1 files changed, 141 insertions, 2 deletions
diff --git a/runsc/config/config.go b/runsc/config/config.go
index 3d8c7a0ab..a562f7bf4 100644
--- a/runsc/config/config.go
+++ b/runsc/config/config.go
@@ -19,8 +19,10 @@ package config
 
 import (
 	"fmt"
+	"strings"
 
 	"gvisor.dev/gvisor/pkg/refs"
+	controlpb "gvisor.dev/gvisor/pkg/sentry/control/control_go_proto"
 	"gvisor.dev/gvisor/pkg/sentry/watchdog"
 )
 
@@ -84,6 +86,9 @@ type Config struct {
 	// capabilities.
 	EnableRaw bool `flag:"net-raw"`
 
+	// AllowPacketEndpointWrite enables write operations on packet endpoints.
+	AllowPacketEndpointWrite bool `flag:"TESTONLY-allow-packet-endpoint-write"`
+
 	// HardwareGSO indicates that hardware segmentation offload is enabled.
 	HardwareGSO bool `flag:"gso"`
 
@@ -117,6 +122,10 @@ type Config struct {
 	// StraceLogSize is the max size of data blobs to display.
 	StraceLogSize uint `flag:"strace-log-size"`
 
+	// StraceEvent indicates sending strace to events if true. Strace is
+	// sent to log if false.
+	StraceEvent bool `flag:"strace-event"`
+
 	// DisableSeccomp indicates whether seccomp syscall filters should be
 	// disabled. Pardon the double negation, but default to enabled is important.
 	DisableSeccomp bool
@@ -131,6 +140,29 @@ type Config struct {
 	// ProfileEnable is set to prepare the sandbox to be profiled.
 	ProfileEnable bool `flag:"profile"`
 
+	// ProfileBlock collects a block profile to the passed file for the
+	// duration of the container execution. Requires ProfileEnabled.
+	ProfileBlock string `flag:"profile-block"`
+
+	// ProfileCPU collects a CPU profile to the passed file for the
+	// duration of the container execution. Requires ProfileEnabled.
+	ProfileCPU string `flag:"profile-cpu"`
+
+	// ProfileHeap collects a heap profile to the passed file for the
+	// duration of the container execution. Requires ProfileEnabled.
+	ProfileHeap string `flag:"profile-heap"`
+
+	// ProfileMutex collects a mutex profile to the passed file for the
+	// duration of the container execution. Requires ProfileEnabled.
+	ProfileMutex string `flag:"profile-mutex"`
+
+	// TraceFile collects a Go runtime execution trace to the passed file
+	// for the duration of the container execution.
+	TraceFile string `flag:"trace"`
+
+	// Controls defines the controls that may be enabled.
+	Controls controlConfig `flag:"controls"`
+
 	// RestoreFile is the path to the saved container image
 	RestoreFile string
 
@@ -142,7 +174,8 @@ type Config struct {
 	// Rootless allows the sandbox to be started with a user that is not root.
 	// Defense in depth measures are weaker in rootless mode. Specifically, the
 	// sandbox and Gofer process run as root inside a user namespace with root
-	// mapped to the caller's user.
+	// mapped to the caller's user. When using rootless, the container root path
+	// should not have a symlink.
 	Rootless bool `flag:"rootless"`
 
 	// AlsoLogToStderr allows to send log messages to stderr.
@@ -175,7 +208,8 @@ type Config struct {
 	// TestOnlyAllowRunAsCurrentUserWithoutChroot should only be used in
 	// tests. It allows runsc to start the sandbox process as the current
 	// user, and without chrooting the sandbox process. This can be
-	// necessary in test environments that have limited capabilities.
+	// necessary in test environments that have limited capabilities. When
+	// disabling chroot, the container root path should not have a symlink.
 	TestOnlyAllowRunAsCurrentUserWithoutChroot bool `flag:"TESTONLY-unsafe-nonroot"`
 
 	// TestOnlyTestNameEnv should only be used in tests. It looks up for the
@@ -193,6 +227,21 @@ func (c *Config) validate() error {
 	if c.NumNetworkChannels <= 0 {
 		return fmt.Errorf("num_network_channels must be > 0, got: %d", c.NumNetworkChannels)
 	}
+	// Require profile flags to explicitly opt-in to profiling with
+	// -profile rather than implying it since these options have security
+	// implications.
+	if c.ProfileBlock != "" && !c.ProfileEnable {
+		return fmt.Errorf("profile-block flag requires enabling profiling with profile flag")
+	}
+	if c.ProfileCPU != "" && !c.ProfileEnable {
+		return fmt.Errorf("profile-cpu flag requires enabling profiling with profile flag")
+	}
+	if c.ProfileHeap != "" && !c.ProfileEnable {
+		return fmt.Errorf("profile-heap flag requires enabling profiling with profile flag")
+	}
+	if c.ProfileMutex != "" && !c.ProfileEnable {
+		return fmt.Errorf("profile-mutex flag requires enabling profiling with profile flag")
+	}
 	return nil
 }
 
