]> git.proxmox.com Git - mirror_lxc.git/blame - src/lxc/commands.c
projects / mirror_lxc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
spelling: timeout
[mirror_lxc.git] / src / lxc / commands.c
CommitLineData
724e753c
MN		 1/*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
9afe19d6 7 * Daniel Lezcano <daniel.lezcano at free.fr>
724e753c
MN		 8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
250b1eec 21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
724e753c
MN		 22 */
23
d38dd64a
CB		 24#ifndef _GNU_SOURCE
25#define _GNU_SOURCE 1
26#endif
cf685555 27#include <caps.h>
724e753c 28#include <errno.h>
91480a0f 29#include <fcntl.h>
fe84a562 30#include <malloc.h>
37515ebd 31#include <poll.h>
fe84a562
CB		 32#include <signal.h>
33#include <stdio.h>
34#include <stdlib.h>
fe84a562 35#include <sys/param.h>
724e753c
MN		 36#include <sys/socket.h>
37#include <sys/un.h>
d38dd64a 38#include <unistd.h>
724e753c 39
fe84a562 40#include "af_unix.h"
f2363e38 41#include "cgroup.h"
724e753c 42#include "commands.h"
bbf5cf35 43#include "commands_utils.h"
fe84a562 44#include "conf.h"
d38dd64a 45#include "config.h"
ef6e34ee 46#include "confile.h"
fe84a562
CB		 47#include "log.h"
48#include "lxc.h"
dbc9832d 49#include "lxclock.h"
724e753c 50#include "mainloop.h"
dbc9832d 51#include "monitor.h"
fe84a562 52#include "start.h"
0ed9b1bc 53#include "terminal.h"
fe84a562 54#include "utils.h"
724e753c 55
ded1d23f 56/*
fe84a562
CB		 57 * This file provides the different functions for clients to query/command the
58 * server. The client is typically some lxc tool and the server is typically the
59 * container (ie. lxc-start).
ded1d23f 60 *
fe84a562
CB		 61 * Each command is transactional, the clients send a request to the server and
62 * the server answers the request with a message giving the request's status
63 * (zero or a negative errno value). Both the request and response may contain
64 * additional data.
ded1d23f 65 *
fe84a562
CB		 66 * Each command is wrapped in a ancillary message in order to pass a credential
67 * making possible to the server to check if the client is allowed to ask for
68 * this command or not.
80bcb053 69 *
fe84a562
CB		 70 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
71 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
72 * information to the end of cmd.data, then you must introduce a new
73 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
74 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
80bcb053
SH		 75 *
76 * This is necessary in order to avoid having a newly compiled lxc command
77 * communicating with a running (old) monitor from crashing the running
78 * container.
ded1d23f
DL		 79 */
80
ac2cecc4 81lxc_log_define(commands, lxc);
724e753c 82
ef6e34ee 83static const char *lxc_cmd_str(lxc_cmd_t cmd)
724e753c 84{
fe84a562 85 static const char *const cmdname[LXC_CMD_MAX] = {
974a8aba 86 [LXC_CMD_CONSOLE] = "console",
8ccbbf94 87 [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
974a8aba
CB		 88 [LXC_CMD_STOP] = "stop",
89 [LXC_CMD_GET_STATE] = "get_state",
90 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
91 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
92 [LXC_CMD_GET_CGROUP] = "get_cgroup",
93 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
94 [LXC_CMD_GET_NAME] = "get_name",
95 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
96 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
97 [LXC_CMD_CONSOLE_LOG] = "console_log",
98 [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
ef6e34ee 99 };
724e753c 100
f371aca9 101 if (cmd >= LXC_CMD_MAX)
a8007512 102 return "Invalid request";
fe84a562 103
ef6e34ee
DE		 104 return cmdname[cmd];
105}
106
107/*
108 * lxc_cmd_rsp_recv: Receive a response to a command
109 *
110 * @sock : the socket connected to the container
111 * @cmd : command to put response in
112 *
113 * Returns the size of the response message or < 0 on failure
114 *
115 * Note that if the command response datalen > 0, then data is
116 * a malloc()ed buffer and should be free()ed by the caller. If
117 * the response data is <= a void * worth of data, it will be
118 * stored directly in data and datalen will be 0.
119 *
120 * As a special case, the response for LXC_CMD_CONSOLE is created
0115f8fd
DE		 121 * here as it contains an fd for the master pty passed through the
122 * unix socket.
