1// Copyright 2017 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5syntax = "proto3"; 6option optimize_for = LITE_RUNTIME; 7 8// This file defines messages used for starting, stopping, and managing VMs. 9package vm_tools.concierge; 10option go_package = "vm_concierge_proto"; 11 12// Specification of the key components of a VM. 13// 14// TODO(crbug/1121046): This spec may be insufficient for DLC, consider 15// re-designing it. 16message VirtualMachineSpec { 17 // Path to the kernel that should be used for the VM. 18 string kernel = 1; 19 20 // Path to the disk image that should be used as the root file system for 21 // the VM. 22 string rootfs = 2; 23 24 // ID of a DLC package that contains the kernel and rootfs. If this field is 25 // set, the kernel() and rootfs() fields will be ignored when calculating the 26 // path to the VM's image files. 27 string dlc_id = 3; 28 29 // Optional path to the initrd that should be used for the VM. 30 string initrd = 4; 31} 32 33// The type of disk image. 34enum DiskImageType { 35 // A raw file. 36 DISK_IMAGE_RAW = 0; 37 38 // A qcow2-compatible disk image. 39 DISK_IMAGE_QCOW2 = 1; 40 41 // Automatically choose a disk image type. 42 DISK_IMAGE_AUTO = 2; 43 44 // A plugin VM disk image. 45 DISK_IMAGE_PLUGINVM = 3; 46} 47 48// Describes any additional disk images that should be mounted inside the VM. 49message DiskImage { 50 // Path to the disk image on the host. 51 string path = 1; 52 53 // Path where this disk image will be mounted inside the VM. 54 string mount_point = 2; 55 56 // The file system type for this disk image. 57 string fstype = 3; 58 59 // Any special flags to be used when mounting the file system. Specified the 60 // same way as in mount(2). 61 uint64 flags = 4; 62 63 // Any additional data associated with the mount. 64 string data = 5; 65 66 // If true, the disk image will be mounted writable. 67 bool writable = 6; 68 69 // If true, the disk image will be mounted. 70 bool do_mount = 7; 71 72 // Image type of the disk. 73 DiskImageType image_type = 8; 74} 75 76// Information about a particular VM. 77message VmInfo { 78 // The IPv4 address assigned to the VM, in network byte order. 79 fixed32 ipv4_address = 1; 80 81 // The process ID of the main crosvm process for the VM. 82 int32 pid = 2; 83 84 // The virtual socket context id assigned to the VM. 85 int64 cid = 3; 86 87 // The handle to a 9p server managed by the seneschal system service. Use 88 // this handle when making requests to that service to manage the files shared 89 // with this VM. 90 uint32 seneschal_server_handle = 4; 91 92 // Permission token assigned to the VM. Use this token when making requests 93 // to the VM permission service to determine what permissions have been 94 // granted to the VM. The token is also to be used to identify VM to the 95 // service providers (camera, CRAS, etc). 96 string permission_token = 5; 97 98 enum VmType { 99 // Default value indicating an unknown or custom VM. 100 UNKNOWN = 0; 101 102 // VM is associated with a specific feature. 103 TERMINA = 1; 104 ARC_VM = 2; 105 PLUGIN_VM = 3; 106 }; 107 108 // What type of VM this is. 109 VmType vm_type = 6; 110} 111 112// Optional fields for network configuration. 113message NetworkOptions { 114 // Toggles the IFF_VNET_HDR option for the TAP device. 115 bool enable_vnet_hdr = 1; 116} 117 118// Information that must be included with every StartVm dbus message. 119message StartVmRequest { 120 // The VM that should be started. This is ignored if starting a termina VM, 121 // which will always use the latest component from imageloader. 122 VirtualMachineSpec vm = 1; 123 124 // Any additional disks that should be mounted inside the VM. 125 repeated DiskImage disks = 2; 126 127 // Path to a shared directory that will be mounted via NFS inside the VM. 128 // DEPRECATED: The server never did anything with this field. Instead callers 129 // should use the |shared_dir_handle| field of the VmInfo message to get a 130 // server handle that can be used in requests to the seneschal system service. 