blob: b7c0187b96bade4442ffca5445893ca25944d58a [file] [log] [blame]
// Code generated by protoc-gen-go. DO NOT EDIT.
// source: nsjail/config.proto
package nsjail
import (
fmt "fmt"
proto ""
math "math"
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package
type Mode int32
const (
Mode_LISTEN Mode = 0
Mode_ONCE Mode = 1
Mode_RERUN Mode = 2
Mode_EXECVE Mode = 3
var Mode_name = map[int32]string{
0: "LISTEN",
1: "ONCE",
2: "RERUN",
3: "EXECVE",
var Mode_value = map[string]int32{
"LISTEN": 0,
"ONCE": 1,
"RERUN": 2,
"EXECVE": 3,
func (x Mode) Enum() *Mode {
p := new(Mode)
*p = x
return p
func (x Mode) String() string {
return proto.EnumName(Mode_name, int32(x))
func (x *Mode) UnmarshalJSON(data []byte) error {
value, err := proto.UnmarshalJSONEnum(Mode_value, data, "Mode")
if err != nil {
return err
*x = Mode(value)
return nil
func (Mode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_82b7e3129c410694, []int{0}
// Should be self explanatory
type LogLevel int32
const (
LogLevel_DEBUG LogLevel = 0
LogLevel_INFO LogLevel = 1
LogLevel_WARNING LogLevel = 2
LogLevel_ERROR LogLevel = 3
LogLevel_FATAL LogLevel = 4
var LogLevel_name = map[int32]string{
0: "DEBUG",
1: "INFO",
3: "ERROR",
4: "FATAL",
var LogLevel_value = map[string]int32{
"DEBUG": 0,
"INFO": 1,
"ERROR": 3,
"FATAL": 4,
func (x LogLevel) Enum() *LogLevel {
p := new(LogLevel)
*p = x
return p
func (x LogLevel) String() string {
return proto.EnumName(LogLevel_name, int32(x))
func (x *LogLevel) UnmarshalJSON(data []byte) error {
value, err := proto.UnmarshalJSONEnum(LogLevel_value, data, "LogLevel")
if err != nil {
return err
*x = LogLevel(value)
return nil
func (LogLevel) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_82b7e3129c410694, []int{1}
type RLimit int32
const (
RLimit_VALUE RLimit = 0
RLimit_SOFT RLimit = 1
RLimit_HARD RLimit = 2
RLimit_INF RLimit = 3
var RLimit_name = map[int32]string{
0: "VALUE",
1: "SOFT",
2: "HARD",
3: "INF",
var RLimit_value = map[string]int32{
"VALUE": 0,
"SOFT": 1,
"HARD": 2,
"INF": 3,
func (x RLimit) Enum() *RLimit {
p := new(RLimit)
*p = x
return p
func (x RLimit) String() string {
return proto.EnumName(RLimit_name, int32(x))
func (x *RLimit) UnmarshalJSON(data []byte) error {
value, err := proto.UnmarshalJSONEnum(RLimit_value, data, "RLimit")
if err != nil {
return err
*x = RLimit(value)
return nil
func (RLimit) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_82b7e3129c410694, []int{2}
type IdMap struct {
// Empty string means "current uid/gid"
InsideId *string `protobuf:"bytes,1,opt,name=inside_id,json=insideId,def=" json:"inside_id,omitempty"`
OutsideId *string `protobuf:"bytes,2,opt,name=outside_id,json=outsideId,def=" json:"outside_id,omitempty"`
// See 'man user_namespaces' for the meaning of count
Count *uint32 `protobuf:"varint,3,opt,name=count,def=1" json:"count,omitempty"`
// Does this map use /usr/bin/new[u|g]idmap binary?
UseNewidmap *bool `protobuf:"varint,4,opt,name=use_newidmap,json=useNewidmap,def=0" json:"use_newidmap,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
func (m *IdMap) Reset() { *m = IdMap{} }
func (m *IdMap) String() string { return proto.CompactTextString(m) }
func (*IdMap) ProtoMessage() {}
func (*IdMap) Descriptor() ([]byte, []int) {
return fileDescriptor_82b7e3129c410694, []int{0}
func (m *IdMap) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_IdMap.Unmarshal(m, b)
func (m *IdMap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_IdMap.Marshal(b, m, deterministic)
func (m *IdMap) XXX_Merge(src proto.Message) {
xxx_messageInfo_IdMap.Merge(m, src)
func (m *IdMap) XXX_Size() int {
return xxx_messageInfo_IdMap.Size(m)
func (m *IdMap) XXX_DiscardUnknown() {
var xxx_messageInfo_IdMap proto.InternalMessageInfo
const Default_IdMap_Count uint32 = 1
const Default_IdMap_UseNewidmap bool = false
func (m *IdMap) GetInsideId() string {
if m != nil && m.InsideId != nil {
return *m.InsideId
return ""
func (m *IdMap) GetOutsideId() string {
if m != nil && m.OutsideId != nil {
return *m.OutsideId
return ""
func (m *IdMap) GetCount() uint32 {
if m != nil && m.Count != nil {
return *m.Count
return Default_IdMap_Count
func (m *IdMap) GetUseNewidmap() bool {
if m != nil && m.UseNewidmap != nil {
return *m.UseNewidmap
return Default_IdMap_UseNewidmap
type MountPt struct {
// Can be skipped for filesystems like 'proc'
Src *string `protobuf:"bytes,1,opt,name=src,def=" json:"src,omitempty"`
// Should 'src' path be prefixed with this envvar?
PrefixSrcEnv *string `protobuf:"bytes,2,opt,name=prefix_src_env,json=prefixSrcEnv,def=" json:"prefix_src_env,omitempty"`
// If specified, contains buffer that will be written to the dst file
SrcContent []byte `protobuf:"bytes,3,opt,name=src_content,json=srcContent,def=" json:"src_content,omitempty"`
// Mount point inside jail
Dst *string `protobuf:"bytes,4,req,name=dst,def=" json:"dst,omitempty"`
// Should 'dst' path be prefixed with this envvar?
PrefixDstEnv *string `protobuf:"bytes,5,opt,name=prefix_dst_env,json=prefixDstEnv,def=" json:"prefix_dst_env,omitempty"`
// Can be empty for mount --bind mounts
Fstype *string `protobuf:"bytes,6,opt,name=fstype,def=" json:"fstype,omitempty"`
// E.g. size=5000000 for 'tmpfs'
Options *string `protobuf:"bytes,7,opt,name=options,def=" json:"options,omitempty"`
// Is it a 'mount --bind src dst' type of mount?
IsBind *bool `protobuf:"varint,8,opt,name=is_bind,json=isBind,def=0" json:"is_bind,omitempty"`
// Is it a R/W mount?
Rw *bool `protobuf:"varint,9,opt,name=rw,def=0" json:"rw,omitempty"`
// Is it a directory? If not specified an internal
//heuristics will be used to determine that
IsDir *bool `protobuf:"varint,10,opt,name=is_dir,json=isDir" json:"is_dir,omitempty"`
// Should the sandboxing fail if we cannot mount this resource?
Mandatory *bool `protobuf:"varint,11,opt,name=mandatory,def=1" json:"mandatory,omitempty"`
// Is it a symlink (instead of real mount point)?
IsSymlink *bool `protobuf:"varint,12,opt,name=is_symlink,json=isSymlink,def=0" json:"is_symlink,omitempty"`
// Is it a nosuid mount
Nosuid *bool `protobuf:"varint,13,opt,name=nosuid,def=0" json:"nosuid,omitempty"`
// Is it a nodev mount
Nodev *bool `protobuf:"varint,14,opt,name=nodev,def=0" json:"nodev,omitempty"`
// Is it a noexec mount
Noexec *bool `protobuf:"varint,15,opt,name=noexec,def=0" json:"noexec,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
func (m *MountPt) Reset() { *m = MountPt{} }
func (m *MountPt) String() string { return proto.CompactTextString(m) }
func (*MountPt) ProtoMessage() {}
func (*MountPt) Descriptor() ([]byte, []int) {
return fileDescriptor_82b7e3129c410694, []int{1}
func (m *MountPt) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MountPt.Unmarshal(m, b)
func (m *MountPt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MountPt.Marshal(b, m, deterministic)
func (m *MountPt) XXX_Merge(src proto.Message) {
xxx_messageInfo_MountPt.Merge(m, src)
func (m *MountPt) XXX_Size() int {
return xxx_messageInfo_MountPt.Size(m)
func (m *MountPt) XXX_DiscardUnknown() {
var xxx_messageInfo_MountPt proto.InternalMessageInfo
const Default_MountPt_IsBind bool = false
const Default_MountPt_Rw bool = false
const Default_MountPt_Mandatory bool = true
const Default_MountPt_IsSymlink bool = false
const Default_MountPt_Nosuid bool = false
const Default_MountPt_Nodev bool = false
const Default_MountPt_Noexec bool = false
func (m *MountPt) GetSrc() string {
if m != nil && m.Src != nil {
return *m.Src
return ""
func (m *MountPt) GetPrefixSrcEnv() string {
if m != nil && m.PrefixSrcEnv != nil {
return *m.PrefixSrcEnv
return ""
func (m *MountPt) GetSrcContent() []byte {
if m != nil {
return m.SrcContent
return nil
func (m *MountPt) GetDst() string {
if m != nil && m.Dst != nil {
return *m.Dst
return ""
func (m *MountPt) GetPrefixDstEnv() string {
if m != nil && m.PrefixDstEnv != nil {
return *m.PrefixDstEnv
return ""
func (m *MountPt) GetFstype() string {
if m != nil && m.Fstype != nil {
return *m.Fstype
return ""
func (m *MountPt) GetOptions() string {
if m != nil && m.Options != nil {
return *m.Options
return ""
func (m *MountPt) GetIsBind() bool {
if m != nil && m.IsBind != nil {
return *m.IsBind
return Default_MountPt_IsBind
func (m *MountPt) GetRw() bool {
if m != nil && m.Rw != nil {
return *m.Rw
return Default_MountPt_Rw
func (m *MountPt) GetIsDir() bool {
if m != nil && m.IsDir != nil {
return *m.IsDir
return false
func (m *MountPt) GetMandatory() bool {
if m != nil && m.Mandatory != nil {
return *m.Mandatory
return Default_MountPt_Mandatory
func (m *MountPt) GetIsSymlink() bool {
if m != nil && m.IsSymlink != nil {
return *m.IsSymlink
return Default_MountPt_IsSymlink
func (m *MountPt) GetNosuid() bool {
if m != nil && m.Nosuid != nil {
return *m.Nosuid
return Default_MountPt_Nosuid
func (m *MountPt) GetNodev() bool {
if m != nil && m.Nodev != nil {
return *m.Nodev
return Default_MountPt_Nodev
func (m *MountPt) GetNoexec() bool {
if m != nil && m.Noexec != nil {
return *m.Noexec
return Default_MountPt_Noexec
type Exe struct {
// Will be used both as execv's path and as argv[0]
Path *string `protobuf:"bytes,1,req,name=path" json:"path,omitempty"`
// This will be argv[1] and so on..
