- sync to util-vserver-0.30.208
Mark Huang [Sun, 21 Aug 2005 22:10:13 +0000 (22:10 +0000)]
- I'm not really sure why this keeps happening. The immutable unlink
  ext2 flag is bit 27, damn it, at least according to the kernel.

lib/Makefile-files
lib/getinsecurebcaps.c
lib/ioctl-getext2flags.hc
lib/ioctl-setext2flags.hc
lib/virtual.h
lib/vserver-internal.h
lib/vserver.h

index 5404f72..7a74672 100644 (file)
@@ -1,4 +1,4 @@
-## $Id: Makefile-files,v 1.1.4.6 2004/03/04 03:23:09 ensc Exp $  -*- makefile -*-
+## $Id: Makefile-files,v 1.55 2005/05/05 09:17:25 ensc Exp $  -*- makefile -*-
 
 ## Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
 ##  
 ## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 ##  
 
-lib_SRCS                       =  lib/syscall.c \
-                                  lib/syscall_rlimit.c \
-                                  lib/syscall_setsched.c \
-                                  lib/syscall_kill.c \
-                                  lib/checkversion.c \
-                                  lib/getctx.c \
-                                  lib/getversion.c \
-                                  lib/uint2str.c
-
-lib_HDRS                       =  lib/vserver.h
-
-lib_XHDRS                       =  lib/syscall-compat.hc \
-                                  lib/syscall-legacy.hc \
-                                  lib/syscall_rlimit-v11.hc \
-                                  lib/syscall_setsched-v13.hc \
-                                  lib/syscall_kill-v11.hc \
-                                  lib/getctx-compat.hc \
-                                  lib/getctx-legacy.hc \
-                                  lib/getversion-internal.hc \
-                                  lib/safechroot-internal.hc \
-                                  lib/virtual.h \
-                                  lib/vserver-internal.h
-
-lib_lib_LIBS                   =  lib/libvserver.a
-
-lib_libvserver_a_SOURCES       =  $(lib_SRCS)
-lib_libvserver_a_CPPFLAGS      =  -D_GNU_SOURCE
+lib_VERSION =                  0.0.0
+
+lib_compat_SRCS =              lib/cflags-compat.c \
+                               lib/cflags_list-compat.c
+lib_legacy_SRCS =              lib/getprocentry-legacy.c
+lib_management_SRCS =          lib/createskeleton.c \
+                               lib/getvserverbyctx.c \
+                               lib/getvserverbyctx-compat.hc \
+                               lib/getvserverbyctx-v13.hc \
+                               lib/getvservercfgstyle.c \
+                               lib/getvserverappdir.c \
+                               lib/getvservercfgdir.c \
+                               lib/getvserverctx.c \
+                               lib/getvservername.c \
+                               lib/getvservervdir.c \
+                               lib/xidopt2xid.c
+lib_v11_SRCS =                 lib/syscall_rlimit.c \
+                               lib/syscall_rlimit-v11.hc \
+                               lib/syscall_kill.c  \
+                               lib/syscall_kill-v11.hc
+lib_v13_SRCS =                 lib/syscall_ctxcreate.c \
+                               lib/syscall_ctxcreate-v13.hc \
+                               lib/syscall_ctxmigrate.c \
+                               lib/syscall_ctxmigrate-v13.hc \
+                               lib/syscall_cleanupnamespace-v13.hc \
+                               lib/syscall_cleanupnamespace.c \
+                               lib/syscall_enternamespace-v13.hc \
+                               lib/syscall_enternamespace.c \
+                               lib/syscall_getccaps-v13.hc \
+                               lib/syscall_getccaps.c \
+                               lib/syscall_getcflags-v13.hc \
+                               lib/syscall_getcflags.c \
+                               lib/syscall_getiattr-fscompat.hc \
+                               lib/syscall_getiattr-v13.hc \
+                               lib/syscall_getiattr.c \
+                               lib/syscall_getncaps-net.hc \
+                               lib/syscall_getncaps.c \
+                               lib/syscall_getnflags-net.hc \
+                               lib/syscall_getnflags.c \
+                               lib/syscall_getnxinfo-net.hc \
+                               lib/syscall_getnxinfo.c \
+                               lib/syscall_gettasknid-net.hc \
+                               lib/syscall_gettasknid.c \
+                               lib/syscall_gettaskxid-oldproc.hc \
+                               lib/syscall_gettaskxid-v13.hc \
+                               lib/syscall_gettaskxid.c \
+                               lib/syscall_getvhiname-olduts.hc \
+                               lib/syscall_getvhiname-v13.hc \
+                               lib/syscall_getvhiname.c \
+                               lib/syscall_getvxinfo-oldproc.hc \
+                               lib/syscall_getvxinfo-v13.hc \
+                               lib/syscall_getvxinfo.c \
+                               lib/syscall_netadd-net.hc \
+                               lib/syscall_netadd.c \
+                               lib/syscall_netcreate-net.hc \
+                               lib/syscall_netcreate.c \
+                               lib/syscall_netmigrate-net.hc \
+                               lib/syscall_netmigrate.c \
+                               lib/syscall_netremove-net.hc \
+                               lib/syscall_netremove.c \
+                               lib/syscall_setccaps-v13.hc \
+                               lib/syscall_setccaps.c \
+                               lib/syscall_setcflags-v13.hc \
+                               lib/syscall_setcflags.c \
+                               lib/syscall_setiattr-fscompat.hc \
+                               lib/syscall_setiattr-v13.hc \
+                               lib/syscall_setiattr.c \
+                               lib/syscall_setnamespace-v13.hc \
+                               lib/syscall_setnamespace.c \
+                               lib/syscall_setncaps-net.hc \
+                               lib/syscall_setncaps.c \
+                               lib/syscall_setnflags-net.hc \
+                               lib/syscall_setnflags.c \
+                               lib/syscall_setsched-v13.hc \
+                               lib/syscall_setsched.c \
+                               lib/syscall_setvhiname-olduts.hc \
+                               lib/syscall_setvhiname-v13.hc \
+                               lib/syscall_setvhiname.c \
+                               lib/syscall_waitexit.c  \
+                               lib/syscall_waitexit-v13.hc \
+                               lib/bcaps-v13.c \
+                               lib/bcaps_list-v13.c \
+                               lib/ccaps-v13.c \
+                               lib/ccaps_list-v13.c \
+                               lib/cflags-v13.c \
+                               lib/cflags_list-v13.c \
+                               lib/ncaps-net.c \
+                               lib/ncaps_list-net.c \
+                               lib/nflags-net.c \
+                               lib/nflags_list-net.c
+
+if ENSC_HAVE_C99_COMPILER
+lib_v13_SRCS +=                        lib/syscall_adddlimit-v13.hc \
+                               lib/syscall_adddlimit.c \
+                               lib/syscall_getdlimit-v13.hc \
+                               lib/syscall_getdlimit.c \
+                               lib/syscall_remdlimit-v13.hc \
+                               lib/syscall_remdlimit.c \
+                               lib/syscall_setdlimit-v13.hc \
+                               lib/syscall_setdlimit.c
+endif
+
+PKGCONFIG_FILES =              lib/util-vserver
+
+lib_SRCS =                     lib/syscall.c \
+                               lib/checkversion.c \
+                               lib/isdirectory.c \
+                               lib/isfile.c \
+                               lib/islink.c \
+                               lib/getnbipv4root.c \
+                               lib/getversion.c \
+                               lib/capabilities.c \
+                               lib/getfilecontext.c \
+                               lib/getinsecurebcaps.c \
+                               lib/getxidtype.c \
+                               lib/isdynamicxid.c \
+                               lib/issupported.c \
+                               lib/issupportedstring.c \
+                               lib/listparser_uint32.c \
+                               lib/listparser_uint64.c \
+                               lib/personalityflag.c \
+                               lib/personalityflag_list.c \
+                               lib/personalitytype.c \
+                               lib/syscall-syscall.c \
+                               lib/val2text-t2v-uint32.c \
+                               lib/val2text-t2v-uint64.c \
+                               lib/val2text-v2t-uint32.c \
+                               lib/val2text-v2t-uint64.c \
+                               lib/parselimit.c \
+                               $(lib_legacy_SRCS) \
+                               $(lib_compat_SRCS) \
+                               $(lib_management_SRCS) \
+                               $(lib_v11_SRCS) \
+                               $(lib_v13_SRCS) \
+                               $(ensc_fmt_SRCS)
+
+include_HEADERS +=             lib/vserver.h
+
+noinst_HEADERS +=              lib/syscall-compat.hc \
+                               lib/syscall-legacy.hc \
+                               lib/createskeleton-full.hc \
+                               lib/createskeleton-short.hc \
+                               lib/fmt.h \
+                               lib/getversion-internal.hc \
+                               lib/safechroot-internal.hc \
+                               lib/ioctl-getext2flags.hc \
+                               lib/ioctl-getfilecontext.hc \
+                               lib/ioctl-setext2flags.hc \
+                               lib/ioctl-setfilecontext.hc \
+                               lib/ioctl-getxflg.hc \
+                               lib/ioctl-setxflg.hc \
+                               lib/ext2fs.h \
+                               lib/listparser.hc \
+                               lib/val2text.hc \
+                               lib/virtual.h \
+                               lib/internal.h \
+                               lib/syscall-alternative.h \
+                               lib/syscall-wrap.h \
+                               lib/utils-legacy.h \
+                               lib/vserver-internal.h
+
+LIBVSERVER_GLIBC =             lib/libvserver.la
+lib_LTLIBRARIES +=             $(LIBVSERVER_GLIBC)
+
+if USE_DIETLIBC
+LIBVSERVER_DIET =              lib/libvserver.a
+LIBVSERVER =                   $(LIBVSERVER_DIET)
+lib_LIBRARIES +=               $(LIBVSERVER_DIET)
+else
+LIBVSERVER_DIET =              lib-dietlibc-not-enabled-error.a
+LIBVSERVER =                   lib/libvserver.la
+endif
+
+lib_libvserver_la_SOURCES =    $(lib_SRCS)
+lib_libvserver_la_CPPFLAGS =   $(AM_CPPFLAGS) $(LIB_DEBUG_CPPFLAGS)
+lib_libvserver_la_LDFLAGS =    -version $(lib_VERSION)
+
+lib_libvserver_a_SOURCES =     $(lib_SRCS)
+lib_libvserver_a_CPPFLAGS =    $(AM_CPPFLAGS) $(LIB_DEBUG_CPPFLAGS)
+
+DIETPROGS +=                   lib/lib_libvserver_a-%
+
+CLEANFILES +=                  lib/libvserver.la \
+                               lib/libvserver.a
+
+include $(srcdir)/lib/apidoc/Makefile-files
+include $(srcdir)/lib/testsuite/Makefile-files
index 760dff0..8ffcb7f 100644 (file)
@@ -1,4 +1,4 @@
-// $Id: getinsecurebcaps.c,v 1.2 2005/07/15 18:59:55 ensc Exp $    --*- c -*--
+// $Id: getinsecurebcaps.c,v 1.1.1.1 2005/08/17 17:58:04 mlhuang Exp $    --*- c -*--
 
 // Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
 //  
@@ -26,6 +26,7 @@ uint_least64_t
 vc_get_insecurebcaps()
 {
   return ( (1<<VC_CAP_LINUX_IMMUTABLE) | (1<<VC_CAP_NET_BROADCAST) |
+          (1<<VC_CAP_NET_BIND_SERVICE) |
           (1<<VC_CAP_NET_ADMIN) | (1<<VC_CAP_NET_RAW) |
           (1<<VC_CAP_IPC_LOCK) | (1<<VC_CAP_IPC_OWNER) |
           (1<<VC_CAP_SYS_MODULE) | (1<<VC_CAP_SYS_RAWIO) |
index a476980..4cf9359 100644 (file)
@@ -30,7 +30,7 @@
 #endif
 
 #ifndef EXT2_IMMUTABLE_LINK_FL
-#  define EXT2_IMMUTABLE_LINK_FL       0x00008000
+#  define EXT2_IMMUTABLE_LINK_FL       0x08008000
 #endif
 
 static inline ALWAYSINLINE int
index d237b53..e76e9db 100644 (file)
@@ -30,7 +30,7 @@
 #endif
 
 #ifndef EXT2_IMMUTABLE_LINK_FL
-#  define EXT2_IMMUTABLE_LINK_FL       0x00008000
+#  define EXT2_IMMUTABLE_LINK_FL       0x08008000
 #endif
 
 static inline ALWAYSINLINE int
index f12b3d7..f52484c 100644 (file)
-#ifndef _LINUX_VIRTUAL_H
-#define _LINUX_VIRTUAL_H
-
-#define VC_CATEGORY(c)         (((c) >> 24) & 0x3F)
-#define VC_COMMAND(c)          (((c) >> 16) & 0xFF)
-#define VC_VERSION(c)          ((c) & 0xFFF)
-
-#define VC_CMD(c,i,v)          ((((VC_CAT_ ## c) & 0x3F) << 24) \
-                               | (((i) & 0xFF) << 16) | ((v) & 0xFFF))
-
-/*
-
-  Syscall Matrix V2.2
-
-         |VERSION|CREATE |MODIFY |MIGRATE|CONTROL|EXPERIM| |SPECIAL|SPECIAL|
-         |STATS  |DESTROY|ALTER  |CHANGE |LIMIT  |TEST   | |       |       |
-         |INFO   |SETUP  |       |MOVE   |       |       | |       |       |
-  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-  SYSTEM |VERSION|       |       |       |       |       | |DEVICES|       |
-  HOST   |     00|     01|     02|     03|     04|     05| |     06|     07|
-  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-  CPU    |       |       |       |       |       |       | |SCHED. |       |
-  PROCESS|     08|     09|     10|     11|     12|     13| |     14|     15|
-  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-  MEMORY |       |       |       |       |       |       | |SWAP   |       |
-         |     16|     17|     18|     19|     20|     21| |     22|     23|
-  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-  NETWORK|       |       |       |       |       |       | |SERIAL |       |
-         |     24|     25|     26|     27|     28|     29| |     30|     31|
-  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-  DISK   |       |       |       |       |       |       | |       |       |
-  VFS    |     32|     33|     34|     35|     36|     37| |     38|     39|
-  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-  OTHER  |       |       |       |       |       |       | |       |       |
-         |     40|     41|     42|     43|     44|     45| |     46|     47|
-  =======+=======+=======+=======+=======+=======+=======+ +=======+=======+
-  SPECIAL|       |       |       |       |       |       | |       |       |
-         |     48|     49|     50|     51|     52|     53| |     54|     55|
-  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-  SPECIAL|       |       |       |       |RLIMIT |SYSCALL| |       |COMPAT |
-         |     56|     57|     58|     59|     60|TEST 61| |     62|     63|
-  -------+-------+-------+-------+-------+-------+-------+ +-------+-------+
-
-*/
-
-#define        VC_CAT_VERSION          0
-
-#define VC_CAT_PROCTRL         12
-
-#define VC_CAT_DLIMIT          36
-
-#define VC_CAT_RLIMIT          60
-
-#define VC_CAT_SYSTEST         61
-#define        VC_CAT_COMPAT           63
-       
-/*  interface version */
-
-#define VCI_VERSION            0x00010001
-
-
-
-/*  query version */
-
-#define VCMD_get_version       VC_CMD(VERSION, 0, 0)
-
-
-/*  compatibiliy vserver commands */
-
-#define VCMD_new_s_context     VC_CMD(COMPAT, 1, 1)
-#define VCMD_set_ipv4root      VC_CMD(COMPAT, 2, 3)
-
-/*  compatibiliy vserver arguments */
-
-struct  vcmd_new_s_context_v1 {
-       uint32_t remove_cap;
-       uint32_t flags;
-};
-
-#define        NB_IPV4ROOT 16
-
-struct  vcmd_set_ipv4root_v3 {
-       /* number of pairs in id */
-       uint32_t broadcast;
-       struct {
-               uint32_t ip;
-               uint32_t mask;
-       } ip_mask_pair[NB_IPV4ROOT];
-};
-
-/*  context signalling */
-
-#define VCMD_ctx_kill          VC_CMD(PROCTRL, 1, 0)
-
-struct  vcmd_ctx_kill_v0 {
-       int32_t pid;
-       int32_t sig;
-};
-
-/*  rlimit vserver commands */
-
-#define VCMD_get_rlimit                VC_CMD(RLIMIT, 1, 0)
-#define VCMD_set_rlimit                VC_CMD(RLIMIT, 2, 0)
-#define VCMD_get_rlimit_mask   VC_CMD(RLIMIT, 3, 0)
-
-struct  vcmd_ctx_rlimit_v0 {
-       uint32_t id;
-       uint64_t minimum;
-       uint64_t softlimit;
-       uint64_t maximum;
-};
-
-struct  vcmd_ctx_rlimit_mask_v0 {
-       uint32_t minimum;
-       uint32_t softlimit;
-       uint32_t maximum;
-};
-
-#define CRLIM_INFINITY         (~0ULL)
-#define CRLIM_KEEP             (~1ULL)
-
-
-#endif /* _LINUX_VIRTUAL_H */
+// $Id: virtual.h,v 1.24 2005/07/03 17:51:00 ensc Exp $    --*- c -*--
+
+// Copyright (C) 2004 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
+//  
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//  
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//  
+// You should have received a copy of the GNU General Public License
+// along with this program; if not, write to the Free Software
+// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+
+#ifndef H_UTIL_VSERVER_LIB_VIRTUAL_H
+#define H_UTIL_VSERVER_LIB_VIRTUAL_H
+
+#include <kernel/context.h>
+#include <kernel/context_cmd.h>
+#include <kernel/cvirt_cmd.h>
+#include <kernel/cvirt_cmd.h>
+#include <kernel/dlimit.h>
+#include <kernel/dlimit_cmd.h>
+#include <kernel/inode_cmd.h>
+#include <kernel/limit_cmd.h>
+#include <kernel/namespace_cmd.h>
+#include <kernel/network_cmd.h>
+#include <kernel/sched_cmd.h>
+#include <kernel/signal_cmd.h>
+
+#include <kernel/network.h>
+#include <kernel/legacy.h>
+
+#endif //  H_UTIL_VSERVER_LIB_VIRTUAL_H
index 972f301..ceb5d46 100644 (file)
@@ -1,4 +1,4 @@
-// $Id: vserver-internal.h,v 1.1.4.14 2004/02/14 00:25:34 ensc Exp $    --*- c++ -*--
+// $Id: vserver-internal.h,v 1.25 2005/05/02 21:42:37 ensc Exp $    --*- c++ -*--
 
 // Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
 //  
 // along with this program; if not, write to the Free Software
 // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 
+#ifdef H_VSERVER_SYSCALL_INTERNAL_H
+#  error vserver-internal.h must not be included more than once
+#endif
 
 #ifndef H_VSERVER_SYSCALL_INTERNAL_H
 #define H_VSERVER_SYSCALL_INTERNAL_H
 
-#include <stdint.h>
-#include <stdlib.h>
-#include <syscall.h>
-#include <unistd.h>
 #include <asm/unistd.h>
 #include <errno.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#include "internal.h"
+#include "syscall-wrap.h"
 
 #if !defined(__NR_vserver) && defined(ENSC_SYSCALL__NR_vserver)
 #  define __NR_vserver ENSC_SYSCALL__NR_vserver
 #endif
 
+inline static ALWAYSINLINE void vc_noop0() {}
+
 #define VC_PREFIX      0)
-#define VC_SUFFIX      else (void)((void)0
-#define CALL_VC_NOOP   (void)0
+#define VC_SUFFIX      else (void)(vc_noop0()
+#define CALL_VC_NOOP   vc_noop0()
 #define CALL_VC_GENERAL(ID, SUFFIX, FUNC, ...)                         \
   VC_PREFIX; VC_SELECT(ID) return FUNC ## _ ## SUFFIX(__VA_ARGS__); VC_SUFFIX
 
-#if 1
-#  define VC_SELECT(ID)        case ID: if(1)
+#ifdef VC_MULTIVERSION_SYSCALL
+#  define VC_SELECT(ID)        if (ver>=(ID))
 #  define CALL_VC(...)                                 \
-  switch (utilvserver_checkCompatVersion()&~0xff) {    \
-    case -1 & 0xff     :  if (1) break;                \
-      VC_SUFFIX, __VA_ARGS__ , VC_PREFIX;              \
-    default    :  errno = EINVAL;                      \
-  }                                                    \
-  return -1
+  do {                                                 \
+    int        ver = utilvserver_checkCompatVersion();         \
+    if (ver==-1) return -1;                            \
+    VC_SUFFIX, __VA_ARGS__, VC_PREFIX;                 \
+    errno = ENOSYS;                                    \
+    return -1;                                         \
+  } while (0)
 #else
 #  define VC_SELECT(ID) if (1)
-#  define CALL_VC(...)                         \
-  if (1) {} VC_SUFFIX, __VA_ARGS__, VC_PREFIX; \
-  errno = ENOSYS; return -1
+#  define CALL_VC(...)                                 \
+  do {                                                 \
+    if (1) {} VC_SUFFIX, __VA_ARGS__, VC_PREFIX;       \
+    errno = ENOSYS; return -1;                         \
+  } while (0)
 #endif
 
 #ifdef VC_ENABLE_API_COMPAT
 #  define CALL_VC_V11(F,...)   CALL_VC_NOOP
 #endif
 
+#ifdef VC_ENABLE_API_V13
+#  define CALL_VC_V13(F,...)   CALL_VC_GENERAL(0x00010011, v13, F, __VA_ARGS__)
+#else
+#  define CALL_VC_V13(F,...)   CALL_VC_NOOP
+#endif
+
+#ifdef VC_ENABLE_API_V13
+#  define CALL_VC_V13A(F,...)  CALL_VC_GENERAL(0x00010012, v13, F, __VA_ARGS__)
+#else
+#  define CALL_VC_V13A(F,...)  CALL_VC_NOOP
+#endif
+
+#ifdef VC_ENABLE_API_V13
+#  define CALL_VC_V13B(F,...)  CALL_VC_GENERAL(0x00010021, v13b, F, __VA_ARGS__)
+#else
+#  define CALL_VC_V13B(F,...)  CALL_VC_NOOP
+#endif
+
+#ifdef VC_ENABLE_API_V13
+#  define CALL_VC_V13OBS(F,...)        CALL_VC_GENERAL(0x00010011, v13obs, F, __VA_ARGS__)
+#else
+#  define CALL_VC_V13OBS(F,...)        CALL_VC_NOOP
+#endif
+
+
+#ifdef VC_ENABLE_API_NET
+#  define CALL_VC_NET(F,...)   CALL_VC_GENERAL(0x00010016, net, F, __VA_ARGS__)
+#else
+#  define CALL_VC_NET(F,...)   CALL_VC_NOOP
+#endif
+
+#ifdef VC_ENABLE_API_FSCOMPAT
+#  define CALL_VC_FSCOMPAT(F,...)      CALL_VC_GENERAL(0x00010000, fscompat, F, __VA_ARGS__)
+#else
+#  define CALL_VC_FSCOMPAT(F,...)      CALL_VC_NOOP
+#endif
+
+#ifdef VC_ENABLE_API_OLDPROC
+#  define CALL_VC_OLDPROC(F,...)       CALL_VC_GENERAL(0x00000000, oldproc, F, __VA_ARGS__)
+#else
+#  define CALL_VC_OLDPROC(F,...)       CALL_VC_NOOP
+#endif
+
+#ifdef VC_ENABLE_API_OLDUTS
+#  define CALL_VC_OLDUTS(F,...)                CALL_VC_GENERAL(0x00000000, olduts, F, __VA_ARGS__)
+#else
+#  define CALL_VC_OLDUTS(F,...)                CALL_VC_NOOP
+#endif
+
+
+  // Some  kernel <-> userspace wrappers; they should be noops in most cases
+
 #if 1
 #  define CTX_KERNEL2USER(X)   (((X)==(uint32_t)(-1)) ? VC_NOCTX   : \
                                 ((X)==(uint32_t)(-2)) ? VC_SAMECTX : \
                                 (xid_t)(X))
 
-#  define CTX_USER2KERNEL(X)   (((X)==VC_RANDCTX) ? (uint32_t)(-1) : \
-                                ((X)==VC_SAMECTX) ? (uint32_t)(-2) : \
+#  define CTX_USER2KERNEL(X)   (((X)==VC_DYNAMIC_XID) ? (uint32_t)(-1) : \
+                                ((X)==VC_SAMECTX)     ? (uint32_t)(-2) : \
                                 (uint32_t)(X))
 #else
 #  define CTX_USER2KERNEL(X)   (X)
 #  define CTX_KERNEL2USER(X)   (X)
 #endif
 
