gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/pkg/sentry/seccheck/points/sentry.proto

gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/pkg/sentry/seccheck/points/sentry.proto (about)

     1  // Copyright 2022 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  syntax = "proto3";
    16  
    17  package gvisor.sentry;
    18  
    19  import "pkg/sentry/seccheck/points/common.proto";
    20  
    21  // CloneInfo contains information used by the Clone checkpoint.
    22  message CloneInfo {
    23    gvisor.common.ContextData context_data = 1;
    24  
    25    // created_thread_id is the thread's ID in the root PID namespace.
    26    int32 created_thread_id = 3;
    27  
    28    int32 created_thread_group_id = 4;
    29  
    30    // created_thread_start_time_ns is the thread's CLOCK_REALTIME start time.
    31    int64 created_thread_start_time_ns = 5;
    32  
    33    // flags are equivalent to the flags passed to clone(2).
    34    uint64 flags = 6;
    35  }
    36  
    37  // ExecveInfo contains information used by the Execve checkpoint.
    38  message ExecveInfo {
    39    gvisor.common.ContextData context_data = 1;
    40  
    41    // BinaryPath is a path to the executable binary file being switched to in
    42    // the mount namespace in which it was opened.
    43    string binary_path = 2;
    44  
    45    // Argv is the new process image's argument vector.
    46    repeated string argv = 3;
    47  
    48    // Env is the new process image's environment variables.
    49    repeated string env = 4;
    50  
    51    // BinaryMode is the executable binary file's mode.
    52    uint32 binary_mode = 5;
    53  
    54    uint32 binary_uid = 6;
    55    uint32 binary_gid = 7;
    56  
    57    // binary_sha256 is the SHA-256 hash of the executable binary file.
    58    //
    59    // Note that this requires reading the entire file into memory, which is
    60    // likely to be extremely slow.
    61    bytes binary_sha256 = 8;
    62  }
    63  
    64  message ExitNotifyParentInfo {
    65    gvisor.common.ContextData context_data = 1;
    66  
    67    // ExitStatus is the exiting thread group's exit status, as reported
    68    // by wait*().
    69    int32 exit_status = 2;
    70  }
    71  
    72  message TaskExit {
    73    gvisor.common.ContextData context_data = 1;
    74  
    75    // ExitStatus is the exiting thread group's exit status, as reported
    76    // by wait*().
    77    int32 exit_status = 2;
    78  }