#endif + +#ifdef VC_ENABLE_API_V13 +# define CALL_VC_V13A(F,...) CALL_VC_GENERAL(0x00010012, v13, F, __VA_ARGS__) +#else +# define CALL_VC_V13A(F,...) CALL_VC_NOOP +#endif + +#ifdef VC_ENABLE_API_V13 +# define CALL_VC_V13B(F,...) CALL_VC_GENERAL(0x00010021, v13b, F, __VA_ARGS__) +#else +# define CALL_VC_V13B(F,...) CALL_VC_NOOP +#endif + +#ifdef VC_ENABLE_API_V13 +# define CALL_VC_V13OBS(F,...) CALL_VC_GENERAL(0x00010011, v13obs, F, __VA_ARGS__) +#else +# define CALL_VC_V13OBS(F,...) CALL_VC_NOOP +#endif + + +#ifdef VC_ENABLE_API_NET +# define CALL_VC_NET(F,...) CALL_VC_GENERAL(0x00010016, net, F, __VA_ARGS__) +#else +# define CALL_VC_NET(F,...) CALL_VC_NOOP +#endif + +#ifdef VC_ENABLE_API_FSCOMPAT +# define CALL_VC_FSCOMPAT(F,...) CALL_VC_GENERAL(0x00010000, fscompat, F, __VA_ARGS__) +#else +# define CALL_VC_FSCOMPAT(F,...) CALL_VC_NOOP +#endif + +#ifdef VC_ENABLE_API_OLDPROC +# define CALL_VC_OLDPROC(F,...) CALL_VC_GENERAL(0x00000000, oldproc, F, __VA_ARGS__) +#else +# define CALL_VC_OLDPROC(F,...) CALL_VC_NOOP +#endif + +#ifdef VC_ENABLE_API_OLDUTS +# define CALL_VC_OLDUTS(F,...) CALL_VC_GENERAL(0x00000000, olduts, F, __VA_ARGS__) +#else +# define CALL_VC_OLDUTS(F,...) CALL_VC_NOOP +#endif + + + // Some kernel <-> userspace wrappers; they should be noops in most cases + #if 1 # define CTX_KERNEL2USER(X) (((X)==(uint32_t)(-1)) ? VC_NOCTX : \ ((X)==(uint32_t)(-2)) ? VC_SAMECTX : \ (xid_t)(X)) -# define CTX_USER2KERNEL(X) (((X)==VC_RANDCTX) ? (uint32_t)(-1) : \ - ((X)==VC_SAMECTX) ? (uint32_t)(-2) : \ +# define CTX_USER2KERNEL(X) (((X)==VC_DYNAMIC_XID) ? (uint32_t)(-1) : \ + ((X)==VC_SAMECTX) ? (uint32_t)(-2) : \ (uint32_t)(X)) #else # define CTX_USER2KERNEL(X) (X) # define CTX_KERNEL2USER(X) (X) #endif -#ifdef __cplusplus -extern "C" { +#if 1 +# define EXT2FLAGS_USER2KERNEL(X) (((X) & ~(VC_IMMUTABLE_FILE_FL|VC_IMMUTABLE_LINK_FL)) | \ + ((X) & VC_IMMUTABLE_FILE_FL ? EXT2_IMMUTABLE_FILE_FL : 0) | \ + ((X) & VC_IMMUTABLE_LINK_FL ? EXT2_IMMUTABLE_LINK_FL : 0)) +# define EXT2FLAGS_KERNEL2USER(X) (((X) & ~(EXT2_IMMUTABLE_FILE_FL|EXT2_IMMUTABLE_LINK_FL)) | \ + ((X) & EXT2_IMMUTABLE_FILE_FL ? VC_IMMUTABLE_FILE_FL : 0) | \ + ((X) & EXT2_IMMUTABLE_LINK_FL ? VC_IMMUTABLE_LINK_FL : 0)) +#else +# define EXT2FLAGS_KERNEL2USER(X) (X) +# define EXT2FLAGS_USER2KERNEL(X) (X) +#endif + +#if 1 +# define VHI_USER2KERNEL(X) ((((X)==vcVHI_CONTEXT) ? VHIN_CONTEXT : \ + ((X)==vcVHI_SYSNAME) ? VHIN_SYSNAME : \ + ((X)==vcVHI_NODENAME) ? VHIN_NODENAME : \ + ((X)==vcVHI_RELEASE) ? VHIN_RELEASE : \ + ((X)==vcVHI_VERSION) ? VHIN_VERSION : \ + ((X)==vcVHI_MACHINE) ? VHIN_MACHINE : \ + ((X)==vcVHI_DOMAINNAME) ? VHIN_DOMAINNAME : \ + (X))) +# define VHI_KERNEL2USER(X) ((((X)==VHIN_CONTEXT) ? vcVHI_CONTEXT : \ + ((X)==VHIN_SYSNAME) ? vcVHI_SYSNAME : \ + ((X)==VHIN_NODENAME) ? vcVHI_NODENAME : \ + ((X)==VHIN_RELEASE) ? vcVHI_RELEASE : \ + ((X)==VHIN_VERSION) ? vcVHI_VERSION : \ + ((X)==VHIN_MACHINE) ? vcVHI_MACHINE : \ + ((X)==VHIN_DOMAINNAME) ? vcVHI_DOMAINNAME : \ + (X))) +#else +# define VHI_USER2KERNEL(X) (X) +# define VHI_KERNEL2USER(X) (X) #endif +#if 1 +# define NID_KERNEL2USER(X) (((X)==(uint32_t)(-1)) ? VC_NONID : \ + (xid_t)(X)) + +# define NID_USER2KERNEL(X) (((X)==VC_DYNAMIC_NID) ? (uint32_t)(-1) : \ + (uint32_t)(X)) +#else +# define NID_USER2KERNEL(X) (X) +# define NID_KERNEL2USER(X) (X) +#endif + +#if 1 +# define NETTYPE_USER2KERNEL(X) ((X)==vcNET_IPV4 ? 0 : \ + (X)==vcNET_IPV6 ? 1 : \ + (X)==vcNET_IPV4R ? 2 : \ + (X)==vcNET_IPV6R ? 