server: go.chromium.org/goma/server/proto/nsjail Index | Files

package nsjail

import "go.chromium.org/goma/server/proto/nsjail"

Index

Package Files

config.pb.go

Constants

const Default_Exe_ExecFd bool = false
const Default_IdMap_Count uint32 = 1
const Default_IdMap_UseNewidmap bool = false
const Default_MountPt_IsBind bool = false
const Default_MountPt_IsSymlink bool = false
const Default_MountPt_Mandatory bool = true
const Default_MountPt_Nodev bool = false
const Default_MountPt_Noexec bool = false
const Default_MountPt_Nosuid bool = false
const Default_MountPt_Rw bool = false
const Default_NsJailConfig_Bindhost string = "::"
const Default_NsJailConfig_CgroupCpuMount string = "/sys/fs/cgroup/cpu"
const Default_NsJailConfig_CgroupCpuMsPerSec uint32 = 0
const Default_NsJailConfig_CgroupCpuParent string = "NSJAIL"
const Default_NsJailConfig_CgroupMemMax uint64 = 0
const Default_NsJailConfig_CgroupMemMount string = "/sys/fs/cgroup/memory"
const Default_NsJailConfig_CgroupMemParent string = "NSJAIL"
const Default_NsJailConfig_CgroupNetClsClassid uint32 = 0
const Default_NsJailConfig_CgroupNetClsMount string = "/sys/fs/cgroup/net_cls"
const Default_NsJailConfig_CgroupNetClsParent string = "NSJAIL"
const Default_NsJailConfig_CgroupPidsMax uint64 = 0
const Default_NsJailConfig_CgroupPidsMount string = "/sys/fs/cgroup/pids"
const Default_NsJailConfig_CgroupPidsParent string = "NSJAIL"
const Default_NsJailConfig_CloneNewcgroup bool = true
const Default_NsJailConfig_CloneNewipc bool = true
const Default_NsJailConfig_CloneNewnet bool = true
const Default_NsJailConfig_CloneNewns bool = true
const Default_NsJailConfig_CloneNewpid bool = true
const Default_NsJailConfig_CloneNewuser bool = true
const Default_NsJailConfig_CloneNewuts bool = true
const Default_NsJailConfig_Cwd string = "/"
const Default_NsJailConfig_Daemon bool = false
const Default_NsJailConfig_DisableNoNewPrivs bool = false
const Default_NsJailConfig_Hostname string = "NSJAIL"
const Default_NsJailConfig_IfaceNoLo bool = false
const Default_NsJailConfig_IsRootRw bool = false
const Default_NsJailConfig_KeepCaps bool = false
const Default_NsJailConfig_KeepEnv bool = false
const Default_NsJailConfig_MacvlanVsGw string = "192.168.0.1"
const Default_NsJailConfig_MacvlanVsIp string = "192.168.0.2"
const Default_NsJailConfig_MacvlanVsNm string = "255.255.255.0"
const Default_NsJailConfig_MaxConnsPerIp uint32 = 0
const Default_NsJailConfig_MaxCpus uint32 = 0
const Default_NsJailConfig_MountProc bool = false
const Default_NsJailConfig_PersonaAddrCompatLayout bool = false
const Default_NsJailConfig_PersonaAddrLimit_3Gb bool = false
const Default_NsJailConfig_PersonaAddrNoRandomize bool = false
const Default_NsJailConfig_PersonaMmapPageZero bool = false
const Default_NsJailConfig_PersonaReadImpliesExec bool = false
const Default_NsJailConfig_Port uint32 = 0
const Default_NsJailConfig_RlimitAs uint64 = 512
const Default_NsJailConfig_RlimitCore uint64 = 0
const Default_NsJailConfig_RlimitCpu uint64 = 600
const Default_NsJailConfig_RlimitFsize uint64 = 1
const Default_NsJailConfig_RlimitNofile uint64 = 32
const Default_NsJailConfig_RlimitNproc uint64 = 1024
const Default_NsJailConfig_RlimitStack uint64 = 1048576
const Default_NsJailConfig_SeccompLog bool = false
const Default_NsJailConfig_Silent bool = false
const Default_NsJailConfig_SkipSetsid bool = false
const Default_NsJailConfig_StderrToNull bool = false
const Default_NsJailConfig_TimeLimit uint32 = 600

Variables

var LogLevel_name = map[int32]string{
    0:  "DEBUG",
    1:  "INFO",
    2:  "WARNING",
    3:  "ERROR",
    4:  "FATAL",
}
var LogLevel_value = map[string]int32{
    "DEBUG":   0,
    "INFO":    1,
    "WARNING": 2,
    "ERROR":   3,
    "FATAL":   4,
}
var Mode_name = map[int32]string{
    0:  "LISTEN",
    1:  "ONCE",
    2:  "RERUN",
    3:  "EXECVE",
}
var Mode_value = map[string]int32{
    "LISTEN": 0,
    "ONCE":   1,
    "RERUN":  2,
    "EXECVE": 3,
}
var RLimit_name = map[int32]string{
    0:  "VALUE",
    1:  "SOFT",
    2:  "HARD",
    3:  "INF",
}
var RLimit_value = map[string]int32{
    "VALUE": 0,
    "SOFT":  1,
    "HARD":  2,
    "INF":   3,
}

