sandboxed_api/sandbox2/forkserver.proto - platform/external/sandboxed-api - Git at Google

 // Copyright 2019 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     https://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 // A proto for the sandbox2::Forkserver class

 syntax = "proto3";

 package sandbox2;

 import "sandboxed_api/sandbox2/mount_tree.proto";

 enum Mode {
   // Default value
   FORKSERVER_FORK_UNSPECIFIED = 0;
   // Fork, execve and sandbox
   FORKSERVER_FORK_EXECVE_SANDBOX = 1;
   // Fork and execve, but no sandboxing
   FORKSERVER_FORK_EXECVE = 2;
   // Just fork
   FORKSERVER_FORK = 3;
   reserved 4;
 }

 enum MonitorType {
   // Default value
   FORKSERVER_MONITOR_UNSPECIFIED = 0;
   // Ptrace based monitor
   FORKSERVER_MONITOR_PTRACE = 1;
   // Seccomp_unotify based monitor
   FORKSERVER_MONITOR_UNOTIFY = 2;
 }

 message ForkRequest {
   // List of arguments, starting with argv[0]
   repeated bytes args = 1;
   // List of environment variables which will be passed to the child
   repeated bytes envs = 2;

   // How to interpret the request
   optional Mode mode = 3;

   // Clone flags for the new process
   optional int32 clone_flags = 4;

   // Capabilities to keep when starting the sandboxee
   repeated int32 capabilities = 5;

   // The mount tree used for namespace initialization
   optional MountTree mount_tree = 6;

   // Hostname in the network namespace
   optional bytes hostname = 7;

   // Changes mount propagation from MS_PRIVATE to MS_SLAVE if set
   optional bool allow_mount_propagation = 8;

   // Monitor type used by the sandbox
   optional MonitorType monitor_type = 9;
 }
	// Copyright 2019 Google LLC
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// https://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	// A proto for the sandbox2::Forkserver class

	syntax = "proto3";

	package sandbox2;

	import "sandboxed_api/sandbox2/mount_tree.proto";

	enum Mode {
	// Default value
	FORKSERVER_FORK_UNSPECIFIED = 0;
	// Fork, execve and sandbox
	FORKSERVER_FORK_EXECVE_SANDBOX = 1;
	// Fork and execve, but no sandboxing
	FORKSERVER_FORK_EXECVE = 2;
	// Just fork
	FORKSERVER_FORK = 3;
	reserved 4;
	}

	enum MonitorType {
	// Default value
	FORKSERVER_MONITOR_UNSPECIFIED = 0;
	// Ptrace based monitor
	FORKSERVER_MONITOR_PTRACE = 1;
	// Seccomp_unotify based monitor
	FORKSERVER_MONITOR_UNOTIFY = 2;
	}

	message ForkRequest {
	// List of arguments, starting with argv[0]
	repeated bytes args = 1;
	// List of environment variables which will be passed to the child
	repeated bytes envs = 2;

	// How to interpret the request
	optional Mode mode = 3;

	// Clone flags for the new process
	optional int32 clone_flags = 4;

	// Capabilities to keep when starting the sandboxee
	repeated int32 capabilities = 5;

	// The mount tree used for namespace initialization
	optional MountTree mount_tree = 6;

	// Hostname in the network namespace
	optional bytes hostname = 7;

	// Changes mount propagation from MS_PRIVATE to MS_SLAVE if set
	optional bool allow_mount_propagation = 8;

	// Monitor type used by the sandbox
	optional MonitorType monitor_type = 9;
	}