3 : \ + (X)) +# define NETTYPE_KERNEL2USER(X) ((X)==0 ? vcNET_IPV4 ? : \ + (X)==1 ? vcNET_IPV6 ? : \ + (X)==2 ? vcNET_IPV4R ? : \ + (X)==3 ? vcNET_IPV6R ? : \ + (vc_net_nx_type)(X)) +#else +# define NETTYPE_USER2KERNEL(X) (X) +# define NETTYPE_KERNEL2USER(X) (X) +#endif + +#define CDLIM_USER2KERNEL(X) ((X)==VC_CDLIM_UNSET ? CDLIM_UNSET : \ + (X)==VC_CDLIM_INFINITY ? CDLIM_INFINITY : \ + (X)==VC_CDLIM_KEEP ? CDLIM_KEEP : \ + (X)) + + /// the __typeof__ thing is a hack to deal with the kernel interface + /// using an unsigned long long value for a uint32_t type +#define CDLIM_KERNEL2USER(X) ((X)==(__typeof__(X))CDLIM_UNSET ? VC_CDLIM_UNSET : \ + (X)==(__typeof__(X))CDLIM_INFINITY ? VC_CDLIM_INFINITY : \ + (X)==(__typeof__(X))CDLIM_KEEP ? VC_CDLIM_KEEP : \ + (X)) + + #define ENSC_STRUCT_IDX(STRUCT,ATTR) \ ((char*)(&(STRUCT).ATTR) - (char*)(&(STRUCT))) #define ENSC_SAME_STRUCT_IDX(LHS,RHS,ATTR) \ @@ -96,11 +227,18 @@ extern "C" { sizeof((LHS).ATTR)==sizeof((RHS).ATTR) && \ sizeof(LHS)==sizeof(RHS)) +#define EXT2_IOC_GETCONTEXT _IOR('x', 1, long) +#define EXT2_IOC_SETCONTEXT _IOW('x', 2, long) + #ifndef HAVE_VSERVER #ifdef ENSC_SYSCALL_TRADITIONAL inline static UNUSED ALWAYSINLINE int vserver(uint32_t cmd, uint32_t id, void *data) { +#if defined __dietlibc__ + extern long int syscall (long int __sysno, ...); +#endif + return syscall(__NR_vserver, cmd, id, data); } #else @@ -110,13 +248,4 @@ _syscall3(int, vserver, #endif #endif -size_t utilvserver_uint2str(char *buf, size_t len, - unsigned int val, unsigned char base); -int utilvserver_checkCompatVersion(); - -#ifdef __cplusplus -} -#endif - - #endif // H_VSERVER_SYSCALL_INTERNAL_H diff --git a/lib/vserver.h b/lib/vserver.h index 4f9205a..0b1aa8c 100644 --- a/lib/vserver.h +++ b/lib/vserver.h @@ -1,4 +1,4 @@ -/* $Id: vserver.h,v 1.1.4.11 2004/01/26 18:19:41 ensc Exp $ +/* $Id: vserver.h,v 1.66 2005/07/15 16:27:02 ensc Exp $ * Copyright (C) 2003 Enrico Scholz * @@ -17,23 +17,190 @@ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +/** \file vserver.h + * \brief The public interface of the the libvserver library. + */ + #ifndef H_VSERVER_SYSCALL_H #define H_VSERVER_SYSCALL_H #include #include +#include #include +#ifndef IS_DOXYGEN +#if defined(__GNUC__) +# define VC_ATTR_UNUSED __attribute__((__unused__)) +# define VC_ATTR_NORETURN __attribute__((__noreturn__)) +# define VC_ATTR_CONST __attribute__((__const__)) +# define VC_ATTR_DEPRECATED __attribute__((__deprecated__)) +# if __GNUC__*0x10000 + __GNUC_MINOR__*0x100 + __GNUC_PATCHLEVEL__ >= 0x30300 +# define VC_ATTR_NONNULL(ARGS) __attribute__((__nonnull__ ARGS)) +# define VC_ATTR_ALWAYSINLINE __attribute__((__always_inline__)) +# else +# define VC_ATTR_NONNULL(ARGS) +# define VC_ATTR_ALWAYSINLINE +# endif +# if __GNUC__*0x10000 + __GNUC_MINOR__*0x100 + __GNUC_PATCHLEVEL__ >= 0x30303 +# define VC_ATTR_PURE __attribute__((__pure__)) +# else +# define VC_ATTR_PURE +# endif +#else +# define VC_ATTR_NONNULL(ARGS) +# define VC_ATTR_UNUSED +# define VC_ATTR_NORETURN +# define VC_ATTR_ALWAYSINLINE +# define VC_ATTR_DEPRECATED +# define VC_ATTR_PURE +# define VC_ATTR_CONST +#endif +#endif // IS_DOXYGEN + /** the value which is returned in error-case (no ctx found) */ #define VC_NOCTX ((xid_t)(-1)) +#define VC_NOXID ((xid_t)(-1)) /** the value which means a random (the next free) ctx */ -#define VC_RANDCTX ((xid_t)(-1)) +#define VC_DYNAMIC_XID ((xid_t)(-1)) /** the value which means the current ctx */ #define VC_SAMECTX ((xid_t)(-2)) +#define VC_NONID ((nid_t)(-1)) +#define VC_DYNAMIC_NID ((nid_t)(-1)) + #define VC_LIM_INFINITY (~0ULL) #define VC_LIM_KEEP (~1ULL) +#define VC_CDLIM_UNSET (0U) +#define VC_CDLIM_INFINITY (~0U) +#define VC_CDLIM_KEEP (~1U) + +#ifndef S_CTX_INFO_LOCK +# define S_CTX_INFO_LOCK 1 +#endif + +#ifndef S_CTX_INFO_SCHED +# define S_CTX_INFO_SCHED 2 +#endif + +#ifndef S_CTX_INFO_NPROC +# define S_CTX_INFO_NPROC 4 +#endif + +#ifndef S_CTX_INFO_PRIVATE +# define S_CTX_INFO_PRIVATE 8 +#endif + +#ifndef S_CTX_INFO_INIT +# define S_CTX_INFO_INIT 16 +#endif + +#ifndef S_CTX_INFO_HIDEINFO +# define S_CTX_INFO_HIDEINFO 32 +#endif + +#ifndef S_CTX_INFO_ULIMIT +# define S_CTX_INFO_ULIMIT 64 +#endif + +#ifndef S_CTX_INFO_NAMESPACE +# define S_CTX_INFO_NAMESPACE 128 +#endif + +#define VC_CAP_CHOWN 0 +#define VC_CAP_DAC_OVERRIDE 1 +#define VC_CAP_DAC_READ_SEARCH 2 +#define VC_CAP_FOWNER 3 +#define VC_CAP_FSETID 4 +#define VC_CAP_KILL 5 +#define VC_CAP_SETGID 6 +#define VC_CAP_SETUID 7 +#define VC_CAP_SETPCAP 8 +#define VC_CAP_LINUX_IMMUTABLE 9 +#define VC_CAP_NET_BIND_SERVICE 10 +#define VC_CAP_NET_BROADCAST 11 +#define VC_CAP_NET_ADMIN 12 +#define VC_CAP_NET_RAW 13 +#define VC_CAP_IPC_LOCK 14 +#define VC_CAP_IPC_OWNER 15 +#define VC_CAP_SYS_MODULE 16 +#define VC_CAP_SYS_RAWIO 17 +#define VC_CAP_SYS_CHROOT 18 +#define VC_CAP_SYS_PTRACE 19 +#define VC_CAP_SYS_PACCT 20 +#define VC_CAP_SYS_ADMIN 21 +#define VC_CAP_SYS_BOOT 22 +#define VC_CAP_SYS_NICE 23 +#define VC_CAP_SYS_RESOURCE 24 +#define VC_CAP_SYS_TIME 25 +#define VC_CAP_SYS_TTY_CONFIG 26 +#define VC_CAP_MKNOD 27 +#define VC_CAP_LEASE 28 +#define VC_CAP_AUDIT_WRITE 29 +#define VC_CAP_AUDIT_CONTROL 30 + +#define VC_IMMUTABLE_FILE_FL 0x0000010lu +#define VC_IMMUTABLE_LINK_FL 0x0808000lu +#define VC_IMMUTABLE_ALL (VC_IMMUTABLE_LINK_FL|VC_IMMUTABLE_FILE_FL) + +#define VC_IATTR_XID 0x01000000u + +#define VC_IATTR_ADMIN 0x00000001u +#define VC_IATTR_WATCH 0x00000002u +#define VC_IATTR_HIDE 0x00000004u +#define VC_IATTR_FLAGS 0x00000007u + +#define VC_IATTR_BARRIER 0x00010000u +#define VC_IATTR_IUNLINK 0x00020000u +#define VC_IATTR_IMMUTABLE 0x00040000u + + +// the flags +#define VC_VXF_INFO_LOCK 0x00000001ull +#define VC_VXF_INFO_NPROC 0x00000004ull +#define VC_VXF_INFO_PRIVATE 0x00000008ull +#define VC_VXF_INFO_INIT 0x00000010ull + +#define VC_VXF_INFO_HIDEINFO 0x00000020ull +#define VC_VXF_INFO_ULIMIT 0x00000040ull +#define VC_VXF_INFO_NAMESPACE 0x00000080ull + +#define VC_VXF_SCHED_HARD 0x00000100ull +#define VC_VXF_SCHED_PRIO 0x00000200ull +#define VC_VXF_SCHED_PAUSE 0x00000400ull + +#define VC_VXF_VIRT_MEM 0x00010000ull +#define VC_VXF_VIRT_UPTIME 0x00020000ull +#define VC_VXF_VIRT_CPU 0x00040000ull +#define VC_VXF_VIRT_LOAD 0x00080000ull + +#define VC_VXF_HIDE_MOUNT 0x01000000ull +#define VC_VXF_HIDE_NETIF 0x02000000ull + +#define VC_VXF_STATE_SETUP (1ULL<<32) +#define VC_VXF_STATE_INIT (1ULL<<33) + +#define VC_VXF_FORK_RSS (1ULL<<48) +#define VC_VXF_PROLIFIC (1ULL<<49) + +#define VC_VXF_IGNEG_NICE (1ULL<<52) + + +// the ccapabilities +#define VC_VXC_SET_UTSNAME 0x00000001ull +#define VC_VXC_SET_RLIMIT 0x00000002ull + +#define VC_VXC_RAW_ICMP 0x00000100ull +#define VC_VXC_SYSLOG 0x00001000ull + +#define VC_VXC_SECURE_MOUNT 0x00010000ull +#define VC_VXC_SECURE_REMOUNT 0x00020000ull +#define VC_VXC_BINARY_MOUNT 0x00040000ull + +#define VC_VXC_QUOTA_CTL 0x00100000ull + + #define VC_VXSM_FILL_RATE 0x0001 #define VC_VXSM_INTERVAL 0x0002 #define VC_VXSM_TOKENS 0x0010 @@ -42,55 +209,467 @@ #define VC_VXSM_PRIO_BIAS 0x0100 +#define VC_BAD_PERSONALITY ((uint_least32_t)(-1)) + + +/** \defgroup syscalls Syscall wrappers + * Functions which are calling the vserver syscall directly. */ + +/** \defgroup helper Helper functions + * Functions which are doing general helper tasks like parameter parsing. */ + +/** \typedef an_unsigned_integer_type xid_t + * The identifier of a context. */ + +#ifdef IS_DOXYGEN +typedef an_unsigned_integer_type xid_t; +typedef an_unsigned_integer_type nid_t; +#endif #ifdef __cplusplus extern "C" { #endif struct vc_ip_mask_pair { - uint32_t ip; - uint32_t mask; + uint32_t ip; + uint32_t mask; }; - /** Returns version of the current kernel API */ + /** \brief The generic vserver syscall + * \ingroup syscalls + * + * This function executes the generic vserver syscall. It uses the + * correct syscallnumber (which may differ between the different + * architectures). + * + * \param cmd the command to be executed + * \param xid the xid on which the cmd shall be applied + * \param data additional arguments; depends on \c cmd + * \returns depends on \c cmd; usually, -1 stands for an error + */ + int vc_syscall(uint32_t cmd, xid_t xid, void *data); + + /** \brief Returns the version of the current kernel API. + * \ingroup syscalls + * \returns The versionnumber of the kernel API + */ int vc_get_version(); - /** Puts current process into context , removes the given caps and - * sets flags. - * Special values for ctx are - * - VC_SAMECTX which means the current context (just for changing caps and flags) - * - VC_RANDCTX