-#ifdef __cplusplus
-extern "C" {
+#if 1
+#  define EXT2FLAGS_USER2KERNEL(X)     (((X) & ~(VC_IMMUTABLE_FILE_FL|VC_IMMUTABLE_LINK_FL)) | \
+                                        ((X) & VC_IMMUTABLE_FILE_FL ? EXT2_IMMUTABLE_FILE_FL : 0) | \
+                                        ((X) & VC_IMMUTABLE_LINK_FL ? EXT2_IMMUTABLE_LINK_FL : 0))
+#  define EXT2FLAGS_KERNEL2USER(X)     (((X) & ~(EXT2_IMMUTABLE_FILE_FL|EXT2_IMMUTABLE_LINK_FL)) | \
+                                        ((X) & EXT2_IMMUTABLE_FILE_FL ? VC_IMMUTABLE_FILE_FL : 0) | \
+                                        ((X) & EXT2_IMMUTABLE_LINK_FL ? VC_IMMUTABLE_LINK_FL : 0))
+#else
+#  define EXT2FLAGS_KERNEL2USER(X)     (X)
+#  define EXT2FLAGS_USER2KERNEL(X)     (X)
+#endif
+
+#if 1
+#  define VHI_USER2KERNEL(X)           ((((X)==vcVHI_CONTEXT)    ? VHIN_CONTEXT    : \
+                                         ((X)==vcVHI_SYSNAME)    ? VHIN_SYSNAME    : \
+                                         ((X)==vcVHI_NODENAME)   ? VHIN_NODENAME   : \
+                                         ((X)==vcVHI_RELEASE)    ? VHIN_RELEASE    : \
+                                         ((X)==vcVHI_VERSION)    ? VHIN_VERSION    : \
+                                         ((X)==vcVHI_MACHINE)    ? VHIN_MACHINE    : \
+                                         ((X)==vcVHI_DOMAINNAME) ? VHIN_DOMAINNAME : \
+                                         (X)))
+#  define VHI_KERNEL2USER(X)           ((((X)==VHIN_CONTEXT)     ? vcVHI_CONTEXT    : \
+                                         ((X)==VHIN_SYSNAME)     ? vcVHI_SYSNAME    : \
+                                         ((X)==VHIN_NODENAME)    ? vcVHI_NODENAME   : \
+                                         ((X)==VHIN_RELEASE)     ? vcVHI_RELEASE    : \
+                                         ((X)==VHIN_VERSION)     ? vcVHI_VERSION    : \
+                                         ((X)==VHIN_MACHINE)     ? vcVHI_MACHINE    : \
+                                         ((X)==VHIN_DOMAINNAME)  ? vcVHI_DOMAINNAME : \
+                                         (X)))
+#else
+#  define VHI_USER2KERNEL(X)           (X)
+#  define VHI_KERNEL2USER(X)           (X)
 #endif
 
+#if 1
+#  define NID_KERNEL2USER(X)   (((X)==(uint32_t)(-1)) ? VC_NONID   : \
+                                (xid_t)(X))
+
+#  define NID_USER2KERNEL(X)   (((X)==VC_DYNAMIC_NID) ? (uint32_t)(-1) : \
+                                (uint32_t)(X))
+#else
+#  define NID_USER2KERNEL(X)   (X)
+#  define NID_KERNEL2USER(X)   (X)
+#endif
+
+#if 1
+#  define NETTYPE_USER2KERNEL(X)       ((X)==vcNET_IPV4   ? 0 : \
+                                        (X)==vcNET_IPV6   ? 1 : \
+                                        (X)==vcNET_IPV4R  ? 2 : \
+                                        (X)==vcNET_IPV6R  ? 3 : \
+                                        (X))
+#  define NETTYPE_KERNEL2USER(X)       ((X)==0 ? vcNET_IPV4   ? : \
+                                        (X)==1 ? vcNET_IPV6   ? : \
+                                        (X)==2 ? vcNET_IPV4R  ? : \
+                                        (X)==3 ? vcNET_IPV6R  ? : \
+                                        (vc_net_nx_type)(X))
+#else
+#  define NETTYPE_USER2KERNEL(X)       (X)
+#  define NETTYPE_KERNEL2USER(X)       (X)
+#endif
+
+#define CDLIM_USER2KERNEL(X)           ((X)==VC_CDLIM_UNSET    ? CDLIM_UNSET    : \
+                                        (X)==VC_CDLIM_INFINITY ? CDLIM_INFINITY : \
+                                        (X)==VC_CDLIM_KEEP     ? CDLIM_KEEP     : \
+                                        (X))
+
+  /// the __typeof__ thing is a hack to deal with the kernel interface
+  /// using an unsigned long long value for a uint32_t type
+#define CDLIM_KERNEL2USER(X)           ((X)==(__typeof__(X))CDLIM_UNSET       ? VC_CDLIM_UNSET    : \
+                                        (X)==(__typeof__(X))CDLIM_INFINITY    ? VC_CDLIM_INFINITY : \
+                                        (X)==(__typeof__(X))CDLIM_KEEP        ? VC_CDLIM_KEEP     : \
+                                        (X))
+
+
 #define ENSC_STRUCT_IDX(STRUCT,ATTR)                   \
   ((char*)(&(STRUCT).ATTR) - (char*)(&(STRUCT)))
 #define ENSC_SAME_STRUCT_IDX(LHS,RHS,ATTR)                     \
@@ -96,11 +227,18 @@ extern "C" {
    sizeof((LHS).ATTR)==sizeof((RHS).ATTR) &&   \
    sizeof(LHS)==sizeof(RHS))
 
+#define EXT2_IOC_GETCONTEXT            _IOR('x', 1, long)
+#define EXT2_IOC_SETCONTEXT            _IOW('x', 2, long)
+
 #ifndef HAVE_VSERVER
 #ifdef ENSC_SYSCALL_TRADITIONAL
 inline static UNUSED ALWAYSINLINE
 int vserver(uint32_t cmd, uint32_t id, void *data)
 {
+#if defined __dietlibc__
+  extern long int syscall (long int __sysno, ...);
+#endif
   return syscall(__NR_vserver, cmd, id, data);
 }
 #else
@@ -110,13 +248,4 @@ _syscall3(int, vserver,
 #endif
 #endif
 
-size_t         utilvserver_uint2str(char *buf, size_t len,
-                                    unsigned int val, unsigned char base);
-int            utilvserver_checkCompatVersion();
-
-#ifdef __cplusplus
-}
-#endif
-
-
 #endif //  H_VSERVER_SYSCALL_INTERNAL_H
index 4f9205a..0b1aa8c 100644 (file)
@@ -1,4 +1,4 @@
-/* $Id: vserver.h,v 1.1.4.11 2004/01/26 18:19:41 ensc Exp $
+/* $Id: vserver.h,v 1.66 2005/07/15 16:27:02 ensc Exp $
 
 *  Copyright (C) 2003 Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de>
 *   
 *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */
 
+/** \file vserver.h
+ *  \brief The public interface of the the libvserver library.
+ */
+
 #ifndef H_VSERVER_SYSCALL_H
 #define H_VSERVER_SYSCALL_H
 
 #include <stdint.h>
 #include <stdlib.h>
+#include <stdbool.h>
 #include <sys/types.h>
 
+#ifndef IS_DOXYGEN
+#if defined(__GNUC__)
+#  define VC_ATTR_UNUSED                __attribute__((__unused__))
+#  define VC_ATTR_NORETURN              __attribute__((__noreturn__))
+#  define VC_ATTR_CONST                        __attribute__((__const__))
+#  define VC_ATTR_DEPRECATED           __attribute__((__deprecated__))
+#  if __GNUC__*0x10000 + __GNUC_MINOR__*0x100 + __GNUC_PATCHLEVEL__ >= 0x30300
+#    define VC_ATTR_NONNULL(ARGS)      __attribute__((__nonnull__ ARGS))
+#    define VC_ATTR_ALWAYSINLINE        __attribute__((__always_inline__))
+#  else
+#    define VC_ATTR_NONNULL(ARGS)
+#    define VC_ATTR_ALWAYSINLINE
+#  endif
+#  if __GNUC__*0x10000 + __GNUC_MINOR__*0x100 + __GNUC_PATCHLEVEL__ >= 0x30303
+#    define VC_ATTR_PURE               __attribute__((__pure__))
+#  else
+#    define VC_ATTR_PURE
+#  endif
+#else
+#  define VC_ATTR_NONNULL(ARGS)
+#  define VC_ATTR_UNUSED
+#  define VC_ATTR_NORETURN
+#  define VC_ATTR_ALWAYSINLINE
+#  define VC_ATTR_DEPRECATED
+#  define VC_ATTR_PURE
+#  define VC_ATTR_CONST
+#endif
+#endif // IS_DOXYGEN
+
 /** the value which is returned in error-case (no ctx found) */
 #define VC_NOCTX               ((xid_t)(-1))
+#define VC_NOXID               ((xid_t)(-1))
 /** the value which means a random (the next free) ctx */
-#define VC_RANDCTX             ((xid_t)(-1))
+#define VC_DYNAMIC_XID         ((xid_t)(-1))
 /** the value which means the current ctx */
 #define VC_SAMECTX             ((xid_t)(-2))
 