ef6e34ee
DE		 123 */
124static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
125{
2945ea97 126 int ret, rspfd;
ef6e34ee
DE		 127 struct lxc_cmd_rsp *rsp = &cmd->rsp;
128
ae467c54 129 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
ef6e34ee 130 if (ret < 0) {
a24c5678 131 SYSWARN("Failed to receive response for command \"%s\"",
132 lxc_cmd_str(cmd->req.cmd));
133
6b7f85cb 134 if (errno == ECONNRESET)
2a850b2c 135 return -1;
6b7f85cb 136
ef6e34ee
DE		 137 return -1;
138 }
fe84a562 139 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
ef6e34ee
DE		 140
141 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
142 struct lxc_cmd_console_rsp_data *rspdata;
143
0115f8fd
DE		 144 /* recv() returns 0 bytes when a tty cannot be allocated,
145 * rsp->ret is < 0 when the peer permission check failed
146 */
147 if (ret == 0 || rsp->ret < 0)
148 return 0;
149
ef6e34ee
DE		 150 rspdata = malloc(sizeof(*rspdata));
151 if (!rspdata) {
2a850b2c 152 errno = ENOMEM;
fe84a562 153 ERROR("Failed to allocate response buffer for command \"%s\"",
ef6e34ee 154 lxc_cmd_str(cmd->req.cmd));
2a850b2c 155 return -1;
ef6e34ee 156 }
2a850b2c 157
0115f8fd 158 rspdata->masterfd = rspfd;
ef6e34ee
DE		 159 rspdata->ttynum = PTR_TO_INT(rsp->data);
160 rsp->data = rspdata;
161 }
162
860e7c43 163 if (rsp->datalen == 0) {
fe84a562 164 DEBUG("Response data length for command \"%s\" is 0",
860e7c43 165 lxc_cmd_str(cmd->req.cmd));
ae5c8b8e 166 return ret;
860e7c43 167 }
fe84a562 168
191d43cc
CB		 169 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
170 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
2a850b2c
CB		 171 ERROR("Response data for command \"%s\" is too long: %d bytes > %d",
172 lxc_cmd_str(cmd->req.cmd), rsp->datalen, LXC_CMD_DATA_MAX);
173 return -1;
2ac9aafc 174 }
ef6e34ee 175
191d43cc
CB		 176 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
177 rsp->data = malloc(rsp->datalen + 1);
178 ((char *)rsp->data)[rsp->datalen] = '\0';
179 } else {
180 rsp->data = malloc(rsp->datalen);
181 }
ef6e34ee 182 if (!rsp->data) {
fe84a562 183 errno = ENOMEM;
2a850b2c
CB		 184 ERROR("Failed to allocate response buffer for command \"%s\"",
185 lxc_cmd_str(cmd->req.cmd));
186 return -1;
ef6e34ee 187 }
fe84a562 188
2a850b2c 189 ret = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
ef6e34ee 190 if (ret != rsp->datalen) {
6d1400b5 191 SYSERROR("Failed to receive response data for command \"%s\"",
192 lxc_cmd_str(cmd->req.cmd));
2a850b2c 193 return -1;
ef6e34ee 194 }
724e753c
MN		 195
196 return ret;
197}
198
ef6e34ee
DE		 199/*
200 * lxc_cmd_rsp_send: Send a command response
201 *
202 * @fd : file descriptor of socket to send response on
203 * @rsp : response to send
204 *
205 * Returns 0 on success, < 0 on failure
206 */
207static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
208{
fe84a562 209 ssize_t ret;
ef6e34ee 210
7fbb15ec
CB		 211 errno = EMSGSIZE;
212 ret = lxc_send_nointr(fd, rsp, sizeof(*rsp), MSG_NOSIGNAL);
fe84a562 213 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
6d1400b5 214 SYSERROR("Failed to send command response %zd", ret);
ef6e34ee
DE		 215 return -1;
216 }
217
a674dfe1 218 if (!rsp->data || rsp->datalen <= 0)
fe84a562
CB		 219 return 0;
220
7fbb15ec
CB		 221 errno = EMSGSIZE;
222 ret = lxc_send_nointr(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
fe84a562 223 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
a24c5678 224 SYSWARN("Failed to send command response data %zd", ret);
fe84a562 225 return -1;
ef6e34ee 226 }
fe84a562 227
ef6e34ee
DE		 228 return 0;
229}
230
c01c2be6 231static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
fe84a562 232 const char *lxcpath, const char *hashed_sock_name)
c01c2be6 233{
2a850b2c 234 int client_fd, saved_errno;
fe84a562 235 ssize_t ret = -1;
c01c2be6 236
9dfa4041 237 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
2a850b2c 238 if (client_fd < 0)
fe84a562 239 return -1;
c01c2be6 240
fe84a562
CB		 241 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
242 sizeof(cmd->req));
2a850b2c
CB		 243 if (ret < 0 || (size_t)ret != sizeof(cmd->req))
244 goto on_error;
9044b79e 245
fe84a562
CB		 246 if (cmd->req.datalen <= 0)
247 return client_fd;
c01c2be6 248
7fbb15ec
CB		 249 errno = EMSGSIZE;
250 ret = lxc_send_nointr(client_fd, (void *)cmd->req.data,
251 cmd->req.datalen, MSG_NOSIGNAL);
2a850b2c
CB		 252 if (ret < 0 || ret != (ssize_t)cmd->req.datalen)
253 goto on_error;
c01c2be6 254
2a850b2c 255 return client_fd;
c01c2be6 256
2a850b2c
CB		 257on_error:
258 saved_errno = errno;
259 close(client_fd);
260 errno = saved_errno;
c01c2be6 261
2a850b2c 262 return -1;
c01c2be6
CB		 263}
264
ef6e34ee
DE		 265/*
266 * lxc_cmd: Connect to the specified running container, send it a command
267 * request and collect the response
268 *
269 * @name : name of container to connect to
1e8cfdf6 270 * @cmd : command with initialized request to send
ef6e34ee
DE		 271 * @stopped : output indicator if the container was not running
272 * @lxcpath : the lxcpath in which the container is running
273 *
274 * Returns the size of the response message on success, < 0 on failure
275 *
276 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
277 * the fd cannot be closed because it is used as a placeholder to indicate
278 * that a particular tty slot is in use. The fd is also used as a signal to
279 * the container that when the caller dies or closes the fd, the container
0115f8fd
DE		 280 * will notice the fd on its side of the socket in its mainloop select and
281 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
282 * returned in the cmd response structure.