which means the next free context; this value can be used by - * ordinary users also */ - int vc_new_s_context(xid_t ctx, unsigned int remove_cap, unsigned int flags); + /** \brief Moves current process into a context + * \ingroup syscalls + * + * Puts current process into context \a ctx, removes the capabilities + * given in \a remove_cap and sets \a flags. + * + * \param ctx The new context; special values for are + * - VC_SAMECTX which means the current context (just for changing caps and flags) + * - VC_DYNAMIC_XID which means the next free context; this value can be used by + * ordinary users also + * \param remove_cap The linux capabilities which will be \b removed. + * \param flags Special flags which will be set. + * + * \returns The new context-id, or VC_NOCTX on errors; \c errno + * will be set appropriately + * + * See http://vserver.13thfloor.at/Stuff/Logic.txt for details */ + xid_t vc_new_s_context(xid_t ctx, unsigned int remove_cap, unsigned int flags); - /** Sets the ipv4root information. - * \precondition: nb<16 */ - int vc_set_ipv4root(uint32_t bcast, size_t nb, struct vc_ip_mask_pair const *ips); - + /** \brief Sets the ipv4root information. + * \ingroup syscalls + * \pre \a nb < NB_IPV4ROOT && \a ips != 0 */ + int vc_set_ipv4root(uint32_t bcast, size_t nb, + struct vc_ip_mask_pair const *ips) VC_ATTR_NONNULL((3)); + + /** \brief Returns the value of NB_IPV4ROOT. + * \ingroup helper + * + * This function returns the value of NB_IPV4ROOT which was used when the + * library was built, but \b not the value which is used by the currently + * running kernel. */ + size_t vc_get_nb_ipv4root() VC_ATTR_CONST VC_ATTR_PURE; - /* rlimit related functions */ - typedef uint64_t vc_limit_t; + /** \brief Creates a context without starting it. + * \ingroup syscalls + * + * This functions initializes a new context. When already in a freshly + * created context, this old context will be discarded. + * + * \param xid The new context; special values are: + * - VC_DYNAMIC_XID which means to create a dynamic context + * + * \returns the xid of the created context, or VC_NOCTX on errors. \c errno + * will be set appropriately. */ + xid_t vc_ctx_create(xid_t xid); + + /** \brief Moves the current process into the specified context. + * \ingroup syscalls + * + * \param xid The new context + * \returns 0 on success, -1 on errors */ + int vc_ctx_migrate(xid_t xid); + /* rlimit related functions */ - struct vc_rlimit - { - vc_limit_t min; - vc_limit_t soft; - vc_limit_t hard; + /** \brief The type which is used for a single limit value. + * + * Special values are + * - VC_LIM_INFINITY ... which is the infinite value + * - VC_LIM_KEEP ... which is used to mark values which shall not be + * modified by the vc_set_rlimit() operation. + * + * Else, the interpretation of the value depends on the corresponding + * resource; it might be bytes, pages, seconds or litres of beer. */ + typedef uint_least64_t vc_limit_t; + + /** \brief The limits of a resources. + * + * This is a triple consisting of a minimum, soft and hardlimit. */ + struct vc_rlimit { + vc_limit_t min; ///< the guaranted minimum of a resources + vc_limit_t soft; ///< the softlimit of a resource + vc_limit_t hard; ///< the absolute hardlimit of a resource }; + /** \brief Masks describing the supported limits. */ struct vc_rlimit_mask { - uint32_t min; - uint32_t soft; - uint32_t hard; + uint_least32_t min; ///< masks the resources supporting a minimum limit + uint_least32_t soft; ///< masks the resources supporting a soft limit + uint_least32_t hard; ///< masks the resources supporting a hard limit }; - int vc_get_rlimit(xid_t ctx, int resource, struct vc_rlimit *lim); - int vc_set_rlimit(xid_t ctx, int resource, struct vc_rlimit const *lim); - int vc_get_rlimit_mask(xid_t ctx, struct vc_rlimit_mask *lim); + /** \brief Returns the limits of \a resource. + * \ingroup syscalls + * + * \param xid The id of the context + * \param resource The resource which will be queried + * \param