type Exe Uses

type Exe struct {
    // Will be used both as execv's path and as argv[0]
    Path *string `protobuf:"bytes,1,req,name=path" json:"path,omitempty"`
    // This will be argv[1] and so on..
    Arg []string `protobuf:"bytes,2,rep,name=arg" json:"arg,omitempty"`
    // Override argv[0]
    Arg0 *string `protobuf:"bytes,3,opt,name=arg0" json:"arg0,omitempty"`
    // Should execveat() be used to execute a file-descriptor instead?
    ExecFd               *bool    `protobuf:"varint,4,opt,name=exec_fd,json=execFd,def=0" json:"exec_fd,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*Exe) Descriptor Uses

func (*Exe) Descriptor() ([]byte, []int)

func (*Exe) GetArg Uses

func (m *Exe) GetArg() []string

func (*Exe) GetArg0 Uses

func (m *Exe) GetArg0() string

func (*Exe) GetExecFd Uses

func (m *Exe) GetExecFd() bool

func (*Exe) GetPath Uses

func (m *Exe) GetPath() string

func (*Exe) ProtoMessage Uses

func (*Exe) ProtoMessage()

func (*Exe) Reset Uses

func (m *Exe) Reset()

func (*Exe) String Uses

func (m *Exe) String() string

func (*Exe) XXX_DiscardUnknown Uses

func (m *Exe) XXX_DiscardUnknown()

func (*Exe) XXX_Marshal Uses

func (m *Exe) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Exe) XXX_Merge Uses

func (m *Exe) XXX_Merge(src proto.Message)

func (*Exe) XXX_Size Uses

func (m *Exe) XXX_Size() int

func (*Exe) XXX_Unmarshal Uses

func (m *Exe) XXX_Unmarshal(b []byte) error

type IdMap Uses

type IdMap struct {
    // Empty string means "current uid/gid"
    InsideId  *string `protobuf:"bytes,1,opt,name=inside_id,json=insideId,def=" json:"inside_id,omitempty"`
    OutsideId *string `protobuf:"bytes,2,opt,name=outside_id,json=outsideId,def=" json:"outside_id,omitempty"`
    // See 'man user_namespaces' for the meaning of count
    Count *uint32 `protobuf:"varint,3,opt,name=count,def=1" json:"count,omitempty"`
    // Does this map use /usr/bin/new[u|g]idmap binary?
    UseNewidmap          *bool    `protobuf:"varint,4,opt,name=use_newidmap,json=useNewidmap,def=0" json:"use_newidmap,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*IdMap) Descriptor Uses

func (*IdMap) Descriptor() ([]byte, []int)

func (*IdMap) GetCount Uses

func (m *IdMap) GetCount() uint32

func (*IdMap) GetInsideId Uses

func (m *IdMap) GetInsideId() string

func (*IdMap) GetOutsideId Uses

func (m *IdMap) GetOutsideId() string

func (*IdMap) GetUseNewidmap Uses

func (m *IdMap) GetUseNewidmap() bool

func (*IdMap) ProtoMessage Uses

func (*IdMap) ProtoMessage()

func (*IdMap) Reset Uses

func (m *IdMap) Reset()

func (*IdMap) String Uses

func (m *IdMap) String() string

func (*IdMap) XXX_DiscardUnknown Uses

func (m *IdMap) XXX_DiscardUnknown()

func (*IdMap) XXX_Marshal Uses

func (m *IdMap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IdMap) XXX_Merge Uses

func (m *IdMap) XXX_Merge(src proto.Message)

func (*IdMap) XXX_Size Uses

func (m *IdMap) XXX_Size() int

func (*IdMap) XXX_Unmarshal Uses

func (m *IdMap) XXX_Unmarshal(b []byte) error

type LogLevel Uses

type LogLevel int32

Should be self explanatory

const (
    LogLevel_DEBUG   LogLevel = 0
    LogLevel_INFO    LogLevel = 1
    LogLevel_WARNING LogLevel = 2
    LogLevel_ERROR   LogLevel = 3
    LogLevel_FATAL   LogLevel = 4
)

func (LogLevel) Enum Uses

func (x LogLevel) Enum() *LogLevel

func (LogLevel) EnumDescriptor Uses

func (LogLevel) EnumDescriptor() ([]byte, []int)

func (LogLevel) String Uses

func (x LogLevel) String() string

func (*LogLevel) UnmarshalJSON Uses

func (x *LogLevel) UnmarshalJSON(data []byte) error

type Mode Uses

type Mode int32
const (
    Mode_LISTEN Mode = 0
    Mode_ONCE   Mode = 1
    Mode_RERUN  Mode = 2
    Mode_EXECVE Mode = 3
)
const Default_NsJailConfig_Mode Mode = Mode_ONCE

func (Mode) Enum Uses

func (x Mode) Enum() *Mode

func (Mode) EnumDescriptor Uses

func (Mode) EnumDescriptor() ([]byte, []int)