+#define VC_NONID               ((nid_t)(-1))
+#define VC_DYNAMIC_NID         ((nid_t)(-1))
+
 #define VC_LIM_INFINITY                (~0ULL)
 #define VC_LIM_KEEP            (~1ULL)
 
+#define VC_CDLIM_UNSET         (0U)
+#define VC_CDLIM_INFINITY      (~0U)
+#define VC_CDLIM_KEEP          (~1U)
+  
+#ifndef S_CTX_INFO_LOCK
+#  define S_CTX_INFO_LOCK      1
+#endif
+
+#ifndef S_CTX_INFO_SCHED
+#  define S_CTX_INFO_SCHED     2
+#endif
+
+#ifndef S_CTX_INFO_NPROC
+#  define S_CTX_INFO_NPROC     4
+#endif
+
+#ifndef S_CTX_INFO_PRIVATE
+#  define S_CTX_INFO_PRIVATE   8
+#endif
+
+#ifndef S_CTX_INFO_INIT
+#  define S_CTX_INFO_INIT      16
+#endif
+
+#ifndef S_CTX_INFO_HIDEINFO
+#  define S_CTX_INFO_HIDEINFO  32
+#endif
+
+#ifndef S_CTX_INFO_ULIMIT
+#  define S_CTX_INFO_ULIMIT    64
+#endif
+
+#ifndef S_CTX_INFO_NAMESPACE
+#  define S_CTX_INFO_NAMESPACE 128
+#endif
+
+#define VC_CAP_CHOWN                    0
+#define VC_CAP_DAC_OVERRIDE             1
+#define VC_CAP_DAC_READ_SEARCH          2
+#define VC_CAP_FOWNER                   3
+#define VC_CAP_FSETID                   4
+#define VC_CAP_KILL                     5
+#define VC_CAP_SETGID                   6
+#define VC_CAP_SETUID                   7
+#define VC_CAP_SETPCAP                  8
+#define VC_CAP_LINUX_IMMUTABLE          9
+#define VC_CAP_NET_BIND_SERVICE        10
+#define VC_CAP_NET_BROADCAST           11
+#define VC_CAP_NET_ADMIN               12
+#define VC_CAP_NET_RAW                 13
+#define VC_CAP_IPC_LOCK                14
+#define VC_CAP_IPC_OWNER               15
+#define VC_CAP_SYS_MODULE              16
+#define VC_CAP_SYS_RAWIO               17
+#define VC_CAP_SYS_CHROOT              18
+#define VC_CAP_SYS_PTRACE              19
+#define VC_CAP_SYS_PACCT               20
+#define VC_CAP_SYS_ADMIN               21
+#define VC_CAP_SYS_BOOT                22
+#define VC_CAP_SYS_NICE                23
+#define VC_CAP_SYS_RESOURCE            24
+#define VC_CAP_SYS_TIME                25
+#define VC_CAP_SYS_TTY_CONFIG          26
+#define VC_CAP_MKNOD                   27
+#define VC_CAP_LEASE                   28
+#define VC_CAP_AUDIT_WRITE             29
+#define VC_CAP_AUDIT_CONTROL           30
+
+#define VC_IMMUTABLE_FILE_FL           0x0000010lu
+#define VC_IMMUTABLE_LINK_FL           0x0808000lu
+#define VC_IMMUTABLE_ALL               (VC_IMMUTABLE_LINK_FL|VC_IMMUTABLE_FILE_FL)
+
+#define VC_IATTR_XID                   0x01000000u
+
+#define VC_IATTR_ADMIN                 0x00000001u
+#define VC_IATTR_WATCH                 0x00000002u
+#define VC_IATTR_HIDE                  0x00000004u
+#define VC_IATTR_FLAGS                 0x00000007u
+
+#define VC_IATTR_BARRIER               0x00010000u
+#define        VC_IATTR_IUNLINK                0x00020000u
+#define VC_IATTR_IMMUTABLE             0x00040000u
+
+
+// the flags
+#define VC_VXF_INFO_LOCK               0x00000001ull
+#define VC_VXF_INFO_NPROC              0x00000004ull
+#define VC_VXF_INFO_PRIVATE            0x00000008ull
+#define VC_VXF_INFO_INIT               0x00000010ull
+
+#define VC_VXF_INFO_HIDEINFO           0x00000020ull
+#define VC_VXF_INFO_ULIMIT             0x00000040ull
+#define VC_VXF_INFO_NAMESPACE          0x00000080ull
+
+#define        VC_VXF_SCHED_HARD               0x00000100ull
+#define        VC_VXF_SCHED_PRIO               0x00000200ull
+#define        VC_VXF_SCHED_PAUSE              0x00000400ull
+
+#define VC_VXF_VIRT_MEM                        0x00010000ull
+#define VC_VXF_VIRT_UPTIME             0x00020000ull
+#define VC_VXF_VIRT_CPU                        0x00040000ull
+#define VC_VXF_VIRT_LOAD               0x00080000ull
+
+#define VC_VXF_HIDE_MOUNT              0x01000000ull
+#define VC_VXF_HIDE_NETIF              0x02000000ull
+
+#define        VC_VXF_STATE_SETUP              (1ULL<<32)
+#define        VC_VXF_STATE_INIT               (1ULL<<33)
+
+#define VC_VXF_FORK_RSS                        (1ULL<<48)
+#define VC_VXF_PROLIFIC                        (1ULL<<49)
+
+#define VC_VXF_IGNEG_NICE              (1ULL<<52)
+
+
+// the ccapabilities
+#define VC_VXC_SET_UTSNAME             0x00000001ull
+#define VC_VXC_SET_RLIMIT              0x00000002ull
+
+#define VC_VXC_RAW_ICMP                        0x00000100ull
+#define VC_VXC_SYSLOG                  0x00001000ull
+
+#define VC_VXC_SECURE_MOUNT            0x00010000ull
+#define VC_VXC_SECURE_REMOUNT          0x00020000ull
+#define VC_VXC_BINARY_MOUNT            0x00040000ull
+
+#define VC_VXC_QUOTA_CTL               0x00100000ull
+
+
 #define VC_VXSM_FILL_RATE              0x0001
 #define VC_VXSM_INTERVAL               0x0002
 #define VC_VXSM_TOKENS                 0x0010
 #define VC_VXSM_PRIO_BIAS              0x0100
 
 
+#define VC_BAD_PERSONALITY             ((uint_least32_t)(-1))
+
+
+/** \defgroup  syscalls Syscall wrappers
+ *  Functions which are calling the vserver syscall directly. */
+
+/** \defgroup  helper   Helper functions
+ *  Functions which are doing general helper tasks like parameter parsing. */
+
+/** \typedef  an_unsigned_integer_type  xid_t
+ *  The identifier of a context. */
+
+#ifdef IS_DOXYGEN
+typedef an_unsigned_integer_type       xid_t;
+typedef an_unsigned_integer_type       nid_t;
+#endif
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
   struct vc_ip_mask_pair {
-    uint32_t   ip;
-    uint32_t   mask;
+      uint32_t ip;
+      uint32_t mask;
   };
 
-    /** Returns version of the current kernel API */
+    /** \brief   The generic vserver syscall
+     *  \ingroup syscalls
+     *
+     *  This function executes the generic vserver syscall. It uses the
+     *  correct syscallnumber (which may differ between the different
+     *  architectures).
+     *
+     *  \param   cmd  the command to be executed
+     *  \param   xid  the xid on which the cmd shall be applied
+     *  \param   data additional arguments; depends on \c cmd
+     *  \returns depends on \c cmd; usually, -1 stands for an error
+     */
+  int  vc_syscall(uint32_t cmd, xid_t xid, void *data);
+
+    /** \brief   Returns the version of the current kernel API.
+     *  \ingroup syscalls
+     * \returns The versionnumber of the kernel API
+     */
   int  vc_get_version();
   