131 string shared_directory = 3 [deprecated = true]; 132 133 // The human-readable name to be assigned to this VM. 134 string name = 4; 135 136 // If true, concierge should also perform termina-specific setup. 137 bool start_termina = 5; 138 139 // The owner of the vm. 140 string owner_id = 7; 141 142 // Enable GPU in the started Vm. 143 bool enable_gpu = 8; 144 145 // Provide a software-based virtual Trusted Platform Module to the VM. The TPM 146 // is backed by libtpm2's TPM simulator and does not interact with any 147 // physical TPM on the host device. TPM state does not persist across VM 148 // launches. In order for the VM to see the virtual TPM, the guest kernel must 149 // contain a virtio TPM driver. 150 bool software_tpm = 9; 151 152 // This flag is only respected in developer mode and offers two things - 153 // - It can treat a trusted VM as untrusted and run it on insecure host 154 // kernels. 155 // - It can run an untrusted VM on insecure host kernels. 156 bool run_as_untrusted = 10; 157 158 // Enable audio capture in the started Vm. 159 bool enable_audio_capture = 11; 160 161 // The number of CPUs to give to the VM. Cannot be larger than the number of 162 // CPUs on the device and cannot be 0. 163 uint32 cpus = 12; 164 165 // Make the rootfs writable. 166 bool writable_rootfs = 15; 167 168 // If true, a file descriptor must be passed along with the message and that 169 // file descriptor will be used for kernel. 170 // Ignored unless |start_termina| is true. 171 bool use_fd_for_kernel = 13; 172 173 // If true, a file descriptor must be passed along with the message and that 174 // file descriptor will be used for rootfs. 175 // If |use_fd_for_kernel| is true, the fd for rootfs must be passed after 176 // that for kernel. 177 // Ignored unless |start_termina| is true. 178 bool use_fd_for_rootfs = 14; 179 180 // If true, a file descriptor must be passed along with the message and that 181 // file descriptor will be used for storage. 182 // If |use_fd_for_kernel| or |use_fd_for_rootfs| is true, the fd for storage 183 // must be passed after ones for kernel and rootfs. 184 // Ignored unless |start_termina| is true. 185 bool use_fd_for_storage = 6; 186} 187 188// Information that must be included with every StartPluginVm request. 189message StartPluginVmRequest { 190 // An identifier for this VM. 191 string name = 1; 192 193 // The cryptohome id of the owner of this VM. 194 string owner_id = 2; 195 196 // The number of CPUs to give to the VM. Cannot be larger than the number of 197 // CPUs on the device and cannot be 0. 198 uint32 cpus = 3; 199 200 // Parameters to pass to the plugin process. 201 repeated string params = 4; 202 203 // The IPv4 address to assign to the VM in network-byte order. Must be in the 204 // 100.115.92.128/28 subnet and must not be already assigned to another VM. 205 // If unspecified, a /29 subnet will be dynamically allocated 206 // from 100.115.93.0/24. 207 // Note: this field will be deprecated. 208 fixed32 guest_ipv4_address = 5; 209 210 // The EUI-48 MAC address to assign to the host side of the ethernet interface 211 // to the VM. Must be exactly 6 bytes and must not be in use by another VM. 212 // Must have the locally administered bit (0x02) set and the multicast bit 213 // (0x01) unset. 214 // If empty, a random MAC address will be generated and assigned. 215 // Note: this field will be deprecated. 216 bytes host_mac_address = 6; 217 218 // Indicates that a specific /29 subnet should be allocated from 219 // 100.115.93.0/24 for use by this VM; and if it is not available, then the 220 // request should fail. 221 // This field is only used if |guest_ipv4_address| is empty. 222 // Valid values are 1 - 32, inclusive. 223 uint32 subnet_index = 7; 224 225 // Additional networking options. 226 NetworkOptions net_options = 8; 227} 228 229// Information that must be included with every StartArcVm request. 230message StartArcVmRequest { 231 // The VM that should be started. 232 VirtualMachineSpec vm = 1; 233 234 // Any additional disks that should be mounted inside the VM. 235 repeated DiskImage disks = 2; 236 237 // An identifier for this VM. 238 string name = 3; 239 240 // The cryptohome id of the owner of this VM. 241 string owner_id = 4; 242 243 // Parameters to pass to the ARCVM's init process. 