diff options
| author | Chong Cai <chongc@google.com> | 2021-08-18 13:11:36 -0700 |
|---|---|---|
| committer | gVisor bot <gvisor-bot@google.com> | 2021-08-18 13:13:49 -0700 |
| commit | 75b5a4f455c2e81bb38dcf786c788089ad1aebf7 (patch) | |
| tree | 2901c8304c70d79361d2c7e241879a34e747d010 /pkg/sentry | |
| parent | e0bf52250289d23cff5c6ef10aa60b9cf0997647 (diff) | |
Add control configs
Also plumber the controls through runsc
PiperOrigin-RevId: 391594318
Diffstat (limited to 'pkg/sentry')
| -rw-r--r-- | pkg/sentry/control/BUILD | 8 | ||||
| -rw-r--r-- | pkg/sentry/control/control.proto | 40 |
2 files changed, 47 insertions, 1 deletions
diff --git a/pkg/sentry/control/BUILD b/pkg/sentry/control/BUILD index a4934a565..cfb33a398 100644 --- a/pkg/sentry/control/BUILD +++ b/pkg/sentry/control/BUILD @@ -1,7 +1,13 @@ -load("//tools:defs.bzl", "go_library", "go_test") +load("//tools:defs.bzl", "go_library", "go_test", "proto_library") package(licenses = ["notice"]) +proto_library( + name = "control", + srcs = ["control.proto"], + visibility = ["//visibility:public"], +) + go_library( name = "control", srcs = [ diff --git a/pkg/sentry/control/control.proto b/pkg/sentry/control/control.proto new file mode 100644 index 000000000..72dda3fbc --- /dev/null +++ b/pkg/sentry/control/control.proto @@ -0,0 +1,40 @@ +// Copyright 2021 The gVisor Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package gvisor; + +// ControlConfig configures the permission of controls. +message ControlConfig { + // Names for individual control URPC service objects. + // Any new service object that should be given conditional access should be + // named here and conditionally added based on presence in allowed_controls. + enum Endpoint { + UNKNOWN = 0; + EVENTS = 1; + FS = 2; + LIFECYCLE = 3; + LOGGING = 4; + PROFILE = 5; + USAGE = 6; + PROC = 7; + STATE = 8; + DEBUG = 9; + } + + // allowed_controls represents which endpoints may be registered to the + // server. + repeated Endpoint allowed_controls = 1; +} |