nsjail

package

v0.0.26 Latest Latest Go to latest Published: Sep 30, 2022 License: BSD-3-Clause Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

chromium.googlesource.com/infra/goma/server

Links

Open Source Insights

README ¶

nsjail config proto

protobuf schema for nsjail (GitHub). This is used for providing hermetic build environment with arbitrary toolchain support.

How to update the file?

git clone

$ git clone https://github.com/google/nsjail.git

copy config.proto file.

$ cp nsjail/config.proto .

Add option go_package = "go.chromium.org/goma/server/proto/nsjail";

Documentation ¶

Constants ¶

View Source

const (
	Default_IdMap_InsideId    = string("")
	Default_IdMap_OutsideId   = string("")
	Default_IdMap_Count       = uint32(1)
	Default_IdMap_UseNewidmap = bool(false)
)

Default values for IdMap fields.

View Source

const (
	Default_MountPt_Src          = string("")
	Default_MountPt_PrefixSrcEnv = string("")
	Default_MountPt_Dst          = string("")
	Default_MountPt_PrefixDstEnv = string("")
	Default_MountPt_Fstype       = string("")
	Default_MountPt_Options      = string("")
	Default_MountPt_IsBind       = bool(false)
	Default_MountPt_Rw           = bool(false)
	Default_MountPt_Mandatory    = bool(true)
	Default_MountPt_IsSymlink    = bool(false)
	Default_MountPt_Nosuid       = bool(false)
	Default_MountPt_Nodev        = bool(false)
	Default_MountPt_Noexec       = bool(false)
)

Default values for MountPt fields.

View Source

const (
	Default_NsJailConfig_Name                    = string("")
	Default_NsJailConfig_Mode                    = Mode_ONCE
	Default_NsJailConfig_Hostname                = string("NSJAIL")
	Default_NsJailConfig_Cwd                     = string("/")
	Default_NsJailConfig_NoPivotroot             = bool(false)
	Default_NsJailConfig_Port                    = uint32(0)
	Default_NsJailConfig_Bindhost                = string("::")
	Default_NsJailConfig_MaxConns                = uint32(0)
	Default_NsJailConfig_MaxConnsPerIp           = uint32(0)
	Default_NsJailConfig_TimeLimit               = uint32(600)
	Default_NsJailConfig_Daemon                  = bool(false)
	Default_NsJailConfig_MaxCpus                 = uint32(0)
	Default_NsJailConfig_KeepEnv                 = bool(false)
	Default_NsJailConfig_KeepCaps                = bool(false)
	Default_NsJailConfig_Silent                  = bool(false)
	Default_NsJailConfig_SkipSetsid              = bool(false)
	Default_NsJailConfig_StderrToNull            = bool(false)
	Default_NsJailConfig_DisableNoNewPrivs       = bool(false)
	Default_NsJailConfig_RlimitAs                = uint64(4096)
	Default_NsJailConfig_RlimitAsType            = RLimit_VALUE
	Default_NsJailConfig_RlimitCore              = uint64(0)
	Default_NsJailConfig_RlimitCoreType          = RLimit_VALUE
	Default_NsJailConfig_RlimitCpu               = uint64(600)
	Default_NsJailConfig_RlimitCpuType           = RLimit_VALUE
	Default_NsJailConfig_RlimitFsize             = uint64(1)
	Default_NsJailConfig_RlimitFsizeType         = RLimit_VALUE
	Default_NsJailConfig_RlimitNofile            = uint64(32)
	Default_NsJailConfig_RlimitNofileType        = RLimit_VALUE
	Default_NsJailConfig_RlimitNproc             = uint64(1024)
	Default_NsJailConfig_RlimitNprocType         = RLimit_SOFT
	Default_NsJailConfig_RlimitStack             = uint64(8)
	Default_NsJailConfig_RlimitStackType         = RLimit_SOFT
	Default_NsJailConfig_RlimitMemlock           = uint64(64)
	Default_NsJailConfig_RlimitMemlockType       = RLimit_SOFT
	Default_NsJailConfig_RlimitRtprio            = uint64(0)
	Default_NsJailConfig_RlimitRtprioType        = RLimit_SOFT
	Default_NsJailConfig_RlimitMsgqueue          = uint64(1024)
	Default_NsJailConfig_RlimitMsgqueueType      = RLimit_SOFT
	Default_NsJailConfig_DisableRl               = bool(false)
	Default_NsJailConfig_PersonaAddrCompatLayout = bool(false)
	Default_NsJailConfig_PersonaMmapPageZero     = bool(false)
	Default_NsJailConfig_PersonaReadImpliesExec  = bool(false)
	Default_NsJailConfig_PersonaAddrLimit_3Gb    = bool(false)
	Default_NsJailConfig_PersonaAddrNoRandomize  = bool(false)
	Default_NsJailConfig_CloneNewnet             = bool(true)
	Default_NsJailConfig_CloneNewuser            = bool(true)
	Default_NsJailConfig_CloneNewns              = bool(true)
	Default_NsJailConfig_CloneNewpid             = bool(true)
	Default_NsJailConfig_CloneNewipc             = bool(true)
	Default_NsJailConfig_CloneNewuts             = bool(true)
	Default_NsJailConfig_CloneNewcgroup          = bool(true)
	Default_NsJailConfig_CloneNewtime            = bool(false)
	Default_NsJailConfig_MountProc               = bool(false)
	Default_NsJailConfig_SeccompLog              = bool(false)
	Default_NsJailConfig_CgroupMemMax            = uint64(0)
	Default_NsJailConfig_CgroupMemMemswMax       = uint64(0)
	Default_NsJailConfig_CgroupMemSwapMax        = int64(-1)
	Default_NsJailConfig_CgroupMemMount          = string("/sys/fs/cgroup/memory")
	Default_NsJailConfig_CgroupMemParent         = string("NSJAIL")
	Default_NsJailConfig_CgroupPidsMax           = uint64(0)
	Default_NsJailConfig_CgroupPidsMount         = string("/sys/fs/cgroup/pids")
	Default_NsJailConfig_CgroupPidsParent        = string("NSJAIL")
	Default_NsJailConfig_CgroupNetClsClassid     = uint32(0)
	Default_NsJailConfig_CgroupNetClsMount       = string("/sys/fs/cgroup/net_cls")
	Default_NsJailConfig_CgroupNetClsParent      = string("NSJAIL")
	Default_NsJailConfig_CgroupCpuMsPerSec       = uint32(0)
	Default_NsJailConfig_CgroupCpuMount          = string("/sys/fs/cgroup/cpu")
	Default_NsJailConfig_CgroupCpuParent         = string("NSJAIL")
	Default_NsJailConfig_Cgroupv2Mount           = string("/sys/fs/cgroup")
	Default_NsJailConfig_UseCgroupv2             = bool(false)
	Default_NsJailConfig_IfaceNoLo               = bool(false)
	Default_NsJailConfig_MacvlanVsIp             = string("192.168.0.2")
	Default_NsJailConfig_MacvlanVsNm             = string("255.255.255.0")
	Default_NsJailConfig_MacvlanVsGw             = string("192.168.0.1")
	Default_NsJailConfig_MacvlanVsMa             = string("")
	Default_NsJailConfig_MacvlanVsMo             = string("private")
	Default_NsJailConfig_NiceLevel               = int32(19)
	Default_NsJailConfig_DisableTsc              = bool(false)
)

Default values for NsJailConfig fields.