244 repeated string params = 5; 245 246 // Path to Android fstab. 247 string fstab = 6; 248 249 // The number of CPUs to give to the VM. Cannot be larger than the number of 250 // CPUs on the device and cannot be 0. 251 uint32 cpus = 7; 252 253 // Whether the guest kernel root file system is writable. 254 bool rootfs_writable = 8; 255 256 // Ignore development configuration directives when ARCVM is started. 257 bool ignore_dev_conf = 9; 258} 259 260enum VmStatus { 261 // Unknown status. 262 VM_STATUS_UNKNOWN = 0; 263 264 // The VM is already running. 265 VM_STATUS_RUNNING = 1; 266 267 // The VM is currently starting up. 268 VM_STATUS_STARTING = 2; 269 270 // The VM failed to startup. 271 VM_STATUS_FAILURE = 3; 272} 273 274// Information sent back by vm_concierge in response to a StartVm dbus message. 275message StartVmResponse { 276 // If true, the VM was started successfully. |vm_info| will have non-default 277 // values only if this is true. 278 bool success = 1; 279 280 // If the VM failed to start, the reason for the failure. 281 string failure_reason = 2; 282 283 // Information about the VM that was started, if successful. 284 VmInfo vm_info = 3; 285 286 // Status of the VM. If VM_STATUS_RUNNING, it is not necessary to wait for a 287 // TremplinStartedSignal before starting a container in the VM. 288 VmStatus status = 4; 289 290 enum MountResult { 291 // The mountability of the disk is unknown, typically because the 292 // call failed before trying to mount the disk. 293 UNKNOWN = 0; 294 295 // The disk mount succeeded completely. 296 SUCCESS = 1; 297 298 // The disk mount succeeded, but some data loss is 299 // likely. Currently this occurrs when the initial mount fails, 300 // but succeeds on a retry with -o usebackuproots. 301 PARTIAL_DATA_LOSS = 2; 302 303 // The disk is unmountable. 304 FAILURE = 3; 305 } 306 307 MountResult mount_result = 5; 308} 309 310// Message used in the signal for when a VM has started. 311message VmStartedSignal { 312 // The name of the VM which has started. 313 string name = 1; 314 315 // The owner of the vm. 316 string owner_id = 2; 317 318 // Information about the VM that was started, if successful. 319 VmInfo vm_info = 3; 320 321 // Status of the VM. If VM_STATUS_RUNNING, it is not necessary to wait for a 322 // TremplinStartedSignal before starting a container in the VM. 323 VmStatus status = 4; 324} 325 326// Information that must be included with every StopVm dbus message. 327message StopVmRequest { 328 // The name of the VM to be stopped. 329 string name = 1; 330 331 // The owner of the vm. 332 string owner_id = 2; 333} 334 335// Response sent back by vm_concierge when it receives a StopVm dbus message. 336message StopVmResponse { 337 // If true, the requested VM was stopped. 338 bool success = 1; 339 340 // The failure_reason if the requested VM could not be stopped. 341 string failure_reason = 2; 342} 343 344// Message used in the signal for when a VM has stopped. 345message VmStoppedSignal { 346 // The name of the VM which has stopped. 347 string name = 1; 348 349 // The owner of the vm. 350 string owner_id = 2; 351 352 // The virtual socket context id assigned to the VM that was stopped. 353 int64 cid = 3; 354} 355 356// Information that must be included with every SuspendVm dbus message. 357message SuspendVmRequest { 358 // The name of the VM to be stopped. 359 string name = 1; 360 361 // The owner of the vm. 362 string owner_id = 2; 363} 364 365message SuspendVmResponse { 366 // If true, the requested VM was suspended. 367 bool success = 1; 368 369 // The failure_reason if the requested VM could not be suspended. 370 string failure_reason = 2; 371} 372 373// Information that must be included with every ResumeVm dbus message. 374message ResumeVmRequest { 375 // The name of the VM to be stopped. 376 string name = 1; 377 378 // The owner of the vm. 379 string owner_id = 2; 380} 381 382message ResumeVmResponse { 383 // If true, the requested VM was suspended. 384 bool success = 1; 385 386 // The failure_reason if the requested VM could not be suspended. 