Arg []string `protobuf:"bytes,2,rep,name=arg" json:"arg,omitempty"`
// Override argv[0]
Arg0 *string `protobuf:"bytes,3,opt,name=arg0" json:"arg0,omitempty"`
// Should execveat() be used to execute a file-descriptor instead?
ExecFd *bool `protobuf:"varint,4,opt,name=exec_fd,json=execFd,def=0" json:"exec_fd,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
func (m *Exe) Reset() { *m = Exe{} }
func (m *Exe) String() string { return proto.CompactTextString(m) }
func (*Exe) ProtoMessage() {}
func (*Exe) Descriptor() ([]byte, []int) {
return fileDescriptor_82b7e3129c410694, []int{2}
func (m *Exe) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Exe.Unmarshal(m, b)
func (m *Exe) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_Exe.Marshal(b, m, deterministic)
func (m *Exe) XXX_Merge(src proto.Message) {
xxx_messageInfo_Exe.Merge(m, src)
func (m *Exe) XXX_Size() int {
return xxx_messageInfo_Exe.Size(m)
func (m *Exe) XXX_DiscardUnknown() {
var xxx_messageInfo_Exe proto.InternalMessageInfo
const Default_Exe_ExecFd bool = false
func (m *Exe) GetPath() string {
if m != nil && m.Path != nil {
return *m.Path
return ""
func (m *Exe) GetArg() []string {
if m != nil {
return m.Arg
return nil
func (m *Exe) GetArg0() string {
if m != nil && m.Arg0 != nil {
return *m.Arg0
return ""
func (m *Exe) GetExecFd() bool {
if m != nil && m.ExecFd != nil {
return *m.ExecFd
return Default_Exe_ExecFd
type NsJailConfig struct {
// Optional name and description for this config
Name *string `protobuf:"bytes,1,opt,name=name,def=" json:"name,omitempty"`
Description []string `protobuf:"bytes,2,rep,name=description" json:"description,omitempty"`
// Execution mode: see 'msg Mode' description for more
Mode *Mode `protobuf:"varint,3,opt,name=mode,enum=nsjail.Mode,def=1" json:"mode,omitempty"`
// Equivalent to a bind mount with dst='/'. DEPRECATED: Use bind mounts.
ChrootDir *string `protobuf:"bytes,4,opt,name=chroot_dir,json=chrootDir" json:"chroot_dir,omitempty"` // Deprecated: Do not use.
// Applies both to the chroot_dir and to /proc mounts. DEPRECATED: Use bind mounts
IsRootRw *bool `protobuf:"varint,5,opt,name=is_root_rw,json=isRootRw,def=0" json:"is_root_rw,omitempty"` // Deprecated: Do not use.
// Hostname inside jail
Hostname *string `protobuf:"bytes,8,opt,name=hostname,def=NSJAIL" json:"hostname,omitempty"`
// Initial current working directory for the binary
Cwd *string `protobuf:"bytes,9,opt,name=cwd,def=/" json:"cwd,omitempty"`
// TCP port to listen to. Valid with mode=LISTEN only
Port *uint32 `protobuf:"varint,10,opt,name=port,def=0" json:"port,omitempty"`
// Host to bind to for mode=LISTEN. Must be in IPv6 format
Bindhost *string `protobuf:"bytes,11,opt,name=bindhost,def=::" json:"bindhost,omitempty"`
// For mode=LISTEN, maximum number of connections from a single IP
MaxConnsPerIp *uint32 `protobuf:"varint,12,opt,name=max_conns_per_ip,json=maxConnsPerIp,def=0" json:"max_conns_per_ip,omitempty"`
// Wall-time time limit for commands
TimeLimit *uint32 `protobuf:"varint,13,opt,name=time_limit,json=timeLimit,def=600" json:"time_limit,omitempty"`
// Should nsjail go into background?
Daemon *bool `protobuf:"varint,14,opt,name=daemon,def=0" json:"daemon,omitempty"`
// Maximum number of CPUs to use: 0 - no limit
MaxCpus *uint32 `protobuf:"varint,15,opt,name=max_cpus,json=maxCpus,def=0" json:"max_cpus,omitempty"`
// FD to log to.
LogFd *int32 `protobuf:"varint,16,opt,name=log_fd,json=logFd" json:"log_fd,omitempty"`
// File to save lofs to
LogFile *string `protobuf:"bytes,17,opt,name=log_file,json=logFile" json:"log_file,omitempty"`
// Minimum log level displayed.
//See 'msg LogLevel' description for more
LogLevel *LogLevel `protobuf:"varint,18,opt,name=log_level,json=logLevel,enum=nsjail.LogLevel" json:"log_level,omitempty"`
// Should the current environment variables be kept
//when executing the binary
KeepEnv *bool `protobuf:"varint,19,opt,name=keep_env,json=keepEnv,def=0" json:"keep_env,omitempty"`
// EnvVars to be set before executing binaries. If the envvar doesn't contain '='
//(e.g. just the 'DISPLAY' string), the current envvar value will be used
Envar []string `protobuf:"bytes,20,rep,name=envar" json:"envar,omitempty"`
// Should capabilities be preserved or dropped
KeepCaps *bool `protobuf:"varint,21,opt,name=keep_caps,json=keepCaps,def=0" json:"keep_caps,omitempty"`
// Which capabilities should be preserved if keep_caps == false.
//Format: "CAP_SYS_PTRACE"
Cap []string `protobuf:"bytes,22,rep,name=cap" json:"cap,omitempty"`
// Should nsjail close FD=0,1,2 before executing the process
Silent *bool `protobuf:"varint,23,opt,name=silent,def=0" json:"silent,omitempty"`
// Should the child process have control over terminal?