lim The result which will be filled with the limits + * + * \returns 0 on success, and -1 on errors. */ + int vc_get_rlimit(xid_t xid, int resource, + struct vc_rlimit /*@out@*/ *lim) VC_ATTR_NONNULL((3)); + /** \brief Sets the limits of \a resource. + * \ingroup syscalls + * + * \param xid The id of the context + * \param resource The resource which will be queried + * \param lim The new limits + * + * \returns 0 on success, and -1 on errors. */ + int vc_set_rlimit(xid_t xid, int resource, + struct vc_rlimit const /*@in@*/ *lim) VC_ATTR_NONNULL((3)); + int vc_get_rlimit_mask(xid_t xid, + struct vc_rlimit_mask *lim) VC_ATTR_NONNULL((2)); + /** \brief Parses a string describing a limit + * \ingroup helper + * + * This function parses \a str and interprets special words like \p "inf" + * or suffixes. Valid suffixes are + * - \p k ... 1000 + * - \p m ... 1000000 + * - \p K ... 1024 + * - \p M ... 1048576 + * + * \param str The string which shall be parsed + * \param res Will be filled with the interpreted value; in errorcase, + * this value is undefined. + * + * \returns \a true, iff the string \a str could be parsed. \a res will + * be filled with the interpreted value in this case. + * + * \pre \a str!=0 && \a res!=0 + */ + bool vc_parseLimit(char const /*@in@*/ *str, vc_limit_t /*@out@*/ *res) VC_ATTR_NONNULL((1,2)); + + + /** \brief Sends a signal to a context/pid + * \ingroup syscalls + * + * Special values for \a pid are: + * - -1 which means every process in ctx except the init-process + * - 0 which means every process in ctx inclusive the init-process */ + int vc_ctx_kill(xid_t ctx, pid_t pid, int sig); + + + struct vc_nx_info { + nid_t nid; + }; + + nid_t vc_get_task_nid(pid_t pid); + int vc_get_nx_info(nid_t nid, struct vc_nx_info *) VC_ATTR_NONNULL((2)); + + typedef enum { vcNET_IPV4, vcNET_IPV6, vcNET_IPV4R, vcNET_IPV6R } vc_net_nx_type; + + struct vc_net_nx { + vc_net_nx_type type; + size_t count; + uint32_t ip; + uint32_t mask; + }; + + nid_t vc_net_create(nid_t nid); + int vc_net_migrate(nid_t nid); + + int vc_net_add(nid_t nid, struct vc_net_nx const *info); + int vc_net_remove(nid_t nid, struct vc_net_nx const *info); + + struct vc_net_flags { + uint_least64_t flagword; + uint_least64_t mask; + }; + + int vc_get_nflags(nid_t, struct vc_net_flags *); + int vc_set_nflags(nid_t, struct vc_net_flags const *); + + + struct vc_net_caps { + uint_least64_t ncaps; + uint_least64_t cmask; + }; + + int vc_get_ncaps(nid_t, struct vc_net_caps *); + int vc_set_ncaps(nid_t, struct vc_net_caps const *); + + + + + int vc_set_iattr(char const *filename, xid_t xid, + uint_least32_t flags, uint_least32_t mask) VC_ATTR_NONNULL((1)); + + /** \brief Returns information about attributes and assigned context of a file. + * \ingroup syscalls + * + * This function returns the VC_IATTR_XXX flags and about the assigned + * context of a file. To request an information, the appropriate bit in + * \c mask must be set and the corresponding parameter (\a xid or \a + * flags) must not be NULL. + * + * E.g. to receive the assigned context, the \c VC_IATTR_XID bit must be + * set in \a mask, and \a xid must point to valid memory. + * + * Possible flags are \c VC_IATTR_ADMIN, \c VC_IATTR_WATCH , \c VC_IATTR_HIDE, + * \c VC_IATTR_BARRIER, \c VC_IATTR_IUNLINK and \c VC_IATTR_IMMUTABLE. + * + * \param filename The name of the file whose attributes shall be determined. + + * \param xid When non-zero and the VC_IATTR_XID bit is set in \a mask, + * the assigned context of \a filename will be stored there. + * \param flags When non-zero, a bitmask of current attributes will be + * stored there. These attributes must be requested explicitly + * by setting the appropriate bit in \a mask + * \param mask Points to a bitmask which tells which attributes shall be + * determined. On return, it will masquerade the attributes + * which were determined. + * + * \pre mask!=0 && !((*mask&VC_IATTR_XID) && xid==0) && !