View Source

const (
	Default_Exe_ExecFd = bool(false)
)

Default values for Exe fields.

Variables ¶

View Source

var (
	Mode_name = map[int32]string{
		0: "LISTEN",
		1: "ONCE",
		2: "RERUN",
		3: "EXECVE",
	}
	Mode_value = map[string]int32{
		"LISTEN": 0,
		"ONCE":   1,
		"RERUN":  2,
		"EXECVE": 3,
	}
)

Enum value maps for Mode.

View Source

var (
	LogLevel_name = map[int32]string{
		0: "DEBUG",
		1: "INFO",
		2: "WARNING",
		3: "ERROR",
		4: "FATAL",
	}
	LogLevel_value = map[string]int32{
		"DEBUG":   0,
		"INFO":    1,
		"WARNING": 2,
		"ERROR":   3,
		"FATAL":   4,
	}
)

Enum value maps for LogLevel.

View Source

var (
	RLimit_name = map[int32]string{
		0: "VALUE",
		1: "SOFT",
		2: "HARD",
		3: "INF",
	}
	RLimit_value = map[string]int32{
		"VALUE": 0,
		"SOFT":  1,
		"HARD":  2,
		"INF":   3,
	}
)

Enum value maps for RLimit.

View Source

var (
	Default_MountPt_SrcContent = []byte("")
)

Default values for MountPt fields.

View Source

var File_nsjail_config_proto protoreflect.FileDescriptor

Functions ¶

This section is empty.

Types ¶

type Exe ¶

type Exe struct {

	// Will be used both as execv's path and as argv[0]
	Path *string `protobuf:"bytes,1,req,name=path" json:"path,omitempty"`
	// This will be argv[1] and so on..
	Arg []string `protobuf:"bytes,2,rep,name=arg" json:"arg,omitempty"`
	// Override argv[0]
	Arg0 *string `protobuf:"bytes,3,opt,name=arg0" json:"arg0,omitempty"`
	// Should execveat() be used to execute a file-descriptor instead?
	ExecFd *bool `protobuf:"varint,4,opt,name=exec_fd,json=execFd,def=0" json:"exec_fd,omitempty"`
	// contains filtered or unexported fields
}

func (*Exe) Descriptor deprecated

func (*Exe) Descriptor() ([]byte, []int)

Deprecated: Use Exe.ProtoReflect.Descriptor instead.

func (*Exe) GetArg ¶

func (x *Exe) GetArg() []string

func (*Exe) GetArg0 ¶

func (x *Exe) GetArg0() string

func (*Exe) GetExecFd ¶

func (x *Exe) GetExecFd() bool

func (*Exe) GetPath ¶

func (x *Exe) GetPath() string

func (*Exe) ProtoMessage ¶

func (*Exe) ProtoMessage()

func (*Exe) ProtoReflect ¶ added in v0.0.12

func (x *Exe) ProtoReflect() protoreflect.Message

func (*Exe) Reset ¶

func (x *Exe) Reset()

func (*Exe) String ¶

func (x *Exe) String() string

type IdMap ¶

type IdMap struct {

	// Empty string means "current uid/gid"
	InsideId  *string `protobuf:"bytes,1,opt,name=inside_id,json=insideId,def=" json:"inside_id,omitempty"`
	OutsideId *string `protobuf:"bytes,2,opt,name=outside_id,json=outsideId,def=" json:"outside_id,omitempty"`
	// See 'man user_namespaces' for the meaning of count
	Count *uint32 `protobuf:"varint,3,opt,name=count,def=1" json:"count,omitempty"`
	// Does this map use /usr/bin/new[u|g]idmap binary?
	UseNewidmap *bool `protobuf:"varint,4,opt,name=use_newidmap,json=useNewidmap,def=0" json:"use_newidmap,omitempty"`
	// contains filtered or unexported fields
}

func (*IdMap) Descriptor deprecated

func (*IdMap) Descriptor() ([]byte, []int)

Deprecated: Use IdMap.ProtoReflect.Descriptor instead.

func (*IdMap) GetCount ¶

func (x *IdMap) GetCount() uint32

func (*IdMap) GetInsideId ¶

func (x *IdMap) GetInsideId() string

func (*IdMap) GetOutsideId ¶

func (x *IdMap) GetOutsideId() string

func (*IdMap) GetUseNewidmap ¶

func (x *IdMap) GetUseNewidmap() bool

func (*IdMap) ProtoMessage ¶

func (*IdMap) ProtoMessage()

func (*IdMap) ProtoReflect ¶ added in v0.0.12

func (x *IdMap) ProtoReflect() protoreflect.Message

func (*IdMap) Reset ¶

func (x *IdMap) Reset()

func (*IdMap) String ¶

func (x *IdMap) String() string

type LogLevel ¶

type LogLevel int32

Should be self explanatory

const (
	LogLevel_DEBUG   LogLevel = 0 // Equivalent to the '-v' cmd-line option
	LogLevel_INFO    LogLevel = 1 // Default level
	LogLevel_WARNING LogLevel = 2 // Equivalent to the '-q' cmd-line option
	LogLevel_ERROR   LogLevel = 3
	LogLevel_FATAL   LogLevel = 4
)

func (LogLevel) Descriptor ¶ added in v0.0.12

func (LogLevel) Descriptor() protoreflect.EnumDescriptor

func (LogLevel) Enum ¶

func (x LogLevel) Enum() *LogLevel

func (LogLevel) EnumDescriptor deprecated

func (LogLevel) EnumDescriptor() ([]byte, []int)