func (Mode) String Uses

func (x Mode) String() string

func (*Mode) UnmarshalJSON Uses

func (x *Mode) UnmarshalJSON(data []byte) error

type MountPt Uses

type MountPt struct {
    // Can be skipped for filesystems like 'proc'
    Src *string `protobuf:"bytes,1,opt,name=src,def=" json:"src,omitempty"`
    // Should 'src' path be prefixed with this envvar?
    PrefixSrcEnv *string `protobuf:"bytes,2,opt,name=prefix_src_env,json=prefixSrcEnv,def=" json:"prefix_src_env,omitempty"`
    // If specified, contains buffer that will be written to the dst file
    SrcContent []byte `protobuf:"bytes,3,opt,name=src_content,json=srcContent,def=" json:"src_content,omitempty"`
    // Mount point inside jail
    Dst *string `protobuf:"bytes,4,req,name=dst,def=" json:"dst,omitempty"`
    // Should 'dst' path be prefixed with this envvar?
    PrefixDstEnv *string `protobuf:"bytes,5,opt,name=prefix_dst_env,json=prefixDstEnv,def=" json:"prefix_dst_env,omitempty"`
    // Can be empty for mount --bind mounts
    Fstype *string `protobuf:"bytes,6,opt,name=fstype,def=" json:"fstype,omitempty"`
    // E.g. size=5000000 for 'tmpfs'
    Options *string `protobuf:"bytes,7,opt,name=options,def=" json:"options,omitempty"`
    // Is it a 'mount --bind src dst' type of mount?
    IsBind *bool `protobuf:"varint,8,opt,name=is_bind,json=isBind,def=0" json:"is_bind,omitempty"`
    // Is it a R/W mount?
    Rw  *bool `protobuf:"varint,9,opt,name=rw,def=0" json:"rw,omitempty"`
    // Is it a directory? If not specified an internal
    //heuristics will be used to determine that
    IsDir *bool `protobuf:"varint,10,opt,name=is_dir,json=isDir" json:"is_dir,omitempty"`
    // Should the sandboxing fail if we cannot mount this resource?
    Mandatory *bool `protobuf:"varint,11,opt,name=mandatory,def=1" json:"mandatory,omitempty"`
    // Is it a symlink (instead of real mount point)?
    IsSymlink *bool `protobuf:"varint,12,opt,name=is_symlink,json=isSymlink,def=0" json:"is_symlink,omitempty"`
    // Is it a nosuid mount
    Nosuid *bool `protobuf:"varint,13,opt,name=nosuid,def=0" json:"nosuid,omitempty"`
    // Is it a nodev mount
    Nodev *bool `protobuf:"varint,14,opt,name=nodev,def=0" json:"nodev,omitempty"`
    // Is it a noexec mount
    Noexec               *bool    `protobuf:"varint,15,opt,name=noexec,def=0" json:"noexec,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*MountPt) Descriptor Uses

func (*MountPt) Descriptor() ([]byte, []int)

func (*MountPt) GetDst Uses

func (m *MountPt) GetDst() string

func (*MountPt) GetFstype Uses

func (m *MountPt) GetFstype() string

func (*MountPt) GetIsBind Uses

func (m *MountPt) GetIsBind() bool

func (*MountPt) GetIsDir Uses

func (m *MountPt) GetIsDir() bool
func (m *MountPt) GetIsSymlink() bool

func (*MountPt) GetMandatory Uses

func (m *MountPt) GetMandatory() bool

func (*MountPt) GetNodev Uses

func (m *MountPt) GetNodev() bool

func (*MountPt) GetNoexec Uses

func (m *MountPt) GetNoexec() bool

func (*MountPt) GetNosuid Uses

func (m *MountPt) GetNosuid() bool

func (*MountPt) GetOptions Uses

func (m *MountPt) GetOptions() string

func (*MountPt) GetPrefixDstEnv Uses

func (m *MountPt) GetPrefixDstEnv() string

func (*MountPt) GetPrefixSrcEnv Uses

func (m *MountPt) GetPrefixSrcEnv() string

func (*MountPt) GetRw Uses

func (m *MountPt) GetRw() bool

func (*MountPt) GetSrc Uses

func (m *MountPt) GetSrc() string

func (*MountPt) GetSrcContent Uses

func (m *MountPt) GetSrcContent() []byte

func (*MountPt) ProtoMessage Uses

func (*MountPt) ProtoMessage()

func (*MountPt) Reset Uses

func (m *MountPt) Reset()

func (*MountPt) String Uses

func (m *MountPt) String() string

func (*MountPt) XXX_DiscardUnknown Uses

func (m *MountPt) XXX_DiscardUnknown()

func (*MountPt) XXX_Marshal Uses

func (m *MountPt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*MountPt) XXX_Merge Uses

func (m *MountPt) XXX_Merge(src proto.Message)