((*mask&~VC_IATTR_XID) && flags==0) */ + int vc_get_iattr(char const *filename, xid_t * /*@null@*/ xid, + uint_least32_t * /*@null@*/ flags, + uint_least32_t * /*@null@*/ mask) VC_ATTR_NONNULL((1)); + + struct vc_vx_info { + xid_t xid; + pid_t initpid; + }; + + /** \brief Returns the context of the given process. + * \ingroup syscalls + * + * \param pid the process-id whose xid shall be determined; + * pid==0 means the current process. + * \returns the xid of process \c pid or -1 on errors + */ + xid_t vc_get_task_xid(pid_t pid); + int vc_get_vx_info(xid_t xid, struct vc_vx_info *info) VC_ATTR_NONNULL((2)); + + + typedef enum { vcVHI_CONTEXT, vcVHI_SYSNAME, vcVHI_NODENAME, + vcVHI_RELEASE, vcVHI_VERSION, vcVHI_MACHINE, + vcVHI_DOMAINNAME } vc_uts_type; + + int vc_set_vhi_name(xid_t xid, vc_uts_type type, + char const *val, size_t len) VC_ATTR_NONNULL((3)); + int vc_get_vhi_name(xid_t xid, vc_uts_type type, + char *val, size_t len) VC_ATTR_NONNULL((3)); + + /** Returns true iff \a xid is a dynamic xid */ + bool vc_is_dynamic_xid(xid_t xid); + + int vc_enter_namespace(xid_t xid); + int vc_set_namespace(); + int vc_cleanup_namespace(); + + + /** \brief Flags of process-contexts + */ + struct vc_ctx_flags { + /** \brief Mask of set context flags */ + uint_least64_t flagword; + /** \brief Mask of set and unset context flags when used by set + * operations, or modifiable flags when used by get + * operations */ + uint_least64_t mask; + }; + + /** \brief Capabilities of process-contexts */ + struct vc_ctx_caps { + /** \brief Mask of set common system capabilities */ + uint_least64_t bcaps; + /** \brief Mask of set and unset common system capabilities when used by + * set operations, or the modifiable capabilities when used by + * get operations */ + uint_least64_t bmask; + /** \brief Mask of set process context capabilities */ + uint_least64_t ccaps; + /** \brief Mask of set and unset process context capabilities when used + * by set operations, or the modifiable capabilities when used + * by get operations */ + uint_least64_t cmask; + }; + + /** \brief Information about parsing errors + * \ingroup helper + */ + struct vc_err_listparser { + char const *ptr; ///< Pointer to the first character of an erroneous string + size_t len; ///< Length of the erroneous string + }; + + int vc_get_cflags(xid_t xid, struct vc_ctx_flags *) VC_ATTR_NONNULL((2)); + int vc_set_cflags(xid_t xid, struct vc_ctx_flags const *) VC_ATTR_NONNULL((2)); + + int vc_get_ccaps(xid_t xid, struct vc_ctx_caps *); + int vc_set_ccaps(xid_t xid, struct vc_ctx_caps const *); + + /** \brief Converts a single string into bcapability + * \ingroup helper + * + * \param str The string to be parsed; + * both "CAP_xxx" and "xxx" will be accepted + * \param len The length of the string, or \c 0 for automatic detection + * + * \returns 0 on error; a bitmask on success + * \pre \a str != 0 + */ + uint_least64_t vc_text2bcap(char const *str, size_t len); + + /** \brief Converts the lowest bit of a bcapability or the entire value + * (when possible) to a textual representation + * \ingroup helper + * + * \param val The string to be converted; on success, the detected bit(s) + * will be unset, in errorcase only the lowest set bit + * + * \returns A textual representation of \a val resp. of its lowest set bit; + * or \c NULL in errorcase. + * \pre \a val!=0 + * \post \a *valold \c != 0 \c <--> + * \a *valold > \a *valnew + * \post \a *valold \c == 0 \c ---> \a result == 0 + */ + char const * vc_lobcap2text(uint_least64_t *val) VC_ATTR_NONNULL((1)); + + /** \brief Converts a string into a bcapability-bitmask + * \ingroup helper + * + * Syntax of \a str: \verbinclude list2xxx.syntax + * + * When the \c `~' prefix is used, the bits will be unset and a `~' after + * another `~' will cancel both ones. The \c `^' prefix specifies a + * bitnumber instead of a bitmask. + * + * "literal name" is everything which will be accepted by the + * vc_text2bcap() function. The special values for \c NAME will be + * recognized case insensitively + * + * \param