// Copyright 2017 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
use libc::{gid_t, pid_t, rlim64_t, uid_t};
use std::os::raw::{c_char, c_int, c_long, c_ulong};
/// Struct minijail is an opaque type inside libminijail.
/// See the minijail man page for a description of functions.
#[derive(Debug, Copy, Clone)]
pub enum minijail {}
#[link(name = "minijail")]
extern "C" {
pub fn minijail_new() -> *mut minijail;
pub fn minijail_change_uid(j: *mut minijail, uid: uid_t);
pub fn minijail_change_gid(j: *mut minijail, gid: gid_t);
pub fn minijail_set_supplementary_gids(j: *mut minijail, size: usize, list: *const gid_t);
pub fn minijail_keep_supplementary_gids(j: *mut minijail);
pub fn minijail_change_user(j: *mut minijail, user: *const c_char) -> c_int;
pub fn minijail_change_group(j: *mut minijail, group: *const c_char) -> c_int;
pub fn minijail_rlimit(j: *mut minijail, kind: c_int, cur: rlim64_t, max: rlim64_t) -> c_int;
pub fn minijail_use_seccomp(j: *mut minijail);
pub fn minijail_no_new_privs(j: *mut minijail);
pub fn minijail_use_seccomp_filter(j: *mut minijail);
pub fn minijail_set_seccomp_filter_tsync(j: *mut minijail);
pub fn minijail_set_seccomp_filters(j: *mut minijail, filter: *const net_sys::sock_fprog);
pub fn minijail_parse_seccomp_filters(j: *mut minijail, path: *const c_char);
pub fn minijail_parse_seccomp_filters_from_fd(j: *mut minijail, fd: c_int);
pub fn minijail_log_seccomp_filter_failures(j: *mut minijail);
pub fn minijail_use_caps(j: *mut minijail, capmask: u64);
pub fn minijail_capbset_drop(j: *mut minijail, capmask: u64);
pub fn minijail_set_ambient_caps(j: *mut minijail);
pub fn minijail_reset_signal_mask(j: *mut minijail);
pub fn minijail_reset_signal_handlers(j: *mut minijail);
pub fn minijail_namespace_vfs(j: *mut minijail);
pub fn minijail_namespace_enter_vfs(j: *mut minijail, ns_path: *const c_char);
pub fn minijail_new_session_keyring(j: *mut minijail);
pub fn minijail_skip_setting_securebits(j: *mut minijail, securebits_skip_mask: u64);
pub fn minijail_skip_remount_private(j: *mut minijail);
pub fn minijail_remount_mode(j: *mut minijail, mode: c_ulong);
pub fn minijail_namespace_ipc(j: *mut minijail);
pub fn minijail_namespace_uts(j: *mut minijail);
pub fn minijail_namespace_set_hostname(j: *mut minijail, name: *const c_char) -> c_int;
pub fn minijail_namespace_net(j: *mut minijail);
pub fn minijail_namespace_enter_net(j: *mut minijail, ns_path: *const c_char);
pub fn minijail_namespace_cgroups(j: *mut minijail);
pub fn minijail_close_open_fds(j: *mut minijail);
pub fn minijail_namespace_pids(j: *mut minijail);
pub fn minijail_namespace_pids_rw_proc(j: *mut minijail);
pub fn minijail_namespace_user(j: *mut minijail);
pub fn minijail_namespace_user_disable_setgroups(j: *mut minijail);
pub fn minijail_uidmap(j: *mut minijail, uidmap: *const c_char) -> c_int;
pub fn minijail_gidmap(j: *mut minijail, gidmap: *const c_char) -> c_int;
pub fn minijail_remount_proc_readonly(j: *mut minijail);
pub fn minijail_run_as_init(j: *mut minijail);
pub fn minijail_write_pid_file(j: *mut minijail, path: *const c_char) -> c_int;
pub fn minijail_inherit_usergroups(j: *mut minijail);
pub fn minijail_use_alt_syscall(j: *mut minijail, table: *const c_char) -> c_int;
pub fn minijail_add_to_cgroup(j: *mut minijail, path: *const c_char) -> c_int;
pub fn minijail_enter_chroot(j: *mut minijail, dir: *const c_char) -> c_int;
pub fn minijail_enter_pivot_root(j: *mut minijail, dir: *const c_char) -> c_int;
pub fn minijail_fork(j: *mut minijail) -> pid_t;
pub fn minijail_get_original_path(j: *mut minijail, chroot_path: *const c_char) -> *mut c_char;
pub fn minijail_mount_dev(j: *mut minijail);
pub fn minijail_mount_tmp(j: *mut minijail);
pub fn minijail_mount_tmp_size(j: *mut minijail, size: usize);
pub fn minijail_mount_with_data(
j: *mut minijail,
src: *const c_char,
dest: *const c_char,
type_: *const c_char,
flags: c_ulong,
data: *const c_char,
) -> c_int;
pub fn minijail_mount(
j: *mut minijail,
src: *const c_char,
dest: *const c_char,
type_: *const c_char,
flags: c_ulong,
) -> c_int;
pub fn minijail_bind(
j: *mut minijail,
src: *const c_char,
dest: *const c_char,
writeable: c_int,
) -> c_int;
pub fn minijail_preserve_fd(j: *mut minijail, parent_fd: c_int, child_fd: c_int) -> c_int;
pub fn minijail_enter(j: *const minijail);
pub fn minijail_run(
j: *mut minijail,
filename: *const c_char,
argv: *const *const c_char,
) -> c_int;
pub fn minijail_run_no_preload(
j: *mut minijail,
filename: *const c_char,
argv: *const *const c_char,
) -> c_int;
pub fn minijail_run_pid(
j: *mut minijail,
filename: *const c_char,
argv: *const *const c_char,
pchild_pid: *mut pid_t,
) -> c_int;
pub fn minijail_run_pipe(
j: *mut minijail,
filename: *const c_char,
argv: *const *const c_char,
pstdin_fd: *mut c_int,
) -> c_int;
pub fn minijail_run_pid_pipes(
j: *mut minijail,
filename: *const c_char,
argv: *const *const c_char,
pchild_pid: *mut pid_t,
pstdin_fd: *mut c_int,
pstdout_fd: *mut c_int,
pstderr_fd: *mut c_int,
) -> c_int;
pub fn minijail_run_pid_pipes_no_preload(
j: *mut minijail,
filename: *const c_char,
argv: *const *const c_char,
pchild_pid: *mut pid_t,
pstdin_fd: *mut c_int,
pstdout_fd: *mut c_int,
pstderr_fd: *mut c_int,
) -> c_int;
pub fn minijail_kill(j: *mut minijail) -> c_int;
pub fn minijail_wait(j: *mut minijail) -> c_int;
pub fn minijail_destroy(j: *mut minijail);
} // extern "C"