//Can be useful to allow /bin/sh to provide
//job control / signals. Dangerous, can be used to put
//characters into the controlling terminal back
SkipSetsid *bool `protobuf:"varint,24,opt,name=skip_setsid,json=skipSetsid,def=0" json:"skip_setsid,omitempty"`
// Redirect sdterr of the process to /dev/null instead of the socket or original TTY
StderrToNull *bool `protobuf:"varint,25,opt,name=stderr_to_null,json=stderrToNull,def=0" json:"stderr_to_null,omitempty"`
// Which FDs should be passed to the newly executed process
//By default only FD=0,1,2 are passed
PassFd []int32 `protobuf:"varint,26,rep,name=pass_fd,json=passFd" json:"pass_fd,omitempty"`
// Setting it to true will allow to have set-uid binaries
//inside the jail
DisableNoNewPrivs *bool `protobuf:"varint,27,opt,name=disable_no_new_privs,json=disableNoNewPrivs,def=0" json:"disable_no_new_privs,omitempty"`
// Various rlimits, the rlimit_as/rlimit_core/... are used only if
//rlimit_as_type/rlimit_core_type/... are set to RLimit::VALUE
RlimitAs *uint64 `protobuf:"varint,28,opt,name=rlimit_as,json=rlimitAs,def=512" json:"rlimit_as,omitempty"`
RlimitAsType *RLimit `protobuf:"varint,29,opt,name=rlimit_as_type,json=rlimitAsType,enum=nsjail.RLimit,def=0" json:"rlimit_as_type,omitempty"`
RlimitCore *uint64 `protobuf:"varint,30,opt,name=rlimit_core,json=rlimitCore,def=0" json:"rlimit_core,omitempty"`
RlimitCoreType *RLimit `protobuf:"varint,31,opt,name=rlimit_core_type,json=rlimitCoreType,enum=nsjail.RLimit,def=0" json:"rlimit_core_type,omitempty"`
RlimitCpu *uint64 `protobuf:"varint,32,opt,name=rlimit_cpu,json=rlimitCpu,def=600" json:"rlimit_cpu,omitempty"`
RlimitCpuType *RLimit `protobuf:"varint,33,opt,name=rlimit_cpu_type,json=rlimitCpuType,enum=nsjail.RLimit,def=0" json:"rlimit_cpu_type,omitempty"`
RlimitFsize *uint64 `protobuf:"varint,34,opt,name=rlimit_fsize,json=rlimitFsize,def=1" json:"rlimit_fsize,omitempty"`
RlimitFsizeType *RLimit `protobuf:"varint,35,opt,name=rlimit_fsize_type,json=rlimitFsizeType,enum=nsjail.RLimit,def=0" json:"rlimit_fsize_type,omitempty"`
RlimitNofile *uint64 `protobuf:"varint,36,opt,name=rlimit_nofile,json=rlimitNofile,def=32" json:"rlimit_nofile,omitempty"`
RlimitNofileType *RLimit `protobuf:"varint,37,opt,name=rlimit_nofile_type,json=rlimitNofileType,enum=nsjail.RLimit,def=0" json:"rlimit_nofile_type,omitempty"`
// RLIMIT_NPROC is system-wide - tricky to use; use the soft limit value by
// default here
RlimitNproc *uint64 `protobuf:"varint,38,opt,name=rlimit_nproc,json=rlimitNproc,def=1024" json:"rlimit_nproc,omitempty"`
RlimitNprocType *RLimit `protobuf:"varint,39,opt,name=rlimit_nproc_type,json=rlimitNprocType,enum=nsjail.RLimit,def=1" json:"rlimit_nproc_type,omitempty"`
// In MiB, use the soft limit value by default
RlimitStack *uint64 `protobuf:"varint,40,opt,name=rlimit_stack,json=rlimitStack,def=1048576" json:"rlimit_stack,omitempty"`
RlimitStackType *RLimit `protobuf:"varint,41,opt,name=rlimit_stack_type,json=rlimitStackType,enum=nsjail.RLimit,def=1" json:"rlimit_stack_type,omitempty"`
// See 'man personality' for more
PersonaAddrCompatLayout *bool `protobuf:"varint,42,opt,name=persona_addr_compat_layout,json=personaAddrCompatLayout,def=0" json:"persona_addr_compat_layout,omitempty"`
PersonaMmapPageZero *bool `protobuf:"varint,43,opt,name=persona_mmap_page_zero,json=personaMmapPageZero,def=0" json:"persona_mmap_page_zero,omitempty"`
PersonaReadImpliesExec *bool `protobuf:"varint,44,opt,name=persona_read_implies_exec,json=personaReadImpliesExec,def=0" json:"persona_read_implies_exec,omitempty"`
PersonaAddrLimit_3Gb *bool `protobuf:"varint,45,opt,name=persona_addr_limit_3gb,json=personaAddrLimit3gb,def=0" json:"persona_addr_limit_3gb,omitempty"`
PersonaAddrNoRandomize *bool `protobuf:"varint,46,opt,name=persona_addr_no_randomize,json=personaAddrNoRandomize,def=0" json:"persona_addr_no_randomize,omitempty"`
// Which name-spaces should be used?
CloneNewnet *bool `protobuf:"varint,47,opt,name=clone_newnet,json=cloneNewnet,def=1" json:"clone_newnet,omitempty"`
CloneNewuser *bool `protobuf:"varint,48,opt,name=clone_newuser,json=cloneNewuser,def=1" json:"clone_newuser,omitempty"`
CloneNewns *bool `protobuf:"varint,49,opt,name=clone_newns,json=cloneNewns,def=1" json:"clone_newns,omitempty"`
CloneNewpid *bool `protobuf:"varint,50,opt,name=clone_newpid,json=cloneNewpid,def=1" json:"clone_newpid,omitempty"`
CloneNewipc *bool `protobuf:"varint,51,opt,name=clone_newipc,json=cloneNewipc,def=1" json:"clone_newipc,omitempty"`
CloneNewuts *bool `protobuf:"varint,52,opt,name=clone_newuts,json=cloneNewuts,def=1" json:"clone_newuts,omitempty"`
// Disable for kernel versions < 4.6 as it's not supported there
CloneNewcgroup *bool `protobuf:"varint,53,opt,name=clone_newcgroup,json=cloneNewcgroup,def=1" json:"clone_newcgroup,omitempty"`
// Mappings for UIDs and GIDs. See the description for 'msg IdMap'
//for more
Uidmap []*IdMap `protobuf:"bytes,54,rep,name=uidmap" json:"uidmap,omitempty"`
Gidmap []*IdMap `protobuf:"bytes,55,rep,name=gidmap" json:"gidmap,omitempty"`
// Should /proc be mounted (R/O)? This can also be added in the 'mount'
//section below
MountProc *bool `protobuf:"varint,56,opt,name=mount_proc,json=mountProc,def=0" json:"mount_proc,omitempty"`
// Mount points inside the jail. See the description for 'msg MountPt'
//for more
Mount []*MountPt `protobuf:"bytes,57,rep,name=mount" json:"mount,omitempty"`
// Kafel seccomp-bpf policy file or a string:
//Homepage of the project:
SeccompPolicyFile *string `protobuf:"bytes,58,opt,name=seccomp_policy_file,json=seccompPolicyFile" json:"seccomp_policy_file,omitempty"`
SeccompString []string `protobuf:"bytes,59,rep,name=seccomp_string,json=seccompString" json:"seccomp_string,omitempty"`
// Setting it to true makes audit write seccomp logs to dmesg
SeccompLog *bool `protobuf:"varint,60,opt,name=seccomp_log,json=seccompLog,def=0" json:"seccomp_log,omitempty"`
// If > 0, maximum cumulative size of RAM used inside any jail
CgroupMemMax *uint64 `protobuf:"varint,61,opt,name=cgroup_mem_max,json=cgroupMemMax,def=0" json:"cgroup_mem_max,omitempty"`
// Mount point for cgroups-memory in your system
CgroupMemMount *string `protobuf:"bytes,62,opt,name=cgroup_mem_mount,json=cgroupMemMount,def=/sys/fs/cgroup/memory" json:"cgroup_mem_mount,omitempty"`
// Writeable directory (for the nsjail user) under cgroup_mem_mount
CgroupMemParent *string `protobuf:"bytes,63,opt,name=cgroup_mem_parent,json=cgroupMemParent,def=NSJAIL" json:"cgroup_mem_parent,omitempty"`
// If > 0, maximum number of PIDs (threads/processes) inside jail
CgroupPidsMax *uint64 `protobuf:"varint,64,opt,name=cgroup_pids_max,json=cgroupPidsMax,def=0" json:"cgroup_pids_max,omitempty"`
// Mount point for cgroups-pids in your system
CgroupPidsMount *string `protobuf:"bytes,65,opt,name=cgroup_pids_mount,json=cgroupPidsMount,def=/sys/fs/cgroup/pids" json:"cgroup_pids_mount,omitempty"`
// Writeable directory (for the nsjail user) under cgroup_pids_mount
CgroupPidsParent *string `protobuf:"bytes,66,opt,name=cgroup_pids_parent,json=cgroupPidsParent,def=NSJAIL" json:"cgroup_pids_parent,omitempty"`
// If > 0, Class identifier of network packets inside jail
CgroupNetClsClassid *uint32 `protobuf:"varint,67,opt,name=cgroup_net_cls_classid,json=cgroupNetClsClassid,def=0" json:"cgroup_net_cls_classid,omitempty"`
// Mount point for cgroups-net-cls in your system
CgroupNetClsMount *string `protobuf:"bytes,68,opt,name=cgroup_net_cls_mount,json=cgroupNetClsMount,def=/sys/fs/cgroup/net_cls" json:"cgroup_net_cls_mount,omitempty"`
// Writeable directory (for the nsjail user) under cgroup_net_mount
CgroupNetClsParent *string `protobuf:"bytes,69,opt,name=cgroup_net_cls_parent,json=cgroupNetClsParent,def=NSJAIL" json:"cgroup_net_cls_parent,omitempty"`
// If > 0 number of milliseconds of CPU that jail processes can use per each second
CgroupCpuMsPerSec *uint32 `protobuf:"varint,70,opt,name=cgroup_cpu_ms_per_sec,json=cgroupCpuMsPerSec,def=0" json:"cgroup_cpu_ms_per_sec,omitempty"`
// Mount point for cgroups-cpu in your system
CgroupCpuMount *string `protobuf:"bytes,71,opt,name=cgroup_cpu_mount,json=cgroupCpuMount,def=/sys/fs/cgroup/cpu" json:"cgroup_cpu_mount,omitempty"`
// Writeable directory (for the nsjail user) under cgroup_cpu_mount
CgroupCpuParent *string `protobuf:"bytes,72,opt,name=cgroup_cpu_parent,json=cgroupCpuParent,def=NSJAIL" json:"cgroup_cpu_parent,omitempty"`
// Should the 'lo' interface be brought up (active) inside this jail?