@@ -345,6 +394,96 @@ func (q QueueingDiscipline) String() string {
 	panic(fmt.Sprintf("Invalid qdisc %d", q))
 }
 
+// controlConfig represents control endpoints.
+type controlConfig struct {
+	Controls *controlpb.ControlConfig
+}
+
+// Set implements flag.Value.
+func (c *controlConfig) Set(v string) error {
+	controls := strings.Split(v, ",")
+	var controlList []controlpb.ControlConfig_Endpoint
+	for _, control := range controls {
+		switch control {
+		case "EVENTS":
+			controlList = append(controlList, controlpb.ControlConfig_EVENTS)
+		case "FS":
+			controlList = append(controlList, controlpb.ControlConfig_FS)
+		case "LIFECYCLE":
+			controlList = append(controlList, controlpb.ControlConfig_LIFECYCLE)
+		case "LOGGING":
+			controlList = append(controlList, controlpb.ControlConfig_LOGGING)
+		case "PROFILE":
+			controlList = append(controlList, controlpb.ControlConfig_PROFILE)
+		case "USAGE":
+			controlList = append(controlList, controlpb.ControlConfig_USAGE)
+		case "PROC":
+			controlList = append(controlList, controlpb.ControlConfig_PROC)
+		case "STATE":
+			controlList = append(controlList, controlpb.ControlConfig_STATE)
+		case "DEBUG":
+			controlList = append(controlList, controlpb.ControlConfig_DEBUG)
+		default:
+			return fmt.Errorf("invalid control %q", control)
+		}
+	}
+	c.Controls.AllowedControls = controlList
+	return nil
+}
+
+// Get implements flag.Value.
+func (c *controlConfig) Get() interface{} {
+	return *c
+}
+
+// String implements flag.Value.
+func (c *controlConfig) String() string {
+	v := ""
+	for _, control := range c.Controls.GetAllowedControls() {
+		if len(v) > 0 {
+			v += ","
+		}
+		switch control {
+		case controlpb.ControlConfig_EVENTS:
+			v += "EVENTS"
+		case controlpb.ControlConfig_FS:
+			v += "FS"
+		case controlpb.ControlConfig_LIFECYCLE:
+			v += "LIFECYCLE"
+		case controlpb.ControlConfig_LOGGING:
+			v += "LOGGING"
+		case controlpb.ControlConfig_PROFILE:
+			v += "PROFILE"
+		case controlpb.ControlConfig_USAGE:
+			v += "USAGE"
+		case controlpb.ControlConfig_PROC:
+			v += "PROC"
+		case controlpb.ControlConfig_STATE:
+			v += "STATE"
+		case controlpb.ControlConfig_DEBUG:
+			v += "DEBUG"
+		default:
+			panic(fmt.Sprintf("Invalid control %d", control))
+		}
+	}
+	return v
+}
+
+func defaultControlConfig() *controlConfig {
+	c := controlConfig{}
+	c.Controls = &controlpb.ControlConfig{}
+	c.Controls.AllowedControls = append(c.Controls.AllowedControls, controlpb.ControlConfig_EVENTS)
+	c.Controls.AllowedControls = append(c.Controls.AllowedControls, controlpb.ControlConfig_FS)
+	c.Controls.AllowedControls = append(c.Controls.AllowedControls, controlpb.ControlConfig_LIFECYCLE)
+	c.Controls.AllowedControls = append(c.Controls.AllowedControls, controlpb.ControlConfig_LOGGING)
+	c.Controls.AllowedControls = append(c.Controls.AllowedControls, controlpb.ControlConfig_PROFILE)
+	c.Controls.AllowedControls = append(c.Controls.AllowedControls, controlpb.ControlConfig_USAGE)
+	c.Controls.AllowedControls = append(c.Controls.AllowedControls, controlpb.ControlConfig_PROC)
+	c.Controls.AllowedControls = append(c.Controls.AllowedControls, controlpb.ControlConfig_STATE)
+	c.Controls.AllowedControls = append(c.Controls.AllowedControls, controlpb.ControlConfig_DEBUG)
+	return &c
+}
+
 func leakModePtr(v refs.LeakMode) *refs.LeakMode {
 	return &v
 }