sandboxed-api/sandboxed_api/sandbox2/forkserver.proto
Oliver Kunz 206547591b Migrate forkserver.proto to proto3 syntax
PiperOrigin-RevId: 434458725
Change-Id: I277f76a1a5ebd3eed15c6b3f3e7f849bf6edacea
2022-03-14 07:28:23 -07:00

60 lines
1.7 KiB
Protocol Buffer

// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// A proto for the sandbox2::Forkserver class
syntax = "proto3";
package sandbox2;
import "sandboxed_api/sandbox2/mount_tree.proto";
enum Mode {
// Default value
FORKSERVER_FORK_UNSPECIFIED = 0;
// Fork, execve and sandbox
FORKSERVER_FORK_EXECVE_SANDBOX = 1;
// Fork and execve, but no sandboxing
FORKSERVER_FORK_EXECVE = 2;
// Just fork
FORKSERVER_FORK = 3;
// Special internal case: join a user namespace prior to unwinding
FORKSERVER_FORK_JOIN_SANDBOX_UNWIND = 4;
}
message ForkRequest {
// List of arguments, starting with argv[0]
repeated bytes args = 1;
// List of environment variables which will be passed to the child
repeated bytes envs = 2;
// How to interpret the request
optional Mode mode = 3;
// Clone flags for the new process
optional int32 clone_flags = 4;
// Capabilities to keep when starting the sandboxee
repeated int32 capabilities = 5;
// The mount tree used for namespace initialization
optional MountTree mount_tree = 6;
// Hostname in the network namespace
optional bytes hostname = 7;
// Changes mount propagation from MS_PRIVATE to MS_SLAVE if set
optional bool allow_mount_propagation = 8;
}