387 string failure_reason = 2; 388} 389 390// Response to a SyncTimes RPC. 391message SyncVmTimesResponse { 392 // The total number of VMs we attempted to update. 393 uint32 requests = 1; 394 // Number of failed requests. 395 uint32 failures = 2; 396 // Reasons for failures, if any. 397 repeated string failure_reason = 3; 398} 399 400// Request for information about the VM. 401message GetVmInfoRequest { 402 // The name of the VM to query. 403 string name = 1; 404 405 // The owner of the vm. 406 string owner_id = 2; 407} 408 409// Response sent back by vm_concierge for a GetVmInfo dbus message. 410message GetVmInfoResponse { 411 // If true, the requested VM exists and info was returned. 412 bool success = 1; 413 414 // Information about the VM that was requested. 415 VmInfo vm_info = 2; 416} 417 418// Request for information about the VM that is specific to 419// enterprise reporting. 420message GetVmEnterpriseReportingInfoRequest { 421 // The name of the VM. 422 string vm_name = 1; 423 424 // The owner of the VM (cryptohome id). 425 string owner_id = 2; 426} 427 428// Response sent back by vm_concierge after it receives a 429// GetEnterpriseReportingInfo call. Right now this only returns the kernel 430// version of the Termina VM. The VM must be running in order for the call to 431// deliver the kernel version. 432message GetVmEnterpriseReportingInfoResponse { 433 bool success = 1; 434 string failure_reason = 2; 435 436 string vm_kernel_version = 3; 437} 438 439// The type of storage location for a disk image. 440enum StorageLocation { 441 // Subdirectory under /home/root/<id>/crosvm. 442 STORAGE_CRYPTOHOME_ROOT = 0; 443 444 // Subdirectory under /home/root/<id>/pvm. 445 STORAGE_CRYPTOHOME_PLUGINVM = 1; 446} 447 448// Any changes here must be reflected in the CrostiniDiskImageStatus enum in 449// Chrome's enums.xml. 450enum DiskImageStatus { 451 // Unknown status. 452 DISK_STATUS_UNKNOWN = 0; 453 454 // The disk image was created. 455 DISK_STATUS_CREATED = 1; 456 457 // The disk already existed. 458 DISK_STATUS_EXISTS = 2; 459 460 // Unable to create the disk image. 461 DISK_STATUS_FAILED = 3; 462 463 // Specified Disk does not exist. 464 DISK_STATUS_DOES_NOT_EXIST = 4; 465 466 // The specified disk was destroyed. 467 DISK_STATUS_DESTROYED = 5; 468 469 // The command is executing. 470 DISK_STATUS_IN_PROGRESS = 6; 471 472 // The disk image was resized. 473 DISK_STATUS_RESIZED = 7; 474} 475 476// Request to concierge to create a disk image. 477message CreateDiskImageRequest { 478 // The cryptohome id for the user's encrypted storage. 479 string cryptohome_id = 1; 480 481 // The path to the disk image. This must be a relative path, and any 482 // directories must already exist. 483 string disk_path = 2; 484 485 // The logical size of the new disk image, in bytes. 486 // If non-zero, the disk will be preallocated and fixed to the given size. 487 // If unspecified or 0, a size will be chosen automatically and the image will 488 // be sparse. 489 uint64 disk_size = 3; 490 491 // The type of disk image to be created. 492 DiskImageType image_type = 4; 493 494 // The storage location for the disk image. 495 StorageLocation storage_location = 5; 496 497 // Size of the source media associated with this image. 498 uint64 source_size = 6; 499 500 // Parameters to pass to Plugin VM helper to facilitate creating 501 // new image. 502 repeated string params = 7; 503} 504 505// Response to a CreateDiskImageRequest. 506message CreateDiskImageResponse { 507 // If true, the disk image has been successfully created. 508 DiskImageStatus status = 1; 509 510 // The absolute path to the created disk image, if it was successfully 511 // created or already existed. 512 string disk_path = 2; 513 514 // The failure reason if the disk image could not be created or doesn't exist. 515 string failure_reason = 3; 516 517 // Command identifier if status is DISK_STATUS_IN_PROGRESS. 518 string command_uuid = 4; 519} 520 521// Request to concierge to destroy a disk image. 522message DestroyDiskImageRequest { 523 // The cryptohome id for the user's encrypted storage. 