IfaceNoLo *bool `protobuf:"varint,73,opt,name=iface_no_lo,json=ifaceNoLo,def=0" json:"iface_no_lo,omitempty"`
// Put this interface inside the jail
IfaceOwn []string `protobuf:"bytes,74,rep,name=iface_own,json=ifaceOwn" json:"iface_own,omitempty"`
// Parameters for the cloned MACVLAN interface inside jail
MacvlanIface *string `protobuf:"bytes,75,opt,name=macvlan_iface,json=macvlanIface" json:"macvlan_iface,omitempty"`
MacvlanVsIp *string `protobuf:"bytes,76,opt,name=macvlan_vs_ip,json=macvlanVsIp,def=" json:"macvlan_vs_ip,omitempty"`
MacvlanVsNm *string `protobuf:"bytes,77,opt,name=macvlan_vs_nm,json=macvlanVsNm,def=" json:"macvlan_vs_nm,omitempty"`
MacvlanVsGw *string `protobuf:"bytes,78,opt,name=macvlan_vs_gw,json=macvlanVsGw,def=" json:"macvlan_vs_gw,omitempty"`
MacvlanVsMa *string `protobuf:"bytes,79,opt,name=macvlan_vs_ma,json=macvlanVsMa,def=" json:"macvlan_vs_ma,omitempty"`
// Binary path (with arguments) to be executed. If not specified here, it
//can be specified with cmd-line as "-- /path/to/command arg1 arg2"
ExecBin *Exe `protobuf:"bytes,80,opt,name=exec_bin,json=execBin" json:"exec_bin,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
func (m *NsJailConfig) Reset() { *m = NsJailConfig{} }
func (m *NsJailConfig) String() string { return proto.CompactTextString(m) }
func (*NsJailConfig) ProtoMessage() {}
func (*NsJailConfig) Descriptor() ([]byte, []int) {
return fileDescriptor_82b7e3129c410694, []int{3}
func (m *NsJailConfig) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_NsJailConfig.Unmarshal(m, b)
func (m *NsJailConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_NsJailConfig.Marshal(b, m, deterministic)
func (m *NsJailConfig) XXX_Merge(src proto.Message) {
xxx_messageInfo_NsJailConfig.Merge(m, src)
func (m *NsJailConfig) XXX_Size() int {
return xxx_messageInfo_NsJailConfig.Size(m)
func (m *NsJailConfig) XXX_DiscardUnknown() {
var xxx_messageInfo_NsJailConfig proto.InternalMessageInfo
const Default_NsJailConfig_Mode Mode = Mode_ONCE
const Default_NsJailConfig_IsRootRw bool = false
const Default_NsJailConfig_Hostname string = "NSJAIL"
const Default_NsJailConfig_Cwd string = "/"
const Default_NsJailConfig_Port uint32 = 0
const Default_NsJailConfig_Bindhost string = "::"
const Default_NsJailConfig_MaxConnsPerIp uint32 = 0
const Default_NsJailConfig_TimeLimit uint32 = 600
const Default_NsJailConfig_Daemon bool = false
const Default_NsJailConfig_MaxCpus uint32 = 0
const Default_NsJailConfig_KeepEnv bool = false
const Default_NsJailConfig_KeepCaps bool = false
const Default_NsJailConfig_Silent bool = false
const Default_NsJailConfig_SkipSetsid bool = false
const Default_NsJailConfig_StderrToNull bool = false
const Default_NsJailConfig_DisableNoNewPrivs bool = false
const Default_NsJailConfig_RlimitAs uint64 = 512
const Default_NsJailConfig_RlimitAsType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitCore uint64 = 0
const Default_NsJailConfig_RlimitCoreType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitCpu uint64 = 600
const Default_NsJailConfig_RlimitCpuType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitFsize uint64 = 1
const Default_NsJailConfig_RlimitFsizeType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitNofile uint64 = 32
const Default_NsJailConfig_RlimitNofileType RLimit = RLimit_VALUE
const Default_NsJailConfig_RlimitNproc uint64 = 1024
const Default_NsJailConfig_RlimitNprocType RLimit = RLimit_SOFT
const Default_NsJailConfig_RlimitStack uint64 = 1048576
const Default_NsJailConfig_RlimitStackType RLimit = RLimit_SOFT
const Default_NsJailConfig_PersonaAddrCompatLayout bool = false
const Default_NsJailConfig_PersonaMmapPageZero bool = false
const Default_NsJailConfig_PersonaReadImpliesExec bool = false
const Default_NsJailConfig_PersonaAddrLimit_3Gb bool = false
const Default_NsJailConfig_PersonaAddrNoRandomize bool = false
const Default_NsJailConfig_CloneNewnet bool = true
const Default_NsJailConfig_CloneNewuser bool = true
const Default_NsJailConfig_CloneNewns bool = true
const Default_NsJailConfig_CloneNewpid bool = true
const Default_NsJailConfig_CloneNewipc bool = true
const Default_NsJailConfig_CloneNewuts bool = true
const Default_NsJailConfig_CloneNewcgroup bool = true
const Default_NsJailConfig_MountProc bool = false
const Default_NsJailConfig_SeccompLog bool = false
const Default_NsJailConfig_CgroupMemMax uint64 = 0
const Default_NsJailConfig_CgroupMemMount string = "/sys/fs/cgroup/memory"
const Default_NsJailConfig_CgroupMemParent string = "NSJAIL"
const Default_NsJailConfig_CgroupPidsMax uint64 = 0
const Default_NsJailConfig_CgroupPidsMount string = "/sys/fs/cgroup/pids"
const Default_NsJailConfig_CgroupPidsParent string = "NSJAIL"
const Default_NsJailConfig_CgroupNetClsClassid uint32 = 0
const Default_NsJailConfig_CgroupNetClsMount string = "/sys/fs/cgroup/net_cls"
const Default_NsJailConfig_CgroupNetClsParent string = "NSJAIL"
const Default_NsJailConfig_CgroupCpuMsPerSec uint32 = 0
const Default_NsJailConfig_CgroupCpuMount string = "/sys/fs/cgroup/cpu"
const Default_NsJailConfig_CgroupCpuParent string = "NSJAIL"
const Default_NsJailConfig_IfaceNoLo bool = false
const Default_NsJailConfig_MacvlanVsIp string = ""
const Default_NsJailConfig_MacvlanVsNm string = ""
const Default_NsJailConfig_MacvlanVsGw string = ""
func (m *NsJailConfig) GetName() string {
if m != nil && m.Name != nil {
return *m.Name
return ""
func (m *NsJailConfig) GetDescription() []string {
if m != nil {
return m.Description
return nil
func (m *NsJailConfig) GetMode() Mode {
if m != nil && m.Mode != nil {
return *m.Mode
return Default_NsJailConfig_Mode
// Deprecated: Do not use.
func (m *NsJailConfig) GetChrootDir() string {
if m != nil && m.ChrootDir != nil {
return *m.ChrootDir
return ""
// Deprecated: Do not use.
func (m *NsJailConfig) GetIsRootRw() bool {
if m != nil && m.IsRootRw != nil {