func (*MountPt) XXX_Size Uses

func (m *MountPt) XXX_Size() int

func (*MountPt) XXX_Unmarshal Uses

func (m *MountPt) XXX_Unmarshal(b []byte) error

type NsJailConfig Uses

type NsJailConfig struct {
    // Optional name and description for this config
    Name        *string  `protobuf:"bytes,1,opt,name=name,def=" json:"name,omitempty"`
    Description []string `protobuf:"bytes,2,rep,name=description" json:"description,omitempty"`
    // Execution mode: see 'msg Mode' description for more
    Mode *Mode `protobuf:"varint,3,opt,name=mode,enum=nsjail.Mode,def=1" json:"mode,omitempty"`
    // Equivalent to a bind mount with dst='/'. DEPRECATED: Use bind mounts.
    ChrootDir *string `protobuf:"bytes,4,opt,name=chroot_dir,json=chrootDir" json:"chroot_dir,omitempty"` // Deprecated: Do not use.
    // Applies both to the chroot_dir and to /proc mounts. DEPRECATED: Use bind mounts
    IsRootRw *bool `protobuf:"varint,5,opt,name=is_root_rw,json=isRootRw,def=0" json:"is_root_rw,omitempty"` // Deprecated: Do not use.
    // Hostname inside jail
    Hostname *string `protobuf:"bytes,8,opt,name=hostname,def=NSJAIL" json:"hostname,omitempty"`
    // Initial current working directory for the binary
    Cwd *string `protobuf:"bytes,9,opt,name=cwd,def=/" json:"cwd,omitempty"`
    // TCP port to listen to. Valid with mode=LISTEN only
    Port *uint32 `protobuf:"varint,10,opt,name=port,def=0" json:"port,omitempty"`
    // Host to bind to for mode=LISTEN. Must be in IPv6 format
    Bindhost *string `protobuf:"bytes,11,opt,name=bindhost,def=::" json:"bindhost,omitempty"`
    // For mode=LISTEN, maximum number of connections from a single IP
    MaxConnsPerIp *uint32 `protobuf:"varint,12,opt,name=max_conns_per_ip,json=maxConnsPerIp,def=0" json:"max_conns_per_ip,omitempty"`
    // Wall-time time limit for commands
    TimeLimit *uint32 `protobuf:"varint,13,opt,name=time_limit,json=timeLimit,def=600" json:"time_limit,omitempty"`
    // Should nsjail go into background?
    Daemon *bool `protobuf:"varint,14,opt,name=daemon,def=0" json:"daemon,omitempty"`
    // Maximum number of CPUs to use: 0 - no limit
    MaxCpus *uint32 `protobuf:"varint,15,opt,name=max_cpus,json=maxCpus,def=0" json:"max_cpus,omitempty"`
    // FD to log to.
    LogFd *int32 `protobuf:"varint,16,opt,name=log_fd,json=logFd" json:"log_fd,omitempty"`
    // File to save lofs to
    LogFile *string `protobuf:"bytes,17,opt,name=log_file,json=logFile" json:"log_file,omitempty"`
    // Minimum log level displayed.
    //See 'msg LogLevel' description for more
    LogLevel *LogLevel `protobuf:"varint,18,opt,name=log_level,json=logLevel,enum=nsjail.LogLevel" json:"log_level,omitempty"`
    // Should the current environment variables be kept
    //when executing the binary
    KeepEnv *bool `protobuf:"varint,19,opt,name=keep_env,json=keepEnv,def=0" json:"keep_env,omitempty"`
    // EnvVars to be set before executing binaries. If the envvar doesn't contain '='
    //(e.g. just the 'DISPLAY' string), the current envvar value will be used
    Envar []string `protobuf:"bytes,20,rep,name=envar" json:"envar,omitempty"`
    // Should capabilities be preserved or dropped
    KeepCaps *bool `protobuf:"varint,21,opt,name=keep_caps,json=keepCaps,def=0" json:"keep_caps,omitempty"`
    // Which capabilities should be preserved if keep_caps == false.
    //Format: "CAP_SYS_PTRACE"
    Cap []string `protobuf:"bytes,22,rep,name=cap" json:"cap,omitempty"`
    // Should nsjail close FD=0,1,2 before executing the process
    Silent *bool `protobuf:"varint,23,opt,name=silent,def=0" json:"silent,omitempty"`
    // Should the child process have control over terminal?
    //Can be useful to allow /bin/sh to provide
    //job control / signals. Dangerous, can be used to put
    //characters into the controlling terminal back
    SkipSetsid *bool `protobuf:"varint,24,opt,name=skip_setsid,json=skipSetsid,def=0" json:"skip_setsid,omitempty"`
    // Redirect sdterr of the process to /dev/null instead of the socket or original TTY
    StderrToNull *bool `protobuf:"varint,25,opt,name=stderr_to_null,json=stderrToNull,def=0" json:"stderr_to_null,omitempty"`
    // Which FDs should be passed to the newly executed process
    //By default only FD=0,1,2 are passed
    PassFd []int32 `protobuf:"varint,26,rep,name=pass_fd,json=passFd" json:"pass_fd,omitempty"`
    // Setting it to true will allow to have set-uid binaries
    //inside the jail
    DisableNoNewPrivs *bool `protobuf:"varint,27,opt,name=disable_no_new_privs,json=disableNoNewPrivs,def=0" json:"disable_no_new_privs,omitempty"`
    // Various rlimits, the rlimit_as/rlimit_core/... are used only if