-    /** Puts current process into context <ctx>, removes the given caps and
-     *  sets flags.
-     *  Special values for ctx are
-     *  - VC_SAMECTX  which means the current context (just for changing caps and flags)
-     *  - VC_RANDCTX  which means the next free context; this value can be used by
-     *                ordinary users also */
-  int  vc_new_s_context(xid_t ctx, unsigned int remove_cap, unsigned int flags);
+    /** \brief   Moves current process into a context
+     *  \ingroup syscalls
+     *
+     *  Puts current process into context \a ctx, removes the capabilities
+     *  given in \a remove_cap and sets \a flags.
+     *
+     *  \param ctx         The new context; special values for are
+     *  - VC_SAMECTX      which means the current context (just for changing caps and flags)
+     *  - VC_DYNAMIC_XID  which means the next free context; this value can be used by
+     *                    ordinary users also
+     *  \param remove_cap  The linux capabilities which will be \b removed.
+     *  \param flags       Special flags which will be set.
+     *
+     *  \returns  The new context-id, or VC_NOCTX on errors; \c errno
+     *           will be set appropriately
+     *
+     *  See http://vserver.13thfloor.at/Stuff/Logic.txt for details */
+  xid_t        vc_new_s_context(xid_t ctx, unsigned int remove_cap, unsigned int flags);
 
-    /** Sets the ipv4root information.
-     *  \precondition: nb<16 */
-  int  vc_set_ipv4root(uint32_t  bcast, size_t nb, struct vc_ip_mask_pair const *ips);
-  
+    /** \brief  Sets the ipv4root information.
+     *  \ingroup syscalls
+     *  \pre    \a nb < NB_IPV4ROOT && \a ips != 0 */
+  int  vc_set_ipv4root(uint32_t  bcast, size_t nb,
+                       struct vc_ip_mask_pair const *ips) VC_ATTR_NONNULL((3));
+
+    /** \brief  Returns the value of NB_IPV4ROOT.
+     *  \ingroup helper
+     *
+     *  This function returns the value of NB_IPV4ROOT which was used when the
+     *  library was built, but \b not the value which is used by the currently
+     *  running kernel. */
+  size_t       vc_get_nb_ipv4root() VC_ATTR_CONST VC_ATTR_PURE;
 
-  /* rlimit related functions */
-  typedef uint64_t     vc_limit_t;
+    /** \brief   Creates a context without starting it.
+     *  \ingroup syscalls
+     *
+     *  This functions initializes a new context. When already in a freshly
+     *  created context, this old context will be discarded.
+     *
+     *  \param xid  The new context; special values are:
+     * - VC_DYNAMIC_XID which means to create a dynamic context
+     *
+     * \returns the xid of the created context, or VC_NOCTX on errors. \c errno
+     *          will be set appropriately. */
+  xid_t        vc_ctx_create(xid_t xid);
+
+    /** \brief   Moves the current process into the specified context.
+     *  \ingroup syscalls
+     *
+     *  \param   xid  The new context
+     *  \returns 0 on success, -1 on errors */
+  int  vc_ctx_migrate(xid_t xid);
   
+    /* rlimit related functions */
   
-  struct vc_rlimit
-  {
-      vc_limit_t min;
-      vc_limit_t soft;
-      vc_limit_t hard;      
+    /** \brief  The type which is used for a single limit value.
+     *
+     *  Special values are
+     *  - VC_LIM_INFINITY ... which is the infinite value
+     *  - VC_LIM_KEEP     ... which is used to mark values which shall not be
+     *                        modified by the vc_set_rlimit() operation.
+     *
+     *  Else, the interpretation of the value depends on the corresponding
+     *  resource; it might be bytes, pages, seconds or litres of beer. */
+  typedef uint_least64_t       vc_limit_t;
+
+    /** \brief  The limits of a resources.
+     *
+     *  This is a triple consisting of a minimum, soft and hardlimit. */
+  struct vc_rlimit {
+      vc_limit_t       min;    ///< the guaranted minimum of a resources
+      vc_limit_t       soft;   ///< the softlimit of a resource
+      vc_limit_t       hard;   ///< the absolute hardlimit of a resource
   };
 
+    /** \brief  Masks describing the supported limits. */
   struct  vc_rlimit_mask {
-      uint32_t min;
-      uint32_t soft;
-      uint32_t hard;
+      uint_least32_t   min;    ///< masks the resources supporting a minimum limit
+      uint_least32_t   soft;   ///< masks the resources supporting a soft limit
+      uint_least32_t   hard;   ///< masks the resources supporting a hard limit
   };
 
