soma/idl/soma_container_spec.proto - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2015 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 syntax = "proto2";
 option optimize_for = LITE_RUNTIME;

 package soma;

 message ContainerSpec {
   // ------------- Submessage types ----------------------------------------- //
   // NB: When adding a value here, add it to namespace.h as well.
   enum Namespace {
     NEWIPC = 0;
     NEWNET = 1;
     NEWNS = 2;
     NEWPID = 3;
     NEWUSER = 4;
     NEWUTS = 5;
   }

   message PortSpec {
     optional bool allow_all = 1;
     repeated uint32 ports = 2;
   }

   message Executable {
     // ----------- Required fields ------------------------------------------ //
     // Command line to run: /path/to/executable [ARGS...]
     repeated string command_line = 1;
     // UID for running the command line.
     optional uint32 uid = 2;
     // GID for running the command line.
     optional uint32 gid = 3;

     // ------------- Optional fields ---------------------------------------- //
     // Will be the CWD when the given executable is run.
     optional string working_directory = 4 [default = "/"];
     // TCP ports allowed for listening.
     optional PortSpec tcp_listen_ports = 5;
     // UDP ports allowed for listening.
     optional PortSpec udp_listen_ports = 6;
   }

   message DevicePathFilter {
     optional string filter = 1;
   }

   message DeviceNodeFilter {
     optional int32 major = 1;  // May be set to -1 to indicate wildcard.
     optional int32 minor = 2;  // May be set to -1 to indicate wildcard.
   }

   message UserACL {
     optional string service_name = 1;
     repeated uint32 uids = 2;
   }

   message GroupACL {
     optional string service_name = 1;
     repeated uint32 gids = 2;
   }

   // ------------- Required fields ------------------------------------------ //
   // Absolute path to the service's service bundle filesystem overlay.
   optional string service_bundle_path = 1;

   // Unique name identifying this ContainerSpec.
   optional string name = 2;

   // Executables to be run inside this container. There must be at least one.
   repeated Executable executables = 3;

   // ------------- Optional fields ------------------------------------------ //

   // List of fully-qualified names of services that should be registered
   // from inside this container.
   repeated string service_names = 4;

   // Namespaces to unshare for the container.
   repeated Namespace namespaces = 5;

   // Path-based filters indicating which device nodes should be visible.
   repeated DevicePathFilter device_path_filters = 6;

   // mknod-number-based filters indicating which device nodes should be visible.
   repeated DeviceNodeFilter device_node_filters = 7;

   // Whether this container should be running at all times or started on-demand.
   optional bool is_persistent = 8;

   repeated UserACL user_acls = 9;
   repeated GroupACL group_acls = 10;
 }
	// Copyright 2015 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.
	syntax = "proto2";
	option optimize_for = LITE_RUNTIME;

	package soma;

	message ContainerSpec {
	// ------------- Submessage types ----------------------------------------- //
	// NB: When adding a value here, add it to namespace.h as well.
	enum Namespace {
	NEWIPC = 0;
	NEWNET = 1;
	NEWNS = 2;
	NEWPID = 3;
	NEWUSER = 4;
	NEWUTS = 5;
	}

	message PortSpec {
	optional bool allow_all = 1;
	repeated uint32 ports = 2;
	}

	message Executable {
	// ----------- Required fields ------------------------------------------ //
	// Command line to run: /path/to/executable [ARGS...]
	repeated string command_line = 1;
	// UID for running the command line.
	optional uint32 uid = 2;
	// GID for running the command line.
	optional uint32 gid = 3;

	// ------------- Optional fields ---------------------------------------- //
	// Will be the CWD when the given executable is run.
	optional string working_directory = 4 [default = "/"];
	// TCP ports allowed for listening.
	optional PortSpec tcp_listen_ports = 5;
	// UDP ports allowed for listening.
	optional PortSpec udp_listen_ports = 6;
	}

	message DevicePathFilter {
	optional string filter = 1;
	}

	message DeviceNodeFilter {
	optional int32 major = 1; // May be set to -1 to indicate wildcard.
	optional int32 minor = 2; // May be set to -1 to indicate wildcard.
	}

	message UserACL {
	optional string service_name = 1;
	repeated uint32 uids = 2;
	}

	message GroupACL {
	optional string service_name = 1;
	repeated uint32 gids = 2;
	}

	// ------------- Required fields ------------------------------------------ //
	// Absolute path to the service's service bundle filesystem overlay.
	optional string service_bundle_path = 1;

	// Unique name identifying this ContainerSpec.
	optional string name = 2;

	// Executables to be run inside this container. There must be at least one.
	repeated Executable executables = 3;

	// ------------- Optional fields ------------------------------------------ //

	// List of fully-qualified names of services that should be registered
	// from inside this container.
	repeated string service_names = 4;

	// Namespaces to unshare for the container.
	repeated Namespace namespaces = 5;

	// Path-based filters indicating which device nodes should be visible.
	repeated DevicePathFilter device_path_filters = 6;

	// mknod-number-based filters indicating which device nodes should be visible.
	repeated DeviceNodeFilter device_node_filters = 7;

	// Whether this container should be running at all times or started on-demand.
	optional bool is_persistent = 8;

	repeated UserACL user_acls = 9;
	repeated GroupACL group_acls = 10;
	}