    //rlimit_as_type/rlimit_core_type/... are set to RLimit::VALUE
    RlimitAs         *uint64 `protobuf:"varint,28,opt,name=rlimit_as,json=rlimitAs,def=512" json:"rlimit_as,omitempty"`
    RlimitAsType     *RLimit `protobuf:"varint,29,opt,name=rlimit_as_type,json=rlimitAsType,enum=nsjail.RLimit,def=0" json:"rlimit_as_type,omitempty"`
    RlimitCore       *uint64 `protobuf:"varint,30,opt,name=rlimit_core,json=rlimitCore,def=0" json:"rlimit_core,omitempty"`
    RlimitCoreType   *RLimit `protobuf:"varint,31,opt,name=rlimit_core_type,json=rlimitCoreType,enum=nsjail.RLimit,def=0" json:"rlimit_core_type,omitempty"`
    RlimitCpu        *uint64 `protobuf:"varint,32,opt,name=rlimit_cpu,json=rlimitCpu,def=600" json:"rlimit_cpu,omitempty"`
    RlimitCpuType    *RLimit `protobuf:"varint,33,opt,name=rlimit_cpu_type,json=rlimitCpuType,enum=nsjail.RLimit,def=0" json:"rlimit_cpu_type,omitempty"`
    RlimitFsize      *uint64 `protobuf:"varint,34,opt,name=rlimit_fsize,json=rlimitFsize,def=1" json:"rlimit_fsize,omitempty"`
    RlimitFsizeType  *RLimit `protobuf:"varint,35,opt,name=rlimit_fsize_type,json=rlimitFsizeType,enum=nsjail.RLimit,def=0" json:"rlimit_fsize_type,omitempty"`
    RlimitNofile     *uint64 `protobuf:"varint,36,opt,name=rlimit_nofile,json=rlimitNofile,def=32" json:"rlimit_nofile,omitempty"`
    RlimitNofileType *RLimit `protobuf:"varint,37,opt,name=rlimit_nofile_type,json=rlimitNofileType,enum=nsjail.RLimit,def=0" json:"rlimit_nofile_type,omitempty"`
    // RLIMIT_NPROC is system-wide - tricky to use; use the soft limit value by
    // default here
    RlimitNproc     *uint64 `protobuf:"varint,38,opt,name=rlimit_nproc,json=rlimitNproc,def=1024" json:"rlimit_nproc,omitempty"`
    RlimitNprocType *RLimit `protobuf:"varint,39,opt,name=rlimit_nproc_type,json=rlimitNprocType,enum=nsjail.RLimit,def=1" json:"rlimit_nproc_type,omitempty"`
    // In MiB, use the soft limit value by default
    RlimitStack     *uint64 `protobuf:"varint,40,opt,name=rlimit_stack,json=rlimitStack,def=1048576" json:"rlimit_stack,omitempty"`
    RlimitStackType *RLimit `protobuf:"varint,41,opt,name=rlimit_stack_type,json=rlimitStackType,enum=nsjail.RLimit,def=1" json:"rlimit_stack_type,omitempty"`
    // See 'man personality' for more
    PersonaAddrCompatLayout *bool `protobuf:"varint,42,opt,name=persona_addr_compat_layout,json=personaAddrCompatLayout,def=0" json:"persona_addr_compat_layout,omitempty"`
    PersonaMmapPageZero     *bool `protobuf:"varint,43,opt,name=persona_mmap_page_zero,json=personaMmapPageZero,def=0" json:"persona_mmap_page_zero,omitempty"`
    PersonaReadImpliesExec  *bool `protobuf:"varint,44,opt,name=persona_read_implies_exec,json=personaReadImpliesExec,def=0" json:"persona_read_implies_exec,omitempty"`
    PersonaAddrLimit_3Gb    *bool `protobuf:"varint,45,opt,name=persona_addr_limit_3gb,json=personaAddrLimit3gb,def=0" json:"persona_addr_limit_3gb,omitempty"`
    PersonaAddrNoRandomize  *bool `protobuf:"varint,46,opt,name=persona_addr_no_randomize,json=personaAddrNoRandomize,def=0" json:"persona_addr_no_randomize,omitempty"`
    // Which name-spaces should be used?
    CloneNewnet  *bool `protobuf:"varint,47,opt,name=clone_newnet,json=cloneNewnet,def=1" json:"clone_newnet,omitempty"`
    CloneNewuser *bool `protobuf:"varint,48,opt,name=clone_newuser,json=cloneNewuser,def=1" json:"clone_newuser,omitempty"`
    CloneNewns   *bool `protobuf:"varint,49,opt,name=clone_newns,json=cloneNewns,def=1" json:"clone_newns,omitempty"`
    CloneNewpid  *bool `protobuf:"varint,50,opt,name=clone_newpid,json=cloneNewpid,def=1" json:"clone_newpid,omitempty"`
    CloneNewipc  *bool `protobuf:"varint,51,opt,name=clone_newipc,json=cloneNewipc,def=1" json:"clone_newipc,omitempty"`
    CloneNewuts  *bool `protobuf:"varint,52,opt,name=clone_newuts,json=cloneNewuts,def=1" json:"clone_newuts,omitempty"`
    // Disable for kernel versions < 4.6 as it's not supported there
    CloneNewcgroup *bool `protobuf:"varint,53,opt,name=clone_newcgroup,json=cloneNewcgroup,def=1" json:"clone_newcgroup,omitempty"`
    // Mappings for UIDs and GIDs. See the description for 'msg IdMap'
    //for more
    Uidmap []*IdMap `protobuf:"bytes,54,rep,name=uidmap" json:"uidmap,omitempty"`
    Gidmap []*IdMap `protobuf:"bytes,55,rep,name=gidmap" json:"gidmap,omitempty"`
    // Should /proc be mounted (R/O)? This can also be added in the 'mount'
    //section below
    MountProc *bool `protobuf:"varint,56,opt,name=mount_proc,json=mountProc,def=0" json:"mount_proc,omitempty"`
    // Mount points inside the jail. See the description for 'msg MountPt'
    //for more
    Mount []*MountPt `protobuf:"bytes,57,rep,name=mount" json:"mount,omitempty"`
    // Kafel seccomp-bpf policy file or a string:
    //Homepage of the project: https://github.com/google/kafel
    SeccompPolicyFile *string  `protobuf:"bytes,58,opt,name=seccomp_policy_file,json=seccompPolicyFile" json:"seccomp_policy_file,omitempty"`
    SeccompString     []string `protobuf:"bytes,59,rep,name=seccomp_string,json=seccompString" json:"seccomp_string,omitempty"`
    // Setting it to true makes audit write seccomp logs to dmesg
    SeccompLog *bool `protobuf:"varint,60,opt,name=seccomp_log,json=seccompLog,def=0" json:"seccomp_log,omitempty"`
    // If > 0, maximum cumulative size of RAM used inside any jail
    CgroupMemMax *uint64 `protobuf:"varint,61,opt,name=cgroup_mem_max,json=cgroupMemMax,def=0" json:"cgroup_mem_max,omitempty"`
    // Mount point for cgroups-memory in your system
    CgroupMemMount *string `protobuf:"bytes,62,opt,name=cgroup_mem_mount,json=cgroupMemMount,def=/sys/fs/cgroup/memory" json:"cgroup_mem_mount,omitempty"`
    // Writeable directory (for the nsjail user) under cgroup_mem_mount
    CgroupMemParent *string `protobuf:"bytes,63,opt,name=cgroup_mem_parent,json=cgroupMemParent,def=NSJAIL" json:"cgroup_mem_parent,omitempty"`
    // If > 0, maximum number of PIDs (threads/processes) inside jail
    CgroupPidsMax *uint64 `protobuf:"varint,64,opt,name=cgroup_pids_max,json=cgroupPidsMax,def=0" json:"cgroup_pids_max,omitempty"`
    // Mount point for cgroups-pids in your system
    CgroupPidsMount *string `protobuf:"bytes,65,opt,name=cgroup_pids_mount,json=cgroupPidsMount,def=/sys/fs/cgroup/pids" json:"cgroup_pids_mount,omitempty"`
    // Writeable directory (for the nsjail user) under cgroup_pids_mount
    CgroupPidsParent *string `protobuf:"bytes,66,opt,name=cgroup_pids_parent,json=cgroupPidsParent,def=NSJAIL" json:"cgroup_pids_parent,omitempty"`
    // If > 0, Class identifier of network packets inside jail
    CgroupNetClsClassid *uint32 `protobuf:"varint,67,opt,name=cgroup_net_cls_classid,json=cgroupNetClsClassid,def=0" json:"cgroup_net_cls_classid,omitempty"`
    // Mount point for cgroups-net-cls in your system
    CgroupNetClsMount *string `protobuf:"bytes,68,opt,name=cgroup_net_cls_mount,json=cgroupNetClsMount,def=/sys/fs/cgroup/net_cls" json:"cgroup_net_cls_mount,omitempty"`
    // Writeable directory (for the nsjail user) under cgroup_net_mount
    CgroupNetClsParent *string `protobuf:"bytes,69,opt,name=cgroup_net_cls_parent,json=cgroupNetClsParent,def=NSJAIL" json:"cgroup_net_cls_parent,omitempty"`
    // If > 0 number of milliseconds of CPU that jail processes can use per each second
    CgroupCpuMsPerSec *uint32 `protobuf:"varint,70,opt,name=cgroup_cpu_ms_per_sec,json=cgroupCpuMsPerSec,def=0" json:"cgroup_cpu_ms_per_sec,omitempty"`
    // Mount point for cgroups-cpu in your system
    CgroupCpuMount *string `protobuf:"bytes,71,opt,name=cgroup_cpu_mount,json=cgroupCpuMount,def=/sys/fs/cgroup/cpu" json:"cgroup_cpu_mount,omitempty"`
    // Writeable directory (for the nsjail user) under cgroup_cpu_mount
    CgroupCpuParent *string `protobuf:"bytes,72,opt,name=cgroup_cpu_parent,json=cgroupCpuParent,def=NSJAIL" json:"cgroup_cpu_parent,omitempty"`
    // Should the 'lo' interface be brought up (active) inside this jail?
    IfaceNoLo *bool `protobuf:"varint,73,opt,name=iface_no_lo,json=ifaceNoLo,def=0" json:"iface_no_lo,omitempty"`
    // Put this interface inside the jail
    IfaceOwn []string `protobuf:"bytes,74,rep,name=iface_own,json=ifaceOwn" json:"iface_own,omitempty"`
    // Parameters for the cloned MACVLAN interface inside jail
    MacvlanIface *string `protobuf:"bytes,75,opt,name=macvlan_iface,json=macvlanIface" json:"macvlan_iface,omitempty"`
    MacvlanVsIp  *string `protobuf:"bytes,76,opt,name=macvlan_vs_ip,json=macvlanVsIp,def=192.168.0.2" json:"macvlan_vs_ip,omitempty"`
    MacvlanVsNm  *string `protobuf:"bytes,77,opt,name=macvlan_vs_nm,json=macvlanVsNm,def=255.255.255.0" json:"macvlan_vs_nm,omitempty"`
    MacvlanVsGw  *string `protobuf:"bytes,78,opt,name=macvlan_vs_gw,json=macvlanVsGw,def=192.168.0.1" json:"macvlan_vs_gw,omitempty"`
    MacvlanVsMa  *string `protobuf:"bytes,79,opt,name=macvlan_vs_ma,json=macvlanVsMa,def=" json:"macvlan_vs_ma,omitempty"`
    // Binary path (with arguments) to be executed. If not specified here, it
    //can be specified with cmd-line as "-- /path/to/command arg1 arg2"
    ExecBin              *Exe     `protobuf:"bytes,80,opt,name=exec_bin,json=execBin" json:"exec_bin,omitempty"`
    XXX_NoUnkeyedLiteral struct{} `json:"-"`
    XXX_unrecognized     []byte   `json:"-"`
    XXX_sizecache        int32    `json:"-"`
}

func (*NsJailConfig) Descriptor Uses

func (*NsJailConfig) Descriptor() ([]byte, []int)

func (*NsJailConfig) GetBindhost Uses

func (m *NsJailConfig) GetBindhost() string

func (*NsJailConfig) GetCap Uses

func (m *NsJailConfig) GetCap() []string

func (*NsJailConfig) GetCgroupCpuMount Uses

func (m *NsJailConfig) GetCgroupCpuMount() string

func (*NsJailConfig) GetCgroupCpuMsPerSec Uses

func (m *NsJailConfig) GetCgroupCpuMsPerSec() uint32

func (*NsJailConfig) GetCgroupCpuParent Uses

func (m *NsJailConfig) GetCgroupCpuParent() string

func (*NsJailConfig) GetCgroupMemMax Uses

func (m *NsJailConfig) GetCgroupMemMax() uint64

func (*NsJailConfig) GetCgroupMemMount Uses

func (m *NsJailConfig) GetCgroupMemMount() string

func (*NsJailConfig) GetCgroupMemParent Uses

func (m *NsJailConfig) GetCgroupMemParent() string

func (*NsJailConfig) GetCgroupNetClsClassid Uses

func (m *NsJailConfig) GetCgroupNetClsClassid() uint32

func (*NsJailConfig) GetCgroupNetClsMount Uses

func (m *NsJailConfig) GetCgroupNetClsMount() string

func (*NsJailConfig) GetCgroupNetClsParent Uses

func (m *NsJailConfig) GetCgroupNetClsParent() string

func (*NsJailConfig) GetCgroupPidsMax Uses

func (m *NsJailConfig) GetCgroupPidsMax() uint64

func (*NsJailConfig) GetCgroupPidsMount Uses

func (m *NsJailConfig) GetCgroupPidsMount() string

func (*NsJailConfig) GetCgroupPidsParent Uses

func (m *NsJailConfig) GetCgroupPidsParent() string

func (*NsJailConfig) GetChrootDir Uses

func (m *NsJailConfig) GetChrootDir() string

Deprecated: Do not use.

func (*NsJailConfig) GetCloneNewcgroup Uses

func (m *NsJailConfig) GetCloneNewcgroup() bool

func (*NsJailConfig) GetCloneNewipc Uses

func (m *NsJailConfig) GetCloneNewipc() bool

func (*NsJailConfig) GetCloneNewnet Uses

func (m *NsJailConfig) GetCloneNewnet() bool

func (*NsJailConfig) GetCloneNewns Uses

func (m *NsJailConfig) GetCloneNewns() bool

func (*NsJailConfig) GetCloneNewpid Uses

func (m *NsJailConfig) GetCloneNewpid() bool

func (*NsJailConfig) GetCloneNewuser Uses

func (m *NsJailConfig) GetCloneNewuser() bool

func (*NsJailConfig) GetCloneNewuts Uses

func (m *NsJailConfig) GetCloneNewuts() bool

func (*NsJailConfig) GetCwd Uses

func (m *NsJailConfig) GetCwd() string

func (*NsJailConfig) GetDaemon Uses

func (m *NsJailConfig) GetDaemon() bool

func (*NsJailConfig) GetDescription Uses

func (m *NsJailConfig) GetDescription() []string

func (*NsJailConfig) GetDisableNoNewPrivs Uses

func (m *NsJailConfig) GetDisableNoNewPrivs() bool

func (*NsJailConfig) GetEnvar Uses

func (m *NsJailConfig) GetEnvar() []string

func (*NsJailConfig) GetExecBin Uses

func (m *NsJailConfig) GetExecBin() *Exe

func (*NsJailConfig) GetGidmap Uses

func (m *NsJailConfig) GetGidmap() []*IdMap

func (*NsJailConfig) GetHostname Uses

func (m *NsJailConfig) GetHostname() string

func (*NsJailConfig) GetIfaceNoLo Uses

func (m *NsJailConfig) GetIfaceNoLo() bool

func (*NsJailConfig) GetIfaceOwn Uses

func (m *NsJailConfig) GetIfaceOwn() []string

func (*NsJailConfig) GetIsRootRw Uses

func (m *NsJailConfig) GetIsRootRw() bool

Deprecated: Do not use.