return *m.IsRootRw
return Default_NsJailConfig_IsRootRw
func (m *NsJailConfig) GetHostname() string {
if m != nil && m.Hostname != nil {
return *m.Hostname
return Default_NsJailConfig_Hostname
func (m *NsJailConfig) GetCwd() string {
if m != nil && m.Cwd != nil {
return *m.Cwd
return Default_NsJailConfig_Cwd
func (m *NsJailConfig) GetPort() uint32 {
if m != nil && m.Port != nil {
return *m.Port
return Default_NsJailConfig_Port
func (m *NsJailConfig) GetBindhost() string {
if m != nil && m.Bindhost != nil {
return *m.Bindhost
return Default_NsJailConfig_Bindhost
func (m *NsJailConfig) GetMaxConnsPerIp() uint32 {
if m != nil && m.MaxConnsPerIp != nil {
return *m.MaxConnsPerIp
return Default_NsJailConfig_MaxConnsPerIp
func (m *NsJailConfig) GetTimeLimit() uint32 {
if m != nil && m.TimeLimit != nil {
return *m.TimeLimit
return Default_NsJailConfig_TimeLimit
func (m *NsJailConfig) GetDaemon() bool {
if m != nil && m.Daemon != nil {
return *m.Daemon
return Default_NsJailConfig_Daemon
func (m *NsJailConfig) GetMaxCpus() uint32 {
if m != nil && m.MaxCpus != nil {
return *m.MaxCpus
return Default_NsJailConfig_MaxCpus
func (m *NsJailConfig) GetLogFd() int32 {
if m != nil && m.LogFd != nil {
return *m.LogFd
return 0
func (m *NsJailConfig) GetLogFile() string {
if m != nil && m.LogFile != nil {
return *m.LogFile
return ""
func (m *NsJailConfig) GetLogLevel() LogLevel {
if m != nil && m.LogLevel != nil {
return *m.LogLevel
return LogLevel_DEBUG
func (m *NsJailConfig) GetKeepEnv() bool {
if m != nil && m.KeepEnv != nil {
return *m.KeepEnv
return Default_NsJailConfig_KeepEnv
func (m *NsJailConfig) GetEnvar() []string {
if m != nil {
return m.Envar
return nil
func (m *NsJailConfig) GetKeepCaps() bool {
if m != nil && m.KeepCaps != nil {
return *m.KeepCaps
return Default_NsJailConfig_KeepCaps
func (m *NsJailConfig) GetCap() []string {
if m != nil {
return m.Cap
return nil
func (m *NsJailConfig) GetSilent() bool {
if m != nil && m.Silent != nil {
return *m.Silent
return Default_NsJailConfig_Silent
func (m *NsJailConfig) GetSkipSetsid() bool {
if m != nil && m.SkipSetsid != nil {
return *m.SkipSetsid
return Default_NsJailConfig_SkipSetsid
func (m *NsJailConfig) GetStderrToNull() bool {
if m != nil && m.StderrToNull != nil {
return *m.StderrToNull
return Default_NsJailConfig_StderrToNull
func (m *NsJailConfig) GetPassFd() []int32 {
if m != nil {
return m.PassFd
return nil
func (m *NsJailConfig) GetDisableNoNewPrivs() bool {
if m != nil && m.DisableNoNewPrivs != nil {
return *m.DisableNoNewPrivs
return Default_NsJailConfig_DisableNoNewPrivs
func (m *NsJailConfig) GetRlimitAs() uint64 {
if m != nil && m.RlimitAs != nil {
return *m.RlimitAs
return Default_NsJailConfig_RlimitAs
func (m *NsJailConfig) GetRlimitAsType() RLimit {
if m != nil && m.RlimitAsType != nil {
return *m.RlimitAsType
return Default_NsJailConfig_RlimitAsType
func (m *NsJailConfig) GetRlimitCore() uint64 {
if m != nil && m.RlimitCore != nil {
return *m.RlimitCore
return Default_NsJailConfig_RlimitCore
func (m *NsJailConfig) GetRlimitCoreType() RLimit {
if m != nil && m.RlimitCoreType != nil {
return *m.RlimitCoreType
return Default_NsJailConfig_RlimitCoreType
func (m *NsJailConfig) GetRlimitCpu() uint64 {
if m != nil && m.RlimitCpu != nil {
return *m.RlimitCpu
return Default_NsJailConfig_RlimitCpu
func (m *NsJailConfig) GetRlimitCpuType() RLimit {
if m != nil && m.RlimitCpuType != nil {
return *m.RlimitCpuType
return Default_NsJailConfig_RlimitCpuType
func (m *NsJailConfig) GetRlimitFsize() uint64 {
if m != nil && m.RlimitFsize != nil {
return *m.RlimitFsize
return Default_NsJailConfig_RlimitFsize
func (m *NsJailConfig) GetRlimitFsizeType() RLimit {
if m != nil && m.RlimitFsizeType != nil {
return *m.RlimitFsizeType
return Default_NsJailConfig_RlimitFsizeType
func (m *NsJailConfig) GetRlimitNofile() uint64 {
if m != nil && m.RlimitNofile != nil {
return *m.RlimitNofile
return Default_NsJailConfig_RlimitNofile
func (m *NsJailConfig) GetRlimitNofileType() RLimit {
if m != nil && m.RlimitNofileType != nil {
return *m.RlimitNofileType
return Default_NsJailConfig_RlimitNofileType
func (m *NsJailConfig) GetRlimitNproc() uint64 {
if m != nil && m.RlimitNproc != nil {
return *m.RlimitNproc
return Default_NsJailConfig_RlimitNproc
func (m *NsJailConfig) GetRlimitNprocType() RLimit {
if m != nil && m.RlimitNprocType != nil {
return *m.RlimitNprocType
return Default_NsJailConfig_RlimitNprocType
func (m *NsJailConfig) GetRlimitStack() uint64 {
if m != nil && m.RlimitStack != nil {
return *m.RlimitStack
return Default_NsJailConfig_RlimitStack
func (m *NsJailConfig) GetRlimitStackType() RLimit {
if m != nil && m.RlimitStackType != nil {
return *m.RlimitStackType
return Default_NsJailConfig_RlimitStackType
func (m *NsJailConfig) GetPersonaAddrCompatLayout() bool {
if m != nil && m.PersonaAddrCompatLayout != nil {
return *m.PersonaAddrCompatLayout
return Default_NsJailConfig_PersonaAddrCompatLayout
func (m *NsJailConfig) GetPersonaMmapPageZero() bool {
if m != nil && m.PersonaMmapPageZero != nil {
return *m.PersonaMmapPageZero
return Default_NsJailConfig_PersonaMmapPageZero
func (m *NsJailConfig) GetPersonaReadImpliesExec() bool {
if m != nil && m.PersonaReadImpliesExec != nil {
return *m.PersonaReadImpliesExec
return Default_NsJailConfig_PersonaReadImpliesExec
func (m *NsJailConfig) GetPersonaAddrLimit_3Gb() bool {
if m != nil && m.PersonaAddrLimit_3Gb != nil {
return *m.PersonaAddrLimit_3Gb
return Default_NsJailConfig_PersonaAddrLimit_3Gb
func (m *NsJailConfig) GetPersonaAddrNoRandomize() bool {
if m != nil && m.PersonaAddrNoRandomize != nil {
return *m.PersonaAddrNoRandomize
return Default_NsJailConfig_PersonaAddrNoRandomize
func (m *NsJailConfig) GetCloneNewnet() bool {
if m != nil && m.CloneNewnet != nil {
return *m.CloneNewnet
return Default_NsJailConfig_CloneNewnet