ef6e34ee
DE		 283 */
284static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
88556fd7 285 const char *lxcpath, const char *hashed_sock_name)
724e753c 286{
2a850b2c 287 int client_fd, saved_errno;
fe84a562 288 int ret = -1;
dbc9832d
CB		 289 bool stay_connected = false;
290
291 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
54446942 292 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
dbc9832d 293 stay_connected = true;
724e753c 294
0ecf64b5
SH		 295 *stopped = 0;
296
c01c2be6
CB		 297 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
298 if (client_fd < 0) {
7874d81a 299 SYSTRACE("Command \"%s\" failed to connect command socket",
300 lxc_cmd_str(cmd->req.cmd));
6a93ae77 301
00e5ca13 302 if (errno == ECONNREFUSED || errno == EPIPE)
ef6e34ee 303 *stopped = 1;
3f903c04 304
2a850b2c 305 return -1;
724e753c
MN		 306 }
307
c01c2be6 308 ret = lxc_cmd_rsp_recv(client_fd, cmd);
2a850b2c 309 if (ret < 0 && errno == ECONNRESET)
6b7f85cb 310 *stopped = 1;
6a93ae77 311
00e5ca13
CB		 312 if (!stay_connected || ret <= 0) {
313 saved_errno = errno;
314 close(client_fd);
315 errno = saved_errno;
316 return ret;
317 }
fe84a562 318
0115f8fd 319 if (stay_connected && ret > 0)
c01c2be6 320 cmd->rsp.ret = client_fd;
43eb6f29 321
1362f2eb 322 return ret;
724e753c
MN		 323}
324
b494d2dd
SH		 325int lxc_try_cmd(const char *name, const char *lxcpath)
326{
0ecf64b5 327 int stopped, ret;
b494d2dd
SH		 328 struct lxc_cmd_rr cmd = {
329 .req = { .cmd = LXC_CMD_GET_INIT_PID },
330 };
331
88556fd7 332 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
b494d2dd
SH		 333 if (stopped)
334 return 0;
335 if (ret > 0 && cmd.rsp.ret < 0) {
336 errno = cmd.rsp.ret;
337 return -1;
338 }
339 if (ret > 0)
340 return 0;
341
fe84a562
CB		 342 /* At this point we weren't denied access, and the container *was*
343 * started. There was some inexplicable error in the protocol. I'm not
344 * clear on whether we should return -1 here, but we didn't receive a
345 * -EACCES, so technically it's not that we're not allowed to control
346 * the container - it's just not behaving.
b494d2dd
SH		 347 */
348 return 0;
349}
350
cc4c0832 351/* Implementations of the commands and their callbacks */
ef6e34ee
DE		 352
353/*
354 * lxc_cmd_get_init_pid: Get pid of the container's init process
355 *
356 * @name : name of container to connect to
357 * @lxcpath : the lxcpath in which the container is running
358 *
359 * Returns the pid on success, < 0 on failure
360 */
361pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
43eb6f29 362{
0ecf64b5 363 int ret, stopped;
9234406b 364 intmax_t pid;
ef6e34ee 365 struct lxc_cmd_rr cmd = {
e8cd1208
CB		 366 .req = {
367 .cmd = LXC_CMD_GET_INIT_PID
368 },
369 .rsp = {
9234406b 370 .data = INTMAX_TO_PTR((intmax_t){-1})
e8cd1208 371 }
ef6e34ee
DE		 372 };
373
88556fd7 374 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee 375 if (ret < 0)
8ed8a626 376 return -1;
ef6e34ee 377
9234406b
CB		 378 pid = PTR_TO_INTMAX(cmd.rsp.data);
379 if (pid < 0)
380 return -1;
381
382 /* We need to assume that pid_t can actually hold any pid given to us
383 * by the kernel. If it can't it's a libc bug.
384 */
385 return (pid_t)pid;
43eb6f29
DL		 386}
387
ef6e34ee
DE		 388static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
389 struct lxc_handler *handler)
43eb6f29 390{
54dcfd81
CB		 391 intmax_t pid = handler->pid;
392
9234406b 393 struct lxc_cmd_rsp rsp = {
54dcfd81 394 .data = INTMAX_TO_PTR(pid)
9234406b 395 };
ef6e34ee
DE		 396
397 return lxc_cmd_rsp_send(fd, &rsp);
43eb6f29
DL		 398}
399
ef6e34ee
DE		 400/*
401 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
402 *
403 * @name : name of container to connect to
404 * @lxcpath : the lxcpath in which the container is running
405 *
406 * Returns the clone flags on success, < 0 on failure
407 */
408int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
409{
0ecf64b5 410 int ret, stopped;
ef6e34ee
DE		 411 struct lxc_cmd_rr cmd = {
412 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
413 };
414
88556fd7 415 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 416 if (ret < 0)
417 return ret;
43eb6f29 418
ef6e34ee
DE		 419 return PTR_TO_INT(cmd.rsp.data);
420}
421
422static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
423 struct lxc_handler *handler)
26b2d152 424{
becad0ec 425 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->ns_clone_flags) };
ef6e34ee
DE		 426
427 return lxc_cmd_rsp_send(fd, &rsp);
428}
429
430/*
431 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
432 * particular subsystem. This is the cgroup path relative to the root
433 * of the cgroup filesystem.
434 *
ef6e34ee
DE		 435 * @name : name of container to connect to
436 * @lxcpath : the lxcpath in which the container is running
b98f7d6e 437 * @subsystem : the subsystem being asked about
ef6e34ee
DE		 438 *
439 * Returns the path on success, NULL on failure. The caller must free() the
440 * returned path.