str The string to be parsed + * \param len The length of the string, or \c 0 for automatic detection + * \param err Pointer to a structure for error-information, or \c NULL. + * \param cap Pointer to a vc_ctx_caps structure holding the results; + * only the \a bcaps and \a bmask fields will be changed and + * already set values will not be honored. When an error + * occured, \a cap will have the value of all processed valid + * \c BCAP parts. + * + * \returns 0 on success, -1 on error. In error case, \a err will hold + * position and length of the first not understood BCAP part + * \pre \a str != 0 && \a cap != 0; + * \a cap->bcaps and \a cap->bmask must be initialized + */ + int vc_list2bcap(char const *str, size_t len, + struct vc_err_listparser *err, + struct vc_ctx_caps *cap) VC_ATTR_NONNULL((1,4)); + + uint_least64_t vc_text2ccap(char const *, size_t len); + char const * vc_loccap2text(uint_least64_t *); + int vc_list2ccap(char const *, size_t len, + struct vc_err_listparser *err, + struct vc_ctx_caps *); + + int vc_list2cflag(char const *, size_t len, + struct vc_err_listparser *err, + struct vc_ctx_flags *flags); + uint_least64_t vc_text2cflag(char const *, size_t len); + char const * vc_locflag2text(uint_least64_t *); + + uint_least32_t vc_list2cflag_compat(char const *, size_t len, + struct vc_err_listparser *err); + uint_least32_t vc_text2cflag_compat(char const *, size_t len); + char const * vc_hicflag2text_compat(uint_least32_t); + + int vc_text2cap(char const *); + char const * vc_cap2text(unsigned int); + + + int vc_list2nflag(char const *, size_t len, + struct vc_err_listparser *err, + struct vc_net_flags *flags); + uint_least64_t vc_text2nflag(char const *, size_t len); + char const * vc_lonflag2text(uint_least64_t *); + + uint_least64_t vc_text2ncap(char const *, size_t len); + char const * vc_loncap2text(uint_least64_t *); + int vc_list2ncap(char const *, size_t len, + struct vc_err_listparser *err, + struct vc_net_caps *); + + uint_least64_t vc_get_insecurebcaps() VC_ATTR_CONST; + inline static uint_least64_t vc_get_insecureccaps() { + return ~(VC_VXC_SET_UTSNAME|VC_VXC_RAW_ICMP); + } + + inline static int vc_setfilecontext(char const *filename, xid_t xid) { + return vc_set_iattr(filename, xid, 0, VC_IATTR_XID); + } + + + uint_least32_t vc_text2personalityflag(char const *str, + size_t len) VC_ATTR_NONNULL((1)); + + char const * vc_lopersonality2text(uint_least32_t *) VC_ATTR_NONNULL((1)); + + int vc_list2personalityflag(char const /*@in@*/ *, + size_t len, + uint_least32_t /*@out@*/ *personality, + struct vc_err_listparser /*@out@*/ *err) VC_ATTR_NONNULL((1,3)); + + uint_least32_t vc_str2personalitytype(char const /*@in@*/*, + size_t len) VC_ATTR_NONNULL((1)); + + /** \brief Returns the context of \c filename + * \ingroup syscalls + * + * This function calls vc_get_iattr() with appropriate arguments to + * determine the context of \c filename. In error-case or when no context + * is assigned, \c VC_NOCTX will be returned. To differ between both cases, + * \c errno must be examined. + * + * \b WARNING: this function can modify \c errno although no error happened. + * + * \param filename The file to check + * \returns The assigned context, or VC_NOCTX when an error occured or no + * such assignment exists. \c errno will be 0 in the latter case */ + xid_t vc_getfilecontext(char const *filename) VC_ATTR_NONNULL((1)); -#define VC_CAT_SCHED 14 struct vc_set_sched { uint_least32_t set_mask; int_least32_t fill_rate; @@ -103,17 +682,121 @@ extern "C" { int vc_set_sched(xid_t xid, struct vc_set_sched const *); - /** sends a signal to a context/pid - Special values for pid are: - * -1 which means every process in ctx except the init-process - * 0 which means every process in ctx inclusive the init-process */ - int vc_ctx_kill(xid_t ctx, pid_t pid, int sig); + + struct vc_ctx_dlimit { + uint_least32_t space_used; + uint_least32_t space_total; + uint_least32_t inodes_used; + uint_least32_t inodes_total; + uint_least32_t