524 string cryptohome_id = 1; 525 526 // The path to the disk image. This must be a relative path. 527 string disk_path = 2; 528} 529 530// Response to a DestroyDiskImageRequest. 531message DestroyDiskImageResponse { 532 // If DISK_STATUS_DESTROYED, the disk image has been successfully destroyed. 533 // If DISK_STATUS_DOES_NOT_EXIST, the disk image had already been removed. 534 DiskImageStatus status = 1; 535 536 // The failure reason if the disk image could not be destroyed or doesn't 537 // exist. 538 string failure_reason = 3; 539} 540 541// Request to concierge to resize a disk image. 542message ResizeDiskImageRequest { 543 // The cryptohome id for the user's encrypted storage. 544 string cryptohome_id = 1; 545 546 // The name of the vm image. 547 string vm_name = 2; 548 549 // The desired logical size of the disk image, in bytes. 550 uint64 disk_size = 3; 551} 552 553// Response to a ResizeDiskImageRequest. 554message ResizeDiskImageResponse { 555 // If DISK_STATUS_RESIZED, the disk image has been successfully resized. 556 DiskImageStatus status = 1; 557 558 // The failure reason if the disk image could not be resized. 559 string failure_reason = 2; 560 561 // Command identifier if status is DISK_STATUS_IN_PROGRESS. 562 string command_uuid = 3; 563} 564 565// Request to concierge to export a disk image. 566// Must be accompanied by an FD. The contents of `disk_path` will be written to 567// the passed FD. 568message ExportDiskImageRequest { 569 // The cryptohome id for the user's encrypted storage. 570 string cryptohome_id = 1; 571 572 // The path to the disk image. This must be a relative path. 573 string disk_path = 2; 574 575 // Whether we should calculate SHA256 digest of the resulting image. The 576 // digest is supposed to be written into the second attached file descriptor. 577 bool generate_sha256_digest = 3; 578} 579 580// Response to a ExportDiskImageRequest. 581message ExportDiskImageResponse { 582 // If DISK_STATUS_CREATED, the disk image has been successfully exported. 583 DiskImageStatus status = 1; 584 585 // The failure reason if the disk image could not be exported. 586 string failure_reason = 2; 587 588 // Command identifier if status is DISK_STATUS_IN_PROGRESS. 589 string command_uuid = 3; 590} 591 592// Request to concierge to import a disk image. 593// Must be accompanied by an FD. The contents will be written at `disk_path` 594// location. 595message ImportDiskImageRequest { 596 // The cryptohome id for the user's encrypted storage. 597 string cryptohome_id = 1; 598 599 // The path to the resulting disk image. This must be a relative path. 600 string disk_path = 2; 601 602 // The storage location for the disk image. 603 StorageLocation storage_location = 3; 604 605 // Size of the source image (corresponding to the passed FD). 606 // Used to calculate progress of the import operation. 607 uint64 source_size = 4; 608} 609 610// Response to a ImportDiskImageRequest. 611message ImportDiskImageResponse { 612 // If DISK_STATUS_CREATED, the disk image has been successfully imported. 613 DiskImageStatus status = 1; 614 615 // The failure reason if the disk image could not be imported. 616 string failure_reason = 2; 617 618 // Command identifier if status is DISK_STATUS_IN_PROGRESS. 619 string command_uuid = 3; 620} 621 622// Request about status of image import, export, or resize command. 623message DiskImageStatusRequest { 624 // Command identifier. 625 string command_uuid = 1; 626} 627 628// Response to DiskImageStatusRequest. Also being sent as a signal. 629message DiskImageStatusResponse { 630 // Command identifier. 631 string command_uuid = 1; 632 633 // Status of the command. 634 DiskImageStatus status = 2; 635 636 // The failure reason if the command could not be completed. 637 string failure_reason = 3; 638 639 // Progress from 0 to 100. 640 uint32 progress = 4; 641} 642 643// Request to cancel image import or export command that is being 644// executed. 645message CancelDiskImageRequest { 646 // Command identifier. 647 string command_uuid = 1; 648} 649 650// Response to CancelDiskImageRequest. 