441 */
b98f7d6e 442char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
fe84a562 443 const char *subsystem)
ef6e34ee 444{
0ecf64b5 445 int ret, stopped;
ef6e34ee 446 struct lxc_cmd_rr cmd = {
b98f7d6e
SH		 447 .req = {
448 .cmd = LXC_CMD_GET_CGROUP,
b98f7d6e 449 .data = subsystem,
c2aed66d 450 .datalen = 0,
b98f7d6e 451 },
26b2d152
MN		 452 };
453
c2aed66d
CB		 454 cmd.req.data = subsystem;
455 cmd.req.datalen = 0;
456 if (subsystem)
457 cmd.req.datalen = strlen(subsystem) + 1;
458
88556fd7 459 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
fe84a562 460 if (ret < 0)
ef6e34ee
DE		 461 return NULL;
462
fe84a562 463 if (ret == 0)
ef6e34ee 464 return NULL;
ef6e34ee 465
fe84a562 466 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
ef6e34ee 467 return NULL;
3f903c04 468
ef6e34ee
DE		 469 return cmd.rsp.data;
470}
471
472static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
473 struct lxc_handler *handler)
474{
4fb3cba5 475 const char *path;
fe84a562 476 struct lxc_cmd_rsp rsp;
2202afc9 477 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
b98f7d6e 478
c2aed66d 479 if (req->datalen > 0)
2202afc9 480 path = cgroup_ops->get_cgroup(cgroup_ops, req->data);
c2aed66d 481 else
2202afc9 482 path = cgroup_ops->get_cgroup(cgroup_ops, NULL);
b98f7d6e
SH		 483 if (!path)
484 return -1;
fe84a562 485
4f17323e 486 rsp.ret = 0;
fe84a562
CB		 487 rsp.datalen = strlen(path) + 1;
488 rsp.data = (char *)path;
ef6e34ee
DE		 489
490 return lxc_cmd_rsp_send(fd, &rsp);
491}
492
493/*
494 * lxc_cmd_get_config_item: Get config item the running container
495 *
496 * @name : name of container to connect to
7fa3f2e9 497 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
ef6e34ee
DE		 498 * @lxcpath : the lxcpath in which the container is running
499 *
500 * Returns the item on success, NULL on failure. The caller must free() the
501 * returned item.
502 */
503char *lxc_cmd_get_config_item(const char *name, const char *item,
504 const char *lxcpath)
505{
0ecf64b5 506 int ret, stopped;
ef6e34ee
DE		 507 struct lxc_cmd_rr cmd = {
508 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
509 .data = item,
fe84a562 510 .datalen = strlen(item) + 1,
ef6e34ee
DE		 511 },
512 };
513
88556fd7 514 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 515 if (ret < 0)
516 return NULL;
517
518 if (cmd.rsp.ret == 0)
519 return cmd.rsp.data;
fe84a562 520
ef6e34ee
DE		 521 return NULL;
522}
523
524static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
525 struct lxc_handler *handler)
526{
527 int cilen;
ef6e34ee 528 char *cidata;
30aec088 529 struct lxc_config_t *item;
fe84a562 530 struct lxc_cmd_rsp rsp;
ef6e34ee
DE		 531
532 memset(&rsp, 0, sizeof(rsp));
300df83e 533 item = lxc_get_config(req->data);
30aec088
CB		 534 if (!item)
535 goto err1;
fe84a562 536
cccd2219 537 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
ef6e34ee
DE		 538 if (cilen <= 0)
539 goto err1;
540
541 cidata = alloca(cilen + 1);
cccd2219 542 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
ef6e34ee 543 goto err1;
fe84a562 544
ef6e34ee
DE		 545 cidata[cilen] = '\0';
546 rsp.data = cidata;
547 rsp.datalen = cilen + 1;
548 rsp.ret = 0;
549 goto out;
550
551err1:
552 rsp.ret = -1;
553out:
554 return lxc_cmd_rsp_send(fd, &rsp);
555}
556
557/*
558 * lxc_cmd_get_state: Get current state of the container
559 *
560 * @name : name of container to connect to
561 * @lxcpath : the lxcpath in which the container is running
562 *
563 * Returns the state on success, < 0 on failure
564 */
dbc9832d 565int lxc_cmd_get_state(const char *name, const char *lxcpath)
ef6e34ee 566{
0ecf64b5 567 int ret, stopped;
ef6e34ee
DE		 568 struct lxc_cmd_rr cmd = {
569 .req = { .cmd = LXC_CMD_GET_STATE }
570 };
26b2d152 571
88556fd7 572 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ebdd307d 573 if (ret < 0 && stopped)
ef6e34ee
DE		 574 return STOPPED;
575
576 if (ret < 0)
26b2d152 577 return -1;
26b2d152 578
ef6e34ee 579 if (!ret) {
fe84a562 580 WARN("Container \"%s\" has stopped before sending its state", name);
ef6e34ee
DE		 581 return -1;
582 }
583
fe84a562 584 DEBUG("Container \"%s\" is in \"%s\" state", name,
ef6e34ee 585 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
fe84a562 586
ef6e34ee
DE		 587 return PTR_TO_INT(cmd.rsp.data);
588}
589
590static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
591 struct lxc_handler *handler)
592{
593 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
594
595 return lxc_cmd_rsp_send(fd, &rsp);
596}
597
598/*
599 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
600 * the processes running inside this container will be killed.
601 *
602 * @name : name of container to connect to
603 * @lxcpath : the lxcpath in which the container is running
604 *
605 * Returns 0 on success, < 0 on failure
606 */
607int lxc_cmd_stop(const char *name, const char *lxcpath)
608{
0ecf64b5 609 int ret, stopped;
ef6e34ee
DE		 610 struct lxc_cmd_rr cmd = {
611 .req = { .cmd = LXC_CMD_STOP },
612 };
613
88556fd7 614 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
26b2d152 615 if (ret < 0) {
ef6e34ee 616 if (stopped) {
fe84a562 617 INFO("Container \"%s\" is already stopped", name);
ef6e34ee
DE		 618 return 0;
619 }
fe84a562 620
26b2d152
MN		 621 return -1;
622 }
623
fe84a562
CB		 624 /* We do not expect any answer, because we wait for the connection to be
625 * closed.