Deprecated: Use LogLevel.Descriptor instead.

func (LogLevel) Number ¶ added in v0.0.12

func (x LogLevel) Number() protoreflect.EnumNumber

func (LogLevel) String ¶

func (x LogLevel) String() string

func (LogLevel) Type ¶ added in v0.0.12

func (LogLevel) Type() protoreflect.EnumType

func (*LogLevel) UnmarshalJSON deprecated

func (x *LogLevel) UnmarshalJSON(b []byte) error

Deprecated: Do not use.

type Mode ¶

type Mode int32

const (
	Mode_LISTEN Mode = 0 // Listening on a TCP port
	Mode_ONCE   Mode = 1 // Running the command once only
	Mode_RERUN  Mode = 2 // Re-executing the command (forever)
	Mode_EXECVE Mode = 3 // Executing command w/o the supervisor
)

func (Mode) Descriptor ¶ added in v0.0.12

func (Mode) Descriptor() protoreflect.EnumDescriptor

func (Mode) Enum ¶

func (x Mode) Enum() *Mode

func (Mode) EnumDescriptor deprecated

func (Mode) EnumDescriptor() ([]byte, []int)

Deprecated: Use Mode.Descriptor instead.

func (Mode) Number ¶ added in v0.0.12

func (x Mode) Number() protoreflect.EnumNumber

func (Mode) String ¶

func (x Mode) String() string

func (Mode) Type ¶ added in v0.0.12

func (Mode) Type() protoreflect.EnumType

func (*Mode) UnmarshalJSON deprecated

func (x *Mode) UnmarshalJSON(b []byte) error

Deprecated: Do not use.

type MountPt ¶

type MountPt struct {

	// Can be skipped for filesystems like 'proc'
	Src *string `protobuf:"bytes,1,opt,name=src,def=" json:"src,omitempty"`
	// Should 'src' path be prefixed with this envar?
	PrefixSrcEnv *string `protobuf:"bytes,2,opt,name=prefix_src_env,json=prefixSrcEnv,def=" json:"prefix_src_env,omitempty"`
	// If specified, contains buffer that will be written to the dst file
	SrcContent []byte `protobuf:"bytes,3,opt,name=src_content,json=srcContent,def=" json:"src_content,omitempty"`
	// Mount point inside jail
	Dst *string `protobuf:"bytes,4,req,name=dst,def=" json:"dst,omitempty"`
	// Should 'dst' path be prefixed with this envar?
	PrefixDstEnv *string `protobuf:"bytes,5,opt,name=prefix_dst_env,json=prefixDstEnv,def=" json:"prefix_dst_env,omitempty"`
	// Can be empty for mount --bind mounts
	Fstype *string `protobuf:"bytes,6,opt,name=fstype,def=" json:"fstype,omitempty"`
	// E.g. size=5000000 for 'tmpfs'
	Options *string `protobuf:"bytes,7,opt,name=options,def=" json:"options,omitempty"`
	// Is it a 'mount --bind src dst' type of mount?
	IsBind *bool `protobuf:"varint,8,opt,name=is_bind,json=isBind,def=0" json:"is_bind,omitempty"`
	// Is it a R/W mount?
	Rw *bool `protobuf:"varint,9,opt,name=rw,def=0" json:"rw,omitempty"`
	// Is it a directory? If not specified an internal
	// heuristics will be used to determine that
	IsDir *bool `protobuf:"varint,10,opt,name=is_dir,json=isDir" json:"is_dir,omitempty"`
	// Should the sandboxing fail if we cannot mount this resource?
	Mandatory *bool `protobuf:"varint,11,opt,name=mandatory,def=1" json:"mandatory,omitempty"`
	// Is it a symlink (instead of real mount point)?
	IsSymlink *bool `protobuf:"varint,12,opt,name=is_symlink,json=isSymlink,def=0" json:"is_symlink,omitempty"`
	// Is it a nosuid mount
	Nosuid *bool `protobuf:"varint,13,opt,name=nosuid,def=0" json:"nosuid,omitempty"`
	// Is it a nodev mount
	Nodev *bool `protobuf:"varint,14,opt,name=nodev,def=0" json:"nodev,omitempty"`
	// Is it a noexec mount
	Noexec *bool `protobuf:"varint,15,opt,name=noexec,def=0" json:"noexec,omitempty"`
	// contains filtered or unexported fields
}

func (*MountPt) Descriptor deprecated

func (*MountPt) Descriptor() ([]byte, []int)

Deprecated: Use MountPt.ProtoReflect.Descriptor instead.

func (*MountPt) GetDst ¶

func (x *MountPt) GetDst() string

func (*MountPt) GetFstype ¶

func (x *MountPt) GetFstype() string

func (*MountPt) GetIsBind ¶

func (x *MountPt) GetIsBind() bool

func (*MountPt) GetIsDir ¶

func (x *MountPt) GetIsDir() bool

func (*MountPt) GetIsSymlink ¶

func (x *MountPt) GetIsSymlink() bool

func (*MountPt) GetMandatory ¶

func (x *MountPt) GetMandatory() bool

func (*MountPt) GetNodev ¶

func (x *MountPt) GetNodev() bool

func (*MountPt) GetNoexec ¶

func (x *MountPt) GetNoexec() bool

func (*MountPt) GetNosuid ¶

func (x *MountPt) GetNosuid() bool

func (*MountPt) GetOptions ¶

func (x *MountPt) GetOptions() string

func (*MountPt) GetPrefixDstEnv ¶

func (x *MountPt) GetPrefixDstEnv() string

func (*MountPt) GetPrefixSrcEnv ¶

func (x *MountPt) GetPrefixSrcEnv() string

func (*MountPt) GetRw ¶

func (x *MountPt) GetRw() bool

func (*MountPt) GetSrc ¶

func (x *MountPt) GetSrc() string

func (*MountPt) GetSrcContent ¶

func (x *MountPt) GetSrcContent() []byte

func (*MountPt) ProtoMessage ¶

func (*MountPt) ProtoMessage()

func (*MountPt) ProtoReflect ¶ added in v0.0.12

func (x *MountPt) ProtoReflect() protoreflect.Message

func (*MountPt) Reset ¶

func (x *MountPt) Reset()