-  int  vc_get_rlimit(xid_t ctx, int resource, struct vc_rlimit *lim);
-  int  vc_set_rlimit(xid_t ctx, int resource, struct vc_rlimit const *lim);
-  int  vc_get_rlimit_mask(xid_t ctx, struct vc_rlimit_mask *lim);
+    /** \brief   Returns the limits of \a resource.
+     *  \ingroup syscalls
+     *
+     *  \param  xid       The id of the context
+     *  \param  resource  The resource which will be queried
+     *  \param  lim       The result which will be filled with the limits
+     *
+     *  \returns 0 on success, and -1 on errors. */
+  int  vc_get_rlimit(xid_t xid, int resource,
+                     struct vc_rlimit       /*@out@*/ *lim) VC_ATTR_NONNULL((3));
+    /** \brief   Sets the limits of \a resource.
+     *  \ingroup syscalls
+     *
+     *  \param  xid       The id of the context
+     *  \param  resource  The resource which will be queried
+     *  \param  lim       The new limits
+     *
+     *  \returns 0 on success, and -1 on errors. */
+  int  vc_set_rlimit(xid_t xid, int resource,
+                     struct vc_rlimit const /*@in@*/  *lim) VC_ATTR_NONNULL((3));
+  int  vc_get_rlimit_mask(xid_t xid,
+                          struct vc_rlimit_mask *lim)       VC_ATTR_NONNULL((2));
+    /** \brief   Parses a string describing a limit
+     *  \ingroup helper
+     *
+     *  This function parses \a str and interprets special words like \p "inf"
+     *  or suffixes. Valid suffixes are
+     *  - \p k ... 1000
+     *  - \p m ... 1000000
+     *  - \p K ... 1024
+     *  - \p M ... 1048576
+     *
+     *  \param str  The string which shall be parsed
+     *  \param res  Will be filled with the interpreted value; in errorcase,
+     *              this value is undefined.
+     *
+     *  \returns \a true, iff the string \a str could be parsed. \a res will
+     *  be filled with the interpreted value in this case. 
+     *
+     *  \pre \a str!=0 && \a res!=0
+     */
+  bool vc_parseLimit(char const /*@in@*/ *str, vc_limit_t /*@out@*/ *res)      VC_ATTR_NONNULL((1,2));
+
+
+  /** \brief    Sends a signal to a context/pid
+   *  \ingroup  syscalls
+   *
+   *  Special values for \a pid are:
+   *  - -1   which means every process in ctx except the init-process
+   *  -  0   which means every process in ctx inclusive the init-process */
+  int  vc_ctx_kill(xid_t ctx, pid_t pid, int sig);
+
+
+  struct vc_nx_info {
+      nid_t    nid;
+  };
+
+  nid_t                vc_get_task_nid(pid_t pid);
+  int          vc_get_nx_info(nid_t nid, struct vc_nx_info *) VC_ATTR_NONNULL((2));
+
+  typedef enum { vcNET_IPV4, vcNET_IPV6, vcNET_IPV4R, vcNET_IPV6R }    vc_net_nx_type;
+  
+  struct vc_net_nx {
+      vc_net_nx_type   type;
+      size_t           count;
+      uint32_t         ip;
+      uint32_t         mask;
+  };
+
+  nid_t                vc_net_create(nid_t nid);
+  int          vc_net_migrate(nid_t nid);
+
+  int          vc_net_add(nid_t nid, struct vc_net_nx const *info);
+  int          vc_net_remove(nid_t nid, struct vc_net_nx const *info);
+
+  struct vc_net_flags {
+      uint_least64_t   flagword;
+      uint_least64_t   mask;
+  };
+  
+  int          vc_get_nflags(nid_t, struct vc_net_flags *);
+  int          vc_set_nflags(nid_t, struct vc_net_flags const *);
+
+  
+  struct vc_net_caps {
+      uint_least64_t   ncaps;
+      uint_least64_t   cmask;
+  };
+
+  int          vc_get_ncaps(nid_t, struct vc_net_caps *);
+  int          vc_set_ncaps(nid_t, struct vc_net_caps const *);
+
+
+  
+
+  int          vc_set_iattr(char const *filename, xid_t xid,
+                            uint_least32_t flags, uint_least32_t mask) VC_ATTR_NONNULL((1));
+
+    /** \brief   Returns information about attributes and assigned context of a file.
+     *  \ingroup syscalls
+     *
+     *  This function returns the VC_IATTR_XXX flags and about the assigned
+     *  context of a file. To request an information, the appropriate bit in
+     *  \c mask must be set and the corresponding parameter (\a xid or \a
+     *  flags) must not be NULL.
+     *
+     *  E.g. to receive the assigned context, the \c VC_IATTR_XID bit must be
+     *  set in \a mask, and \a xid must point to valid memory.
+     *
+     *  Possible flags are \c VC_IATTR_ADMIN, \c VC_IATTR_WATCH , \c VC_IATTR_HIDE,
+     *  \c VC_IATTR_BARRIER, \c VC_IATTR_IUNLINK and \c VC_IATTR_IMMUTABLE.
+     *
+     *  \param filename  The name of the file whose attributes shall be determined.
+
+     *  \param xid       When non-zero and the VC_IATTR_XID bit is set in \a mask,
+     *                   the assigned context of \a filename will be stored there.
+     *  \param flags     When non-zero, a bitmask of current attributes will be
+     *                   stored there. These attributes must be requested explicitly
+     *                   by setting the appropriate bit in \a mask
+     *  \param mask      Points to a bitmask which tells which attributes shall be
+     *                   determined. On return, it will masquerade the attributes
+     *                   which were determined.
+     *
+     *  \pre  mask!=0 && !((*mask&VC_IATTR_XID) && xid==0) && !((*mask&~VC_IATTR_XID) && flags==0) */
+  int          vc_get_iattr(char const *filename, xid_t * /*@null@*/ xid,
+                            uint_least32_t * /*@null@*/ flags,
+                            uint_least32_t * /*@null@*/ mask) VC_ATTR_NONNULL((1));
+
+  struct vc_vx_info {
+      xid_t    xid;
+      pid_t    initpid;
+  };
+  
+    /** \brief   Returns the context of the given process.
+     *  \ingroup syscalls
+     *
+     *  \param  pid  the process-id whose xid shall be determined;
+     *               pid==0 means the current process.
+     *  \returns     the xid of process \c pid or -1 on errors
+     */
+  xid_t                vc_get_task_xid(pid_t pid);
+  int          vc_get_vx_info(xid_t xid, struct vc_vx_info *info) VC_ATTR_NONNULL((2));
+
+
+  typedef enum { vcVHI_CONTEXT, vcVHI_SYSNAME, vcVHI_NODENAME,
+                vcVHI_RELEASE, vcVHI_VERSION, vcVHI_MACHINE,
+                vcVHI_DOMAINNAME }             vc_uts_type;
+  
+  int          vc_set_vhi_name(xid_t xid, vc_uts_type type,
+                               char const *val, size_t len) VC_ATTR_NONNULL((3));
+  int          vc_get_vhi_name(xid_t xid, vc_uts_type type,
+                               char *val, size_t len)       VC_ATTR_NONNULL((3));
+
+    /** Returns true iff \a xid is a dynamic xid */
+  bool         vc_is_dynamic_xid(xid_t xid);
+
+  int          vc_enter_namespace(xid_t xid);
+  int          vc_set_namespace();
+  int          vc_cleanup_namespace();
+
+  
+  /** \brief    Flags of process-contexts
+   */
+  struct  vc_ctx_flags {
+      /** \brief Mask of set context flags */
+      uint_least64_t   flagword;
+      /** \brief Mask of set and unset context flags when used by set
+       *         operations, or modifiable flags when used by get
+       *         operations */
+      uint_least64_t   mask;
+  };
+
+  /** \brief    Capabilities of process-contexts */
+  struct  vc_ctx_caps {
+      /** \brief  Mask of set common system capabilities */
+      uint_least64_t   bcaps;
+      /** \brief Mask of set and unset common system capabilities when used by
+       *         set operations, or the modifiable capabilities when used by
+       *         get operations */
+      uint_least64_t   bmask;
+      /** \brief Mask of set process context capabilities */
+      uint_least64_t   ccaps;
+      /** \brief Mask of set and unset process context capabilities when used
+       *         by set operations, or the modifiable capabilities when used
+       *         by get operations */
+      uint_least64_t   cmask;
+  };
+
+  /** \brief    Information about parsing errors
+   *  \ingroup  helper
+   */
+  struct vc_err_listparser {
+      char const       *ptr;           ///< Pointer to the first character of an erroneous string
+      size_t           len;            ///< Length of the erroneous string
+  };
+  int                  vc_get_cflags(xid_t xid, struct vc_ctx_flags *)       VC_ATTR_NONNULL((2));
+  int                  vc_set_cflags(xid_t xid, struct vc_ctx_flags const *) VC_ATTR_NONNULL((2));
+
+  int                  vc_get_ccaps(xid_t xid, struct vc_ctx_caps *);
+  int                  vc_set_ccaps(xid_t xid, struct vc_ctx_caps const *);
+
+  /** \brief   Converts a single string into bcapability
+   *  \ingroup helper
+   *
+   *  \param   str   The string to be parsed;
+   *                 both "CAP_xxx" and "xxx" will be accepted
+   *  \param   len   The length of the string, or \c 0 for automatic detection
+   *
+   *  \returns 0 on error; a bitmask on success
+   *  \pre     \a str != 0
+   */
+  uint_least64_t       vc_text2bcap(char const *str, size_t len);
+
+  /** \brief   Converts the lowest bit of a bcapability or the entire value
+   *           (when possible) to a textual representation
+   *  \ingroup helper
+   *
+   *  \param   val  The string to be converted; on success, the detected bit(s)
+   *                will be unset, in errorcase only the lowest set bit
+   *
+   *  \returns A textual representation of \a val resp. of its lowest set bit;
+   *           or \c NULL in errorcase.
+   *  \pre     \a val!=0
+   *  \post    \a *val<sub>old</sub> \c != 0  \c <-->
+   *               \a *val<sub>old</sub> > \a *val<sub>new</sub>
+   *  \post    \a *val<sub>old</sub> \c == 0  \c --->  \a result == 0
+   */
+  char const * vc_lobcap2text(uint_least64_t *val) VC_ATTR_NONNULL((1));
+
+  /** \brief   Converts a string into a bcapability-bitmask
+   *  \ingroup helper
+   *
+   *  Syntax of \a str: \verbinclude list2xxx.syntax
+   *
+   *  When the \c `~' prefix is used, the bits will be unset and a `~' after
+   *  another `~' will cancel both ones. The \c `^' prefix specifies a
+   *  bitnumber instead of a bitmask.
+   *
+   *  "literal name" is everything which will be accepted by the
+   *  vc_text2bcap() function. The special values for \c NAME will be
+   *  recognized case insensitively
+   *
+   *  \param  str   The string to be parsed
+   *  \param  len   The length of the string, or \c 0 for automatic detection
+   *  \param  err   Pointer to a structure for error-information, or \c NULL.
+   *  \param  cap   Pointer to a vc_ctx_caps structure holding the results;
+   *                only the \a bcaps and \a bmask fields will be changed and
+   *                already set values will not be honored. When an error
+   *                occured, \a cap will have the value of all processed valid
+   *                \c BCAP parts.
+   *
+   *  \returns 0 on success, -1 on error. In error case, \a err will hold
+   *           position and length of the first not understood BCAP part
+   *  \pre     \a str != 0 && \a cap != 0;
+   *           \a cap->bcaps and \a cap->bmask must be initialized
+   */
+  int                  vc_list2bcap(char const *str, size_t len,
+                                    struct vc_err_listparser *err,
+                                    struct vc_ctx_caps *cap) VC_ATTR_NONNULL((1,4));
+
+  uint_least64_t       vc_text2ccap(char const *, size_t len);
+  char const *         vc_loccap2text(uint_least64_t *);
+  int                  vc_list2ccap(char const *, size_t len,
+                                    struct vc_err_listparser *err,
+                                    struct vc_ctx_caps *);
+
+  int                  vc_list2cflag(char const *, size_t len,
+                                    struct vc_err_listparser *err,
+                                    struct vc_ctx_flags *flags);
+  uint_least64_t       vc_text2cflag(char const *, size_t len);
+  char const *         vc_locflag2text(uint_least64_t *);
+  
+  uint_least32_t       vc_list2cflag_compat(char const *, size_t len,
+                                           struct vc_err_listparser *err);
+  uint_least32_t       vc_text2cflag_compat(char const *, size_t len);
+  char const *         vc_hicflag2text_compat(uint_least32_t);
+
+  int                  vc_text2cap(char const *);
+  char const *         vc_cap2text(unsigned int);
+
+  
+  int                  vc_list2nflag(char const *, size_t len,
+                                    struct vc_err_listparser *err,
+                                    struct vc_net_flags *flags);
+  uint_least64_t       vc_text2nflag(char const *, size_t len);
+  char const *         vc_lonflag2text(uint_least64_t *);
+
+  uint_least64_t       vc_text2ncap(char const *, size_t len);
+  char const *         vc_loncap2text(uint_least64_t *);
+  int                  vc_list2ncap(char const *, size_t len,
+                                    struct vc_err_listparser *err,
+                                    struct vc_net_caps *);
+
+  uint_least64_t               vc_get_insecurebcaps() VC_ATTR_CONST;
+  inline static uint_least64_t vc_get_insecureccaps() {
+    return ~(VC_VXC_SET_UTSNAME|VC_VXC_RAW_ICMP);
+  }
+  
+  inline static int    vc_setfilecontext(char const *filename, xid_t xid) {
+    return vc_set_iattr(filename, xid, 0, VC_IATTR_XID);
+  }
+
+
+  uint_least32_t       vc_text2personalityflag(char const *str,
+                                               size_t len) VC_ATTR_NONNULL((1));
+
+  char const *         vc_lopersonality2text(uint_least32_t *) VC_ATTR_NONNULL((1));
+  
+  int                  vc_list2personalityflag(char const /*@in@*/ *,
+                                               size_t len,
+                                               uint_least32_t /*@out@*/ *personality,
+                                               struct vc_err_listparser /*@out@*/ *err) VC_ATTR_NONNULL((1,3));
+
+  uint_least32_t       vc_str2personalitytype(char const /*@in@*/*,
+                                              size_t len) VC_ATTR_NONNULL((1));
+  
+  /** \brief   Returns the context of \c filename
+   *  \ingroup syscalls
+   *
+   *  This function calls vc_get_iattr() with appropriate arguments to
+   *  determine the context of \c filename. In error-case or when no context
+   *  is assigned, \c VC_NOCTX will be returned. To differ between both cases,
+   *  \c errno must be examined.
+   *
+   *  \b WARNING: this function can modify \c errno although no error happened.
+   *
+   *  \param   filename  The file to check
+   *  \returns The assigned context, or VC_NOCTX when an error occured or no
+   *           such assignment exists. \c errno will be 0 in the latter case */
+  xid_t                vc_getfilecontext(char const *filename) VC_ATTR_NONNULL((1));
 