95d5b147
SH		 626 */
627 if (ret > 0) {
6d1400b5 628 errno = -cmd.rsp.ret;
629 SYSERROR("Failed to stop container \"%s\"", name);
26b2d152
MN		 630 return -1;
631 }
632
fe84a562 633 INFO("Container \"%s\" has stopped", name);
ef6e34ee 634 return 0;
26b2d152
MN		 635}
636
ef6e34ee
DE		 637static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
638 struct lxc_handler *handler)
d5088cf2 639{
ef6e34ee 640 struct lxc_cmd_rsp rsp;
ef6e34ee 641 int stopsignal = SIGKILL;
2202afc9 642 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
ef6e34ee
DE		 643
644 if (handler->conf->stopsignal)
645 stopsignal = handler->conf->stopsignal;
646 memset(&rsp, 0, sizeof(rsp));
647 rsp.ret = kill(handler->pid, stopsignal);
648 if (!rsp.ret) {
fe84a562 649 /* We can't just use lxc_unfreeze() since we are already in the
4fb3cba5
DE		 650 * context of handling the STOP cmd in lxc-start, and calling
651 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
fe84a562 652 * deadlock us.
4fb3cba5 653 */
27a5132c 654 if (!cgroup_ops->get_cgroup(cgroup_ops, "freezer"))
d18d43da
SG		 655 return 0;
656
2202afc9 657 if (cgroup_ops->unfreeze(cgroup_ops))
95d5b147 658 return 0;
fe84a562
CB		 659
660 ERROR("Failed to unfreeze container \"%s\"", handler->name);
ecfcb3f0 661 rsp.ret = -1;
ef6e34ee
DE		 662 }
663
664 return lxc_cmd_rsp_send(fd, &rsp);
665}
d5088cf2 666
b5159817 667/*
8ccbbf94 668 * lxc_cmd_terminal_winch: To process as if a SIGWINCH were received
b5159817
DE		 669 *
670 * @name : name of container to connect to
671 * @lxcpath : the lxcpath in which the container is running
672 *
673 * Returns 0 on success, < 0 on failure
674 */
8ccbbf94 675int lxc_cmd_terminal_winch(const char *name, const char *lxcpath)
b5159817 676{
0ecf64b5 677 int ret, stopped;
b5159817 678 struct lxc_cmd_rr cmd = {
8ccbbf94 679 .req = { .cmd = LXC_CMD_TERMINAL_WINCH },
b5159817
DE		 680 };
681
88556fd7 682 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
b5159817
DE		 683 if (ret < 0)
684 return ret;
685
686 return 0;
687}
688
8ccbbf94
CB		 689static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
690 struct lxc_handler *handler)
b5159817
DE		 691{
692 struct lxc_cmd_rsp rsp = { .data = 0 };
693
dad4a039 694 lxc_terminal_sigwinch(SIGWINCH);
fe84a562 695
b5159817
DE		 696 return lxc_cmd_rsp_send(fd, &rsp);
697}
698
ef6e34ee
DE		 699/*
700 * lxc_cmd_console: Open an fd to a tty in the container
701 *
702 * @name : name of container to connect to
703 * @ttynum : in: the tty to open or -1 for next available
704 * : out: the tty allocated
705 * @fd : out: file descriptor for master side of pty
706 * @lxcpath : the lxcpath in which the container is running
707 *
0115f8fd 708 * Returns fd holding tty allocated on success, < 0 on failure
ef6e34ee
DE		 709 */
710int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
711{
0ecf64b5 712 int ret, stopped;
ef6e34ee
DE		 713 struct lxc_cmd_console_rsp_data *rspdata;
714 struct lxc_cmd_rr cmd = {
715 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
716 };
d5088cf2 717
88556fd7 718 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 719 if (ret < 0)
720 return ret;
0115f8fd
DE		 721
722 if (cmd.rsp.ret < 0) {
6d1400b5 723 errno = -cmd.rsp.ret;
724 SYSERROR("Denied access to tty");
ef6e34ee
DE		 725 ret = -1;
726 goto out;
727 }
d5088cf2 728
0115f8fd 729 if (ret == 0) {
fe84a562 730 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
0115f8fd 731 ret = -1;
ef6e34ee
DE		 732 goto out;
733 }
ef6e34ee
DE		 734
735 rspdata = cmd.rsp.data;
0115f8fd 736 if (rspdata->masterfd < 0) {
fe84a562 737 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
ef6e34ee
DE		 738 goto out;
739 }
740
fe84a562 741 ret = cmd.rsp.ret; /* socket fd */
0115f8fd 742 *fd = rspdata->masterfd;
ef6e34ee 743 *ttynum = rspdata->ttynum;
fe84a562
CB		 744 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
745
ef6e34ee
DE		 746out:
747 free(cmd.rsp.data);
748 return ret;
749}
750
751static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
752 struct lxc_handler *handler)
753{
fe84a562 754 int masterfd, ret;
ef6e34ee 755 struct lxc_cmd_rsp rsp;
fe84a562 756 int ttynum = PTR_TO_INT(req->data);
ef6e34ee 757
c1ee47cd 758 masterfd = lxc_terminal_allocate(handler->conf, fd, &ttynum);
b5159817 759 if (masterfd < 0)
ef6e34ee
DE		 760 goto out_close;
761
ef6e34ee
DE		 762 memset(&rsp, 0, sizeof(rsp));
763 rsp.data = INT_TO_PTR(ttynum);
fe84a562
CB		 764 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
765 if (ret < 0) {
9044b79e 766 SYSERROR("Failed to send tty to client");
3dfe6f8d 767 lxc_terminal_free(handler->conf, fd);
ef6e34ee
DE		 768 goto out_close;
769 }
770
ef6e34ee
DE		 771 return 0;
772
773out_close:
fe84a562
CB		 774 /* Special indicator to lxc_cmd_handler() to close the fd and do
775 * related cleanup.
ef6e34ee
DE		 776 */
777 return 1;
d5088cf2
CS		 778}
779
88556fd7
ÇO		 780/*
781 * lxc_cmd_get_name: Returns the name of the container
782 *
783 * @hashed_sock_name: hashed socket name
784 *
785 * Returns the name on success, NULL on failure.