func (*MountPt) String ¶

func (x *MountPt) String() string

type NsJailConfig ¶

type NsJailConfig struct {

	// Optional name and description for this config
	Name        *string  `protobuf:"bytes,1,opt,name=name,def=" json:"name,omitempty"`
	Description []string `protobuf:"bytes,2,rep,name=description" json:"description,omitempty"`
	// Execution mode: see 'msg Mode' description for more
	Mode *Mode `protobuf:"varint,3,opt,name=mode,enum=nsjail.Mode,def=1" json:"mode,omitempty"`
	// Hostname inside jail
	Hostname *string `protobuf:"bytes,4,opt,name=hostname,def=NSJAIL" json:"hostname,omitempty"`
	// Initial current working directory for the binary
	Cwd *string `protobuf:"bytes,5,opt,name=cwd,def=/" json:"cwd,omitempty"`
	// Defines whether to use switch_root or pivot_root
	NoPivotroot *bool `protobuf:"varint,6,opt,name=no_pivotroot,json=noPivotroot,def=0" json:"no_pivotroot,omitempty"`
	// TCP port to listen to. Valid with mode=LISTEN only
	Port *uint32 `protobuf:"varint,7,opt,name=port,def=0" json:"port,omitempty"`
	// Host to bind to for mode=LISTEN. Must be in IPv6 format
	Bindhost *string `protobuf:"bytes,8,opt,name=bindhost,def=::" json:"bindhost,omitempty"`
	// For mode=LISTEN, maximum number of connections across all IPs
	MaxConns *uint32 `protobuf:"varint,9,opt,name=max_conns,json=maxConns,def=0" json:"max_conns,omitempty"`
	// For mode=LISTEN, maximum number of connections from a single IP
	MaxConnsPerIp *uint32 `protobuf:"varint,10,opt,name=max_conns_per_ip,json=maxConnsPerIp,def=0" json:"max_conns_per_ip,omitempty"`
	// Wall-time time limit for commands
	TimeLimit *uint32 `protobuf:"varint,11,opt,name=time_limit,json=timeLimit,def=600" json:"time_limit,omitempty"`
	// Should nsjail go into background?
	Daemon *bool `protobuf:"varint,12,opt,name=daemon,def=0" json:"daemon,omitempty"`
	// Maximum number of CPUs to use: 0 - no limit
	MaxCpus *uint32 `protobuf:"varint,13,opt,name=max_cpus,json=maxCpus,def=0" json:"max_cpus,omitempty"`
	// FD to log to.
	LogFd *int32 `protobuf:"varint,14,opt,name=log_fd,json=logFd" json:"log_fd,omitempty"`
	// File to save logs to.
	LogFile *string `protobuf:"bytes,15,opt,name=log_file,json=logFile" json:"log_file,omitempty"`
	// Minimum log level displayed.
	// See 'msg LogLevel' description for more
	LogLevel *LogLevel `protobuf:"varint,16,opt,name=log_level,json=logLevel,enum=nsjail.LogLevel" json:"log_level,omitempty"`
	// Should the current environment variables be kept
	// when executing the binary
	KeepEnv *bool `protobuf:"varint,17,opt,name=keep_env,json=keepEnv,def=0" json:"keep_env,omitempty"`
	// EnvVars to be set before executing binaries. If the envar doesn't contain '='
	// (e.g. just the 'DISPLAY' string), the current envar value will be used
	Envar []string `protobuf:"bytes,18,rep,name=envar" json:"envar,omitempty"`
	// Should capabilities be preserved or dropped
	KeepCaps *bool `protobuf:"varint,19,opt,name=keep_caps,json=keepCaps,def=0" json:"keep_caps,omitempty"`
	// Which capabilities should be preserved if keep_caps == false.
	// Format: "CAP_SYS_PTRACE"
	Cap []string `protobuf:"bytes,20,rep,name=cap" json:"cap,omitempty"`
	// Should nsjail close FD=0,1,2 before executing the process
	Silent *bool `protobuf:"varint,21,opt,name=silent,def=0" json:"silent,omitempty"`
	// Should the child process have control over terminal?
	// Can be useful to allow /bin/sh to provide
	// job control / signals. Dangerous, can be used to put
	// characters into the controlling terminal back
	SkipSetsid *bool `protobuf:"varint,22,opt,name=skip_setsid,json=skipSetsid,def=0" json:"skip_setsid,omitempty"`
	// Redirect sdterr of the process to /dev/null instead of the socket or original TTY
	StderrToNull *bool `protobuf:"varint,23,opt,name=stderr_to_null,json=stderrToNull,def=0" json:"stderr_to_null,omitempty"`
	// Which FDs should be passed to the newly executed process
	// By default only FD=0,1,2 are passed
	PassFd []int32 `protobuf:"varint,24,rep,name=pass_fd,json=passFd" json:"pass_fd,omitempty"`
	// Setting it to true will allow to have set-uid binaries
	// inside the jail
	DisableNoNewPrivs *bool `protobuf:"varint,25,opt,name=disable_no_new_privs,json=disableNoNewPrivs,def=0" json:"disable_no_new_privs,omitempty"`
	// Various rlimits, the rlimit_as/rlimit_core/... are used only if
	// rlimit_as_type/rlimit_core_type/... are set to RLimit::VALUE
	RlimitAs         *uint64 `protobuf:"varint,26,opt,name=rlimit_as,json=rlimitAs,def=4096" json:"rlimit_as,omitempty"` // In MiB
	RlimitAsType     *RLimit `protobuf:"varint,27,opt,name=rlimit_as_type,json=rlimitAsType,enum=nsjail.RLimit,def=0" json:"rlimit_as_type,omitempty"`
	RlimitCore       *uint64 `protobuf:"varint,28,opt,name=rlimit_core,json=rlimitCore,def=0" json:"rlimit_core,omitempty"` // In MiB
	RlimitCoreType   *RLimit `protobuf:"varint,29,opt,name=rlimit_core_type,json=rlimitCoreType,enum=nsjail.RLimit,def=0" json:"rlimit_core_type,omitempty"`
	RlimitCpu        *uint64 `protobuf:"varint,30,opt,name=rlimit_cpu,json=rlimitCpu,def=600" json:"rlimit_cpu,omitempty"` // In seconds