func (m *NsJailConfig) GetCloneNewuser() bool {
if m != nil && m.CloneNewuser != nil {
return *m.CloneNewuser
return Default_NsJailConfig_CloneNewuser
func (m *NsJailConfig) GetCloneNewns() bool {
if m != nil && m.CloneNewns != nil {
return *m.CloneNewns
return Default_NsJailConfig_CloneNewns
func (m *NsJailConfig) GetCloneNewpid() bool {
if m != nil && m.CloneNewpid != nil {
return *m.CloneNewpid
return Default_NsJailConfig_CloneNewpid
func (m *NsJailConfig) GetCloneNewipc() bool {
if m != nil && m.CloneNewipc != nil {
return *m.CloneNewipc
return Default_NsJailConfig_CloneNewipc
func (m *NsJailConfig) GetCloneNewuts() bool {
if m != nil && m.CloneNewuts != nil {
return *m.CloneNewuts
return Default_NsJailConfig_CloneNewuts
func (m *NsJailConfig) GetCloneNewcgroup() bool {
if m != nil && m.CloneNewcgroup != nil {
return *m.CloneNewcgroup
return Default_NsJailConfig_CloneNewcgroup
func (m *NsJailConfig) GetUidmap() []*IdMap {
if m != nil {
return m.Uidmap
return nil
func (m *NsJailConfig) GetGidmap() []*IdMap {
if m != nil {
return m.Gidmap
return nil
func (m *NsJailConfig) GetMountProc() bool {
if m != nil && m.MountProc != nil {
return *m.MountProc
return Default_NsJailConfig_MountProc
func (m *NsJailConfig) GetMount() []*MountPt {
if m != nil {
return m.Mount
return nil
func (m *NsJailConfig) GetSeccompPolicyFile() string {
if m != nil && m.SeccompPolicyFile != nil {
return *m.SeccompPolicyFile
return ""
func (m *NsJailConfig) GetSeccompString() []string {
if m != nil {
return m.SeccompString
return nil
func (m *NsJailConfig) GetSeccompLog() bool {
if m != nil && m.SeccompLog != nil {
return *m.SeccompLog
return Default_NsJailConfig_SeccompLog
func (m *NsJailConfig) GetCgroupMemMax() uint64 {
if m != nil && m.CgroupMemMax != nil {
return *m.CgroupMemMax
return Default_NsJailConfig_CgroupMemMax
func (m *NsJailConfig) GetCgroupMemMount() string {
if m != nil && m.CgroupMemMount != nil {
return *m.CgroupMemMount
return Default_NsJailConfig_CgroupMemMount
func (m *NsJailConfig) GetCgroupMemParent() string {
if m != nil && m.CgroupMemParent != nil {
return *m.CgroupMemParent
return Default_NsJailConfig_CgroupMemParent
func (m *NsJailConfig) GetCgroupPidsMax() uint64 {
if m != nil && m.CgroupPidsMax != nil {
return *m.CgroupPidsMax
return Default_NsJailConfig_CgroupPidsMax
func (m *NsJailConfig) GetCgroupPidsMount() string {
if m != nil && m.CgroupPidsMount != nil {
return *m.CgroupPidsMount
return Default_NsJailConfig_CgroupPidsMount
func (m *NsJailConfig) GetCgroupPidsParent() string {
if m != nil && m.CgroupPidsParent != nil {
return *m.CgroupPidsParent
return Default_NsJailConfig_CgroupPidsParent
func (m *NsJailConfig) GetCgroupNetClsClassid() uint32 {
if m != nil && m.CgroupNetClsClassid != nil {
return *m.CgroupNetClsClassid
return Default_NsJailConfig_CgroupNetClsClassid
func (m *NsJailConfig) GetCgroupNetClsMount() string {
if m != nil && m.CgroupNetClsMount != nil {
return *m.CgroupNetClsMount
return Default_NsJailConfig_CgroupNetClsMount
func (m *NsJailConfig) GetCgroupNetClsParent() string {
if m != nil && m.CgroupNetClsParent != nil {
return *m.CgroupNetClsParent
return Default_NsJailConfig_CgroupNetClsParent
func (m *NsJailConfig) GetCgroupCpuMsPerSec() uint32 {
if m != nil && m.CgroupCpuMsPerSec != nil {
return *m.CgroupCpuMsPerSec
return Default_NsJailConfig_CgroupCpuMsPerSec
func (m *NsJailConfig) GetCgroupCpuMount() string {
if m != nil && m.CgroupCpuMount != nil {
return *m.CgroupCpuMount
return Default_NsJailConfig_CgroupCpuMount
func (m *NsJailConfig) GetCgroupCpuParent() string {
if m != nil && m.CgroupCpuParent != nil {
return *m.CgroupCpuParent
return Default_NsJailConfig_CgroupCpuParent
func (m *NsJailConfig) GetIfaceNoLo() bool {
if m != nil && m.IfaceNoLo != nil {
return *m.IfaceNoLo
return Default_NsJailConfig_IfaceNoLo
func (m *NsJailConfig) GetIfaceOwn() []string {
if m != nil {
return m.IfaceOwn
return nil
func (m *NsJailConfig) GetMacvlanIface() string {
if m != nil && m.MacvlanIface != nil {
return *m.MacvlanIface
return ""
func (m *NsJailConfig) GetMacvlanVsIp() string {
if m != nil && m.MacvlanVsIp != nil {
return *m.MacvlanVsIp
return Default_NsJailConfig_MacvlanVsIp
func (m *NsJailConfig) GetMacvlanVsNm() string {
if m != nil && m.MacvlanVsNm != nil {
return *m.MacvlanVsNm
return Default_NsJailConfig_MacvlanVsNm
func (m *NsJailConfig) GetMacvlanVsGw() string {
if m != nil && m.MacvlanVsGw != nil {
return *m.MacvlanVsGw
return Default_NsJailConfig_MacvlanVsGw
func (m *NsJailConfig) GetMacvlanVsMa() string {
if m != nil && m.MacvlanVsMa != nil {
return *m.MacvlanVsMa
return ""
func (m *NsJailConfig) GetExecBin() *Exe {
if m != nil {
return m.ExecBin
return nil
func init() {
proto.RegisterEnum("nsjail.Mode", Mode_name, Mode_value)
proto.RegisterEnum("nsjail.LogLevel", LogLevel_name, LogLevel_value)
proto.RegisterEnum("nsjail.RLimit", RLimit_name, RLimit_value)
proto.RegisterType((*IdMap)(nil), "nsjail.IdMap")
proto.RegisterType((*MountPt)(nil), "nsjail.MountPt")
proto.RegisterType((*Exe)(nil), "nsjail.Exe")
proto.RegisterType((*NsJailConfig)(nil), "nsjail.NsJailConfig")
func init() { proto.RegisterFile("nsjail/config.proto", fileDescriptor_82b7e3129c410694) }
var fileDescriptor_82b7e3129c410694 = []byte{
// 2041 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x57, 0x6d, 0x73, 0xd3, 0x48,
0x12, 0x5e, 0xc7, 0xef, 0xed, 0x97, 0x38, 0x13, 0x02, 0x03, 0x2c, 0xac, 0xc9, 0x12, 0x30, 0xd9,
0x23, 0x71, 0x1c, 0xc8, 0x82, 0x77, 0xf7, 0x96, 0xc4, 0x38, 0xac, 0x39, 0xc7, 0x49, 0x29, 0xc0,
0x5d, 0xdd, 0x17, 0x95, 0x90, 0x26, 0x66, 0x0e, 0x49, 0xa3, 0xd2, 0x48, 0x71, 0xb2, 0x3f, 0xe1,
0x3e, 0xdd, 0x1f, 0xbb, 0xff, 0x74, 0x35, 0x3d, 0x92, 0x23, 0xa7, 0x52, 0xdc, 0x07, 0x57, 0x79,
0xba, 0x9f, 0xa7, 0x9f, 0x9e, 0x99, 0x9e, 0x99, 0x16, 0xac, 0xfa, 0xf2, 0x5f, 0x16, 0x77, 0xb7,
