| // Code generated by protoc-gen-go. DO NOT EDIT. |
| // source: nsjail/config.proto |
| |
| package nsjail |
| |
| import ( |
| fmt "fmt" |
| proto "github.com/golang/protobuf/proto" |
| math "math" |
| ) |
| |
| // Reference imports to suppress errors if they are not otherwise used. |
| var _ = proto.Marshal |
| var _ = fmt.Errorf |
| var _ = math.Inf |
| |
| // This is a compile-time assertion to ensure that this generated file |
| // is compatible with the proto package it is being compiled against. |
| // A compilation error at this line likely means your copy of the |
| // proto package needs to be updated. |
| const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package |
| |
| type Mode int32 |
| |
| const ( |
| Mode_LISTEN Mode = 0 |
| Mode_ONCE Mode = 1 |
| Mode_RERUN Mode = 2 |
| Mode_EXECVE Mode = 3 |
| ) |
| |
| var Mode_name = map[int32]string{ |
| 0: "LISTEN", |
| 1: "ONCE", |
| 2: "RERUN", |
| 3: "EXECVE", |
| } |
| |
| var Mode_value = map[string]int32{ |
| "LISTEN": 0, |
| "ONCE": 1, |
| "RERUN": 2, |
| "EXECVE": 3, |
| } |
| |
| func (x Mode) Enum() *Mode { |
| p := new(Mode) |
| *p = x |
| return p |
| } |
| |
| func (x Mode) String() string { |
| return proto.EnumName(Mode_name, int32(x)) |
| } |
| |
| func (x *Mode) UnmarshalJSON(data []byte) error { |
| value, err := proto.UnmarshalJSONEnum(Mode_value, data, "Mode") |
| if err != nil { |
| return err |
| } |
| *x = Mode(value) |
| return nil |
| } |
| |
| func (Mode) EnumDescriptor() ([]byte, []int) { |
| return fileDescriptor_82b7e3129c410694, []int{0} |
| } |
| |
| // Should be self explanatory |
| type LogLevel int32 |
| |
| const ( |
| LogLevel_DEBUG LogLevel = 0 |
| LogLevel_INFO LogLevel = 1 |
| LogLevel_WARNING LogLevel = 2 |
| LogLevel_ERROR LogLevel = 3 |
| LogLevel_FATAL LogLevel = 4 |
| ) |
| |
| var LogLevel_name = map[int32]string{ |
| 0: "DEBUG", |
| 1: "INFO", |
| 2: "WARNING", |
| 3: "ERROR", |
| 4: "FATAL", |
| } |
| |
| var LogLevel_value = map[string]int32{ |
| "DEBUG": 0, |
| "INFO": 1, |
| "WARNING": 2, |
| "ERROR": 3, |
| "FATAL": 4, |
| } |
| |
| func (x LogLevel) Enum() *LogLevel { |
| p := new(LogLevel) |
| *p = x |
| return p |
| } |
| |
| func (x LogLevel) String() string { |
| return proto.EnumName(LogLevel_name, int32(x)) |
| } |
| |
| func (x *LogLevel) UnmarshalJSON(data []byte) error { |
| value, err := proto.UnmarshalJSONEnum(LogLevel_value, data, "LogLevel") |
| if err != nil { |
| return err |
| } |
| *x = LogLevel(value) |
| return nil |
| } |
| |
| func (LogLevel) EnumDescriptor() ([]byte, []int) { |
| return fileDescriptor_82b7e3129c410694, []int{1} |
| } |
| |
| type RLimit int32 |
| |
| const ( |
| RLimit_VALUE RLimit = 0 |
| RLimit_SOFT RLimit = 1 |
| RLimit_HARD RLimit = 2 |
| RLimit_INF RLimit = 3 |
| ) |
| |
| var RLimit_name = map[int32]string{ |
| 0: "VALUE", |
| 1: "SOFT", |
| 2: "HARD", |
| 3: "INF", |
| } |
| |
| var RLimit_value = map[string]int32{ |
| "VALUE": 0, |
| "SOFT": 1, |
| "HARD": 2, |
| "INF": 3, |
| } |
| |
| func (x RLimit) Enum() *RLimit { |
| p := new(RLimit) |
| *p = x |
| return p |
| } |
| |
| func (x RLimit) String() string { |
| return proto.EnumName(RLimit_name, int32(x)) |
| } |
| |
| func (x *RLimit) UnmarshalJSON(data []byte) error { |
| value, err := proto.UnmarshalJSONEnum(RLimit_value, data, "RLimit") |
| if err != nil { |
| return err |
| } |
| *x = RLimit(value) |
| return nil |
| } |
| |
| func (RLimit) EnumDescriptor() ([]byte, []int) { |
| return fileDescriptor_82b7e3129c410694, []int{2} |
| } |
| |
| type IdMap struct { |
| // Empty string means "current uid/gid" |
| InsideId *string `protobuf:"bytes,1,opt,name=inside_id,json=insideId,def=" json:"inside_id,omitempty"` |
| OutsideId *string `protobuf:"bytes,2,opt,name=outside_id,json=outsideId,def=" json:"outside_id,omitempty"` |
| // See 'man user_namespaces' for the meaning of count |
| Count *uint32 `protobuf:"varint,3,opt,name=count,def=1" json:"count,omitempty"` |
| // Does this map use /usr/bin/new[u|g]idmap binary? |
| UseNewidmap *bool `protobuf:"varint,4,opt,name=use_newidmap,json=useNewidmap,def=0" json:"use_newidmap,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *IdMap) Reset() { *m = IdMap{} } |
| func (m *IdMap) String() string { return proto.CompactTextString(m) } |
| func (*IdMap) ProtoMessage() {} |
| func (*IdMap) Descriptor() ([]byte, []int) { |
| return fileDescriptor_82b7e3129c410694, []int{0} |
| } |
| |
| func (m *IdMap) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_IdMap.Unmarshal(m, b) |
| } |
| func (m *IdMap) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_IdMap.Marshal(b, m, deterministic) |
| } |
| func (m *IdMap) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_IdMap.Merge(m, src) |
| } |
| func (m *IdMap) XXX_Size() int { |
| return xxx_messageInfo_IdMap.Size(m) |
| } |
| func (m *IdMap) XXX_DiscardUnknown() { |
| xxx_messageInfo_IdMap.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_IdMap proto.InternalMessageInfo |
| |
| const Default_IdMap_Count uint32 = 1 |
| const Default_IdMap_UseNewidmap bool = false |
| |
| func (m *IdMap) GetInsideId() string { |
| if m != nil && m.InsideId != nil { |
| return *m.InsideId |
| } |
| return "" |
| } |
| |
| func (m *IdMap) GetOutsideId() string { |
| if m != nil && m.OutsideId != nil { |
| return *m.OutsideId |
| } |
| return "" |
| } |
| |
| func (m *IdMap) GetCount() uint32 { |
| if m != nil && m.Count != nil { |
| return *m.Count |
| } |
| return Default_IdMap_Count |
| } |
| |
| func (m *IdMap) GetUseNewidmap() bool { |
| if m != nil && m.UseNewidmap != nil { |
| return *m.UseNewidmap |
| } |
| return Default_IdMap_UseNewidmap |
| } |
| |
| type MountPt struct { |
| // Can be skipped for filesystems like 'proc' |
| Src *string `protobuf:"bytes,1,opt,name=src,def=" json:"src,omitempty"` |
| // Should 'src' path be prefixed with this envvar? |
| PrefixSrcEnv *string `protobuf:"bytes,2,opt,name=prefix_src_env,json=prefixSrcEnv,def=" json:"prefix_src_env,omitempty"` |
| // If specified, contains buffer that will be written to the dst file |
| SrcContent []byte `protobuf:"bytes,3,opt,name=src_content,json=srcContent,def=" json:"src_content,omitempty"` |
| // Mount point inside jail |
| Dst *string `protobuf:"bytes,4,req,name=dst,def=" json:"dst,omitempty"` |
| // Should 'dst' path be prefixed with this envvar? |
| PrefixDstEnv *string `protobuf:"bytes,5,opt,name=prefix_dst_env,json=prefixDstEnv,def=" json:"prefix_dst_env,omitempty"` |
| // Can be empty for mount --bind mounts |
| Fstype *string `protobuf:"bytes,6,opt,name=fstype,def=" json:"fstype,omitempty"` |
| // E.g. size=5000000 for 'tmpfs' |
| Options *string `protobuf:"bytes,7,opt,name=options,def=" json:"options,omitempty"` |
| // Is it a 'mount --bind src dst' type of mount? |
| IsBind *bool `protobuf:"varint,8,opt,name=is_bind,json=isBind,def=0" json:"is_bind,omitempty"` |
| // Is it a R/W mount? |
| Rw *bool `protobuf:"varint,9,opt,name=rw,def=0" json:"rw,omitempty"` |
| // Is it a directory? If not specified an internal |
| //heuristics will be used to determine that |
| IsDir *bool `protobuf:"varint,10,opt,name=is_dir,json=isDir" json:"is_dir,omitempty"` |
| // Should the sandboxing fail if we cannot mount this resource? |
| Mandatory *bool `protobuf:"varint,11,opt,name=mandatory,def=1" json:"mandatory,omitempty"` |