	RlimitCpuType    *RLimit `protobuf:"varint,31,opt,name=rlimit_cpu_type,json=rlimitCpuType,enum=nsjail.RLimit,def=0" json:"rlimit_cpu_type,omitempty"`
	RlimitFsize      *uint64 `protobuf:"varint,32,opt,name=rlimit_fsize,json=rlimitFsize,def=1" json:"rlimit_fsize,omitempty"` // In MiB
	RlimitFsizeType  *RLimit ``                                                                                                /* 128-byte string literal not displayed */
	RlimitNofile     *uint64 `protobuf:"varint,34,opt,name=rlimit_nofile,json=rlimitNofile,def=32" json:"rlimit_nofile,omitempty"`
	RlimitNofileType *RLimit `` /* 131-byte string literal not displayed */
	// RLIMIT_NPROC is system-wide - tricky to use; use the soft limit value by
	// default here
	RlimitNproc     *uint64 `protobuf:"varint,36,opt,name=rlimit_nproc,json=rlimitNproc,def=1024" json:"rlimit_nproc,omitempty"`
	RlimitNprocType *RLimit `` /* 128-byte string literal not displayed */
	// In MiB, use the soft limit value by default
	RlimitStack     *uint64 `protobuf:"varint,38,opt,name=rlimit_stack,json=rlimitStack,def=8" json:"rlimit_stack,omitempty"`
	RlimitStackType *RLimit `` /* 128-byte string literal not displayed */
	// In KB, use the soft limit value by default
	RlimitMemlock      *uint64 `protobuf:"varint,40,opt,name=rlimit_memlock,json=rlimitMemlock,def=64" json:"rlimit_memlock,omitempty"`
	RlimitMemlockType  *RLimit `` /* 134-byte string literal not displayed */
	RlimitRtprio       *uint64 `protobuf:"varint,42,opt,name=rlimit_rtprio,json=rlimitRtprio,def=0" json:"rlimit_rtprio,omitempty"`
	RlimitRtprioType   *RLimit ``                                                                                                            /* 131-byte string literal not displayed */
	RlimitMsgqueue     *uint64 `protobuf:"varint,44,opt,name=rlimit_msgqueue,json=rlimitMsgqueue,def=1024" json:"rlimit_msgqueue,omitempty"` // In bytes
	RlimitMsgqueueType *RLimit ``                                                                                                            /* 137-byte string literal not displayed */
	// Disable all rlimits, default to limits set by parent
	DisableRl *bool `protobuf:"varint,46,opt,name=disable_rl,json=disableRl,def=0" json:"disable_rl,omitempty"`
	// See 'man personality' for more
	PersonaAddrCompatLayout *bool `` /* 135-byte string literal not displayed */
	PersonaMmapPageZero     *bool `protobuf:"varint,48,opt,name=persona_mmap_page_zero,json=personaMmapPageZero,def=0" json:"persona_mmap_page_zero,omitempty"`
	PersonaReadImpliesExec  *bool `` /* 132-byte string literal not displayed */
	PersonaAddrLimit_3Gb    *bool `protobuf:"varint,50,opt,name=persona_addr_limit_3gb,json=personaAddrLimit3gb,def=0" json:"persona_addr_limit_3gb,omitempty"`
	PersonaAddrNoRandomize  *bool `` /* 132-byte string literal not displayed */
	// Which name-spaces should be used?
	CloneNewnet  *bool `protobuf:"varint,52,opt,name=clone_newnet,json=cloneNewnet,def=1" json:"clone_newnet,omitempty"`
	CloneNewuser *bool `protobuf:"varint,53,opt,name=clone_newuser,json=cloneNewuser,def=1" json:"clone_newuser,omitempty"`
	CloneNewns   *bool `protobuf:"varint,54,opt,name=clone_newns,json=cloneNewns,def=1" json:"clone_newns,omitempty"`
	CloneNewpid  *bool `protobuf:"varint,55,opt,name=clone_newpid,json=cloneNewpid,def=1" json:"clone_newpid,omitempty"`
	CloneNewipc  *bool `protobuf:"varint,56,opt,name=clone_newipc,json=cloneNewipc,def=1" json:"clone_newipc,omitempty"`
	CloneNewuts  *bool `protobuf:"varint,57,opt,name=clone_newuts,json=cloneNewuts,def=1" json:"clone_newuts,omitempty"`
	// Disable for kernel versions < 4.6 as it's not supported there
	CloneNewcgroup *bool `protobuf:"varint,58,opt,name=clone_newcgroup,json=cloneNewcgroup,def=1" json:"clone_newcgroup,omitempty"`
	// Supported with kernel versions >= 5.3
	CloneNewtime *bool `protobuf:"varint,59,opt,name=clone_newtime,json=cloneNewtime,def=0" json:"clone_newtime,omitempty"`
	// Mappings for UIDs and GIDs. See the description for 'msg IdMap'
	// for more
	Uidmap []*IdMap `protobuf:"bytes,60,rep,name=uidmap" json:"uidmap,omitempty"`
	Gidmap []*IdMap `protobuf:"bytes,61,rep,name=gidmap" json:"gidmap,omitempty"`
	// Should /proc be mounted (R/O)? This can also be added in the 'mount'
	// section below
	MountProc *bool `protobuf:"varint,62,opt,name=mount_proc,json=mountProc,def=0" json:"mount_proc,omitempty"`
	// Mount points inside the jail. See the description for 'msg MountPt'
	// for more
	Mount []*MountPt `protobuf:"bytes,63,rep,name=mount" json:"mount,omitempty"`
	// Kafel seccomp-bpf policy file or a string:
	// Homepage of the project: https://github.com/google/kafel
	SeccompPolicyFile *string  `protobuf:"bytes,64,opt,name=seccomp_policy_file,json=seccompPolicyFile" json:"seccomp_policy_file,omitempty"`
	SeccompString     []string `protobuf:"bytes,65,rep,name=seccomp_string,json=seccompString" json:"seccomp_string,omitempty"`