651message CancelDiskImageResponse { 652 // If true, the request was successfully canceled. The request will 653 // fail if it is unknown, or if it has already completed (successfully 654 // or unsuccessfully). 655 bool success = 1; 656 657 // The failure reason if the command could not be completed. 658 string failure_reason = 2; 659} 660 661// Request to list all VM disk images in the given storage area. 662message ListVmDisksRequest { 663 // The cryptohome id for the user's encrypted storage. 664 string cryptohome_id = 1; 665 666 // The storage location to check. 667 StorageLocation storage_location = 2; 668 669 // Requester may set this field to 'true' to retrieve data about 670 // images in all known locations, in which case data in storage_location 671 // field will be ignored. 672 bool all_locations = 3; 673 674 // Tells concierge to only return data about specified VM with matching 675 // name. When empty, information about all VMs will be returned. 676 string vm_name = 4; 677} 678 679// Information about VM image. 680message VmDiskInfo { 681 // Name of the image. 682 string name = 1; 683 684 // Location of the image. 685 StorageLocation storage_location = 2; 686 687 // The size of the image in bytes. 688 uint64 size = 3; 689 690 // The minimum size the image may be resized to, or 0 if unknown. 691 uint64 min_size = 4; 692 693 // The type of the disk image (raw, qcow2, etc.). 694 DiskImageType image_type = 5; 695 696 // True if the user chose the size for this disk. 697 // False if the disk is automatically sized based on free space. 698 bool user_chosen_size = 6; 699 700 // The absolute path to the disk. 701 string path = 7; 702} 703 704// Response to ListVmDisks { 705message ListVmDisksResponse { 706 // If true, the images array is valid. 707 bool success = 1; 708 709 // List of disk images. 710 repeated VmDiskInfo images = 2; 711 712 // The failure reason if the disks could not be listed. 713 string failure_reason = 3; 714 715 // The total size in bytes on disk of the disk images in the response. 716 uint64 total_size = 4; 717} 718 719// Message used in the signal for when a container has failed to start up. 720message ContainerStartedSignal { 721 // Name of the VM the container is in. 722 string vm_name = 1; 723 724 // Name of the container within the VM. 725 string container_name = 2; 726 727 // The owner of the vm and container. 728 string owner_id = 3; 729} 730 731// Request to start a specified container image within a VM. If the container 732// does not exist in the VM it will be created. Used with the StartContainer 733// D-Bus message into vm_concierge. 734// This method is deprecated and no longer implemented in vm_concierge. 735// Requests to start a container should be handled through tremplin instead. 736message StartContainerRequest { 737 option deprecated = true; 738 739 // Name of the VM to start the container in. 740 string vm_name = 1; 741 742 // Name of the container to start within the VM. If empty, the default 743 // container name will be used. 744 string container_name = 2; 745 746 // Username for the default user in the container. This is only used if the 747 // container has not been created yet. 748 string container_username = 3; 749 750 // Async mode is always used now. 751 bool async = 4 [deprecated = true]; 752 753 // The cryptohome id for the user's encrypted storage. This is used for SSH 754 // key storage. 755 string cryptohome_id = 5; 756 757 // Represents the privilege level with which a container should be started. If 758 // the container is already running this should take effect on the next boot. 759 enum PrivilegeLevel { 760 // Don't change the privilege level of the container. 761 UNCHANGED = 0; 762 763 // Make the container unprivileged. 764 UNPRIVILEGED = 1; 765 766 // Make the container privileged. 767 PRIVILEGED = 2; 768 } 769 770 PrivilegeLevel privilege_level = 6; 771} 772 773enum ContainerStatus { 774 // Unknown status. 775 CONTAINER_STATUS_UNKNOWN = 0; 776 777 // The container is already running. 778 CONTAINER_STATUS_RUNNING = 1; 779 780 // The container is currently starting up. 781 CONTAINER_STATUS_STARTING = 2; 782 783 // The container failed to startup. 