StarMirror/sandboxed-api
1
0
Fork 0
mirror of https://github.com/google/sandboxed-api.git synced 2024-03-22 13:11:30 +08:00
Code Issues Projects Releases Wiki Activity
4630346fd1
sandboxed-api/sandboxed_api/sandbox2/forkserver.proto
Wiktor Garbacz b258535161 Treat libunwind sandbox as a ~regular sandboxee 
This removes dependency on unwind from forkserver,
which should reduce binary size for all the custom forkservers (also the SAPI generated ones).
Unwind was only ever used by the global forkserver anyhow

PiperOrigin-RevId: 557921074
Change-Id: Iea4904da0506fee5a00f970538f512cba7b02326
2023-08-17 13:32:44 -07:00

71 lines
1.9 KiB
Protocol Buffer
Raw Blame History

// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// A proto for the sandbox2::Forkserver class
syntax = "proto3";
package sandbox2;
import "sandboxed_api/sandbox2/mount_tree.proto";
enum Mode {
// Default value
FORKSERVER_FORK_UNSPECIFIED = 0;
// Fork, execve and sandbox
FORKSERVER_FORK_EXECVE_SANDBOX = 1;
// Fork and execve, but no sandboxing
FORKSERVER_FORK_EXECVE = 2;
// Just fork
FORKSERVER_FORK = 3;
reserved 4;
}
enum MonitorType {
// Default value
FORKSERVER_MONITOR_UNSPECIFIED = 0;
// Ptrace based monitor
FORKSERVER_MONITOR_PTRACE = 1;
// Seccomp_unotify based monitor
FORKSERVER_MONITOR_UNOTIFY = 2;
}
message ForkRequest {
// List of arguments, starting with argv[0]
repeated bytes args = 1;
// List of environment variables which will be passed to the child
repeated bytes envs = 2;
// How to interpret the request
optional Mode mode = 3;
// Clone flags for the new process
optional int32 clone_flags = 4;
// Capabilities to keep when starting the sandboxee
repeated int32 capabilities = 5;
// The mount tree used for namespace initialization
optional MountTree mount_tree = 6;
// Hostname in the network namespace
optional bytes hostname = 7;
// Changes mount propagation from MS_PRIVATE to MS_SLAVE if set
optional bool allow_mount_propagation = 8;
// Monitor type used by the sandbox
optional MonitorType monitor_type = 9;
}
Reference in New Issue View Git Blame Copy Permalink