	// Setting it to true makes audit write seccomp logs to dmesg
	SeccompLog *bool `protobuf:"varint,66,opt,name=seccomp_log,json=seccompLog,def=0" json:"seccomp_log,omitempty"`
	// If > 0, maximum cumulative size of RAM used inside any jail
	CgroupMemMax *uint64 `protobuf:"varint,67,opt,name=cgroup_mem_max,json=cgroupMemMax,def=0" json:"cgroup_mem_max,omitempty"` // In bytes
	// If > 0, maximum cumulative size of RAM + swap used inside any jail
	CgroupMemMemswMax *uint64 `protobuf:"varint,91,opt,name=cgroup_mem_memsw_max,json=cgroupMemMemswMax,def=0" json:"cgroup_mem_memsw_max,omitempty"` // In bytes
	// If >= 0, maximum cumulative size of swap used inside any jail
	CgroupMemSwapMax *int64 `protobuf:"varint,92,opt,name=cgroup_mem_swap_max,json=cgroupMemSwapMax,def=-1" json:"cgroup_mem_swap_max,omitempty"` // In bytes
	// Mount point for cgroups-memory in your system
	CgroupMemMount *string `protobuf:"bytes,68,opt,name=cgroup_mem_mount,json=cgroupMemMount,def=/sys/fs/cgroup/memory" json:"cgroup_mem_mount,omitempty"`
	// Writeable directory (for the nsjail user) under cgroup_mem_mount
	CgroupMemParent *string `protobuf:"bytes,69,opt,name=cgroup_mem_parent,json=cgroupMemParent,def=NSJAIL" json:"cgroup_mem_parent,omitempty"`
	// If > 0, maximum number of PIDs (threads/processes) inside jail
	CgroupPidsMax *uint64 `protobuf:"varint,70,opt,name=cgroup_pids_max,json=cgroupPidsMax,def=0" json:"cgroup_pids_max,omitempty"`
	// Mount point for cgroups-pids in your system
	CgroupPidsMount *string `` /* 126-byte string literal not displayed */
	// Writeable directory (for the nsjail user) under cgroup_pids_mount
	CgroupPidsParent *string `protobuf:"bytes,72,opt,name=cgroup_pids_parent,json=cgroupPidsParent,def=NSJAIL" json:"cgroup_pids_parent,omitempty"`
	// If > 0, Class identifier of network packets inside jail
	CgroupNetClsClassid *uint32 `protobuf:"varint,73,opt,name=cgroup_net_cls_classid,json=cgroupNetClsClassid,def=0" json:"cgroup_net_cls_classid,omitempty"`
	// Mount point for cgroups-net-cls in your system
	CgroupNetClsMount *string `` /* 137-byte string literal not displayed */
	// Writeable directory (for the nsjail user) under cgroup_net_mount
	CgroupNetClsParent *string `protobuf:"bytes,75,opt,name=cgroup_net_cls_parent,json=cgroupNetClsParent,def=NSJAIL" json:"cgroup_net_cls_parent,omitempty"`
	// If > 0, number of milliseconds of CPU time per second that jailed processes can use
	CgroupCpuMsPerSec *uint32 `protobuf:"varint,76,opt,name=cgroup_cpu_ms_per_sec,json=cgroupCpuMsPerSec,def=0" json:"cgroup_cpu_ms_per_sec,omitempty"`
	// Mount point for cgroups-cpu in your system
	CgroupCpuMount *string `protobuf:"bytes,77,opt,name=cgroup_cpu_mount,json=cgroupCpuMount,def=/sys/fs/cgroup/cpu" json:"cgroup_cpu_mount,omitempty"`
	// Writeable directory (for the nsjail user) under cgroup_cpu_mount
	CgroupCpuParent *string `protobuf:"bytes,78,opt,name=cgroup_cpu_parent,json=cgroupCpuParent,def=NSJAIL" json:"cgroup_cpu_parent,omitempty"`
	// Mount point for cgroup v2 in your system
	Cgroupv2Mount *string `protobuf:"bytes,79,opt,name=cgroupv2_mount,json=cgroupv2Mount,def=/sys/fs/cgroup" json:"cgroupv2_mount,omitempty"`
	// Use cgroup v2
	UseCgroupv2 *bool `protobuf:"varint,80,opt,name=use_cgroupv2,json=useCgroupv2,def=0" json:"use_cgroupv2,omitempty"`
	// Should the 'lo' interface be brought up (active) inside this jail?
	IfaceNoLo *bool `protobuf:"varint,81,opt,name=iface_no_lo,json=ifaceNoLo,def=0" json:"iface_no_lo,omitempty"`
	// Put this interface inside the jail
	IfaceOwn []string `protobuf:"bytes,82,rep,name=iface_own,json=ifaceOwn" json:"iface_own,omitempty"`
	// Parameters for the cloned MACVLAN interface inside jail
	MacvlanIface *string `protobuf:"bytes,83,opt,name=macvlan_iface,json=macvlanIface" json:"macvlan_iface,omitempty"` // Interface to be cloned, eg 'eth0'
	MacvlanVsIp  *string `protobuf:"bytes,84,opt,name=macvlan_vs_ip,json=macvlanVsIp,def=192.168.0.2" json:"macvlan_vs_ip,omitempty"`
	MacvlanVsNm  *string `protobuf:"bytes,85,opt,name=macvlan_vs_nm,json=macvlanVsNm,def=255.255.255.0" json:"macvlan_vs_nm,omitempty"`
	MacvlanVsGw  *string `protobuf:"bytes,86,opt,name=macvlan_vs_gw,json=macvlanVsGw,def=192.168.0.1" json:"macvlan_vs_gw,omitempty"`
	MacvlanVsMa  *string `protobuf:"bytes,87,opt,name=macvlan_vs_ma,json=macvlanVsMa,def=" json:"macvlan_vs_ma,omitempty"`
	MacvlanVsMo  *string `protobuf:"bytes,88,opt,name=macvlan_vs_mo,json=macvlanVsMo,def=private" json:"macvlan_vs_mo,omitempty"`
	// Niceness level of the jailed process
	NiceLevel *int32 `protobuf:"varint,89,opt,name=nice_level,json=niceLevel,def=19" json:"nice_level,omitempty"`
	// Binary path (with arguments) to be executed. If not specified here, it
	// can be specified with cmd-line as "-- /path/to/command arg1 arg2"
	ExecBin    *Exe  `protobuf:"bytes,90,opt,name=exec_bin,json=execBin" json:"exec_bin,omitempty"`
	DisableTsc *bool `protobuf:"varint,93,opt,name=disable_tsc,json=disableTsc,def=0" json:"disable_tsc,omitempty"`
	// contains filtered or unexported fields
}