 
-#define VC_CAT_SCHED           14
   struct vc_set_sched {
       uint_least32_t   set_mask;
       int_least32_t    fill_rate;
@@ -103,17 +682,121 @@ extern "C" {
 
   int          vc_set_sched(xid_t xid, struct vc_set_sched const *);
 
-  /** sends a signal to a context/pid
-      Special values for pid are:
-      * -1   which means every process in ctx except the init-process
-      *  0   which means every process in ctx inclusive the init-process */
-  int  vc_ctx_kill(xid_t ctx, pid_t pid, int sig);
+
+  struct vc_ctx_dlimit {
+      uint_least32_t   space_used;
+      uint_least32_t   space_total;
+      uint_least32_t   inodes_used;
+      uint_least32_t   inodes_total;
+      uint_least32_t   reserved;
+  };
   
-    /** Returns the context of the given process. pid==0 means the current process. */
-  xid_t        vc_X_getctx(pid_t pid);
+
+  /** Add a disk limit to a file system. */
+  int          vc_add_dlimit(char const *filename, xid_t xid,
+                             uint_least32_t flags) VC_ATTR_NONNULL((1));
+  /** Remove a disk limit from a file system. */
+  int          vc_rem_dlimit(char const *filename, xid_t xid,
+                             uint_least32_t flags) VC_ATTR_NONNULL((1));
+
+  /** Set a disk limit. */
+  int          vc_set_dlimit(char const *filename, xid_t xid,
+                             uint_least32_t flags,
+                             struct vc_ctx_dlimit const *limits) VC_ATTR_NONNULL((1,4));
+  /** Get a disk limit. */
+  int          vc_get_dlimit(char const *filename, xid_t xid,
+                             uint_least32_t flags,
+                             struct vc_ctx_dlimit *limits) VC_ATTR_NONNULL((1));
+
+  /** \brief   Waits for the end of a context
+   *  \ingroup syscalls
+   */
+  int          vc_wait_exit(xid_t xid);
     
+  typedef enum { vcFEATURE_VKILL,  vcFEATURE_IATTR,   vcFEATURE_RLIMIT,
+                vcFEATURE_COMPAT, vcFEATURE_MIGRATE, vcFEATURE_NAMESPACE,
+                vcFEATURE_SCHED,  vcFEATURE_VINFO,   vcFEATURE_VHI,
+                 vcFEATURE_VSHELPER0, vcFEATURE_VSHELPER, vcFEATURE_VWAIT }
+    vcFeatureSet;
+
+  bool         vc_isSupported(vcFeatureSet) VC_ATTR_CONST;
+  bool         vc_isSupportedString(char const *);
+
+  
+  typedef enum { vcTYPE_INVALID, vcTYPE_MAIN, vcTYPE_WATCH,
+                vcTYPE_STATIC, vcTYPE_DYNAMIC }
+    vcXidType;
+  
+  vcXidType    vc_getXIDType(xid_t xid) VC_ATTR_CONST;
+
+  /* The management part */
+
+#define VC_LIMIT_VSERVER_NAME_LEN      1024
+  
+  typedef enum { vcCFG_NONE, vcCFG_AUTO,
+                vcCFG_LEGACY,
+                vcCFG_RECENT_SHORT,
+                vcCFG_RECENT_FULL }            vcCfgStyle;
+
+
+  /** Maps an xid given at '--xid' options to an xid_t */
+  xid_t                vc_xidopt2xid(char const *, bool honor_static, char const **err_info);
+
+  vcCfgStyle   vc_getVserverCfgStyle(char const *id);
+  
+  /** Resolves the name of the vserver. The result will be allocated and must
+      be freed by the caller. */
+  char *       vc_getVserverName(char const *id, vcCfgStyle style);
+
+  /** Returns the path of the vserver configuration directory. When the given
+   *  vserver does not exist, or when it does not have such a directory, NULL
+   *  will be returned. Else, the result will be allocated and must be freed
+   *  by the caller. */
+  char *       vc_getVserverCfgDir(char const *id, vcCfgStyle style);
+
+  /** Returns the path of the configuration directory for the given
+   *  application. The result will be allocated and must be freed by the
+   *  caller. */
+  char *       vc_getVserverAppDir(char const *id, vcCfgStyle style, char const *app);
+
+  /** Returns the path to the vserver root-directory. The result will be
+   *  allocated and must be freed by the caller. */
+  char *       vc_getVserverVdir(char const *id, vcCfgStyle style, bool physical);
+
+  /** Returns the ctx of the given vserver. When vserver is not running and
+   *  'honor_static' is false, VC_NOCTX will be returned. Else, when
+   *  'honor_static' is true and a static assignment exists, those value will
+   *  be returned. Else, the result will be VC_NOCTX.
+   *
+   *  When 'is_running' is not null, the status of the vserver will be
+   *  assigned to this variable. */
+  xid_t                vc_getVserverCtx(char const *id, vcCfgStyle style,
+                                bool honor_static, bool /*@null@*/ *is_running);
+
+  /** Resolves the cfg-path of the vserver owning the given ctx. 'revdir' will
+      be used as the directory holding the mapping-links; when NULL, the
+      default value will be assumed.  The result will be allocated and must be
+      freed by the caller. */
+  char *       vc_getVserverByCtx(xid_t ctx, /*@null@*/vcCfgStyle *style,
+                                  /*@null@*/char const *revdir);
+#define vcSKEL_INTERFACES      1u
+#define vcSKEL_PKGMGMT         2u
+#define vcSKEL_FILESYSTEM      4u
+
+  /** Create a basic configuration skeleton for a vserver plus toplevel
+   *  directories for pkgmanagemt and filesystem (when requested). */
+  int          vc_createSkeleton(char const *id, vcCfgStyle style, int flags);
+
+
 #ifdef __cplusplus
 }
 #endif
 
+#undef VC_ATTR_PURE
+#undef VC_ATTR_ALWAYSINLINE
+#undef VC_ATTR_NORETURN
+#undef VC_ATTR_UNUSED
+#undef VC_ATTR_NONNULL
+
 #endif