784 CONTAINER_STATUS_FAILURE = 3; 785} 786 787// Response sent back by vm_concierge when it receives a StartContaienr D-Bus 788// message. 789message StartContainerResponse { 790 // Use the status field instead. 791 bool success = 1 [deprecated = true]; 792 793 // The failure_reason if the status is CONTAINER_STATUS_FAILURE. 794 string failure_reason = 2; 795 796 // The status of the container as a result of the StartContainer call. If the 797 // status is CONTAINER_STATUS_STARTING then a D-Bus signal will be sent to 798 // indicate whether success or failure occurred. The signal should be 799 // registered for before the StartContainer call is made because it may be 800 // sent before the call returns. 801 ContainerStatus status = 3; 802} 803 804// Request to get the SSH keys associated with the host and a specific 805// container for the GetContainerSshKeys call. These keys will be generated 806// when StartContainer is called the first time for a container, so this should 807// not be called until after that call is invoked. 808message ContainerSshKeysRequest { 809 // Name of the VM to target. 810 string vm_name = 1; 811 812 // Name of the container within the VM to target, if empty the default 813 // container name will be used. 814 string container_name = 2; 815 816 // The cryptohome id for the user's encrypted storage. 817 string cryptohome_id = 3; 818} 819 820// Response sent back by vm_concierge when it receives a GetContainerSshKeys 821// call. If either of the keys do not exist, the empty string will be set for 822// that value. 823message ContainerSshKeysResponse { 824 // Public key of the container for verification of it as a known host. This 825 // will be a single line string equivalent to the contents in the ssh-keygen 826 // generated file. 827 string container_public_key = 1; 828 829 // Private key for the host, counterpart to the public key which is stored in 830 // the container as an authorized host. This will be a multiline string that 831 // is equivalent to the contents in the ssh-keygen generated file. This will 832 // be the same for all VMs/containers. 833 string host_private_key = 2; 834 835 // The hostname of the container. 836 string hostname = 3; 837 838 // Public key of the host for verification of it as a known host. This 839 // will be a single line string equivalent to the contents in the ssh-keygen 840 // generated file. 841 string host_public_key = 4; 842 843 // Private key for the container, counterpart to the public key which is 844 // stored in the container. This will be a multiline string that 845 // is equivalent to the contents in the ssh-keygen generated file. This is 846 // unique for each container. 847 string container_private_key = 5; 848} 849 850// Request to vm_concierge to attach a USB device to a VM. 851message AttachUsbDeviceRequest { 852 // Name of the VM to attach the USB device to. 853 string vm_name = 1; 854 855 // The owner of the VM. 856 string owner_id = 2; 857 858 // The USB bus the USB device is connected to. This value should fit 859 // in a uint8_t. 860 uint32 bus_number = 3; 861 862 // The port number of the USB device on the bus. This value should 863 // fit in a uint8_t. 864 uint32 port_number = 4; 865 866 // Vendor ID of the USB device. This value should fit in a uint16_t. 867 uint32 vendor_id = 5; 868 869 // Produce ID of the USB device. This value should fit in a 870 // uint16_t. 871 uint32 product_id = 6; 872} 873 874// Response sent back by vm_concierge after it receives an 875// AttachUsbDeviceRequest call. 876message AttachUsbDeviceResponse { 877 // Was the USB device successfully attached? 878 bool success = 1; 879 880 // The USB port number that was allocated to the USB device on the guest. 881 uint32 guest_port = 2; 882 883 // The reason for the failure, if there was one. 884 string reason = 3; 885} 886 887// Request sent to remove a USB device from a VM. 888message DetachUsbDeviceRequest { 889 // The name of the VM. 890 string vm_name = 1; 891 892 // The owner of the VM. 893 string owner_id = 2; 894 895 // The USB port the device is attached to on the guest. This value 896 // should fit in a uint8_t. 897 uint32 guest_port = 3; 898} 899 900// Response sent back by vm_concierge after it receives a 901// DetachUsbDeviceRequest call. 902message DetachUsbDeviceResponse { 903 // Was the USB device successfully detached? 