786 */
787char *lxc_cmd_get_name(const char *hashed_sock_name)
788{
789 int ret, stopped;
790 struct lxc_cmd_rr cmd = {
791 .req = { .cmd = LXC_CMD_GET_NAME},
792 };
793
794 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
fe84a562 795 if (ret < 0)
88556fd7 796 return NULL;
88556fd7
ÇO		 797
798 if (cmd.rsp.ret == 0)
799 return cmd.rsp.data;
fe84a562 800
88556fd7
ÇO		 801 return NULL;
802}
803
804static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
fe84a562 805 struct lxc_handler *handler)
88556fd7
ÇO		 806{
807 struct lxc_cmd_rsp rsp;
808
809 memset(&rsp, 0, sizeof(rsp));
810
f0ecc19d 811 rsp.data = (char *)handler->name;
88556fd7
ÇO		 812 rsp.datalen = strlen(handler->name) + 1;
813 rsp.ret = 0;
814
815 return lxc_cmd_rsp_send(fd, &rsp);
816}
817
818/*
819 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
820 *
821 * @hashed_sock_name: hashed socket name
822 *
823 * Returns the lxcpath on success, NULL on failure.
824 */
825char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
826{
827 int ret, stopped;
828 struct lxc_cmd_rr cmd = {
829 .req = { .cmd = LXC_CMD_GET_LXCPATH},
830 };
724e753c 831
88556fd7 832 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
fe84a562 833 if (ret < 0)
88556fd7 834 return NULL;
88556fd7
ÇO		 835
836 if (cmd.rsp.ret == 0)
837 return cmd.rsp.data;
fe84a562 838
88556fd7
ÇO		 839 return NULL;
840}
841
842static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
843 struct lxc_handler *handler)
844{
845 struct lxc_cmd_rsp rsp;
846
847 memset(&rsp, 0, sizeof(rsp));
848
fe84a562 849 rsp.ret = 0;
88556fd7
ÇO		 850 rsp.data = (char *)handler->lxcpath;
851 rsp.datalen = strlen(handler->lxcpath) + 1;
88556fd7
ÇO		 852
853 return lxc_cmd_rsp_send(fd, &rsp);
854}
ef6e34ee 855
54446942 856int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
92e35018
CB		 857 lxc_state_t states[MAX_STATE],
858 int *state_client_fd)
dbc9832d 859{
bc631984 860 int state, stopped;
dbc9832d 861 ssize_t ret;
dbc9832d
CB		 862 struct lxc_cmd_rr cmd = {
863 .req = {
54446942 864 .cmd = LXC_CMD_ADD_STATE_CLIENT,
dbc9832d
CB		 865 .data = states,
866 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
867 },
868 };
869
dbc9832d 870 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
bc631984
CB		 871 if (states[STOPPED] != 0 && stopped != 0)
872 return STOPPED;
873
dbc9832d 874 if (ret < 0) {
f577e061 875 if (errno != ECONNREFUSED)
6d1400b5 876 SYSERROR("Failed to execute command");
877
dbc9832d
CB		 878 return -1;
879 }
fe84a562 880
dbc9832d
CB		 881 /* We should now be guaranteed to get an answer from the state sending
882 * function.
883 */
dbc9832d 884 if (cmd.rsp.ret < 0) {
6d1400b5 885 errno = -cmd.rsp.ret;
886 SYSERROR("Failed to receive socket fd");
dbc9832d
CB		 887 return -1;
888 }
889
bc631984
CB		 890 state = PTR_TO_INT(cmd.rsp.data);
891 if (state < MAX_STATE) {
44552fb2
CB		 892 TRACE("Container is already in requested state %s", lxc_state2str(state));
893 close(cmd.rsp.ret);
bc631984
CB		 894 return state;
895 }
896
92e35018 897 *state_client_fd = cmd.rsp.ret;
bc631984 898 TRACE("Added state client %d to state client list", cmd.rsp.ret);
92e35018 899 return MAX_STATE;
dbc9832d
CB		 900}
901
54446942
CB		 902static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
903 struct lxc_handler *handler)
dbc9832d 904{
44552fb2 905 int ret;
dbc9832d 906 struct lxc_cmd_rsp rsp = {0};
dbc9832d 907
fe84a562 908 if (req->datalen < 0)
44552fb2 909 goto reap_client_fd;
dbc9832d 910
fe84a562 911 if (req->datalen > (sizeof(lxc_state_t) * MAX_STATE))
44552fb2 912 goto reap_client_fd;
dbc9832d 913
fe84a562 914 if (!req->data)
44552fb2 915 goto reap_client_fd;
dbc9832d 916
c01c2be6 917 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
44552fb2
CB		 918 if (rsp.ret < 0)
919 goto reap_client_fd;
920
bc631984 921 rsp.data = INT_TO_PTR(rsp.ret);
dbc9832d 922
44552fb2
CB		 923 ret = lxc_cmd_rsp_send(fd, &rsp);
924 if (ret < 0)
925 goto reap_client_fd;
926
927 return 0;
928
929reap_client_fd:
930 /* Special indicator to lxc_cmd_handler() to close the fd and do related
931 * cleanup.
932 */
933 return 1;
dbc9832d
CB		 934}
935
191d43cc
CB		 936int lxc_cmd_console_log(const char *name, const char *lxcpath,
937 struct lxc_console_log *log)
938{
939 int ret, stopped;
940 struct lxc_cmd_console_log data;
941 struct lxc_cmd_rr cmd;
942
943 data.clear = log->clear;
944 data.read = log->read;
945 data.read_max = *log->read_max;
946
947 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
948 cmd.req.data = &data;
949 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
950
951 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
952 if (ret < 0)
953 return ret;
954
955 /* There is nothing to be read from the buffer. So clear any values we
956 * where passed to clearly indicate to the user that nothing went wrong.