reserved; + }; - /** Returns the context of the given process. pid==0 means the current process. */ - xid_t vc_X_getctx(pid_t pid); + + /** Add a disk limit to a file system. */ + int vc_add_dlimit(char const *filename, xid_t xid, + uint_least32_t flags) VC_ATTR_NONNULL((1)); + /** Remove a disk limit from a file system. */ + int vc_rem_dlimit(char const *filename, xid_t xid, + uint_least32_t flags) VC_ATTR_NONNULL((1)); + + /** Set a disk limit. */ + int vc_set_dlimit(char const *filename, xid_t xid, + uint_least32_t flags, + struct vc_ctx_dlimit const *limits) VC_ATTR_NONNULL((1,4)); + /** Get a disk limit. */ + int vc_get_dlimit(char const *filename, xid_t xid, + uint_least32_t flags, + struct vc_ctx_dlimit *limits) VC_ATTR_NONNULL((1)); + + /** \brief Waits for the end of a context + * \ingroup syscalls + */ + int vc_wait_exit(xid_t xid); + typedef enum { vcFEATURE_VKILL, vcFEATURE_IATTR, vcFEATURE_RLIMIT, + vcFEATURE_COMPAT, vcFEATURE_MIGRATE, vcFEATURE_NAMESPACE, + vcFEATURE_SCHED, vcFEATURE_VINFO, vcFEATURE_VHI, + vcFEATURE_VSHELPER0, vcFEATURE_VSHELPER, vcFEATURE_VWAIT } + vcFeatureSet; + + bool vc_isSupported(vcFeatureSet) VC_ATTR_CONST; + bool vc_isSupportedString(char const *); + + + typedef enum { vcTYPE_INVALID, vcTYPE_MAIN, vcTYPE_WATCH, + vcTYPE_STATIC, vcTYPE_DYNAMIC } + vcXidType; + + vcXidType vc_getXIDType(xid_t xid) VC_ATTR_CONST; + + /* The management part */ + +#define VC_LIMIT_VSERVER_NAME_LEN 1024 + + typedef enum { vcCFG_NONE, vcCFG_AUTO, + vcCFG_LEGACY, + vcCFG_RECENT_SHORT, + vcCFG_RECENT_FULL } vcCfgStyle; + + + /** Maps an xid given at '--xid' options to an xid_t */ + xid_t vc_xidopt2xid(char const *, bool honor_static, char const **err_info); + + vcCfgStyle vc_getVserverCfgStyle(char const *id); + + /** Resolves the name of the vserver. The result will be allocated and must + be freed by the caller. */ + char * vc_getVserverName(char const *id, vcCfgStyle style); + + /** Returns the path of the vserver configuration directory. When the given + * vserver does not exist, or when it does not have such a directory, NULL + * will be returned. Else, the result will be allocated and must be freed + * by the caller. */ + char * vc_getVserverCfgDir(char const *id, vcCfgStyle style); + + /** Returns the path of the configuration directory for the given + * application. The result will be allocated and must be freed by the + * caller. */ + char * vc_getVserverAppDir(char const *id, vcCfgStyle style, char const *app); + + /** Returns the path to the vserver root-directory. The result will be + * allocated and must be freed by the caller. */ + char * vc_getVserverVdir(char const *id, vcCfgStyle style, bool physical); + + /** Returns the ctx of the given vserver. When vserver is not running and + * 'honor_static' is false, VC_NOCTX will be returned. Else, when + * 'honor_static' is true and a static assignment exists, those value will + * be returned. Else, the result will be VC_NOCTX. + * + * When 'is_running' is not null, the status of the vserver will be + * assigned to this variable. */ + xid_t vc_getVserverCtx(char const *id, vcCfgStyle style, + bool honor_static, bool /*@null@*/ *is_running); + + /** Resolves the cfg-path of the vserver owning the given ctx. 'revdir' will + be used as the directory holding the mapping-links; when NULL, the + default value will be assumed. The result will be allocated and must be + freed by the caller. */ + char * vc_getVserverByCtx(xid_t ctx, /*@null@*/vcCfgStyle *style, + /*@null@*/char const *revdir); + +#define vcSKEL_INTERFACES 1u +#define vcSKEL_PKGMGMT 2u +#define vcSKEL_FILESYSTEM 4u + + /** Create a basic configuration skeleton for a vserver plus toplevel + * directories for pkgmanagemt and filesystem (when requested). */ + int vc_createSkeleton(char const *id, vcCfgStyle style, int flags); + + #ifdef __cplusplus } #endif +#undef VC_ATTR_PURE +#undef VC_ATTR_ALWAYSINLINE +#undef VC_ATTR_NORETURN +#undef VC_ATTR_UNUSED +#undef VC_ATTR_NONNULL + #endif -- 2.43.0