func (*NsJailConfig) GetKeepCaps Uses

func (m *NsJailConfig) GetKeepCaps() bool

func (*NsJailConfig) GetKeepEnv Uses

func (m *NsJailConfig) GetKeepEnv() bool

func (*NsJailConfig) GetLogFd Uses

func (m *NsJailConfig) GetLogFd() int32

func (*NsJailConfig) GetLogFile Uses

func (m *NsJailConfig) GetLogFile() string

func (*NsJailConfig) GetLogLevel Uses

func (m *NsJailConfig) GetLogLevel() LogLevel

func (*NsJailConfig) GetMacvlanIface Uses

func (m *NsJailConfig) GetMacvlanIface() string

func (*NsJailConfig) GetMacvlanVsGw Uses

func (m *NsJailConfig) GetMacvlanVsGw() string

func (*NsJailConfig) GetMacvlanVsIp Uses

func (m *NsJailConfig) GetMacvlanVsIp() string

func (*NsJailConfig) GetMacvlanVsMa Uses

func (m *NsJailConfig) GetMacvlanVsMa() string

func (*NsJailConfig) GetMacvlanVsNm Uses

func (m *NsJailConfig) GetMacvlanVsNm() string

func (*NsJailConfig) GetMaxConnsPerIp Uses

func (m *NsJailConfig) GetMaxConnsPerIp() uint32

func (*NsJailConfig) GetMaxCpus Uses

func (m *NsJailConfig) GetMaxCpus() uint32

func (*NsJailConfig) GetMode Uses

func (m *NsJailConfig) GetMode() Mode

func (*NsJailConfig) GetMount Uses

func (m *NsJailConfig) GetMount() []*MountPt

func (*NsJailConfig) GetMountProc Uses

func (m *NsJailConfig) GetMountProc() bool

func (*NsJailConfig) GetName Uses

func (m *NsJailConfig) GetName() string

func (*NsJailConfig) GetPassFd Uses

func (m *NsJailConfig) GetPassFd() []int32

func (*NsJailConfig) GetPersonaAddrCompatLayout Uses

func (m *NsJailConfig) GetPersonaAddrCompatLayout() bool

func (*NsJailConfig) GetPersonaAddrLimit_3Gb Uses

func (m *NsJailConfig) GetPersonaAddrLimit_3Gb() bool

func (*NsJailConfig) GetPersonaAddrNoRandomize Uses

func (m *NsJailConfig) GetPersonaAddrNoRandomize() bool

func (*NsJailConfig) GetPersonaMmapPageZero Uses

func (m *NsJailConfig) GetPersonaMmapPageZero() bool

func (*NsJailConfig) GetPersonaReadImpliesExec Uses

func (m *NsJailConfig) GetPersonaReadImpliesExec() bool

func (*NsJailConfig) GetPort Uses

func (m *NsJailConfig) GetPort() uint32

func (*NsJailConfig) GetRlimitAs Uses

func (m *NsJailConfig) GetRlimitAs() uint64

func (*NsJailConfig) GetRlimitAsType Uses

func (m *NsJailConfig) GetRlimitAsType() RLimit

func (*NsJailConfig) GetRlimitCore Uses

func (m *NsJailConfig) GetRlimitCore() uint64

func (*NsJailConfig) GetRlimitCoreType Uses

func (m *NsJailConfig) GetRlimitCoreType() RLimit

func (*NsJailConfig) GetRlimitCpu Uses

func (m *NsJailConfig) GetRlimitCpu() uint64

func (*NsJailConfig) GetRlimitCpuType Uses

func (m *NsJailConfig) GetRlimitCpuType() RLimit

func (*NsJailConfig) GetRlimitFsize Uses

func (m *NsJailConfig) GetRlimitFsize() uint64

func (*NsJailConfig) GetRlimitFsizeType Uses

func (m *NsJailConfig) GetRlimitFsizeType() RLimit

func (*NsJailConfig) GetRlimitNofile Uses

func (m *NsJailConfig) GetRlimitNofile() uint64

func (*NsJailConfig) GetRlimitNofileType Uses

func (m *NsJailConfig) GetRlimitNofileType() RLimit

func (*NsJailConfig) GetRlimitNproc Uses

func (m *NsJailConfig) GetRlimitNproc() uint64

func (*NsJailConfig) GetRlimitNprocType Uses

func (m *NsJailConfig) GetRlimitNprocType() RLimit

func (*NsJailConfig) GetRlimitStack Uses

func (m *NsJailConfig) GetRlimitStack() uint64

func (*NsJailConfig) GetRlimitStackType Uses

func (m *NsJailConfig) GetRlimitStackType() RLimit

func (*NsJailConfig) GetSeccompLog Uses

func (m *NsJailConfig) GetSeccompLog() bool

func (*NsJailConfig) GetSeccompPolicyFile Uses

func (m *NsJailConfig) GetSeccompPolicyFile() string

func (*NsJailConfig) GetSeccompString Uses

func (m *NsJailConfig) GetSeccompString() []string

func (*NsJailConfig) GetSilent Uses

func (m *NsJailConfig) GetSilent() bool

func (*NsJailConfig) GetSkipSetsid Uses

func (m *NsJailConfig) GetSkipSetsid() bool

func (*NsJailConfig) GetStderrToNull Uses

func (m *NsJailConfig) GetStderrToNull() bool

func (*NsJailConfig) GetTimeLimit Uses

func (m *NsJailConfig) GetTimeLimit() uint32

func (*NsJailConfig) GetUidmap Uses

func (m *NsJailConfig) GetUidmap() []*IdMap

func (*NsJailConfig) ProtoMessage Uses

func (*NsJailConfig) ProtoMessage()

func (*NsJailConfig) Reset Uses

func (m *NsJailConfig) Reset()

func (*NsJailConfig) String Uses

func (m *NsJailConfig) String() string

func (*NsJailConfig) XXX_DiscardUnknown Uses

func (m *NsJailConfig) XXX_DiscardUnknown()

func (*NsJailConfig) XXX_Marshal Uses

func (m *NsJailConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*NsJailConfig) XXX_Merge Uses

func (m *NsJailConfig) XXX_Merge(src proto.Message)

func (*NsJailConfig) XXX_Size Uses

func (m *NsJailConfig) XXX_Size() int

func (*NsJailConfig) XXX_Unmarshal Uses

func (m *NsJailConfig) XXX_Unmarshal(b []byte) error

type RLimit Uses

type RLimit int32
const (
    RLimit_VALUE RLimit = 0
    RLimit_SOFT  RLimit = 1
    RLimit_HARD  RLimit = 2
    RLimit_INF   RLimit = 3
)
const Default_NsJailConfig_RlimitAsType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitCoreType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitCpuType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitFsizeType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitNofileType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitNprocType RLimit = RLimit_SOFT
const Default_NsJailConfig_RlimitStackType RLimit = RLimit_SOFT

func (RLimit) Enum Uses

func (x RLimit) Enum() *RLimit

func (RLimit) EnumDescriptor Uses

func (RLimit) EnumDescriptor() ([]byte, []int)

func (RLimit) String Uses

func (x RLimit) String() string

func (*RLimit) UnmarshalJSON Uses

func (x *RLimit) UnmarshalJSON(data []byte) error

Package nsjail imports 3 packages (graph) and is imported by 1 packages. Updated 2019-08-07. Refresh now. Tools for package owners.