957 */
63b74cda 958 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
191d43cc
CB		 959 *log->read_max = 0;
960 log->data = NULL;
961 }
962
963 /* This is a proper error so don't touch any values we were passed. */
964 if (cmd.rsp.ret < 0)
965 return cmd.rsp.ret;
966
967 *log->read_max = cmd.rsp.datalen;
968 log->data = cmd.rsp.data;
969
970 return 0;
971}
972
973static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
974 struct lxc_handler *handler)
975{
976 struct lxc_cmd_rsp rsp;
28f3b1cd 977 uint64_t buffer_size = handler->conf->console.buffer_size;
191d43cc
CB		 978 const struct lxc_cmd_console_log *log = req->data;
979 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
980
981 rsp.ret = -EFAULT;
982 rsp.datalen = 0;
983 rsp.data = NULL;
28f3b1cd 984 if (buffer_size <= 0)
191d43cc
CB		 985 goto out;
986
5928191e
CB		 987 if (log->read || log->write_logfile)
988 rsp.datalen = lxc_ringbuf_used(buf);
989
191d43cc
CB		 990 if (log->read)
991 rsp.data = lxc_ringbuf_get_read_addr(buf);
992
993 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
994 rsp.datalen = log->read_max;
995
996 /* there's nothing to read */
63b74cda 997 rsp.ret = -ENODATA;
191d43cc 998 if (log->read && (buf->r_off == buf->w_off))
63b74cda
CB		 999 goto out;
1000
63b74cda 1001 rsp.ret = 0;
23e0d9af 1002 if (log->clear)
43366ca2 1003 lxc_ringbuf_clear(buf); /* clear the ringbuffer */
23e0d9af 1004 else if (rsp.datalen > 0)
191d43cc
CB		 1005 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
1006
1007out:
1008 return lxc_cmd_rsp_send(fd, &rsp);
1009}
1010
974a8aba
CB		 1011int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
1012 lxc_state_t state)
1013{
1014 int stopped;
1015 ssize_t ret;
1016 struct lxc_cmd_rr cmd = {
1017 .req = {
1018 .cmd = LXC_CMD_SERVE_STATE_CLIENTS,
1019 .data = INT_TO_PTR(state)
1020 },
1021 };
1022
1023 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
1024 if (ret < 0) {
6d1400b5 1025 SYSERROR("Failed to execute command");
974a8aba
CB		 1026 return -1;
1027 }
1028
1029 return 0;
1030}
1031
1032static int lxc_cmd_serve_state_clients_callback(int fd, struct lxc_cmd_req *req,
1033 struct lxc_handler *handler)
1034{
1035 int ret;
1036 lxc_state_t state = PTR_TO_INT(req->data);
1037 struct lxc_cmd_rsp rsp = {0};
1038
1039 ret = lxc_serve_state_clients(handler->name, handler, state);
1040 if (ret < 0)
1041 goto reap_client_fd;
1042
1043 ret = lxc_cmd_rsp_send(fd, &rsp);
1044 if (ret < 0)
1045 goto reap_client_fd;
1046
1047 return 0;
1048
1049reap_client_fd:
1050 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1051 * cleanup.
1052 */
1053 return 1;
1054}
1055
ef6e34ee 1056static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
ded1d23f 1057 struct lxc_handler *handler)
724e753c 1058{
ef6e34ee
DE		 1059 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1060
1061 callback cb[LXC_CMD_MAX] = {
974a8aba 1062 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
8ccbbf94 1063 [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
974a8aba
CB		 1064 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1065 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1066 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1067 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1068 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1069 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1070 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1071 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1072 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
1073 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
1074 [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
724e753c
MN		 1075 };
1076
f371aca9 1077 if (req->cmd >= LXC_CMD_MAX) {
fe84a562 1078 ERROR("Undefined command id %d", req->cmd);
724e753c 1079 return -1;
ef6e34ee
DE		 1080 }
1081 return cb[req->cmd](fd, req, handler);
724e753c
MN		 1082}
1083
ef6e34ee 1084static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
f6fc1565
CB		 1085 struct lxc_epoll_descr *descr,
1086 const lxc_cmd_t cmd)
724e753c 1087{
d39b10eb 1088 struct lxc_state_client *client;
f6fc1565
CB		 1089 struct lxc_list *cur, *next;
1090
3dfe6f8d 1091 lxc_terminal_free(handler->conf, fd);
724e753c 1092 lxc_mainloop_del_handler(descr, fd);
f6fc1565
CB		 1093 if (cmd != LXC_CMD_ADD_STATE_CLIENT) {
1094 close(fd);
1095 return;
1096 }
1097
d39b10eb 1098 lxc_list_for_each_safe(cur, &handler->conf->state_clients, next) {
f6fc1565
CB		 1099 client = cur->elem;
1100 if (client->clientfd != fd)
1101 continue;
1102
1103 /* kick client from list */
f6fc1565 1104 lxc_list_del(cur);
300d1cb4 1105 close(client->clientfd);
f6fc1565
CB		 1106 free(cur->elem);
1107 free(cur);
b1ca434a
CB		 1108 /* No need to walk the whole list. If we found the state client
1109 * fd there can't be a second one.
