]>
Commit | Line | Data |
---|---|---|
84bf5645 JC |
1 | #! /bin/bash |
2 | ||
3 | set -eu | |
4 | ||
5 | LXC_DHCP_SCRIPT="@LXCHOOKDIR@/dhclient-script" | |
6 | LXC_DHCP_CONFIG="@SYSCONFDIR@/lxc/dhclient.conf" | |
7 | ||
8 | rootfs_path="${LXC_ROOTFS_PATH#*:}" | |
9 | hookdir="${rootfs_path/%rootfs/hook}" | |
10 | ||
11 | conffile_arg="" | |
12 | if [ -e "${LXC_DHCP_CONFIG}" ]; then | |
13 | conffile_arg="-cf ${LXC_DHCP_CONFIG}" | |
14 | fi | |
15 | ||
16 | debugfile="/dev/null" | |
17 | if [ "${LXC_LOG_LEVEL}" = "DEBUG" ] || [ "${LXC_LOG_LEVEL}" = "TRACE" ]; then | |
18 | debugfile="${hookdir}/dhclient.log" | |
19 | echo "INFO: Writing dhclient log at ${debugfile}." >&2 | |
20 | fi | |
21 | ||
22 | pidfile="${hookdir}/dhclient.pid" | |
23 | leasefile="${hookdir}/dhclient.leases" | |
24 | ||
25 | usage() { | |
26 | echo "Usage: ${0##*/} <name> lxc {start-host|stop}" | |
27 | } | |
28 | ||
41be52e8 FA |
29 | # Wrap the dhclient command with "aa-exec -p unconfined" if AppArmor is enabled. |
30 | dhclient() { | |
31 | bin="/sbin/dhclient" | |
32 | if [ -d "/sys/kernel/security/apparmor" ] && which aa-exec >/dev/null; then | |
33 | bin="aa-exec -p unconfined ${bin}" | |
34 | fi | |
35 | echo $bin | |
36 | } | |
37 | ||
84bf5645 JC |
38 | dhclient_start() { |
39 | ns_args=("--uts" "--net") | |
40 | if [ -z "$(readlink /proc/${LXC_PID}/ns/user /proc/self/ns/user | uniq -d)" ]; then | |
41 | ns_args+=("--user") | |
42 | fi | |
43 | ||
44 | mkdir -p "${hookdir}" | |
45 | ||
46 | if [ -e "${pidfile}" ]; then | |
47 | echo "WARN: DHCP client is already running, skipping start hook." >> "${debugfile}" | |
48 | else | |
49 | echo "INFO: Starting DHCP client and acquiring a lease..." >> "${debugfile}" | |
50 | nsenter ${ns_args[@]} --target "${LXC_PID}" -- \ | |
41be52e8 | 51 | $(dhclient) -1 ${conffile_arg} -pf "${pidfile}" -lf "${leasefile}" -e "ROOTFS=${rootfs_path}" -sf "${LXC_DHCP_SCRIPT}" -v >> "${debugfile}" 2>&1 |
84bf5645 JC |
52 | fi |
53 | } | |
54 | ||
55 | dhclient_stop() { | |
56 | # We can't use LXC_PID here since the container process has exited, | |
57 | # use the namespace file descriptors in the hook arguments instead. | |
58 | ns_args=("") | |
59 | if [ "${LXC_HOOK_VERSION:-0}" -eq 0 ]; then | |
60 | for arg in "$@"; do | |
61 | case "${arg}" in | |
62 | uts:* | user:* | net:*) ns_args+=("--${arg/:/=}") ;; | |
63 | *) ;; | |
64 | esac | |
65 | done | |
66 | else | |
67 | ns_args+=("--uts=${LXC_UTS_NS}") | |
68 | ns_args+=("--net=${LXC_NET_NS}") | |
69 | [ -n "${LXC_USER_NS:+x}" ] && ns_args+=("--user=${LXC_USER_NS}") | |
70 | fi | |
71 | ||
72 | if [ -e "${pidfile}" ]; then | |
73 | echo "INFO: Stopping DHCP client and releasing leases..." >> "${debugfile}" | |
74 | nsenter ${ns_args[@]} -- \ | |
41be52e8 | 75 | $(dhclient) -r ${conffile_arg} -pf "${pidfile}" -lf "${leasefile}" -e "ROOTFS=${rootfs_path}" -sf "${LXC_DHCP_SCRIPT}" -v >> "${debugfile}" 2>&1 |
84bf5645 JC |
76 | else |
77 | echo "WARN: DHCP client is not running, skipping stop hook." >> "${debugfile}" | |
78 | fi | |
79 | ||
80 | # dhclient could fail to release the lease and shutdown, try to cleanup after ourselves just in case. | |
81 | nsenter ${ns_args[@]} -- \ | |
82 | /bin/sh -c 'pkill --ns $$ --nslist net -f "^/sbin/dhclient"' || true | |
83 | rm -f "${pidfile}" | |
84 | } | |
85 | ||
86 | HOOK_SECTION= | |
87 | HOOK_TYPE= | |
88 | case "${LXC_HOOK_VERSION:-0}" in | |
89 | 0) HOOK_SECTION="${2:-}"; HOOK_TYPE="${3:-}"; shift 3;; | |
90 | 1) HOOK_SECTION="${LXC_HOOK_SECTION:-}"; HOOK_TYPE="${LXC_HOOK_TYPE:-}";; | |
91 | *) echo "ERROR: Unsupported hook version: ${LXC_HOOK_VERSION}." >&2; exit 1;; | |
92 | esac | |
93 | ||
94 | if [ "${HOOK_SECTION}" != "lxc" ]; then | |
95 | echo "ERROR: Not running through LXC." >&2 | |
96 | exit 1 | |
97 | fi | |
98 | ||
99 | case "${HOOK_TYPE}" in | |
100 | start-host) dhclient_start $@;; | |
101 | stop) dhclient_stop $@;; | |
102 | *) usage; exit 1;; | |
103 | esac | |
104 | ||
105 | exit 0 |