0x6d, 0xe1, 0x9f, 0xf1, 0xe9, 0x56, 0x10, 0x8a, 0x48, 0x90, 0x92, 0x36, 0xae, 0xff, 0x3b, 0x07,
0xc5, 0x91, 0x73, 0x64, 0x05, 0xe4, 0x01, 0x54, 0xb9, 0x2f, 0xb9, 0xc3, 0x4c, 0xee, 0xd0, 0x5c,
0x3b, 0xd7, 0xa9, 0xf6, 0xbf, 0x33, 0x2a, 0xda, 0x34, 0x72, 0xc8, 0x0f, 0x00, 0x22, 0x8e, 0x52,
0xff, 0x52, 0xe2, 0xaf, 0x26, 0xb6, 0x91, 0x43, 0xee, 0x40, 0xd1, 0x16, 0xb1, 0x1f, 0xd1, 0x7c,
0x3b, 0xd7, 0x69, 0xf4, 0x73, 0x3b, 0x86, 0x1e, 0x93, 0x0e, 0xd4, 0x63, 0xc9, 0x4c, 0x9f, 0xcd,
0xb8, 0xe3, 0x59, 0x01, 0x2d, 0xb4, 0x73, 0x9d, 0x4a, 0xbf, 0x78, 0x66, 0xb9, 0x92, 0x19, 0xb5,
0x58, 0xb2, 0x49, 0xe2, 0x59, 0xff, 0x6f, 0x1e, 0xca, 0x47, 0x8a, 0x73, 0x12, 0x11, 0x02, 0x79,
0x19, 0xda, 0xf3, 0x44, 0xd4, 0x80, 0x3c, 0x81, 0x66, 0x10, 0xb2, 0x33, 0x7e, 0x61, 0xca, 0xd0,
0x36, 0x99, 0x7f, 0x3e, 0xcf, 0xa3, 0xae, 0xed, 0xa7, 0xa1, 0x3d, 0xf4, 0xcf, 0xc9, 0x23, 0xa8,
0x29, 0x80, 0x2d, 0xfc, 0x88, 0x25, 0x09, 0xd5, 0xfb, 0xdf, 0x19, 0x20, 0x43, 0x7b, 0xa0, 0x6d,
0x2a, 0xbc, 0x23, 0x23, 0x5a, 0x68, 0x2f, 0xe9, 0xf0, 0x8e, 0x8c, 0x32, 0xe1, 0x1d, 0x19, 0x61,
0xf8, 0xe2, 0x62, 0xf8, 0xb7, 0x32, 0x52, 0xe1, 0x29, 0x94, 0xce, 0x64, 0x74, 0x19, 0x30, 0x5a,
0x4a, 0xfc, 0xc9, 0x98, 0xdc, 0x83, 0xb2, 0x08, 0x22, 0x2e, 0x7c, 0x49, 0xcb, 0x89, 0x2b, 0x35,
0x90, 0x87, 0x50, 0xe6, 0xd2, 0xfc, 0xcc, 0x7d, 0x87, 0x56, 0xb2, 0x2b, 0x50, 0xe2, 0xf2, 0x80,
0xfb, 0x0e, 0x59, 0x83, 0xa5, 0x70, 0x46, 0xab, 0x59, 0xd7, 0x52, 0x38, 0x23, 0x6b, 0x50, 0xe2,
0xd2, 0x74, 0x78, 0x48, 0x41, 0xb9, 0x8c, 0x22, 0x97, 0x6f, 0x79, 0x48, 0xd6, 0xa1, 0xea, 0x59,
0xbe, 0x63, 0x45, 0x22, 0xbc, 0xa4, 0x35, 0x24, 0x15, 0xa2, 0x30, 0x66, 0xc6, 0x95, 0x99, 0x3c,
0x06, 0xe0, 0xd2, 0x94, 0x97, 0x9e, 0xcb, 0xfd, 0xaf, 0xb4, 0x9e, 0x8d, 0x5c, 0xe5, 0xf2, 0x54,
0xdb, 0xc9, 0x03, 0x28, 0xf9, 0x42, 0xc6, 0xdc, 0xa1, 0x8d, 0x85, 0xb4, 0xb4, 0x91, 0xdc, 0x87,
0xa2, 0x2f, 0x1c, 0x76, 0x4e, 0x9b, 0x59, 0xaf, 0xb6, 0x69, 0x2e, 0xbb, 0x60, 0x36, 0x5d, 0xbe,
0xc6, 0x55, 0xc6, 0x75, 0x13, 0xf2, 0xc3, 0x0b, 0x46, 0x08, 0x14, 0x02, 0x2b, 0xfa, 0x42, 0x73,
0x6a, 0xb1, 0x0d, 0xfc, 0x4f, 0x5a, 0x90, 0xb7, 0xc2, 0x29, 0x5d, 0x6a, 0xe7, 0x3b, 0x55, 0x43,
0xfd, 0x55, 0x28, 0x2b, 0x9c, 0x76, 0x71, 0xb7, 0xaa, 0x06, 0xfe, 0x57, 0x6b, 0xa6, 0x02, 0x99,
0x67, 0xce, 0x62, 0xd5, 0x94, 0x94, 0xf5, 0xd0, 0x59, 0xff, 0xcf, 0x7d, 0xa8, 0x4f, 0xe4, 0x7b,
0x8b, 0xbb, 0x03, 0x2c, 0x6e, 0x72, 0x0b, 0x0a, 0xbe, 0xe5, 0xb1, 0x79, 0xd9, 0xe0, 0x88, 0xb4,
0xa1, 0xe6, 0x30, 0x69, 0x87, 0x1c, 0xb7, 0x22, 0x11, 0xcd, 0x9a, 0xc8, 0x13, 0x28, 0x78, 0xc2,
0x61, 0x28, 0xde, 0xec, 0xd5, 0xb7, 0xf4, 0xe9, 0xd8, 0x3a, 0x12, 0x0e, 0xeb, 0x17, 0x8e, 0x27,
0x83, 0xa1, 0x81, 0x7e, 0xf2, 0x08, 0xc0, 0xfe, 0x12, 0x0a, 0x11, 0xe1, 0x8e, 0xa8, 0x9c, 0xaa,
0x07, 0x4b, 0x34, 0x67, 0x54, 0xb5, 0x55, 0xed, 0xcc, 0x53, 0x5c, 0x75, 0xc4, 0x84, 0x33, 0xac,
0xa0, 0x34, 0x6d, 0x44, 0x56, 0xb8, 0x34, 0x84, 0x88, 0x8c, 0x19, 0x59, 0x87, 0xca, 0x17, 0x21,
0x23, 0xcc, 0xb7, 0x82, 0xf9, 0x96, 0x26, 0xa7, 0xef, 0xf7, 0x47, 0x63, 0x63, 0x6e, 0x27, 0xab,
0x90, 0xb7, 0x67, 0x0e, 0x56, 0x45, 0xb5, 0x9f, 0xdb, 0x36, 0xd4, 0x88, 0xac, 0x41, 0x21, 0x10,
0x61, 0x84, 0x05, 0xd1, 0xe8, 0xe7, 0xba, 0x06, 0x0e, 0xc9, 0x43, 0xa8, 0xa8, 0xea, 0x52, 0x5c,
0xac, 0x88, 0x6a, 0x7f, 0xa9, 0xdf, 0x37, 0xe6, 0x36, 0xb2, 0x09, 0x2d, 0xcf, 0xba, 0x50, 0xa7,
0xc2, 0x97, 0x66, 0xc0, 0x42, 0x93, 0x07, 0x58, 0x14, 0x18, 0xa2, 0xe1, 0x59, 0x17, 0x03, 0xe5,
0x39, 0x61, 0xe1, 0x28, 0x20, 0xeb, 0x00, 0x11, 0xf7, 0x98, 0xe9, 0x72, 0x8f, 0x47, 0x58, 0x18,
0x8d, 0x7e, 0x7e, 0xaf, 0xdb, 0x35, 0xaa, 0xca, 0x3c, 0x56, 0x56, 0xb5, 0xf9, 0x8e, 0xc5, 0x3c,
0xe1, 0x2f, 0x96, 0x46, 0x62, 0x24, 0xdf, 0x43, 0x05, 0xe5, 0x82, 0x58, 0x62, 0x75, 0xa0, 0x4c,
0x59, 0xc9, 0x04, 0xb1, 0x54, 0x65, 0xed, 0x8a, 0xa9, 0xda, 0xd8, 0x56, 0x3b, 0xd7, 0x29, 0x1a,
0x45, 0x57, 0x4c, 0x0f, 0x1d, 0x72, 0x17, 0x2a, 0x68, 0xe6, 0x2e, 0xa3, 0x2b, 0x58, 0x08, 0x65,
0xe5, 0xe0, 0x2e, 0x23, 0xcf, 0xa1, 0xaa, 0x5c, 0x2e, 0x3b, 0x67, 0x2e, 0x25, 0xb8, 0x4f, 0xad,
0x74, 0x9f, 0xc6, 0x62, 0x3a, 0x56, 0x76, 0x43, 0xb1, 0xf1, 0x1f, 0x69, 0x43, 0xe5, 0x2b, 0x63,
0x01, 0x1e, 0xe3, 0xd5, 0x6c, 0x7e, 0x65, 0x65, 0x56, 0xc7, 0xf8, 0x16, 0x14, 0x99, 0x7f, 0x6e,
0x85, 0xf4, 0x16, 0xd6, 0x83, 0x1e, 0xa8, 0x83, 0x85, 0x3c, 0xdb, 0x0a, 0x24, 0x5d, 0xcb, 0x12,
0x31, 0xde, 0xc0, 0x0a, 0xa4, 0x2a, 0x5e, 0xdb, 0x0a, 0xe8, 0x6d, 0x5d, 0xbc, 0x36, 0x5e, 0x9e,
0x25, 0xc9, 0x5d, 0x75, 0xd9, 0xdc, 0x59, 0x58, 0x0b, 0x6d, 0x24, 0x4f, 0xa0, 0x26, 0xbf, 0xf2,
0xc0, 0x94, 0x4c, 0xdd, 0x96, 0x94, 0x66, 0x31, 0xa0, 0x3c, 0xa7, 0xe8, 0x20, 0x3f, 0x41, 0x53,
0x46, 0x0e, 0x0b, 0x43, 0x33, 0x12, 0xa6, 0x1f, 0xbb, 0x2e, 0xbd, 0x9b, 0x85, 0xd6, 0xb5, 0xf3,
0x83, 0x98, 0xc4, 0xae, 0x4b, 0xee, 0x40, 0x39, 0xb0, 0xa4, 0x54, 0x6b, 0x78, 0xaf, 0x9d, 0xef,
0x14, 0x8d, 0x92, 0x1a, 0x1e, 0x3a, 0x64, 0x0f, 0x6e, 0x39, 0x5c, 0x5a, 0x9f, 0x5d, 0x66, 0xfa,
0x42, 0xdd, 0xbb, 0x66, 0x10, 0xf2, 0x73, 0x49, 0xef, 0x67, 0x63, 0xad, 0x24, 0x90, 0x89, 0x98,
0xb0, 0xd9, 0x89, 0xf2, 0x93, 0x36, 0x54, 0x43, 0xdc, 0x70, 0xd3, 0x92, 0xf4, 0xfb, 0x76, 0xae,
0x53, 0xe8, 0xe7, 0x5f, 0xee, 0xf4, 0x8c, 0x8a, 0xb6, 0xee, 0x4b, 0xf2, 0x0b, 0x34, 0xe7, 0x08,
0x13, 0x6f, 0xc0, 0x07, 0xb8, 0x11, 0xcd, 0x74, 0x23, 0x0c, 0x2c, 0x8d, 0x7e, 0xf1, 0xd3, 0xfe,
0xf8, 0xe3, 0xd0, 0xa8, 0xa7, 0xc4, 0x0f, 0xea, 0x72, 0x5c, 0x87, 0x5a, 0x42, 0xb6, 0x45, 0xc8,
0xe8, 0x43, 0x14, 0xc8, 0x75, 0x0d, 0xd0, 0xd6, 0x81, 0x08, 0x19, 0xf9, 0x1d, 0x5a, 0x19, 0x8c,
0x96, 0xf8, 0xe1, 0x5b, 0x12, 0xcd, 0x2b, 0x72, 0x22, 0x02, 0x69, 0x80, 0x20, 0xa6, 0x6d, 0x3d,
0x09, 0x2c, 0xdc, 0x04, 0x18, 0xc4, 0xe4, 0x37, 0x58, 0xbe, 0xc2, 0x68, 0x8d, 0x47, 0xdf, 0xd2,
0x68, 0xcc, 0xa9, 0x28, 0xf1, 0x18, 0x92, 0x79, 0x99, 0x67, 0x92, 0xff, 0xc9, 0xe8, 0xba, 0x9e,
0xc8, 0x8e, 0x91, 0x4c, 0xef, 0x50, 0x59, 0xc9, 0x3e, 0xac, 0x64, 0x51, 0x5a, 0xe6, 0xc7, 0x6f,
0xc9, 0x2c, 0x67, 0xe8, 0x28, 0xf4, 0x14, 0x12, 0x65, 0xd3, 0x17, 0x78, 0x22, 0x1e, 0xa3, 0xd2,