1110 */
1111 break;
f6fc1565 1112 }
724e753c
MN		 1113}
1114
84c92abd
DE		 1115static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1116 struct lxc_epoll_descr *descr)
724e753c
MN		 1117{
1118 int ret;
ef6e34ee 1119 struct lxc_cmd_req req;
191d43cc 1120 void *reqdata = NULL;
724e753c
MN		 1121 struct lxc_handler *handler = data;
1122
aae93dd3 1123 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
ded1d23f 1124 if (ret < 0) {
fe84a562 1125 SYSERROR("Failed to receive data on command socket for command "
9044b79e 1126 "\"%s\"", lxc_cmd_str(req.cmd));
1127
1128 if (errno == EACCES) {
1129 /* We don't care for the peer, just send and close. */
1130 struct lxc_cmd_rsp rsp = {.ret = ret};
1131
1132 lxc_cmd_rsp_send(fd, &rsp);
1133 }
1134
724e753c
MN		 1135 goto out_close;
1136 }
1137
fe84a562 1138 if (ret == 0)
724e753c 1139 goto out_close;
724e753c 1140
ef6e34ee 1141 if (ret != sizeof(req)) {
c01c2be6 1142 WARN("Failed to receive full command request. Ignoring request "
fe84a562 1143 "for \"%s\"", lxc_cmd_str(req.cmd));
ef6e34ee
DE		 1144 ret = -1;
1145 goto out_close;
1146 }
1147
191d43cc
CB		 1148 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1149 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
c01c2be6 1150 ERROR("Received command data length %d is too large for "
fe84a562
CB		 1151 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1152 errno = EFBIG;
1153 ret = -EFBIG;
724e753c
MN		 1154 goto out_close;
1155 }
1156
ef6e34ee 1157 if (req.datalen > 0) {
191d43cc
CB		 1158 /* LXC_CMD_CONSOLE_LOG needs to be able to allocate data
1159 * that exceeds LXC_CMD_DATA_MAX: use malloc() for that.
1160 */
1161 if (req.cmd == LXC_CMD_CONSOLE_LOG)
1162 reqdata = malloc(req.datalen);
1163 else
1164 reqdata = alloca(req.datalen);
1165 if (!reqdata) {
1166 ERROR("Failed to allocate memory for \"%s\" command",
1167 lxc_cmd_str(req.cmd));
1168 errno = ENOMEM;
1169 ret = -ENOMEM;
1170 goto out_close;
1171 }
ef6e34ee 1172
e3233f26 1173 ret = lxc_recv_nointr(fd, reqdata, req.datalen, 0);
ef6e34ee 1174 if (ret != req.datalen) {
c01c2be6 1175 WARN("Failed to receive full command request. Ignoring "
fe84a562 1176 "request for \"%s\"", lxc_cmd_str(req.cmd));
b2a48508 1177 ret = LXC_MAINLOOP_ERROR;
ef6e34ee
DE		 1178 goto out_close;
1179 }
fe84a562 1180
ef6e34ee
DE		 1181 req.data = reqdata;
1182 }
1183
1184 ret = lxc_cmd_process(fd, &req, handler);
724e753c 1185 if (ret) {
fe84a562 1186 /* This is not an error, but only a request to close fd. */
b2a48508 1187 ret = LXC_MAINLOOP_CONTINUE;
724e753c
MN		 1188 goto out_close;
1189 }
1190
1191out:
191d43cc
CB		 1192 if (req.cmd == LXC_CMD_CONSOLE_LOG && reqdata)
1193 free(reqdata);
1194
724e753c 1195 return ret;
fe84a562 1196
724e753c 1197out_close:
f6fc1565 1198 lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);
724e753c
MN		 1199 goto out;
1200}
1201
84c92abd
DE		 1202static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1203 struct lxc_epoll_descr *descr)
724e753c 1204{
fe84a562
CB		 1205 int connection;
1206 int opt = 1, ret = -1;
724e753c
MN		 1207
1208 connection = accept(fd, NULL, 0);
1209 if (connection < 0) {
47903908 1210 SYSERROR("Failed to accept connection to run command");
b2a48508 1211 return LXC_MAINLOOP_ERROR;
724e753c
MN		 1212 }
1213
fe84a562
CB		 1214 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1215 if (ret < 0) {
1216 SYSERROR("Failed to set close-on-exec on incoming command connection");
9ccb2dbc
DL		 1217 goto out_close;
1218 }
1219
fe84a562
CB		 1220 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1221 if (ret < 0) {
1222 SYSERROR("Failed to enable necessary credentials on command socket");
724e753c
MN		 1223 goto out_close;
1224 }
1225
ef6e34ee 1226 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
724e753c 1227 if (ret) {
fe84a562 1228 ERROR("Failed to add command handler");
724e753c
MN		 1229 goto out_close;
1230 }
1231
1232out:
1233 return ret;
1234
1235out_close:
1236 close(connection);
1237 goto out;
1238}
1239
9dfa4041 1240int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
724e753c 1241{
5b46db1a 1242 int fd, ret;
b1234129 1243 char path[LXC_AUDS_ADDR_LEN] = {0};
724e753c 1244
5b46db1a 1245 ret = lxc_make_abstract_socket_name(path, sizeof(path), name, lxcpath, NULL, suffix);
fe84a562 1246 if (ret < 0)
9ba8130c 1247 return -1;
5b46db1a 1248 TRACE("Creating abstract unix socket \"%s\"", &path[1]);
724e753c 1249
aae93dd3 1250 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
724e753c 1251 if (fd < 0) {
5b46db1a 1252 SYSERROR("Failed to create command socket %s", &path[1]);
08aa08fe 1253 if (errno == EADDRINUSE)
fe84a562 1254 ERROR("Container \"%s\" appears to be already running", name);
6d1400b5 1255
724e753c
MN		 1256 return -1;
1257 }
1258
fe84a562
CB		 1259 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1260 if (ret < 0) {
1261 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
91480a0f
DL		 1262 close(fd);
1263 return -1;
1264 }
1265
9dfa4041 1266 return fd;
d2e30e99
DE		 1267}
1268
fe84a562 1269int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
ef6e34ee 1270 struct lxc_handler *handler)
d2e30e99 1271{
fe84a562
CB		 1272 int ret;
1273 int fd = handler->conf->maincmd_fd;
d2e30e99 1274
ef6e34ee 1275 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
fe84a562
CB		 1276 if (ret < 0) {
1277 ERROR("Failed to add handler for command socket");
724e753c
MN		 1278 close(fd);
1279 }
1280
1281 return ret;
1282}
LXC mirror