| // Is it a symlink (instead of real mount point)? |
| IsSymlink *bool `protobuf:"varint,12,opt,name=is_symlink,json=isSymlink,def=0" json:"is_symlink,omitempty"` |
| // Is it a nosuid mount |
| Nosuid *bool `protobuf:"varint,13,opt,name=nosuid,def=0" json:"nosuid,omitempty"` |
| // Is it a nodev mount |
| Nodev *bool `protobuf:"varint,14,opt,name=nodev,def=0" json:"nodev,omitempty"` |
| // Is it a noexec mount |
| Noexec *bool `protobuf:"varint,15,opt,name=noexec,def=0" json:"noexec,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *MountPt) Reset() { *m = MountPt{} } |
| func (m *MountPt) String() string { return proto.CompactTextString(m) } |
| func (*MountPt) ProtoMessage() {} |
| func (*MountPt) Descriptor() ([]byte, []int) { |
| return fileDescriptor_82b7e3129c410694, []int{1} |
| } |
| |
| func (m *MountPt) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_MountPt.Unmarshal(m, b) |
| } |
| func (m *MountPt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_MountPt.Marshal(b, m, deterministic) |
| } |
| func (m *MountPt) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_MountPt.Merge(m, src) |
| } |
| func (m *MountPt) XXX_Size() int { |
| return xxx_messageInfo_MountPt.Size(m) |
| } |
| func (m *MountPt) XXX_DiscardUnknown() { |
| xxx_messageInfo_MountPt.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_MountPt proto.InternalMessageInfo |
| |
| const Default_MountPt_IsBind bool = false |
| const Default_MountPt_Rw bool = false |
| const Default_MountPt_Mandatory bool = true |
| const Default_MountPt_IsSymlink bool = false |
| const Default_MountPt_Nosuid bool = false |
| const Default_MountPt_Nodev bool = false |
| const Default_MountPt_Noexec bool = false |
| |
| func (m *MountPt) GetSrc() string { |
| if m != nil && m.Src != nil { |
| return *m.Src |
| } |
| return "" |
| } |
| |
| func (m *MountPt) GetPrefixSrcEnv() string { |
| if m != nil && m.PrefixSrcEnv != nil { |
| return *m.PrefixSrcEnv |
| } |
| return "" |
| } |
| |
| func (m *MountPt) GetSrcContent() []byte { |
| if m != nil { |
| return m.SrcContent |
| } |
| return nil |
| } |
| |
| func (m *MountPt) GetDst() string { |
| if m != nil && m.Dst != nil { |
| return *m.Dst |
| } |
| return "" |
| } |
| |
| func (m *MountPt) GetPrefixDstEnv() string { |
| if m != nil && m.PrefixDstEnv != nil { |
| return *m.PrefixDstEnv |
| } |
| return "" |
| } |
| |
| func (m *MountPt) GetFstype() string { |
| if m != nil && m.Fstype != nil { |
| return *m.Fstype |
| } |
| return "" |
| } |
| |
| func (m *MountPt) GetOptions() string { |
| if m != nil && m.Options != nil { |
| return *m.Options |
| } |
| return "" |
| } |
| |
| func (m *MountPt) GetIsBind() bool { |
| if m != nil && m.IsBind != nil { |
| return *m.IsBind |
| } |
| return Default_MountPt_IsBind |
| } |
| |
| func (m *MountPt) GetRw() bool { |
| if m != nil && m.Rw != nil { |
| return *m.Rw |
| } |
| return Default_MountPt_Rw |
| } |
| |
| func (m *MountPt) GetIsDir() bool { |
| if m != nil && m.IsDir != nil { |
| return *m.IsDir |
| } |
| return false |
| } |
| |
| func (m *MountPt) GetMandatory() bool { |
| if m != nil && m.Mandatory != nil { |
| return *m.Mandatory |
| } |
| return Default_MountPt_Mandatory |
| } |
| |
| func (m *MountPt) GetIsSymlink() bool { |
| if m != nil && m.IsSymlink != nil { |
| return *m.IsSymlink |
| } |
| return Default_MountPt_IsSymlink |
| } |
| |
| func (m *MountPt) GetNosuid() bool { |
| if m != nil && m.Nosuid != nil { |
| return *m.Nosuid |
| } |
| return Default_MountPt_Nosuid |
| } |
| |
| func (m *MountPt) GetNodev() bool { |
| if m != nil && m.Nodev != nil { |
| return *m.Nodev |
| } |
| return Default_MountPt_Nodev |
| } |
| |
| func (m *MountPt) GetNoexec() bool { |
| if m != nil && m.Noexec != nil { |
| return *m.Noexec |
| } |
| return Default_MountPt_Noexec |
| } |
| |
| type Exe struct { |
| // Will be used both as execv's path and as argv[0] |
| Path *string `protobuf:"bytes,1,req,name=path" json:"path,omitempty"` |
| // This will be argv[1] and so on.. |
| Arg []string `protobuf:"bytes,2,rep,name=arg" json:"arg,omitempty"` |
| // Override argv[0] |
| Arg0 *string `protobuf:"bytes,3,opt,name=arg0" json:"arg0,omitempty"` |
| // Should execveat() be used to execute a file-descriptor instead? |
| ExecFd *bool `protobuf:"varint,4,opt,name=exec_fd,json=execFd,def=0" json:"exec_fd,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *Exe) Reset() { *m = Exe{} } |
| func (m *Exe) String() string { return proto.CompactTextString(m) } |
| func (*Exe) ProtoMessage() {} |
| func (*Exe) Descriptor() ([]byte, []int) { |
| return fileDescriptor_82b7e3129c410694, []int{2} |
| } |
| |
| func (m *Exe) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_Exe.Unmarshal(m, b) |
| } |
| func (m *Exe) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_Exe.Marshal(b, m, deterministic) |
| } |
| func (m *Exe) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_Exe.Merge(m, src) |
| } |
| func (m *Exe) XXX_Size() int { |
| return xxx_messageInfo_Exe.Size(m) |
| } |
| func (m *Exe) XXX_DiscardUnknown() { |
| xxx_messageInfo_Exe.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_Exe proto.InternalMessageInfo |
| |
| const Default_Exe_ExecFd bool = false |
| |
| func (m *Exe) GetPath() string { |
| if m != nil && m.Path != nil { |
| return *m.Path |
| } |
| return "" |
| } |
| |
| func (m *Exe) GetArg() []string { |
| if m != nil { |
| return m.Arg |
| } |
| return nil |
| } |
| |
| func (m *Exe) GetArg0() string { |
| if m != nil && m.Arg0 != nil { |
| return *m.Arg0 |
| } |
| return "" |
| } |
| |
| func (m *Exe) GetExecFd() bool { |
| if m != nil && m.ExecFd != nil { |
| return *m.ExecFd |
| } |
| return Default_Exe_ExecFd |
| } |
| |
| type NsJailConfig struct { |
| // Optional name and description for this config |
| Name *string `protobuf:"bytes,1,opt,name=name,def=" json:"name,omitempty"` |
| Description []string `protobuf:"bytes,2,rep,name=description" json:"description,omitempty"` |
| // Execution mode: see 'msg Mode' description for more |
| Mode *Mode `protobuf:"varint,3,opt,name=mode,enum=nsjail.Mode,def=1" json:"mode,omitempty"` |
| // Equivalent to a bind mount with dst='/'. DEPRECATED: Use bind mounts. |
| ChrootDir *string `protobuf:"bytes,4,opt,name=chroot_dir,json=chrootDir" json:"chroot_dir,omitempty"` // Deprecated: Do not use. |
| // Applies both to the chroot_dir and to /proc mounts. DEPRECATED: Use bind mounts |
| IsRootRw *bool `protobuf:"varint,5,opt,name=is_root_rw,json=isRootRw,def=0" json:"is_root_rw,omitempty"` // Deprecated: Do not use. |
| // Hostname inside jail |
| Hostname *string `protobuf:"bytes,8,opt,name=hostname,def=NSJAIL" json:"hostname,omitempty"` |
| // Initial current working directory for the binary |
| Cwd *string `protobuf:"bytes,9,opt,name=cwd,def=/" json:"cwd,omitempty"` |
| // TCP port to listen to. Valid with mode=LISTEN only |
| Port *uint32 `protobuf:"varint,10,opt,name=port,def=0" json:"port,omitempty"` |
| // Host to bind to for mode=LISTEN. Must be in IPv6 format |
| Bindhost *string `protobuf:"bytes,11,opt,name=bindhost,def=::" json:"bindhost,omitempty"` |
| // For mode=LISTEN, maximum number of connections from a single IP |
| MaxConnsPerIp *uint32 `protobuf:"varint,12,opt,name=max_conns_per_ip,json=maxConnsPerIp,def=0" json:"max_conns_per_ip,omitempty"` |
| // Wall-time time limit for commands |
| TimeLimit *uint32 `protobuf:"varint,13,opt,name=time_limit,json=timeLimit,def=600" json:"time_limit,omitempty"` |
| // Should nsjail go into background? |
| Daemon *bool `protobuf:"varint,14,opt,name=daemon,def=0" json:"daemon,omitempty"` |
| // Maximum number of CPUs to use: 0 - no limit |
| MaxCpus *uint32 `protobuf:"varint,15,opt,name=max_cpus,json=maxCpus,def=0" json:"max_cpus,omitempty"` |
| // FD to log to. |
| LogFd *int32 `protobuf:"varint,16,opt,name=log_fd,json=logFd" json:"log_fd,omitempty"` |
| // File to save lofs to |
| LogFile *string `protobuf:"bytes,17,opt,name=log_file,json=logFile" json:"log_file,omitempty"` |
| // Minimum log level displayed. |
| //See 'msg LogLevel' description for more |
| LogLevel *LogLevel `protobuf:"varint,18,opt,name=log_level,json=logLevel,enum=nsjail.LogLevel" json:"log_level,omitempty"` |
| // Should the current environment variables be kept |
| //when executing the binary |
| KeepEnv *bool `protobuf:"varint,19,opt,name=keep_env,json=keepEnv,def=0" json:"keep_env,omitempty"` |
| // EnvVars to be set before executing binaries. If the envvar doesn't contain '=' |
| //(e.g. just the 'DISPLAY' string), the current envvar value will be used |
| Envar []string `protobuf:"bytes,20,rep,name=envar" json:"envar,omitempty"` |
| // Should capabilities be preserved or dropped |
| KeepCaps *bool `protobuf:"varint,21,opt,name=keep_caps,json=keepCaps,def=0" json:"keep_caps,omitempty"` |
| // Which capabilities should be preserved if keep_caps == false. |
| //Format: "CAP_SYS_PTRACE" |
| Cap []string `protobuf:"bytes,22,rep,name=cap" json:"cap,omitempty"` |
| // Should nsjail close FD=0,1,2 before executing the process |
| Silent *bool `protobuf:"varint,23,opt,name=silent,def=0" json:"silent,omitempty"` |
| // Should the child process have control over terminal? |
| //Can be useful to allow /bin/sh to provide |
| //job control / signals. Dangerous, can be used to put |
| //characters into the controlling terminal back |
| SkipSetsid *bool `protobuf:"varint,24,opt,name=skip_setsid,json=skipSetsid,def=0" json:"skip_setsid,omitempty"` |
| // Redirect sdterr of the process to /dev/null instead of the socket or original TTY |
| StderrToNull *bool `protobuf:"varint,25,opt,name=stderr_to_null,json=stderrToNull,def=0" json:"stderr_to_null,omitempty"` |
| // Which FDs should be passed to the newly executed process |
| //By default only FD=0,1,2 are passed |
| PassFd []int32 `protobuf:"varint,26,rep,name=pass_fd,json=passFd" json:"pass_fd,omitempty"` |
| // Setting it to true will allow to have set-uid binaries |
| //inside the jail |
| DisableNoNewPrivs *bool `protobuf:"varint,27,opt,name=disable_no_new_privs,json=disableNoNewPrivs,def=0" json:"disable_no_new_privs,omitempty"` |
| // Various rlimits, the rlimit_as/rlimit_core/... are used only if |
| //rlimit_as_type/rlimit_core_type/... are set to RLimit::VALUE |
| RlimitAs *uint64 `protobuf:"varint,28,opt,name=rlimit_as,json=rlimitAs,def=512" json:"rlimit_as,omitempty"` |
| RlimitAsType *RLimit `protobuf:"varint,29,opt,name=rlimit_as_type,json=rlimitAsType,enum=nsjail.RLimit,def=0" json:"rlimit_as_type,omitempty"` |
| RlimitCore *uint64 `protobuf:"varint,30,opt,name=rlimit_core,json=rlimitCore,def=0" json:"rlimit_core,omitempty"` |
| RlimitCoreType *RLimit `protobuf:"varint,31,opt,name=rlimit_core_type,json=rlimitCoreType,enum=nsjail.RLimit,def=0" json:"rlimit_core_type,omitempty"` |
| RlimitCpu *uint64 `protobuf:"varint,32,opt,name=rlimit_cpu,json=rlimitCpu,def=600" json:"rlimit_cpu,omitempty"` |
| RlimitCpuType *RLimit `protobuf:"varint,33,opt,name=rlimit_cpu_type,json=rlimitCpuType,enum=nsjail.RLimit,def=0" json:"rlimit_cpu_type,omitempty"` |
| RlimitFsize *uint64 `protobuf:"varint,34,opt,name=rlimit_fsize,json=rlimitFsize,def=1" json:"rlimit_fsize,omitempty"` |
| RlimitFsizeType *RLimit `protobuf:"varint,35,opt,name=rlimit_fsize_type,json=rlimitFsizeType,enum=nsjail.RLimit,def=0" json:"rlimit_fsize_type,omitempty"` |
| RlimitNofile *uint64 `protobuf:"varint,36,opt,name=rlimit_nofile,json=rlimitNofile,def=32" json:"rlimit_nofile,omitempty"` |
| RlimitNofileType *RLimit `protobuf:"varint,37,opt,name=rlimit_nofile_type,json=rlimitNofileType,enum=nsjail.RLimit,def=0" json:"rlimit_nofile_type,omitempty"` |
| // RLIMIT_NPROC is system-wide - tricky to use; use the soft limit value by |
| // default here |
| RlimitNproc *uint64 `protobuf:"varint,38,opt,name=rlimit_nproc,json=rlimitNproc,def=1024" json:"rlimit_nproc,omitempty"` |
| RlimitNprocType *RLimit `protobuf:"varint,39,opt,name=rlimit_nproc_type,json=rlimitNprocType,enum=nsjail.RLimit,def=1" json:"rlimit_nproc_type,omitempty"` |
| // In MiB, use the soft limit value by default |
| RlimitStack *uint64 `protobuf:"varint,40,opt,name=rlimit_stack,json=rlimitStack,def=1048576" json:"rlimit_stack,omitempty"` |
| RlimitStackType *RLimit `protobuf:"varint,41,opt,name=rlimit_stack_type,json=rlimitStackType,enum=nsjail.RLimit,def=1" json:"rlimit_stack_type,omitempty"` |
| // See 'man personality' for more |
| PersonaAddrCompatLayout *bool `protobuf:"varint,42,opt,name=persona_addr_compat_layout,json=personaAddrCompatLayout,def=0" json:"persona_addr_compat_layout,omitempty"` |
| PersonaMmapPageZero *bool `protobuf:"varint,43,opt,name=persona_mmap_page_zero,json=personaMmapPageZero,def=0" json:"persona_mmap_page_zero,omitempty"` |
| PersonaReadImpliesExec *bool `protobuf:"varint,44,opt,name=persona_read_implies_exec,json=personaReadImpliesExec,def=0" json:"persona_read_implies_exec,omitempty"` |
| PersonaAddrLimit_3Gb *bool `protobuf:"varint,45,opt,name=persona_addr_limit_3gb,json=personaAddrLimit3gb,def=0" json:"persona_addr_limit_3gb,omitempty"` |
| PersonaAddrNoRandomize *bool `protobuf:"varint,46,opt,name=persona_addr_no_randomize,json=personaAddrNoRandomize,def=0" json:"persona_addr_no_randomize,omitempty"` |
| // Which name-spaces should be used? |
| CloneNewnet *bool `protobuf:"varint,47,opt,name=clone_newnet,json=cloneNewnet,def=1" json:"clone_newnet,omitempty"` |
| CloneNewuser *bool `protobuf:"varint,48,opt,name=clone_newuser,json=cloneNewuser,def=1" json:"clone_newuser,omitempty"` |
| CloneNewns *bool `protobuf:"varint,49,opt,name=clone_newns,json=cloneNewns,def=1" json:"clone_newns,omitempty"` |
| CloneNewpid *bool `protobuf:"varint,50,opt,name=clone_newpid,json=cloneNewpid,def=1" json:"clone_newpid,omitempty"` |
| CloneNewipc *bool `protobuf:"varint,51,opt,name=clone_newipc,json=cloneNewipc,def=1" json:"clone_newipc,omitempty"` |
| CloneNewuts *bool `protobuf:"varint,52,opt,name=clone_newuts,json=cloneNewuts,def=1" json:"clone_newuts,omitempty"` |
| // Disable for kernel versions < 4.6 as it's not supported there |
| CloneNewcgroup *bool `protobuf:"varint,53,opt,name=clone_newcgroup,json=cloneNewcgroup,def=1" json:"clone_newcgroup,omitempty"` |
| // Mappings for UIDs and GIDs. See the description for 'msg IdMap' |
| //for more |
| Uidmap []*IdMap `protobuf:"bytes,54,rep,name=uidmap" json:"uidmap,omitempty"` |
| Gidmap []*IdMap `protobuf:"bytes,55,rep,name=gidmap" json:"gidmap,omitempty"` |
| // Should /proc be mounted (R/O)? This can also be added in the 'mount' |
| //section below |
| MountProc *bool `protobuf:"varint,56,opt,name=mount_proc,json=mountProc,def=0" json:"mount_proc,omitempty"` |
| // Mount points inside the jail. See the description for 'msg MountPt' |
| //for more |
| Mount []*MountPt `protobuf:"bytes,57,rep,name=mount" json:"mount,omitempty"` |
| // Kafel seccomp-bpf policy file or a string: |
| //Homepage of the project: https://github.com/google/kafel |
| SeccompPolicyFile *string `protobuf:"bytes,58,opt,name=seccomp_policy_file,json=seccompPolicyFile" json:"seccomp_policy_file,omitempty"` |
| SeccompString []string `protobuf:"bytes,59,rep,name=seccomp_string,json=seccompString" json:"seccomp_string,omitempty"` |
| // Setting it to true makes audit write seccomp logs to dmesg |
| SeccompLog *bool `protobuf:"varint,60,opt,name=seccomp_log,json=seccompLog,def=0" json:"seccomp_log,omitempty"` |
| // If > 0, maximum cumulative size of RAM used inside any jail |
| CgroupMemMax *uint64 `protobuf:"varint,61,opt,name=cgroup_mem_max,json=cgroupMemMax,def=0" json:"cgroup_mem_max,omitempty"` |
| // Mount point for cgroups-memory in your system |
| CgroupMemMount *string `protobuf:"bytes,62,opt,name=cgroup_mem_mount,json=cgroupMemMount,def=/sys/fs/cgroup/memory" json:"cgroup_mem_mount,omitempty"` |
| // Writeable directory (for the nsjail user) under cgroup_mem_mount |
| CgroupMemParent *string `protobuf:"bytes,63,opt,name=cgroup_mem_parent,json=cgroupMemParent,def=NSJAIL" json:"cgroup_mem_parent,omitempty"` |
| // If > 0, maximum number of PIDs (threads/processes) inside jail |
| CgroupPidsMax *uint64 `protobuf:"varint,64,opt,name=cgroup_pids_max,json=cgroupPidsMax,def=0" json:"cgroup_pids_max,omitempty"` |
| // Mount point for cgroups-pids in your system |
| CgroupPidsMount *string `protobuf:"bytes,65,opt,name=cgroup_pids_mount,json=cgroupPidsMount,def=/sys/fs/cgroup/pids" json:"cgroup_pids_mount,omitempty"` |
| // Writeable directory (for the nsjail user) under cgroup_pids_mount |
| CgroupPidsParent *string `protobuf:"bytes,66,opt,name=cgroup_pids_parent,json=cgroupPidsParent,def=NSJAIL" json:"cgroup_pids_parent,omitempty"` |
| // If > 0, Class identifier of network packets inside jail |
| CgroupNetClsClassid *uint32 `protobuf:"varint,67,opt,name=cgroup_net_cls_classid,json=cgroupNetClsClassid,def=0" json:"cgroup_net_cls_classid,omitempty"` |
| // Mount point for cgroups-net-cls in your system |
| CgroupNetClsMount *string `protobuf:"bytes,68,opt,name=cgroup_net_cls_mount,json=cgroupNetClsMount,def=/sys/fs/cgroup/net_cls" json:"cgroup_net_cls_mount,omitempty"` |
| // Writeable directory (for the nsjail user) under cgroup_net_mount |
| CgroupNetClsParent *string `protobuf:"bytes,69,opt,name=cgroup_net_cls_parent,json=cgroupNetClsParent,def=NSJAIL" json:"cgroup_net_cls_parent,omitempty"` |
| // If > 0 number of milliseconds of CPU that jail processes can use per each second |
| CgroupCpuMsPerSec *uint32 `protobuf:"varint,70,opt,name=cgroup_cpu_ms_per_sec,json=cgroupCpuMsPerSec,def=0" json:"cgroup_cpu_ms_per_sec,omitempty"` |
| // Mount point for cgroups-cpu in your system |
| CgroupCpuMount *string `protobuf:"bytes,71,opt,name=cgroup_cpu_mount,json=cgroupCpuMount,def=/sys/fs/cgroup/cpu" json:"cgroup_cpu_mount,omitempty"` |
| // Writeable directory (for the nsjail user) under cgroup_cpu_mount |
| CgroupCpuParent *string `protobuf:"bytes,72,opt,name=cgroup_cpu_parent,json=cgroupCpuParent,def=NSJAIL" json:"cgroup_cpu_parent,omitempty"` |
| // Should the 'lo' interface be brought up (active) inside this jail? |
| IfaceNoLo *bool `protobuf:"varint,73,opt,name=iface_no_lo,json=ifaceNoLo,def=0" json:"iface_no_lo,omitempty"` |
| // Put this interface inside the jail |
| IfaceOwn []string `protobuf:"bytes,74,rep,name=iface_own,json=ifaceOwn" json:"iface_own,omitempty"` |
| // Parameters for the cloned MACVLAN interface inside jail |
| MacvlanIface *string `protobuf:"bytes,75,opt,name=macvlan_iface,json=macvlanIface" json:"macvlan_iface,omitempty"` |
| MacvlanVsIp *string `protobuf:"bytes,76,opt,name=macvlan_vs_ip,json=macvlanVsIp,def=192.168.0.2" json:"macvlan_vs_ip,omitempty"` |
| MacvlanVsNm *string `protobuf:"bytes,77,opt,name=macvlan_vs_nm,json=macvlanVsNm,def=255.255.255.0" json:"macvlan_vs_nm,omitempty"` |
| MacvlanVsGw *string `protobuf:"bytes,78,opt,name=macvlan_vs_gw,json=macvlanVsGw,def=192.168.0.1" json:"macvlan_vs_gw,omitempty"` |
| MacvlanVsMa *string `protobuf:"bytes,79,opt,name=macvlan_vs_ma,json=macvlanVsMa,def=" json:"macvlan_vs_ma,omitempty"` |
| // Binary path (with arguments) to be executed. If not specified here, it |
| //can be specified with cmd-line as "-- /path/to/command arg1 arg2" |
| ExecBin *Exe `protobuf:"bytes,80,opt,name=exec_bin,json=execBin" json:"exec_bin,omitempty"` |
| XXX_NoUnkeyedLiteral struct{} `json:"-"` |
| XXX_unrecognized []byte `json:"-"` |
| XXX_sizecache int32 `json:"-"` |
| } |
| |
| func (m *NsJailConfig) Reset() { *m = NsJailConfig{} } |
| func (m *NsJailConfig) String() string { return proto.CompactTextString(m) } |
| func (*NsJailConfig) ProtoMessage() {} |
| func (*NsJailConfig) Descriptor() ([]byte, []int) { |
| return fileDescriptor_82b7e3129c410694, []int{3} |
| } |
| |
| func (m *NsJailConfig) XXX_Unmarshal(b []byte) error { |
| return xxx_messageInfo_NsJailConfig.Unmarshal(m, b) |
| } |
| func (m *NsJailConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { |
| return xxx_messageInfo_NsJailConfig.Marshal(b, m, deterministic) |
| } |
| func (m *NsJailConfig) XXX_Merge(src proto.Message) { |
| xxx_messageInfo_NsJailConfig.Merge(m, src) |
| } |
| func (m *NsJailConfig) XXX_Size() int { |
| return xxx_messageInfo_NsJailConfig.Size(m) |
| } |
| func (m *NsJailConfig) XXX_DiscardUnknown() { |
| xxx_messageInfo_NsJailConfig.DiscardUnknown(m) |
| } |
| |
| var xxx_messageInfo_NsJailConfig proto.InternalMessageInfo |
| |
| const Default_NsJailConfig_Mode Mode = Mode_ONCE |
| const Default_NsJailConfig_IsRootRw bool = false |
| const Default_NsJailConfig_Hostname string = "NSJAIL" |
| const Default_NsJailConfig_Cwd string = "/" |
| const Default_NsJailConfig_Port uint32 = 0 |
| const Default_NsJailConfig_Bindhost string = "::" |
| const Default_NsJailConfig_MaxConnsPerIp uint32 = 0 |
| const Default_NsJailConfig_TimeLimit uint32 = 600 |
| const Default_NsJailConfig_Daemon bool = false |
| const Default_NsJailConfig_MaxCpus uint32 = 0 |
| const Default_NsJailConfig_KeepEnv bool = false |
| const Default_NsJailConfig_KeepCaps bool = false |
| const Default_NsJailConfig_Silent bool = false |
| const Default_NsJailConfig_SkipSetsid bool = false |
| const Default_NsJailConfig_StderrToNull bool = false |
| const Default_NsJailConfig_DisableNoNewPrivs bool = false |
| const Default_NsJailConfig_RlimitAs uint64 = 512 |
| const Default_NsJailConfig_RlimitAsType RLimit = RLimit_VALUE |
| const Default_NsJailConfig_RlimitCore uint64 = 0 |
| const Default_NsJailConfig_RlimitCoreType RLimit = RLimit_VALUE |
| const Default_NsJailConfig_RlimitCpu uint64 = 600 |
| const Default_NsJailConfig_RlimitCpuType RLimit = RLimit_VALUE |
| const Default_NsJailConfig_RlimitFsize uint64 = 1 |
| const Default_NsJailConfig_RlimitFsizeType RLimit = RLimit_VALUE |
| const Default_NsJailConfig_RlimitNofile uint64 = 32 |
| const Default_NsJailConfig_RlimitNofileType RLimit = RLimit_VALUE |
| const Default_NsJailConfig_RlimitNproc uint64 = 1024 |
| const Default_NsJailConfig_RlimitNprocType RLimit = RLimit_SOFT |
| const Default_NsJailConfig_RlimitStack uint64 = 1048576 |
| const Default_NsJailConfig_RlimitStackType RLimit = RLimit_SOFT |
| const Default_NsJailConfig_PersonaAddrCompatLayout bool = false |
| const Default_NsJailConfig_PersonaMmapPageZero bool = false |
| const Default_NsJailConfig_PersonaReadImpliesExec bool = false |
| const Default_NsJailConfig_PersonaAddrLimit_3Gb bool = false |
| const Default_NsJailConfig_PersonaAddrNoRandomize bool = false |
| const Default_NsJailConfig_CloneNewnet bool = true |
| const Default_NsJailConfig_CloneNewuser bool = true |
| const Default_NsJailConfig_CloneNewns bool = true |
| const Default_NsJailConfig_CloneNewpid bool = true |
| const Default_NsJailConfig_CloneNewipc bool = true |
| const Default_NsJailConfig_CloneNewuts bool = true |
| const Default_NsJailConfig_CloneNewcgroup bool = true |
| const Default_NsJailConfig_MountProc bool = false |
| const Default_NsJailConfig_SeccompLog bool = false |
| const Default_NsJailConfig_CgroupMemMax uint64 = 0 |
| const Default_NsJailConfig_CgroupMemMount string = "/sys/fs/cgroup/memory" |
| const Default_NsJailConfig_CgroupMemParent string = "NSJAIL" |
| const Default_NsJailConfig_CgroupPidsMax uint64 = 0 |
| const Default_NsJailConfig_CgroupPidsMount string = "/sys/fs/cgroup/pids" |
| const Default_NsJailConfig_CgroupPidsParent string = "NSJAIL" |
| const Default_NsJailConfig_CgroupNetClsClassid uint32 = 0 |
| const Default_NsJailConfig_CgroupNetClsMount string = "/sys/fs/cgroup/net_cls" |
| const Default_NsJailConfig_CgroupNetClsParent string = "NSJAIL" |
| const Default_NsJailConfig_CgroupCpuMsPerSec uint32 = 0 |
| const Default_NsJailConfig_CgroupCpuMount string = "/sys/fs/cgroup/cpu" |
| const Default_NsJailConfig_CgroupCpuParent string = "NSJAIL" |
| const Default_NsJailConfig_IfaceNoLo bool = false |
| const Default_NsJailConfig_MacvlanVsIp string = "192.168.0.2" |
| const Default_NsJailConfig_MacvlanVsNm string = "255.255.255.0" |
| const Default_NsJailConfig_MacvlanVsGw string = "192.168.0.1" |
| |
| func (m *NsJailConfig) GetName() string { |
| if m != nil && m.Name != nil { |
| return *m.Name |
| } |
| return "" |
| } |
| |
| func (m *NsJailConfig) GetDescription() []string { |
| if m != nil { |
| return m.Description |
| } |
| return nil |
| } |
| |
| func (m *NsJailConfig) GetMode() Mode { |
| if m != nil && m.Mode != nil { |
| return *m.Mode |
| } |
| return Default_NsJailConfig_Mode |
| } |
| |
| // Deprecated: Do not use. |
| func (m *NsJailConfig) GetChrootDir() string { |
| if m != nil && m.ChrootDir != nil { |
| return *m.ChrootDir |
| } |
| return "" |
| } |
| |
| // Deprecated: Do not use. |
| func (m *NsJailConfig) GetIsRootRw() bool { |
| if m != nil && m.IsRootRw != nil { |
| return *m.IsRootRw |
| } |
| return Default_NsJailConfig_IsRootRw |
| } |
| |
| func (m *NsJailConfig) GetHostname() string { |
| if m != nil && m.Hostname != nil { |
| return *m.Hostname |
| } |
| return Default_NsJailConfig_Hostname |
| } |
| |
| func (m *NsJailConfig) GetCwd() string { |
| if m != nil && m.Cwd != nil { |
| return *m.Cwd |
| } |
| return Default_NsJailConfig_Cwd |
| } |
| |
| func (m *NsJailConfig) GetPort() uint32 { |
| if m != nil && m.Port != nil { |
| return *m.Port |
| } |
| return Default_NsJailConfig_Port |
| } |
| |
| func (m *NsJailConfig) GetBindhost() string { |
| if m != nil && m.Bindhost != nil { |
| return *m.Bindhost |
| } |
| return Default_NsJailConfig_Bindhost |
| } |
| |
| func (m *NsJailConfig) GetMaxConnsPerIp() uint32 { |
| if m != nil && m.MaxConnsPerIp != nil { |
| return *m.MaxConnsPerIp |
| } |
| return Default_NsJailConfig_MaxConnsPerIp |
| } |
| |
| func (m *NsJailConfig) GetTimeLimit() uint32 { |
| if m != nil && m.TimeLimit != nil { |
| return *m.TimeLimit |
| } |
| return Default_NsJailConfig_TimeLimit |
| } |
| |
| func (m *NsJailConfig) GetDaemon() bool { |
| if m != nil && m.Daemon != nil { |
| return *m.Daemon |
| } |
| return Default_NsJailConfig_Daemon |
| } |
| |
| func (m *NsJailConfig) GetMaxCpus() uint32 { |
| if m != nil && m.MaxCpus != nil { |
| return *m.MaxCpus |
| } |
| return Default_NsJailConfig_MaxCpus |
| } |
| |
| func (m *NsJailConfig) GetLogFd() int32 { |
| if m != nil && m.LogFd != nil { |
| return *m.LogFd |
| } |
| return 0 |
| } |
| |
| func (m *NsJailConfig) GetLogFile() string { |
| if m != nil && m.LogFile != nil { |
| return *m.LogFile |
| } |
| return "" |
| } |
| |
| func (m *NsJailConfig) GetLogLevel() LogLevel { |
| if m != nil && m.LogLevel != nil { |
| return *m.LogLevel |
| } |
| return LogLevel_DEBUG |
| } |
| |
| func (m *NsJailConfig) GetKeepEnv() bool { |
| if m != nil && m.KeepEnv != nil { |
| return *m.KeepEnv |
| } |
| return Default_NsJailConfig_KeepEnv |
| } |
| |
| func (m *NsJailConfig) GetEnvar() []string { |
| if m != nil { |
| return m.Envar |
| } |
| return nil |
| } |
| |
| func (m *NsJailConfig) GetKeepCaps() bool { |
| if m != nil && m.KeepCaps != nil { |
| return *m.KeepCaps |
| } |
| return Default_NsJailConfig_KeepCaps |
| } |
| |
| func (m *NsJailConfig) GetCap() []string { |
| if m != nil { |
| return m.Cap |
| } |
| return nil |
| } |
| |
| func (m *NsJailConfig) GetSilent() bool { |
| if m != nil && m.Silent != nil { |
| return *m.Silent |
| } |
| return Default_NsJailConfig_Silent |
| } |
| |
| func (m *NsJailConfig) GetSkipSetsid() bool { |
| if m != nil && m.SkipSetsid != nil { |
| return *m.SkipSetsid |
| } |
| return Default_NsJailConfig_SkipSetsid |
| } |
| |
| func (m *NsJailConfig) GetStderrToNull() bool { |
| if m != nil && m.StderrToNull != nil { |
| return *m.StderrToNull |
| } |
| return Default_NsJailConfig_StderrToNull |
| } |
| |
| func (m *NsJailConfig) GetPassFd() []int32 { |
| if m != nil { |
| return m.PassFd |
| } |
| return nil |
| } |
| |
| func (m *NsJailConfig) GetDisableNoNewPrivs() bool { |
| if m != nil && m.DisableNoNewPrivs != nil { |
| return *m.DisableNoNewPrivs |
| } |
| return Default_NsJailConfig_DisableNoNewPrivs |
| } |
| |
| func (m *NsJailConfig) GetRlimitAs() uint64 { |
| if m != nil && m.RlimitAs != nil { |
| return *m.RlimitAs |
| } |
| return Default_NsJailConfig_RlimitAs |
| } |
| |
| func (m *NsJailConfig) GetRlimitAsType() RLimit { |
| if m != nil && m.RlimitAsType != nil { |
| return *m.RlimitAsType |
| } |
| return Default_NsJailConfig_RlimitAsType |
| } |
| |
| func (m *NsJailConfig) GetRlimitCore() uint64 { |
| if m != nil && m.RlimitCore != nil { |
| return *m.RlimitCore |
| } |
| return Default_NsJailConfig_RlimitCore |
| } |
| |
| func (m *NsJailConfig) GetRlimitCoreType() RLimit { |
| if m != nil && m.RlimitCoreType != nil { |
| return *m.RlimitCoreType |
| } |
| return Default_NsJailConfig_RlimitCoreType |
| } |
| |
| func (m *NsJailConfig) GetRlimitCpu() uint64 { |
| if m != nil && m.RlimitCpu != nil { |
| return *m.RlimitCpu |
| } |
| return Default_NsJailConfig_RlimitCpu |
| } |
| |
| func (m *NsJailConfig) GetRlimitCpuType() RLimit { |
| if m != nil && m.RlimitCpuType != nil { |
| return *m.RlimitCpuType |
| } |
| return Default_NsJailConfig_RlimitCpuType |
| } |
| |
| func (m *NsJailConfig) GetRlimitFsize() uint64 { |
| if m != nil && m.RlimitFsize != nil { |
| return *m.RlimitFsize |
| } |
| return Default_NsJailConfig_RlimitFsize |
| } |
| |
| func (m *NsJailConfig) GetRlimitFsizeType() RLimit { |
| if m != nil && m.RlimitFsizeType != nil { |
| return *m.RlimitFsizeType |
| } |
| return Default_NsJailConfig_RlimitFsizeType |
| } |
| |
| func (m *NsJailConfig) GetRlimitNofile() uint64 { |
| if m != nil && m.RlimitNofile != nil { |
| return *m.RlimitNofile |
| } |
| return Default_NsJailConfig_RlimitNofile |
| } |
| |
| func (m *NsJailConfig) GetRlimitNofileType() RLimit { |
| if m != nil && m.RlimitNofileType != nil { |
| return *m.RlimitNofileType |
| } |
| return Default_NsJailConfig_RlimitNofileType |
| } |
| |
| func (m *NsJailConfig) GetRlimitNproc() uint64 { |
| if m != nil && m.RlimitNproc != nil { |
| return *m.RlimitNproc |
| } |
| return Default_NsJailConfig_RlimitNproc |
| } |
| |
| func (m *NsJailConfig) GetRlimitNprocType() RLimit { |
| if m != nil && m.RlimitNprocType != nil { |
| return *m.RlimitNprocType |
| } |
| return Default_NsJailConfig_RlimitNprocType |
| } |
| |
| func (m *NsJailConfig) GetRlimitStack() uint64 { |
| if m != nil && m.RlimitStack != nil { |
| return *m.RlimitStack |
| } |
| return Default_NsJailConfig_RlimitStack |
| } |
| |
| func (m *NsJailConfig) GetRlimitStackType() RLimit { |
| if m != nil && m.RlimitStackType != nil { |
| return *m.RlimitStackType |
| } |
| return Default_NsJailConfig_RlimitStackType |
| } |
| |
| func (m *NsJailConfig) GetPersonaAddrCompatLayout() bool { |
| if m != nil && m.PersonaAddrCompatLayout != nil { |
| return *m.PersonaAddrCompatLayout |
| } |
| return Default_NsJailConfig_PersonaAddrCompatLayout |
| } |
| |
| func (m *NsJailConfig) GetPersonaMmapPageZero() bool { |
| if m != nil && m.PersonaMmapPageZero != nil { |
| return *m.PersonaMmapPageZero |
| } |
| return Default_NsJailConfig_PersonaMmapPageZero |
| } |
| |
| func (m *NsJailConfig) GetPersonaReadImpliesExec() bool { |
| if m != nil && m.PersonaReadImpliesExec != nil { |
| return *m.PersonaReadImpliesExec |
| } |
| return Default_NsJailConfig_PersonaReadImpliesExec |
| } |
| |
| func (m *NsJailConfig) GetPersonaAddrLimit_3Gb() bool { |
| if m != nil && m.PersonaAddrLimit_3Gb != nil { |
| return *m.PersonaAddrLimit_3Gb |
| } |
| return Default_NsJailConfig_PersonaAddrLimit_3Gb |
| } |
| |
| func (m *NsJailConfig) GetPersonaAddrNoRandomize() bool { |
| if m != nil && m.PersonaAddrNoRandomize != nil { |
| return *m.PersonaAddrNoRandomize |
| } |
| return Default_NsJailConfig_PersonaAddrNoRandomize |
| } |
| |
| func (m *NsJailConfig) GetCloneNewnet() bool { |
| if m != nil && m.CloneNewnet != nil { |
| return *m.CloneNewnet |
| } |
| return Default_NsJailConfig_CloneNewnet |
| } |
| |
| func (m *NsJailConfig) GetCloneNewuser() bool { |
| if m != nil && m.CloneNewuser != nil { |
| return *m.CloneNewuser |
| } |
| return Default_NsJailConfig_CloneNewuser |
| } |
| |
| func (m *NsJailConfig) GetCloneNewns() bool { |
| if m != nil && m.CloneNewns != nil { |
| return *m.CloneNewns |
| } |
| return Default_NsJailConfig_CloneNewns |
| } |
| |
| func (m *NsJailConfig) GetCloneNewpid() bool { |
| if m != nil && m.CloneNewpid != nil { |
| return *m.CloneNewpid |
| } |
| return Default_NsJailConfig_CloneNewpid |
| } |
| |
| func (m *NsJailConfig) GetCloneNewipc() bool { |
| if m != nil && m.CloneNewipc != nil { |
| return *m.CloneNewipc |
| } |
| return Default_NsJailConfig_CloneNewipc |
| } |
| |
| func (m *NsJailConfig) GetCloneNewuts() bool { |
| if m != nil && m.CloneNewuts != nil { |
| return *m.CloneNewuts |
| } |
| return Default_NsJailConfig_CloneNewuts |
| } |
| |
| func (m *NsJailConfig) GetCloneNewcgroup() bool { |
| if m != nil && m.CloneNewcgroup != nil { |
| return *m.CloneNewcgroup |
| } |
| return Default_NsJailConfig_CloneNewcgroup |
| } |
| |
| func (m *NsJailConfig) GetUidmap() []*IdMap { |
| if m != nil { |
| return m.Uidmap |
| } |
| return nil |
| } |
| |
| func (m *NsJailConfig) GetGidmap() []*IdMap { |
| if m != nil { |
| return m.Gidmap |
| } |
| return nil |
| } |
| |
| func (m *NsJailConfig) GetMountProc() bool { |
| if m != nil && m.MountProc != nil { |
| return *m.MountProc |
| } |
| return Default_NsJailConfig_MountProc |
| } |
| |
| func (m *NsJailConfig) GetMount() []*MountPt { |
| if m != nil { |
| return m.Mount |
| } |
| return nil |
| } |
| |
| func (m *NsJailConfig) GetSeccompPolicyFile() string { |
| if m != nil && m.SeccompPolicyFile != nil { |
| return *m.SeccompPolicyFile |
| } |
| return "" |
| } |
| |
| func (m *NsJailConfig) GetSeccompString() []string { |
| if m != nil { |
| return m.SeccompString |
| } |
| return nil |
| } |
| |
| func (m *NsJailConfig) GetSeccompLog() bool { |
| if m != nil && m.SeccompLog != nil { |
| return *m.SeccompLog |
| } |
| return Default_NsJailConfig_SeccompLog |
| } |
| |
| func (m *NsJailConfig) GetCgroupMemMax() uint64 { |
| if m != nil && m.CgroupMemMax != nil { |
| return *m.CgroupMemMax |
| } |
| return Default_NsJailConfig_CgroupMemMax |
| } |
| |
| func (m *NsJailConfig) GetCgroupMemMount() string { |
| if m != nil && m.CgroupMemMount != nil { |
| return *m.CgroupMemMount |
| } |
| return Default_NsJailConfig_CgroupMemMount |
| } |
| |
| func (m *NsJailConfig) GetCgroupMemParent() string { |
| if m != nil && m.CgroupMemParent != nil { |
| return *m.CgroupMemParent |
| } |
| return Default_NsJailConfig_CgroupMemParent |
| } |
| |
| func (m *NsJailConfig) GetCgroupPidsMax() uint64 { |
| if m != nil && m.CgroupPidsMax != nil { |
| return *m.CgroupPidsMax |
| } |
| return Default_NsJailConfig_CgroupPidsMax |
| } |
| |
| func (m *NsJailConfig) GetCgroupPidsMount() string { |
| if m != nil && m.CgroupPidsMount != nil { |
| return *m.CgroupPidsMount |
| } |
| return Default_NsJailConfig_CgroupPidsMount |
| } |
| |
| func (m *NsJailConfig) GetCgroupPidsParent() string { |
| if m != nil && m.CgroupPidsParent != nil { |
| return *m.CgroupPidsParent |
| } |
| return Default_NsJailConfig_CgroupPidsParent |
| } |
| |
| func (m *NsJailConfig) GetCgroupNetClsClassid() uint32 { |
| if m != nil && m.CgroupNetClsClassid != nil { |
| return *m.CgroupNetClsClassid |
| } |
| return Default_NsJailConfig_CgroupNetClsClassid |
| } |
| |
| func (m *NsJailConfig) GetCgroupNetClsMount() string { |
| if m != nil && m.CgroupNetClsMount != nil { |
| return *m.CgroupNetClsMount |
| } |
| return Default_NsJailConfig_CgroupNetClsMount |
| } |
| |
| func (m *NsJailConfig) GetCgroupNetClsParent() string { |
| if m != nil && m.CgroupNetClsParent != nil { |
| return *m.CgroupNetClsParent |
| } |
| return Default_NsJailConfig_CgroupNetClsParent |
| } |
| |
| func (m *NsJailConfig) GetCgroupCpuMsPerSec() uint32 { |
| if m != nil && m.CgroupCpuMsPerSec != nil { |
| return *m.CgroupCpuMsPerSec |
| } |
| return Default_NsJailConfig_CgroupCpuMsPerSec |
| } |
| |
| func (m *NsJailConfig) GetCgroupCpuMount() string { |
| if m != nil && m.CgroupCpuMount != nil { |
| return *m.CgroupCpuMount |
| } |
| return Default_NsJailConfig_CgroupCpuMount |
| } |
| |
| func (m *NsJailConfig) GetCgroupCpuParent() string { |
| if m != nil && m.CgroupCpuParent != nil { |
| return *m.CgroupCpuParent |
| } |
| return Default_NsJailConfig_CgroupCpuParent |
| } |
| |
| func (m *NsJailConfig) GetIfaceNoLo() bool { |
| if m != nil && m.IfaceNoLo != nil { |
| return *m.IfaceNoLo |
| } |
| return Default_NsJailConfig_IfaceNoLo |
| } |
| |
| func (m *NsJailConfig) GetIfaceOwn() []string { |
| if m != nil { |
| return m.IfaceOwn |
| } |
| return nil |
| } |
| |
| func (m *NsJailConfig) GetMacvlanIface() string { |
| if m != nil && m.MacvlanIface != nil { |
| return *m.MacvlanIface |
| } |
| return "" |
| } |
| |
| func (m *NsJailConfig) GetMacvlanVsIp() string { |
| if m != nil && m.MacvlanVsIp != nil { |
| return *m.MacvlanVsIp |
| } |
| return Default_NsJailConfig_MacvlanVsIp |
| } |
| |
| func (m *NsJailConfig) GetMacvlanVsNm() string { |
| if m != nil && m.MacvlanVsNm != nil { |
| return *m.MacvlanVsNm |
| } |
| return Default_NsJailConfig_MacvlanVsNm |
| } |
| |
| func (m *NsJailConfig) GetMacvlanVsGw() string { |
| if m != nil && m.MacvlanVsGw != nil { |
| return *m.MacvlanVsGw |
| } |
| return Default_NsJailConfig_MacvlanVsGw |
| } |
| |
| func (m *NsJailConfig) GetMacvlanVsMa() string { |
| if m != nil && m.MacvlanVsMa != nil { |
| return *m.MacvlanVsMa |
| } |
| return "" |
| } |
| |
| func (m *NsJailConfig) GetExecBin() *Exe { |
| if m != nil { |
| return m.ExecBin |
| } |
| return nil |
| } |
| |
| func init() { |
| proto.RegisterEnum("nsjail.Mode", Mode_name, Mode_value) |
| proto.RegisterEnum("nsjail.LogLevel", LogLevel_name, LogLevel_value) |
| proto.RegisterEnum("nsjail.RLimit", RLimit_name, RLimit_value) |
| proto.RegisterType((*IdMap)(nil), "nsjail.IdMap") |
| proto.RegisterType((*MountPt)(nil), "nsjail.MountPt") |
| proto.RegisterType((*Exe)(nil), "nsjail.Exe") |
| proto.RegisterType((*NsJailConfig)(nil), "nsjail.NsJailConfig") |
| } |
| |
| func init() { proto.RegisterFile("nsjail/config.proto", fileDescriptor_82b7e3129c410694) } |
| |
| var fileDescriptor_82b7e3129c410694 = []byte{ |
| // 2041 bytes of a gzipped FileDescriptorProto |
| 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x57, 0x6d, 0x73, 0xd3, 0x48, |
| 0x12, 0x5e, 0xc7, 0xef, 0xed, 0x97, 0x38, 0x13, 0x02, 0x03, 0x2c, 0xac, 0xc9, 0x12, 0x30, 0xd9, |
| 0x23, 0x71, 0x1c, 0xc8, 0x82, 0x77, 0xf7, 0x96, 0xc4, 0x38, 0xac, 0x39, 0xc7, 0x49, 0x29, 0xc0, |
| 0x5d, 0xdd, 0x17, 0x95, 0x90, 0x26, 0x66, 0x0e, 0x49, 0xa3, 0xd2, 0x48, 0x71, 0xb2, 0x3f, 0xe1, |
| 0x3e, 0xdd, 0x1f, 0xbb, 0xff, 0x74, 0x35, 0x3d, 0x92, 0x23, 0xa7, 0x52, 0xdc, 0x07, 0x57, 0x79, |
| 0xba, 0x9f, 0xa7, 0x9f, 0x9e, 0x99, 0x9e, 0x99, 0x16, 0xac, 0xfa, 0xf2, 0x5f, 0x16, 0x77, 0xb7, |
| 0x6d, 0xe1, 0x9f, 0xf1, 0xe9, 0x56, 0x10, 0x8a, 0x48, 0x90, 0x92, 0x36, 0xae, 0xff, 0x3b, 0x07, |
| 0xc5, 0x91, 0x73, 0x64, 0x05, 0xe4, 0x01, 0x54, 0xb9, 0x2f, 0xb9, 0xc3, 0x4c, 0xee, 0xd0, 0x5c, |
| 0x3b, 0xd7, 0xa9, 0xf6, 0xbf, 0x33, 0x2a, 0xda, 0x34, 0x72, 0xc8, 0x0f, 0x00, 0x22, 0x8e, 0x52, |
| 0xff, 0x52, 0xe2, 0xaf, 0x26, 0xb6, 0x91, 0x43, 0xee, 0x40, 0xd1, 0x16, 0xb1, 0x1f, 0xd1, 0x7c, |
| 0x3b, 0xd7, 0x69, 0xf4, 0x73, 0x3b, 0x86, 0x1e, 0x93, 0x0e, 0xd4, 0x63, 0xc9, 0x4c, 0x9f, 0xcd, |
| 0xb8, 0xe3, 0x59, 0x01, 0x2d, 0xb4, 0x73, 0x9d, 0x4a, 0xbf, 0x78, 0x66, 0xb9, 0x92, 0x19, 0xb5, |
| 0x58, 0xb2, 0x49, 0xe2, 0x59, 0xff, 0x6f, 0x1e, 0xca, 0x47, 0x8a, 0x73, 0x12, 0x11, 0x02, 0x79, |
| 0x19, 0xda, 0xf3, 0x44, 0xd4, 0x80, 0x3c, 0x81, 0x66, 0x10, 0xb2, 0x33, 0x7e, 0x61, 0xca, 0xd0, |
| 0x36, 0x99, 0x7f, 0x3e, 0xcf, 0xa3, 0xae, 0xed, 0xa7, 0xa1, 0x3d, 0xf4, 0xcf, 0xc9, 0x23, 0xa8, |
| 0x29, 0x80, 0x2d, 0xfc, 0x88, 0x25, 0x09, 0xd5, 0xfb, 0xdf, 0x19, 0x20, 0x43, 0x7b, 0xa0, 0x6d, |
| 0x2a, 0xbc, 0x23, 0x23, 0x5a, 0x68, 0x2f, 0xe9, 0xf0, 0x8e, 0x8c, 0x32, 0xe1, 0x1d, 0x19, 0x61, |
| 0xf8, 0xe2, 0x62, 0xf8, 0xb7, 0x32, 0x52, 0xe1, 0x29, 0x94, 0xce, 0x64, 0x74, 0x19, 0x30, 0x5a, |
| 0x4a, 0xfc, 0xc9, 0x98, 0xdc, 0x83, 0xb2, 0x08, 0x22, 0x2e, 0x7c, 0x49, 0xcb, 0x89, 0x2b, 0x35, |
| 0x90, 0x87, 0x50, 0xe6, 0xd2, 0xfc, 0xcc, 0x7d, 0x87, 0x56, 0xb2, 0x2b, 0x50, 0xe2, 0xf2, 0x80, |
| 0xfb, 0x0e, 0x59, 0x83, 0xa5, 0x70, 0x46, 0xab, 0x59, 0xd7, 0x52, 0x38, 0x23, 0x6b, 0x50, 0xe2, |
| 0xd2, 0x74, 0x78, 0x48, 0x41, 0xb9, 0x8c, 0x22, 0x97, 0x6f, 0x79, 0x48, 0xd6, 0xa1, 0xea, 0x59, |
| 0xbe, 0x63, 0x45, 0x22, 0xbc, 0xa4, 0x35, 0x24, 0x15, 0xa2, 0x30, 0x66, 0xc6, 0x95, 0x99, 0x3c, |
| 0x06, 0xe0, 0xd2, 0x94, 0x97, 0x9e, 0xcb, 0xfd, 0xaf, 0xb4, 0x9e, 0x8d, 0x5c, 0xe5, 0xf2, 0x54, |
| 0xdb, 0xc9, 0x03, 0x28, 0xf9, 0x42, 0xc6, 0xdc, 0xa1, 0x8d, 0x85, 0xb4, 0xb4, 0x91, 0xdc, 0x87, |
| 0xa2, 0x2f, 0x1c, 0x76, 0x4e, 0x9b, 0x59, 0xaf, 0xb6, 0x69, 0x2e, 0xbb, 0x60, 0x36, 0x5d, 0xbe, |
| 0xc6, 0x55, 0xc6, 0x75, 0x13, 0xf2, 0xc3, 0x0b, 0x46, 0x08, 0x14, 0x02, 0x2b, 0xfa, 0x42, 0x73, |
| 0x6a, 0xb1, 0x0d, 0xfc, 0x4f, 0x5a, 0x90, 0xb7, 0xc2, 0x29, 0x5d, 0x6a, 0xe7, 0x3b, 0x55, 0x43, |
| 0xfd, 0x55, 0x28, 0x2b, 0x9c, 0x76, 0x71, 0xb7, 0xaa, 0x06, 0xfe, 0x57, 0x6b, 0xa6, 0x02, 0x99, |
| 0x67, 0xce, 0x62, 0xd5, 0x94, 0x94, 0xf5, 0xd0, 0x59, 0xff, 0xcf, 0x7d, 0xa8, 0x4f, 0xe4, 0x7b, |
| 0x8b, 0xbb, 0x03, 0x2c, 0x6e, 0x72, 0x0b, 0x0a, 0xbe, 0xe5, 0xb1, 0x79, 0xd9, 0xe0, 0x88, 0xb4, |
| 0xa1, 0xe6, 0x30, 0x69, 0x87, 0x1c, 0xb7, 0x22, 0x11, 0xcd, 0x9a, 0xc8, 0x13, 0x28, 0x78, 0xc2, |
| 0x61, 0x28, 0xde, 0xec, 0xd5, 0xb7, 0xf4, 0xe9, 0xd8, 0x3a, 0x12, 0x0e, 0xeb, 0x17, 0x8e, 0x27, |
| 0x83, 0xa1, 0x81, 0x7e, 0xf2, 0x08, 0xc0, 0xfe, 0x12, 0x0a, 0x11, 0xe1, 0x8e, 0xa8, 0x9c, 0xaa, |
| 0x07, 0x4b, 0x34, 0x67, 0x54, 0xb5, 0x55, 0xed, 0xcc, 0x53, 0x5c, 0x75, 0xc4, 0x84, 0x33, 0xac, |
| 0xa0, 0x34, 0x6d, 0x44, 0x56, 0xb8, 0x34, 0x84, 0x88, 0x8c, 0x19, 0x59, 0x87, 0xca, 0x17, 0x21, |
| 0x23, 0xcc, 0xb7, 0x82, 0xf9, 0x96, 0x26, 0xa7, 0xef, 0xf7, 0x47, 0x63, 0x63, 0x6e, 0x27, 0xab, |
| 0x90, 0xb7, 0x67, 0x0e, 0x56, 0x45, 0xb5, 0x9f, 0xdb, 0x36, 0xd4, 0x88, 0xac, 0x41, 0x21, 0x10, |
| 0x61, 0x84, 0x05, 0xd1, 0xe8, 0xe7, 0xba, 0x06, 0x0e, 0xc9, 0x43, 0xa8, 0xa8, 0xea, 0x52, 0x5c, |
| 0xac, 0x88, 0x6a, 0x7f, 0xa9, 0xdf, 0x37, 0xe6, 0x36, 0xb2, 0x09, 0x2d, 0xcf, 0xba, 0x50, 0xa7, |
| 0xc2, 0x97, 0x66, 0xc0, 0x42, 0x93, 0x07, 0x58, 0x14, 0x18, 0xa2, 0xe1, 0x59, 0x17, 0x03, 0xe5, |
| 0x39, 0x61, 0xe1, 0x28, 0x20, 0xeb, 0x00, 0x11, 0xf7, 0x98, 0xe9, 0x72, 0x8f, 0x47, 0x58, 0x18, |
| 0x8d, 0x7e, 0x7e, 0xaf, 0xdb, 0x35, 0xaa, 0xca, 0x3c, 0x56, 0x56, 0xb5, 0xf9, 0x8e, 0xc5, 0x3c, |
| 0xe1, 0x2f, 0x96, 0x46, 0x62, 0x24, 0xdf, 0x43, 0x05, 0xe5, 0x82, 0x58, 0x62, 0x75, 0xa0, 0x4c, |
| 0x59, 0xc9, 0x04, 0xb1, 0x54, 0x65, 0xed, 0x8a, 0xa9, 0xda, 0xd8, 0x56, 0x3b, 0xd7, 0x29, 0x1a, |
| 0x45, 0x57, 0x4c, 0x0f, 0x1d, 0x72, 0x17, 0x2a, 0x68, 0xe6, 0x2e, 0xa3, 0x2b, 0x58, 0x08, 0x65, |
| 0xe5, 0xe0, 0x2e, 0x23, 0xcf, 0xa1, 0xaa, 0x5c, 0x2e, 0x3b, 0x67, 0x2e, 0x25, 0xb8, 0x4f, 0xad, |
| 0x74, 0x9f, 0xc6, 0x62, 0x3a, 0x56, 0x76, 0x43, 0xb1, 0xf1, 0x1f, 0x69, 0x43, 0xe5, 0x2b, 0x63, |
| 0x01, 0x1e, 0xe3, 0xd5, 0x6c, 0x7e, 0x65, 0x65, 0x56, 0xc7, 0xf8, 0x16, 0x14, 0x99, 0x7f, 0x6e, |
| 0x85, 0xf4, 0x16, 0xd6, 0x83, 0x1e, 0xa8, 0x83, 0x85, 0x3c, 0xdb, 0x0a, 0x24, 0x5d, 0xcb, 0x12, |
| 0x31, 0xde, 0xc0, 0x0a, 0xa4, 0x2a, 0x5e, 0xdb, 0x0a, 0xe8, 0x6d, 0x5d, 0xbc, 0x36, 0x5e, 0x9e, |
| 0x25, 0xc9, 0x5d, 0x75, 0xd9, 0xdc, 0x59, 0x58, 0x0b, 0x6d, 0x24, 0x4f, 0xa0, 0x26, 0xbf, 0xf2, |
| 0xc0, 0x94, 0x4c, 0xdd, 0x96, 0x94, 0x66, 0x31, 0xa0, 0x3c, 0xa7, 0xe8, 0x20, 0x3f, 0x41, 0x53, |
| 0x46, 0x0e, 0x0b, 0x43, 0x33, 0x12, 0xa6, 0x1f, 0xbb, 0x2e, 0xbd, 0x9b, 0x85, 0xd6, 0xb5, 0xf3, |
| 0x83, 0x98, 0xc4, 0xae, 0x4b, 0xee, 0x40, 0x39, 0xb0, 0xa4, 0x54, 0x6b, 0x78, 0xaf, 0x9d, 0xef, |
| 0x14, 0x8d, 0x92, 0x1a, 0x1e, 0x3a, 0x64, 0x0f, 0x6e, 0x39, 0x5c, 0x5a, 0x9f, 0x5d, 0x66, 0xfa, |
| 0x42, 0xdd, 0xbb, 0x66, 0x10, 0xf2, 0x73, 0x49, 0xef, 0x67, 0x63, 0xad, 0x24, 0x90, 0x89, 0x98, |
| 0xb0, 0xd9, 0x89, 0xf2, 0x93, 0x36, 0x54, 0x43, 0xdc, 0x70, 0xd3, 0x92, 0xf4, 0xfb, 0x76, 0xae, |
| 0x53, 0xe8, 0xe7, 0x5f, 0xee, 0xf4, 0x8c, 0x8a, 0xb6, 0xee, 0x4b, 0xf2, 0x0b, 0x34, 0xe7, 0x08, |
| 0x13, 0x6f, 0xc0, 0x07, 0xb8, 0x11, 0xcd, 0x74, 0x23, 0x0c, 0x2c, 0x8d, 0x7e, 0xf1, 0xd3, 0xfe, |
| 0xf8, 0xe3, 0xd0, 0xa8, 0xa7, 0xc4, 0x0f, 0xea, 0x72, 0x5c, 0x87, 0x5a, 0x42, 0xb6, 0x45, 0xc8, |
| 0xe8, 0x43, 0x14, 0xc8, 0x75, 0x0d, 0xd0, 0xd6, 0x81, 0x08, 0x19, 0xf9, 0x1d, 0x5a, 0x19, 0x8c, |
| 0x96, 0xf8, 0xe1, 0x5b, 0x12, 0xcd, 0x2b, 0x72, 0x22, 0x02, 0x69, 0x80, 0x20, 0xa6, 0x6d, 0x3d, |
| 0x09, 0x2c, 0xdc, 0x04, 0x18, 0xc4, 0xe4, 0x37, 0x58, 0xbe, 0xc2, 0x68, 0x8d, 0x47, 0xdf, 0xd2, |
| 0x68, 0xcc, 0xa9, 0x28, 0xf1, 0x18, 0x92, 0x79, 0x99, 0x67, 0x92, 0xff, 0xc9, 0xe8, 0xba, 0x9e, |
| 0xc8, 0x8e, 0x91, 0x4c, 0xef, 0x50, 0x59, 0xc9, 0x3e, 0xac, 0x64, 0x51, 0x5a, 0xe6, 0xc7, 0x6f, |
| 0xc9, 0x2c, 0x67, 0xe8, 0x28, 0xf4, 0x14, 0x12, 0x65, 0xd3, 0x17, 0x78, 0x22, 0x1e, 0xa3, 0xd2, |
| 0xd2, 0x6e, 0x2f, 0x5d, 0xd9, 0x09, 0xda, 0xc9, 0x00, 0xc8, 0x02, 0x50, 0x8b, 0x6d, 0x7c, 0x4b, |
| 0xac, 0x95, 0x0d, 0x90, 0xa8, 0xa5, 0xd3, 0xf2, 0x83, 0x50, 0xd8, 0xf4, 0x09, 0x8a, 0x15, 0x76, |
| 0xba, 0xbd, 0x17, 0xe9, 0xcc, 0x26, 0xca, 0x41, 0xde, 0xcc, 0x67, 0x86, 0x40, 0x2d, 0xf6, 0xf4, |
| 0x46, 0xb1, 0xc2, 0xe9, 0xf1, 0xe1, 0x87, 0x74, 0x62, 0xc8, 0x46, 0xa9, 0xcd, 0xb9, 0x94, 0x8c, |
| 0x2c, 0xfb, 0x2b, 0xed, 0xa0, 0x54, 0x79, 0xa7, 0xfb, 0xe2, 0xd5, 0xcb, 0x9f, 0xf7, 0x52, 0xb5, |
| 0x53, 0xe5, 0xcb, 0xa8, 0x21, 0x56, 0xab, 0x3d, 0xfb, 0xff, 0x6a, 0xc8, 0x46, 0xb5, 0x03, 0xb8, |
| 0x17, 0xb0, 0x50, 0x0a, 0xdf, 0x32, 0x2d, 0xc7, 0x09, 0x4d, 0x5b, 0x78, 0x81, 0x15, 0x99, 0xae, |
| 0x75, 0x29, 0xe2, 0x88, 0x6e, 0x66, 0x0f, 0xc5, 0x9d, 0x04, 0xb8, 0xef, 0x38, 0xe1, 0x00, 0x61, |
| 0x63, 0x44, 0x91, 0x3e, 0xdc, 0x4e, 0x63, 0x78, 0x9e, 0x15, 0x98, 0x81, 0x35, 0x65, 0xe6, 0x9f, |
| 0x2c, 0x14, 0xf4, 0xa7, 0x2c, 0x7f, 0x35, 0x01, 0x1d, 0x79, 0x56, 0x70, 0x62, 0x4d, 0xd9, 0x3f, |
| 0x59, 0x28, 0xc8, 0x1b, 0xb8, 0x9b, 0x72, 0x43, 0x66, 0x39, 0x26, 0xf7, 0x02, 0x97, 0x33, 0x69, |
| 0xe2, 0xbb, 0xf9, 0x97, 0x2c, 0x3d, 0xd5, 0x30, 0x98, 0xe5, 0x8c, 0x34, 0x6a, 0x78, 0xc1, 0xec, |
| 0xac, 0x3a, 0xce, 0x40, 0xaf, 0xc7, 0xee, 0xf4, 0x33, 0x7d, 0x7e, 0x93, 0xba, 0xca, 0x1e, 0x57, |
| 0x64, 0x77, 0xfa, 0x39, 0xab, 0x8e, 0x5c, 0x5f, 0x98, 0xa1, 0xe5, 0x3b, 0xc2, 0x53, 0xa5, 0xbb, |
| 0x75, 0x93, 0xba, 0xa2, 0x4f, 0x84, 0x91, 0x82, 0x54, 0x61, 0xd8, 0xae, 0xf0, 0xb1, 0x83, 0xf3, |
| 0x59, 0x44, 0xb7, 0x33, 0xdd, 0x46, 0x0d, 0x3d, 0x13, 0x74, 0x90, 0x67, 0xd0, 0x98, 0x03, 0x63, |
| 0xc9, 0x42, 0xda, 0xcd, 0x20, 0xeb, 0x29, 0x52, 0x79, 0xc8, 0x06, 0xd4, 0xae, 0x62, 0x4a, 0xba, |
| 0x93, 0x01, 0xc2, 0x3c, 0xa4, 0x5c, 0x90, 0x0e, 0xb8, 0x43, 0x7b, 0x37, 0x49, 0x07, 0xdc, 0x59, |
| 0x00, 0xf2, 0xc0, 0xa6, 0xbb, 0x37, 0x01, 0x79, 0x60, 0x2f, 0x00, 0xe3, 0x48, 0xd2, 0x17, 0x37, |
| 0x01, 0xe3, 0x48, 0x92, 0xe7, 0xb0, 0x3c, 0x07, 0xda, 0xd3, 0x50, 0xc4, 0x01, 0x7d, 0x99, 0xc1, |
| 0x36, 0x53, 0xac, 0xf6, 0x91, 0x0d, 0x28, 0xc5, 0xba, 0xbd, 0xdd, 0x6b, 0xe7, 0x3b, 0xb5, 0x5e, |
| 0x23, 0xad, 0x4d, 0x6c, 0xae, 0x8d, 0xc4, 0xa9, 0x60, 0x53, 0x0d, 0xfb, 0xf9, 0x46, 0x98, 0x76, |
| 0xaa, 0xce, 0xcd, 0x53, 0x7d, 0xb0, 0x89, 0x27, 0xf1, 0xd5, 0x42, 0xe7, 0x86, 0x8e, 0x13, 0x75, |
| 0x10, 0x37, 0xa0, 0x88, 0x03, 0xfa, 0x1a, 0x63, 0x2d, 0x5f, 0x75, 0x2d, 0xd8, 0x42, 0x1b, 0xda, |
| 0x4b, 0xb6, 0x60, 0x55, 0x32, 0x5b, 0x55, 0xbd, 0x19, 0x08, 0x97, 0xdb, 0x97, 0xfa, 0x79, 0xed, |
| 0xe3, 0xf3, 0xba, 0x92, 0xb8, 0x4e, 0xd0, 0x83, 0x0f, 0xed, 0x06, 0x34, 0x53, 0xbc, 0x8c, 0x42, |
| 0xee, 0x4f, 0xe9, 0x2f, 0xf8, 0xd0, 0x35, 0x12, 0xeb, 0x29, 0x1a, 0xf1, 0x4d, 0x4b, 0x60, 0xae, |
| 0x98, 0xd2, 0x5f, 0x17, 0xdf, 0x34, 0xed, 0x19, 0x8b, 0x29, 0x79, 0x0a, 0x4d, 0xbd, 0x46, 0xa6, |
| 0xc7, 0x3c, 0xd3, 0xb3, 0x2e, 0xe8, 0x6f, 0xe9, 0xcd, 0x5f, 0xd7, 0x8e, 0x23, 0xe6, 0x1d, 0x59, |
| 0x17, 0xea, 0xee, 0xcf, 0x02, 0x71, 0x66, 0x7f, 0xc5, 0x3e, 0x66, 0x6d, 0x5b, 0x5e, 0xca, 0xed, |
| 0x33, 0xb9, 0xad, 0xfd, 0xdb, 0x1e, 0xf3, 0x44, 0x78, 0x69, 0x34, 0xaf, 0xe8, 0x38, 0xd1, 0x1e, |
| 0xac, 0x64, 0x02, 0x04, 0x56, 0xa8, 0xde, 0xe3, 0xdf, 0x17, 0x3a, 0xab, 0xe5, 0x39, 0xe5, 0x04, |
| 0xdd, 0xe4, 0x19, 0x24, 0x26, 0x33, 0xe0, 0x8e, 0xc4, 0xf4, 0xde, 0xa4, 0xe9, 0x35, 0xb4, 0xe7, |
| 0x84, 0x3b, 0x52, 0xe7, 0xb7, 0xb2, 0x00, 0xc5, 0x04, 0xf7, 0x31, 0xfc, 0xea, 0xb5, 0x04, 0x15, |
| 0x20, 0xd5, 0x42, 0x3a, 0xe6, 0xf7, 0x02, 0x48, 0x36, 0x40, 0x92, 0xe0, 0xc1, 0x42, 0x82, 0xad, |
| 0x2b, 0x52, 0x92, 0xe1, 0x1e, 0xdc, 0x4e, 0x58, 0x3e, 0x8b, 0x4c, 0xdb, 0x95, 0xa6, 0xed, 0x5a, |
| 0x52, 0xb5, 0x11, 0x83, 0xb4, 0xab, 0x5a, 0xd5, 0x80, 0x09, 0x8b, 0x06, 0xae, 0x1c, 0x68, 0x2f, |
| 0x79, 0x07, 0xb7, 0xae, 0xf1, 0x74, 0xc6, 0x6f, 0x51, 0xef, 0xf6, 0xb5, 0x8c, 0x13, 0x8c, 0xb1, |
| 0x92, 0x0d, 0xa5, 0xd3, 0x7e, 0x0d, 0x6b, 0xd7, 0x02, 0x25, 0x99, 0x0f, 0x17, 0x32, 0x27, 0x59, |
| 0x66, 0x92, 0xfb, 0xee, 0x9c, 0xaa, 0x5e, 0x5a, 0x4f, 0xb7, 0x9d, 0x92, 0xd9, 0xf4, 0x30, 0x4d, |
| 0x3d, 0xd1, 0x1b, 0x04, 0xf1, 0x91, 0x6a, 0x3d, 0x4f, 0x99, 0x4d, 0x7e, 0x9d, 0xd7, 0x01, 0x92, |
| 0x30, 0xe9, 0x77, 0x28, 0x45, 0xae, 0x25, 0x6d, 0x07, 0x71, 0x5a, 0x04, 0x2a, 0xc0, 0xb5, 0x22, |
| 0x50, 0xec, 0x24, 0xd3, 0x3f, 0x6e, 0x2a, 0x82, 0x41, 0x10, 0x27, 0x69, 0x6e, 0x40, 0x8d, 0x9f, |
| 0x59, 0x36, 0xb6, 0x4b, 0xae, 0xa0, 0xa3, 0xc5, 0x2f, 0x25, 0xe5, 0x99, 0x88, 0xb1, 0x20, 0xf7, |
| 0x41, 0x0f, 0x4c, 0x31, 0xf3, 0xe9, 0x7b, 0x3c, 0x13, 0x15, 0x34, 0x1c, 0xcf, 0x7c, 0xf2, 0x23, |
| 0x34, 0x3c, 0xcb, 0x3e, 0x77, 0x2d, 0xdf, 0x44, 0x1b, 0xfd, 0x1b, 0x9e, 0xaf, 0x7a, 0x62, 0x1c, |
| 0x29, 0x1b, 0xd9, 0xbe, 0x02, 0x9d, 0x4b, 0xd5, 0x7f, 0x8f, 0x31, 0xb1, 0xda, 0xce, 0xeb, 0xde, |
| 0xd6, 0xce, 0xde, 0xab, 0xad, 0xee, 0x56, 0xcf, 0xa8, 0x25, 0x88, 0x4f, 0x72, 0x14, 0x90, 0x9d, |
| 0x05, 0x82, 0xef, 0xd1, 0x23, 0x24, 0x34, 0x7a, 0x2f, 0x5f, 0x6e, 0xa5, 0xbf, 0x6e, 0x86, 0x32, |
| 0xf1, 0xae, 0x69, 0x4c, 0x67, 0x74, 0x72, 0x5d, 0x63, 0x27, 0x43, 0x78, 0x37, 0x23, 0x8f, 0x17, |
| 0x08, 0x9e, 0x45, 0x8f, 0x93, 0x8f, 0xa7, 0x2b, 0xd4, 0x91, 0x45, 0x9e, 0x40, 0x05, 0x3f, 0xc5, |
| 0x3e, 0x73, 0x9f, 0x9e, 0xb4, 0x73, 0x9d, 0x5a, 0xaf, 0x96, 0xde, 0x37, 0xc3, 0x0b, 0x66, 0xe0, |
| 0x77, 0xda, 0x01, 0xf7, 0x37, 0x77, 0xa1, 0xa0, 0xbe, 0x9a, 0x08, 0x40, 0x69, 0x3c, 0x3a, 0xfd, |
| 0x30, 0x9c, 0xb4, 0xbe, 0x23, 0x15, 0xc0, 0x6f, 0xa8, 0x56, 0x8e, 0x54, 0xa1, 0x68, 0x0c, 0x8d, |
| 0x8f, 0x93, 0xd6, 0x92, 0x02, 0x0c, 0xff, 0x31, 0x1c, 0x7c, 0x1a, 0xb6, 0xf2, 0x9b, 0x07, 0x50, |
| 0x49, 0x5b, 0x78, 0x05, 0x79, 0x3b, 0x3c, 0xf8, 0xf8, 0x4e, 0xf3, 0x46, 0x93, 0xc3, 0xe3, 0x56, |
| 0x8e, 0xd4, 0xa0, 0xfc, 0xf7, 0x7d, 0x63, 0x32, 0x9a, 0xbc, 0x6b, 0x2d, 0x29, 0xc4, 0xd0, 0x30, |
| 0x8e, 0x8d, 0x56, 0x5e, 0xfd, 0x3d, 0xdc, 0xff, 0xb0, 0x3f, 0x6e, 0x15, 0x36, 0xbb, 0x50, 0xd2, |
| 0x7d, 0x80, 0x32, 0x62, 0x93, 0xa3, 0x23, 0xa8, 0xa6, 0xa0, 0x95, 0x53, 0xff, 0xfe, 0xd8, 0x37, |
| 0xde, 0xb6, 0x96, 0x48, 0x19, 0xf2, 0xa3, 0xc9, 0x61, 0x2b, 0xff, 0xbf, 0x00, 0x00, 0x00, 0xff, |
| 0xff, 0x27, 0xf6, 0x8f, 0xb6, 0x19, 0x11, 0x00, 0x00, |
| } |