0xd2, 0x6e, 0x2f, 0x5d, 0xd9, 0x09, 0xda, 0xc9, 0x00, 0xc8, 0x02, 0x50, 0x8b, 0x6d, 0x7c, 0x4b,
0xac, 0x95, 0x0d, 0x90, 0xa8, 0xa5, 0xd3, 0xf2, 0x83, 0x50, 0xd8, 0xf4, 0x09, 0x8a, 0x15, 0x76,
0xba, 0xbd, 0x17, 0xe9, 0xcc, 0x26, 0xca, 0x41, 0xde, 0xcc, 0x67, 0x86, 0x40, 0x2d, 0xf6, 0xf4,
0x46, 0xb1, 0xc2, 0xe9, 0xf1, 0xe1, 0x87, 0x74, 0x62, 0xc8, 0x46, 0xa9, 0xcd, 0xb9, 0x94, 0x8c,
0x2c, 0xfb, 0x2b, 0xed, 0xa0, 0x54, 0x79, 0xa7, 0xfb, 0xe2, 0xd5, 0xcb, 0x9f, 0xf7, 0x52, 0xb5,
0x53, 0xe5, 0xcb, 0xa8, 0x21, 0x56, 0xab, 0x3d, 0xfb, 0xff, 0x6a, 0xc8, 0x46, 0xb5, 0x03, 0xb8,
0x17, 0xb0, 0x50, 0x0a, 0xdf, 0x32, 0x2d, 0xc7, 0x09, 0x4d, 0x5b, 0x78, 0x81, 0x15, 0x99, 0xae,
0x75, 0x29, 0xe2, 0x88, 0x6e, 0x66, 0x0f, 0xc5, 0x9d, 0x04, 0xb8, 0xef, 0x38, 0xe1, 0x00, 0x61,
0x63, 0x44, 0x91, 0x3e, 0xdc, 0x4e, 0x63, 0x78, 0x9e, 0x15, 0x98, 0x81, 0x35, 0x65, 0xe6, 0x9f,
0x2c, 0x14, 0xf4, 0xa7, 0x2c, 0x7f, 0x35, 0x01, 0x1d, 0x79, 0x56, 0x70, 0x62, 0x4d, 0xd9, 0x3f,
0x59, 0x28, 0xc8, 0x1b, 0xb8, 0x9b, 0x72, 0x43, 0x66, 0x39, 0x26, 0xf7, 0x02, 0x97, 0x33, 0x69,
0xe2, 0xbb, 0xf9, 0x97, 0x2c, 0x3d, 0xd5, 0x30, 0x98, 0xe5, 0x8c, 0x34, 0x6a, 0x78, 0xc1, 0xec,
0xac, 0x3a, 0xce, 0x40, 0xaf, 0xc7, 0xee, 0xf4, 0x33, 0x7d, 0x7e, 0x93, 0xba, 0xca, 0x1e, 0x57,
0x64, 0x77, 0xfa, 0x39, 0xab, 0x8e, 0x5c, 0x5f, 0x98, 0xa1, 0xe5, 0x3b, 0xc2, 0x53, 0xa5, 0xbb,
0x75, 0x93, 0xba, 0xa2, 0x4f, 0x84, 0x91, 0x82, 0x54, 0x61, 0xd8, 0xae, 0xf0, 0xb1, 0x83, 0xf3,
0x59, 0x44, 0xb7, 0x33, 0xdd, 0x46, 0x0d, 0x3d, 0x13, 0x74, 0x90, 0x67, 0xd0, 0x98, 0x03, 0x63,
0xc9, 0x42, 0xda, 0xcd, 0x20, 0xeb, 0x29, 0x52, 0x79, 0xc8, 0x06, 0xd4, 0xae, 0x62, 0x4a, 0xba,
0x93, 0x01, 0xc2, 0x3c, 0xa4, 0x5c, 0x90, 0x0e, 0xb8, 0x43, 0x7b, 0x37, 0x49, 0x07, 0xdc, 0x59,
0x00, 0xf2, 0xc0, 0xa6, 0xbb, 0x37, 0x01, 0x79, 0x60, 0x2f, 0x00, 0xe3, 0x48, 0xd2, 0x17, 0x37,
0x01, 0xe3, 0x48, 0x92, 0xe7, 0xb0, 0x3c, 0x07, 0xda, 0xd3, 0x50, 0xc4, 0x01, 0x7d, 0x99, 0xc1,
0x36, 0x53, 0xac, 0xf6, 0x91, 0x0d, 0x28, 0xc5, 0xba, 0xbd, 0xdd, 0x6b, 0xe7, 0x3b, 0xb5, 0x5e,
0x23, 0xad, 0x4d, 0x6c, 0xae, 0x8d, 0xc4, 0xa9, 0x60, 0x53, 0x0d, 0xfb, 0xf9, 0x46, 0x98, 0x76,
0xaa, 0xce, 0xcd, 0x53, 0x7d, 0xb0, 0x89, 0x27, 0xf1, 0xd5, 0x42, 0xe7, 0x86, 0x8e, 0x13, 0x75,
0x10, 0x37, 0xa0, 0x88, 0x03, 0xfa, 0x1a, 0x63, 0x2d, 0x5f, 0x75, 0x2d, 0xd8, 0x42, 0x1b, 0xda,
0x4b, 0xb6, 0x60, 0x55, 0x32, 0x5b, 0x55, 0xbd, 0x19, 0x08, 0x97, 0xdb, 0x97, 0xfa, 0x79, 0xed,
0xe3, 0xf3, 0xba, 0x92, 0xb8, 0x4e, 0xd0, 0x83, 0x0f, 0xed, 0x06, 0x34, 0x53, 0xbc, 0x8c, 0x42,
0xee, 0x4f, 0xe9, 0x2f, 0xf8, 0xd0, 0x35, 0x12, 0xeb, 0x29, 0x1a, 0xf1, 0x4d, 0x4b, 0x60, 0xae,
0x98, 0xd2, 0x5f, 0x17, 0xdf, 0x34, 0xed, 0x19, 0x8b, 0x29, 0x79, 0x0a, 0x4d, 0xbd, 0x46, 0xa6,
0xc7, 0x3c, 0xd3, 0xb3, 0x2e, 0xe8, 0x6f, 0xe9, 0xcd, 0x5f, 0xd7, 0x8e, 0x23, 0xe6, 0x1d, 0x59,
0x17, 0xea, 0xee, 0xcf, 0x02, 0x71, 0x66, 0x7f, 0xc5, 0x3e, 0x66, 0x6d, 0x5b, 0x5e, 0xca, 0xed,
0x33, 0xb9, 0xad, 0xfd, 0xdb, 0x1e, 0xf3, 0x44, 0x78, 0x69, 0x34, 0xaf, 0xe8, 0x38, 0xd1, 0x1e,
0xac, 0x64, 0x02, 0x04, 0x56, 0xa8, 0xde, 0xe3, 0xdf, 0x17, 0x3a, 0xab, 0xe5, 0x39, 0xe5, 0x04,
0xdd, 0xe4, 0x19, 0x24, 0x26, 0x33, 0xe0, 0x8e, 0xc4, 0xf4, 0xde, 0xa4, 0xe9, 0x35, 0xb4, 0xe7,
0x84, 0x3b, 0x52, 0xe7, 0xb7, 0xb2, 0x00, 0xc5, 0x04, 0xf7, 0x31, 0xfc, 0xea, 0xb5, 0x04, 0x15,
0x20, 0xd5, 0x42, 0x3a, 0xe6, 0xf7, 0x02, 0x48, 0x36, 0x40, 0x92, 0xe0, 0xc1, 0x42, 0x82, 0xad,
0x2b, 0x52, 0x92, 0xe1, 0x1e, 0xdc, 0x4e, 0x58, 0x3e, 0x8b, 0x4c, 0xdb, 0x95, 0xa6, 0xed, 0x5a,
0x52, 0xb5, 0x11, 0x83, 0xb4, 0xab, 0x5a, 0xd5, 0x80, 0x09, 0x8b, 0x06, 0xae, 0x1c, 0x68, 0x2f,
0x79, 0x07, 0xb7, 0xae, 0xf1, 0x74, 0xc6, 0x6f, 0x51, 0xef, 0xf6, 0xb5, 0x8c, 0x13, 0x8c, 0xb1,
0x92, 0x0d, 0xa5, 0xd3, 0x7e, 0x0d, 0x6b, 0xd7, 0x02, 0x25, 0x99, 0x0f, 0x17, 0x32, 0x27, 0x59,
0x66, 0x92, 0xfb, 0xee, 0x9c, 0xaa, 0x5e, 0x5a, 0x4f, 0xb7, 0x9d, 0x92, 0xd9, 0xf4, 0x30, 0x4d,
0x3d, 0xd1, 0x1b, 0x04, 0xf1, 0x91, 0x6a, 0x3d, 0x4f, 0x99, 0x4d, 0x7e, 0x9d, 0xd7, 0x01, 0x92,
0x30, 0xe9, 0x77, 0x28, 0x45, 0xae, 0x25, 0x6d, 0x07, 0x71, 0x5a, 0x04, 0x2a, 0xc0, 0xb5, 0x22,
0x50, 0xec, 0x24, 0xd3, 0x3f, 0x6e, 0x2a, 0x82, 0x41, 0x10, 0x27, 0x69, 0x6e, 0x40, 0x8d, 0x9f,
0x59, 0x36, 0xb6, 0x4b, 0xae, 0xa0, 0xa3, 0xc5, 0x2f, 0x25, 0xe5, 0x99, 0x88, 0xb1, 0x20, 0xf7,
0x41, 0x0f, 0x4c, 0x31, 0xf3, 0xe9, 0x7b, 0x3c, 0x13, 0x15, 0x34, 0x1c, 0xcf, 0x7c, 0xf2, 0x23,
0x34, 0x3c, 0xcb, 0x3e, 0x77, 0x2d, 0xdf, 0x44, 0x1b, 0xfd, 0x1b, 0x9e, 0xaf, 0x7a, 0x62, 0x1c,
0x29, 0x1b, 0xd9, 0xbe, 0x02, 0x9d, 0x4b, 0xd5, 0x7f, 0x8f, 0x31, 0xb1, 0xda, 0xce, 0xeb, 0xde,
0xd6, 0xce, 0xde, 0xab, 0xad, 0xee, 0x56, 0xcf, 0xa8, 0x25, 0x88, 0x4f, 0x72, 0x14, 0x90, 0x9d,
0x05, 0x82, 0xef, 0xd1, 0x23, 0x24, 0x34, 0x7a, 0x2f, 0x5f, 0x6e, 0xa5, 0xbf, 0x6e, 0x86, 0x32,
0xf1, 0xae, 0x69, 0x4c, 0x67, 0x74, 0x72, 0x5d, 0x63, 0x27, 0x43, 0x78, 0x37, 0x23, 0x8f, 0x17,
0x08, 0x9e, 0x45, 0x8f, 0x93, 0x8f, 0xa7, 0x2b, 0xd4, 0x91, 0x45, 0x9e, 0x40, 0x05, 0x3f, 0xc5,
0x3e, 0x73, 0x9f, 0x9e, 0xb4, 0x73, 0x9d, 0x5a, 0xaf, 0x96, 0xde, 0x37, 0xc3, 0x0b, 0x66, 0xe0,
0x77, 0xda, 0x01, 0xf7, 0x37, 0x77, 0xa1, 0xa0, 0xbe, 0x9a, 0x08, 0x40, 0x69, 0x3c, 0x3a, 0xfd,
0x30, 0x9c, 0xb4, 0xbe, 0x23, 0x15, 0xc0, 0x6f, 0xa8, 0x56, 0x8e, 0x54, 0xa1, 0x68, 0x0c, 0x8d,
0x8f, 0x93, 0xd6, 0x92, 0x02, 0x0c, 0xff, 0x31, 0x1c, 0x7c, 0x1a, 0xb6, 0xf2, 0x9b, 0x07, 0x50,
0x49, 0x5b, 0x78, 0x05, 0x79, 0x3b, 0x3c, 0xf8, 0xf8, 0x4e, 0xf3, 0x46, 0x93, 0xc3, 0xe3, 0x56,
0x8e, 0xd4, 0xa0, 0xfc, 0xf7, 0x7d, 0x63, 0x32, 0x9a, 0xbc, 0x6b, 0x2d, 0x29, 0xc4, 0xd0, 0x30,
0x8e, 0x8d, 0x56, 0x5e, 0xfd, 0x3d, 0xdc, 0xff, 0xb0, 0x3f, 0x6e, 0x15, 0x36, 0xbb, 0x50, 0xd2,
0x7d, 0x80, 0x32, 0x62, 0x93, 0xa3, 0x23, 0xa8, 0xa6, 0xa0, 0x95, 0x53, 0xff, 0xfe, 0xd8, 0x37,
0xde, 0xb6, 0x96, 0x48, 0x19, 0xf2, 0xa3, 0xc9, 0x61, 0x2b, 0xff, 0xbf, 0x00, 0x00, 0x00, 0xff,
0xff, 0x27, 0xf6, 0x8f, 0xb6, 0x19, 0x11, 0x00, 0x00,