func (*NsJailConfig) Descriptor deprecated

func (*NsJailConfig) Descriptor() ([]byte, []int)

Deprecated: Use NsJailConfig.ProtoReflect.Descriptor instead.

func (*NsJailConfig) GetBindhost ¶

func (x *NsJailConfig) GetBindhost() string

func (*NsJailConfig) GetCap ¶

func (x *NsJailConfig) GetCap() []string

func (*NsJailConfig) GetCgroupCpuMount ¶

func (x *NsJailConfig) GetCgroupCpuMount() string

func (*NsJailConfig) GetCgroupCpuMsPerSec ¶

func (x *NsJailConfig) GetCgroupCpuMsPerSec() uint32

func (*NsJailConfig) GetCgroupCpuParent ¶

func (x *NsJailConfig) GetCgroupCpuParent() string

func (*NsJailConfig) GetCgroupMemMax ¶

func (x *NsJailConfig) GetCgroupMemMax() uint64

func (*NsJailConfig) GetCgroupMemMemswMax ¶ added in v0.0.25

func (x *NsJailConfig) GetCgroupMemMemswMax() uint64

func (*NsJailConfig) GetCgroupMemMount ¶

func (x *NsJailConfig) GetCgroupMemMount() string

func (*NsJailConfig) GetCgroupMemParent ¶

func (x *NsJailConfig) GetCgroupMemParent() string

func (*NsJailConfig) GetCgroupMemSwapMax ¶ added in v0.0.25

func (x *NsJailConfig) GetCgroupMemSwapMax() int64

func (*NsJailConfig) GetCgroupNetClsClassid ¶

func (x *NsJailConfig) GetCgroupNetClsClassid() uint32

func (*NsJailConfig) GetCgroupNetClsMount ¶

func (x *NsJailConfig) GetCgroupNetClsMount() string

func (*NsJailConfig) GetCgroupNetClsParent ¶

func (x *NsJailConfig) GetCgroupNetClsParent() string

func (*NsJailConfig) GetCgroupPidsMax ¶

func (x *NsJailConfig) GetCgroupPidsMax() uint64

func (*NsJailConfig) GetCgroupPidsMount ¶

func (x *NsJailConfig) GetCgroupPidsMount() string

func (*NsJailConfig) GetCgroupPidsParent ¶

func (x *NsJailConfig) GetCgroupPidsParent() string

func (*NsJailConfig) GetCgroupv2Mount ¶ added in v0.0.25

func (x *NsJailConfig) GetCgroupv2Mount() string

func (*NsJailConfig) GetCloneNewcgroup ¶

func (x *NsJailConfig) GetCloneNewcgroup() bool

func (*NsJailConfig) GetCloneNewipc ¶

func (x *NsJailConfig) GetCloneNewipc() bool

func (*NsJailConfig) GetCloneNewnet ¶

func (x *NsJailConfig) GetCloneNewnet() bool

func (*NsJailConfig) GetCloneNewns ¶

func (x *NsJailConfig) GetCloneNewns() bool

func (*NsJailConfig) GetCloneNewpid ¶

func (x *NsJailConfig) GetCloneNewpid() bool

func (*NsJailConfig) GetCloneNewtime ¶ added in v0.0.25

func (x *NsJailConfig) GetCloneNewtime() bool

func (*NsJailConfig) GetCloneNewuser ¶

func (x *NsJailConfig) GetCloneNewuser() bool

func (*NsJailConfig) GetCloneNewuts ¶

func (x *NsJailConfig) GetCloneNewuts() bool

func (*NsJailConfig) GetCwd ¶

func (x *NsJailConfig) GetCwd() string

func (*NsJailConfig) GetDaemon ¶

func (x *NsJailConfig) GetDaemon() bool

func (*NsJailConfig) GetDescription ¶

func (x *NsJailConfig) GetDescription() []string

func (*NsJailConfig) GetDisableNoNewPrivs ¶

func (x *NsJailConfig) GetDisableNoNewPrivs() bool

func (*NsJailConfig) GetDisableRl ¶ added in v0.0.25

func (x *NsJailConfig) GetDisableRl() bool

func (*NsJailConfig) GetDisableTsc ¶ added in v0.0.25

func (x *NsJailConfig) GetDisableTsc() bool

func (*NsJailConfig) GetEnvar ¶

func (x *NsJailConfig) GetEnvar() []string

func (*NsJailConfig) GetExecBin ¶

func (x *NsJailConfig) GetExecBin() *Exe

func (*NsJailConfig) GetGidmap ¶

func (x *NsJailConfig) GetGidmap() []*IdMap

func (*NsJailConfig) GetHostname ¶

func (x *NsJailConfig) GetHostname() string

func (*NsJailConfig) GetIfaceNoLo ¶

func (x *NsJailConfig) GetIfaceNoLo() bool

func (*NsJailConfig) GetIfaceOwn ¶

func (x *NsJailConfig) GetIfaceOwn() []string

func (*NsJailConfig) GetKeepCaps ¶

func (x *NsJailConfig) GetKeepCaps() bool

func (*NsJailConfig) GetKeepEnv ¶

func (x *NsJailConfig) GetKeepEnv() bool

func (*NsJailConfig) GetLogFd ¶

func (x *NsJailConfig) GetLogFd() int32

func (*NsJailConfig) GetLogFile ¶

func (x *NsJailConfig) GetLogFile() string

func (*NsJailConfig) GetLogLevel ¶

func (x *NsJailConfig) GetLogLevel() LogLevel

func (*NsJailConfig) GetMacvlanIface ¶

func (x *NsJailConfig) GetMacvlanIface() string

func (*NsJailConfig) GetMacvlanVsGw ¶

func (x *NsJailConfig) GetMacvlanVsGw() string

func (*NsJailConfig) GetMacvlanVsIp ¶

func (x *NsJailConfig) GetMacvlanVsIp() string

func (*NsJailConfig) GetMacvlanVsMa ¶

func (x *NsJailConfig) GetMacvlanVsMa() string

func (*NsJailConfig) GetMacvlanVsMo ¶ added in v0.0.25

func (x *NsJailConfig) GetMacvlanVsMo() string

func (*NsJailConfig) GetMacvlanVsNm ¶

func (x *NsJailConfig) GetMacvlanVsNm() string

func (*NsJailConfig) GetMaxConns ¶ added in v0.0.25

func (x *NsJailConfig) GetMaxConns() uint32

func (*NsJailConfig) GetMaxConnsPerIp ¶

func (x *NsJailConfig) GetMaxConnsPerIp() uint32

func (*NsJailConfig) GetMaxCpus ¶

func (x *NsJailConfig) GetMaxCpus() uint32

func (*NsJailConfig) GetMode ¶

func (x *NsJailConfig) GetMode() Mode

func (*NsJailConfig) GetMount ¶

func (x *NsJailConfig) GetMount() []*MountPt

func (*NsJailConfig) GetMountProc ¶

func (x *NsJailConfig) GetMountProc() bool