904 bool success = 1; 905 906 // The reason for the failure, if there was one. 907 string reason = 2; 908} 909 910// Request sent to get a list of all USB devices attached to a guest VM. 911message ListUsbDeviceRequest { 912 // The name of the VM. 913 string vm_name = 1; 914 915 // The owner of the VM. 916 string owner_id = 2; 917} 918 919// A description of a single USB device. 920message UsbDeviceMessage { 921 // The port it's attached to. 922 uint32 guest_port = 1; 923 924 // The vendor ID of the device. 925 uint32 vendor_id = 2; 926 927 // The product ID of the device. 928 uint32 product_id = 3; 929 930 // The name of the device. 931 string device_name = 4; 932} 933 934// Response sent back by vm_concierge after it receives a 935// ListUsbDeviceRequest call. 936message ListUsbDeviceResponse { 937 // Did the request succeed? 938 bool success = 1; 939 940 // List of USB device descriptors, one for each attached USB device. 941 repeated UsbDeviceMessage usb_devices = 2; 942} 943 944// Response sent back by vm_concierge after it receives a GetDnsSettings call. 945// Also being broadcast via DnsSettingsChanged signal. 946message DnsSettings { 947 // List of DNS servers. 948 repeated string nameservers = 1; 949 950 // List of search domains. 951 repeated string search_domains = 2; 952} 953 954enum CpuCgroup { 955 // The CPU cgroup for all Termina VM processes. 956 CPU_CGROUP_TERMINA = 0; 957 // The CPU cgroup for all Plugin VM processes. 958 CPU_CGROUP_PLUGINVM = 1; 959 // The CPU cgroup for all ARCVM processes. 960 CPU_CGROUP_ARCVM = 2; 961} 962 963enum CpuRestrictionState { 964 // The CPU usage is relaxed. 965 CPU_RESTRICTION_FOREGROUND = 0; 966 // The CPU usage is tightly restricted. 967 CPU_RESTRICTION_BACKGROUND = 1; 968} 969 970// Information that must be included with every SetVmCpuRestriction dbus 971// message. 972message SetVmCpuRestrictionRequest { 973 // The CPU cpu cgroup to change. 974 CpuCgroup cpu_cgroup = 1; 975 // The CPU restriction state to apply. 976 CpuRestrictionState cpu_restriction_state = 2; 977} 978 979// Response sent back by vm_concierge after it receives a SetVmCpuRestriction 980// call. 981message SetVmCpuRestrictionResponse { 982 // Did the request succeed? 983 bool success = 1; 984} 985 986// Request to adjust parameters of a given VM. 987message AdjustVmRequest { 988 // An identifier for this VM. 989 string name = 1; 990 991 // The cryptohome id of the owner of this VM. 992 string owner_id = 2; 993 994 // Adjustment to be performed. 995 string operation = 3; 996 997 // Additional parameters for the adjustment operation. 998 repeated string params = 4; 999} 1000 1001// Response to an AdjustVmRequest. 1002message AdjustVmResponse { 1003 // If true, the adjustment was done. 1004 bool success = 1; 1005 1006 // If the attempt to adjust VM failed, the reason for the failure. 1007 string failure_reason = 2; 1008}; 1009 1010// Request to set owner id of a given VM. 1011message SetVmIdRequest { 1012 // An identifier for this VM. 1013 string name = 1; 1014 1015 // The current cyptohome id of this VM. 1016 string src_owner_id = 2; 1017 1018 // The cryptohome id to set for this VM. 1019 string dest_owner_id = 3; 1020} 1021 1022// Response to a SetVmIdRequest. 1023message SetVmIdResponse { 1024 // If true, the owner id of the VM was successfully changed. 1025 bool success = 1; 1026 1027 // If the attempt to set the owner id failed, the reason for failure. 1028 string failure_reason = 2; 1029} 1030 1031// Message used in the signal for when a VM owner id is changed. 1032message VmIdChangedSignal { 1033 // The name of the VM which has changed. 1034 string name = 1; 1035 1036 // The new owner of the vm. 1037 string owner_id = 2; 1038 1039 // The previous owner of the vm. 1040 string prev_owner_id = 3; 1041 1042 // The virtual socket context id assigned to the VM which has changed. 1043 int64 cid = 4; 1044} 1045