gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/pkg/sentry/seccheck/points/common.proto (about) 1 // Copyright 2022 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 syntax = "proto3"; 16 17 package gvisor.common; 18 19 // Handshake message is used when establishing a connection. Version information 20 // is exchanged to determine if the communication can proceed. Each side reports 21 // a single version of the protocol that it supports. If they can't support the 22 // version reported by the peer, they must close the connection. If the peer 23 // version is higher (newer), it should continue to communicate, making the peer 24 // responsible to send messages that are compatible with your version. If the 25 // peer can't support it, the peer should close the connection. 26 // 27 // In short: 28 // 1. sentry and remote exchange versions 29 // 2. sentry continues if remote >= min(sentry) 30 // 3. remote continues if sentry >= min(remote) 31 // 32 // Suppose that peer A is at version 1 and peer B is at 2. Peer A sees that B is 33 // at a newer version and continues with communication. Peer B will see that A 34 // is at version 1 (older) and will check if it can send messages that are 35 // compatible with version 1. If yes, then the communication can continue. If 36 // not, A should close the connection. 37 // 38 // Here are 2 practical examples: 39 // 1. New field added to the header: this requires a change in protocol 40 // version (e.g. 1 => 2). However, if not essential to communication, the 41 // new field can be ignored by a peer that is still using version 1. 42 // Sentry version 1, remote version 2: remote doesn't get the new field, 43 // but can still receive messages. 44 // Sentry version 2, remote version 1: remote gets the new field, but 45 // ignores it since it's not aware the field exists yet. Note that remote 46 // must rely on header length to determine where the payload is. 47 // 48 // 2. Change in message format for batching: this requires a change in 49 // protocol version (2 => 3). Batching can only be used if both sides can 50 // handle it. 51 // Sentry version 2, remote version 3: remote gets a message at a time. If 52 // it still can do that, remote can accept that sentry is in version 2. 53 // Sentry version 3, remote version 2: remote is not able to process 54 // batched messages. If the sentry can still produce one message at a time 55 // the communication can continue, otherwise the sentry should close the 56 // connection. 57 // 58 // Note that addition of new message types do not require version changes. 59 // Server implementations should gracefully handle messages that it doesn't 60 // understand. Similarly, payload for message can change following protobuf 61 // rules for compatibility. For example, adding new fields to a protobuf type 62 // doesn't require version bump. 63 message Handshake { 64 uint32 version = 1; 65 } 66 67 message Credentials { 68 uint32 real_uid = 1; 69 uint32 effective_uid = 2; 70 uint32 saved_uid = 3; 71 72 uint32 real_gid = 4; 73 uint32 effective_gid = 5; 74 uint32 saved_gid = 6; 75 } 76 77 message ContextData { 78 int64 time_ns = 1; 79 80 int32 thread_id = 2; 81 82 int64 thread_start_time_ns = 3; 83 84 int32 thread_group_id = 4; 85 86 int64 thread_group_start_time_ns = 5; 87 88 string container_id = 6; 89 90 Credentials credentials = 7; 91 92 string cwd = 8; 93 94 string process_name = 9; 95 } 96 97 // MessageType describes the payload of a message sent to the remote process. 98 // LINT.IfChange 99 enum MessageType { 100 MESSAGE_UNKNOWN = 0; 101 MESSAGE_CONTAINER_START = 1; 102 MESSAGE_SENTRY_CLONE = 2; 103 MESSAGE_SENTRY_EXEC = 3; 104 MESSAGE_SENTRY_EXIT_NOTIFY_PARENT = 4; 105 MESSAGE_SENTRY_TASK_EXIT = 5; 106 MESSAGE_SYSCALL_RAW = 6; 107 MESSAGE_SYSCALL_OPEN = 7; 108 MESSAGE_SYSCALL_CLOSE = 8; 109 MESSAGE_SYSCALL_READ = 9; 110 MESSAGE_SYSCALL_CONNECT = 10; 111 MESSAGE_SYSCALL_EXECVE = 11; 112 MESSAGE_SYSCALL_SOCKET = 12; 113 MESSAGE_SYSCALL_CHDIR = 13; 114 MESSAGE_SYSCALL_SETID = 14; 115 MESSAGE_SYSCALL_SETRESID = 15; 116 MESSAGE_SYSCALL_PRLIMIT64 = 16; 117 MESSAGE_SYSCALL_PIPE = 17; 118 MESSAGE_SYSCALL_FCNTL = 18; 119 MESSAGE_SYSCALL_DUP = 19; 120 MESSAGE_SYSCALL_SIGNALFD = 20; 121 MESSAGE_SYSCALL_CHROOT = 21; 122 MESSAGE_SYSCALL_EVENTFD = 22; 123 MESSAGE_SYSCALL_CLONE = 23; 124 MESSAGE_SYSCALL_BIND = 24; 125 MESSAGE_SYSCALL_ACCEPT = 25; 126 MESSAGE_SYSCALL_TIMERFD_CREATE = 26; 127 MESSAGE_SYSCALL_TIMERFD_SETTIME = 27; 128 MESSAGE_SYSCALL_TIMERFD_GETTIME = 28; 129 MESSAGE_SYSCALL_FORK = 29; 130 MESSAGE_SYSCALL_INOTIFY_INIT = 30; 131 MESSAGE_SYSCALL_INOTIFY_ADD_WATCH = 31; 132 MESSAGE_SYSCALL_INOTIFY_RM_WATCH = 32; 133 MESSAGE_SYSCALL_SOCKETPAIR = 33; 134 MESSAGE_SYSCALL_WRITE = 34; 135 } 136 // LINT.ThenChange(../../../../examples/seccheck/server.cc)