func (*NsJailConfig) GetName ¶

func (x *NsJailConfig) GetName() string

func (*NsJailConfig) GetNiceLevel ¶ added in v0.0.25

func (x *NsJailConfig) GetNiceLevel() int32

func (*NsJailConfig) GetNoPivotroot ¶ added in v0.0.25

func (x *NsJailConfig) GetNoPivotroot() bool

func (*NsJailConfig) GetPassFd ¶

func (x *NsJailConfig) GetPassFd() []int32

func (*NsJailConfig) GetPersonaAddrCompatLayout ¶

func (x *NsJailConfig) GetPersonaAddrCompatLayout() bool

func (*NsJailConfig) GetPersonaAddrLimit_3Gb ¶

func (x *NsJailConfig) GetPersonaAddrLimit_3Gb() bool

func (*NsJailConfig) GetPersonaAddrNoRandomize ¶

func (x *NsJailConfig) GetPersonaAddrNoRandomize() bool

func (*NsJailConfig) GetPersonaMmapPageZero ¶

func (x *NsJailConfig) GetPersonaMmapPageZero() bool

func (*NsJailConfig) GetPersonaReadImpliesExec ¶

func (x *NsJailConfig) GetPersonaReadImpliesExec() bool

func (*NsJailConfig) GetPort ¶

func (x *NsJailConfig) GetPort() uint32

func (*NsJailConfig) GetRlimitAs ¶

func (x *NsJailConfig) GetRlimitAs() uint64

func (*NsJailConfig) GetRlimitAsType ¶

func (x *NsJailConfig) GetRlimitAsType() RLimit

func (*NsJailConfig) GetRlimitCore ¶

func (x *NsJailConfig) GetRlimitCore() uint64

func (*NsJailConfig) GetRlimitCoreType ¶

func (x *NsJailConfig) GetRlimitCoreType() RLimit

func (*NsJailConfig) GetRlimitCpu ¶

func (x *NsJailConfig) GetRlimitCpu() uint64

func (*NsJailConfig) GetRlimitCpuType ¶

func (x *NsJailConfig) GetRlimitCpuType() RLimit

func (*NsJailConfig) GetRlimitFsize ¶

func (x *NsJailConfig) GetRlimitFsize() uint64

func (*NsJailConfig) GetRlimitFsizeType ¶

func (x *NsJailConfig) GetRlimitFsizeType() RLimit

func (*NsJailConfig) GetRlimitMemlock ¶ added in v0.0.25

func (x *NsJailConfig) GetRlimitMemlock() uint64

func (*NsJailConfig) GetRlimitMemlockType ¶ added in v0.0.25

func (x *NsJailConfig) GetRlimitMemlockType() RLimit

func (*NsJailConfig) GetRlimitMsgqueue ¶ added in v0.0.25

func (x *NsJailConfig) GetRlimitMsgqueue() uint64

func (*NsJailConfig) GetRlimitMsgqueueType ¶ added in v0.0.25

func (x *NsJailConfig) GetRlimitMsgqueueType() RLimit

func (*NsJailConfig) GetRlimitNofile ¶

func (x *NsJailConfig) GetRlimitNofile() uint64

func (*NsJailConfig) GetRlimitNofileType ¶

func (x *NsJailConfig) GetRlimitNofileType() RLimit

func (*NsJailConfig) GetRlimitNproc ¶

func (x *NsJailConfig) GetRlimitNproc() uint64

func (*NsJailConfig) GetRlimitNprocType ¶

func (x *NsJailConfig) GetRlimitNprocType() RLimit

func (*NsJailConfig) GetRlimitRtprio ¶ added in v0.0.25

func (x *NsJailConfig) GetRlimitRtprio() uint64

func (*NsJailConfig) GetRlimitRtprioType ¶ added in v0.0.25

func (x *NsJailConfig) GetRlimitRtprioType() RLimit

func (*NsJailConfig) GetRlimitStack ¶

func (x *NsJailConfig) GetRlimitStack() uint64

func (*NsJailConfig) GetRlimitStackType ¶

func (x *NsJailConfig) GetRlimitStackType() RLimit

func (*NsJailConfig) GetSeccompLog ¶

func (x *NsJailConfig) GetSeccompLog() bool

func (*NsJailConfig) GetSeccompPolicyFile ¶

func (x *NsJailConfig) GetSeccompPolicyFile() string

func (*NsJailConfig) GetSeccompString ¶

func (x *NsJailConfig) GetSeccompString() []string

func (*NsJailConfig) GetSilent ¶

func (x *NsJailConfig) GetSilent() bool

func (*NsJailConfig) GetSkipSetsid ¶

func (x *NsJailConfig) GetSkipSetsid() bool

func (*NsJailConfig) GetStderrToNull ¶

func (x *NsJailConfig) GetStderrToNull() bool

func (*NsJailConfig) GetTimeLimit ¶

func (x *NsJailConfig) GetTimeLimit() uint32

func (*NsJailConfig) GetUidmap ¶

func (x *NsJailConfig) GetUidmap() []*IdMap

func (*NsJailConfig) GetUseCgroupv2 ¶ added in v0.0.25

func (x *NsJailConfig) GetUseCgroupv2() bool

func (*NsJailConfig) ProtoMessage ¶

func (*NsJailConfig) ProtoMessage()

func (*NsJailConfig) ProtoReflect ¶ added in v0.0.12

func (x *NsJailConfig) ProtoReflect() protoreflect.Message

func (*NsJailConfig) Reset ¶

func (x *NsJailConfig) Reset()

func (*NsJailConfig) String ¶

func (x *NsJailConfig) String() string

type RLimit ¶

type RLimit int32

const (
	RLimit_VALUE RLimit = 0 // Use the provided value
	RLimit_SOFT  RLimit = 1 // Use the current soft rlimit
	RLimit_HARD  RLimit = 2 // Use the current hard rlimit
	RLimit_INF   RLimit = 3 // Use RLIM64_INFINITY
)

func (RLimit) Descriptor ¶ added in v0.0.12

func (RLimit) Descriptor() protoreflect.EnumDescriptor

func (RLimit) Enum ¶

func (x RLimit) Enum() *RLimit

func (RLimit) EnumDescriptor deprecated

func (RLimit) EnumDescriptor() ([]byte, []int)

Deprecated: Use RLimit.Descriptor instead.

func (RLimit) Number ¶ added in v0.0.12

func (x RLimit) Number() protoreflect.EnumNumber

func (RLimit) String ¶

func (x RLimit) String() string

func (RLimit) Type ¶ added in v0.0.12

func (RLimit) Type() protoreflect.EnumType

func (*RLimit) UnmarshalJSON deprecated

func (x *RLimit) UnmarshalJSON(b []byte) error

Deprecated: Do not use.

Source Files ¶

View all Source files

config.pb.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL