]> git.proxmox.com Git - mirror_lxc.git/blame - src/lxc/commands.c
projects / mirror_lxc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
monitor: checking name too long to make monitor sock name
[mirror_lxc.git] / src / lxc / commands.c
CommitLineData
724e753c
MN		 1/*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
9afe19d6 7 * Daniel Lezcano <daniel.lezcano at free.fr>
724e753c
MN		 8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
250b1eec 21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
724e753c
MN		 22 */
23
d38dd64a
CB		 24#ifndef _GNU_SOURCE
25#define _GNU_SOURCE 1
26#endif
cf685555 27#include <caps.h>
724e753c 28#include <errno.h>
91480a0f 29#include <fcntl.h>
fe84a562 30#include <malloc.h>
37515ebd 31#include <poll.h>
fe84a562
CB		 32#include <signal.h>
33#include <stdio.h>
34#include <stdlib.h>
fe84a562 35#include <sys/param.h>
724e753c
MN		 36#include <sys/socket.h>
37#include <sys/un.h>
d38dd64a 38#include <unistd.h>
724e753c 39
fe84a562 40#include "af_unix.h"
f2363e38 41#include "cgroup.h"
724e753c 42#include "commands.h"
bbf5cf35 43#include "commands_utils.h"
fe84a562 44#include "conf.h"
d38dd64a 45#include "config.h"
ef6e34ee 46#include "confile.h"
fe84a562
CB		 47#include "log.h"
48#include "lxc.h"
dbc9832d 49#include "lxclock.h"
724e753c 50#include "mainloop.h"
dbc9832d 51#include "monitor.h"
fe84a562 52#include "start.h"
0ed9b1bc 53#include "terminal.h"
fe84a562 54#include "utils.h"
724e753c 55
ded1d23f 56/*
fe84a562
CB		 57 * This file provides the different functions for clients to query/command the
58 * server. The client is typically some lxc tool and the server is typically the
59 * container (ie. lxc-start).
ded1d23f 60 *
fe84a562
CB		 61 * Each command is transactional, the clients send a request to the server and
62 * the server answers the request with a message giving the request's status
63 * (zero or a negative errno value). Both the request and response may contain
64 * additional data.
ded1d23f 65 *
fe84a562
CB		 66 * Each command is wrapped in a ancillary message in order to pass a credential
67 * making possible to the server to check if the client is allowed to ask for
68 * this command or not.
80bcb053 69 *
fe84a562
CB		 70 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
71 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
72 * information to the end of cmd.data, then you must introduce a new
73 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
74 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
80bcb053
SH		 75 *
76 * This is necessary in order to avoid having a newly compiled lxc command
77 * communicating with a running (old) monitor from crashing the running
78 * container.
ded1d23f
DL		 79 */
80
ac2cecc4 81lxc_log_define(commands, lxc);
724e753c 82
ef6e34ee 83static const char *lxc_cmd_str(lxc_cmd_t cmd)
724e753c 84{
fe84a562 85 static const char *const cmdname[LXC_CMD_MAX] = {
974a8aba 86 [LXC_CMD_CONSOLE] = "console",
8ccbbf94 87 [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
974a8aba
CB		 88 [LXC_CMD_STOP] = "stop",
89 [LXC_CMD_GET_STATE] = "get_state",
90 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
91 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
92 [LXC_CMD_GET_CGROUP] = "get_cgroup",
93 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
94 [LXC_CMD_GET_NAME] = "get_name",
95 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
96 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
97 [LXC_CMD_CONSOLE_LOG] = "console_log",
98 [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
ef6e34ee 99 };
724e753c 100
f371aca9 101 if (cmd >= LXC_CMD_MAX)
a8007512 102 return "Invalid request";
fe84a562 103
ef6e34ee
DE		 104 return cmdname[cmd];
105}
106
107/*
108 * lxc_cmd_rsp_recv: Receive a response to a command
109 *
110 * @sock : the socket connected to the container
111 * @cmd : command to put response in
112 *
113 * Returns the size of the response message or < 0 on failure
114 *
115 * Note that if the command response datalen > 0, then data is
116 * a malloc()ed buffer and should be free()ed by the caller. If
117 * the response data is <= a void * worth of data, it will be
118 * stored directly in data and datalen will be 0.
119 *
120 * As a special case, the response for LXC_CMD_CONSOLE is created
0115f8fd
DE		 121 * here as it contains an fd for the master pty passed through the
122 * unix socket.
ef6e34ee
DE		 123 */
124static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
125{
2945ea97 126 int ret, rspfd;
ef6e34ee
DE		 127 struct lxc_cmd_rsp *rsp = &cmd->rsp;
128
ae467c54 129 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
ef6e34ee 130 if (ret < 0) {
a24c5678 131 SYSWARN("Failed to receive response for command \"%s\"",
132 lxc_cmd_str(cmd->req.cmd));
133
6b7f85cb 134 if (errno == ECONNRESET)
2a850b2c 135 return -1;
6b7f85cb 136
ef6e34ee
DE		 137 return -1;
138 }
fe84a562 139 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
ef6e34ee
DE		 140
141 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
142 struct lxc_cmd_console_rsp_data *rspdata;
143
0115f8fd
DE		 144 /* recv() returns 0 bytes when a tty cannot be allocated,
145 * rsp->ret is < 0 when the peer permission check failed
146 */
147 if (ret == 0 || rsp->ret < 0)
148 return 0;
149
ef6e34ee
DE		 150 rspdata = malloc(sizeof(*rspdata));
151 if (!rspdata) {
2a850b2c 152 errno = ENOMEM;
fe84a562 153 ERROR("Failed to allocate response buffer for command \"%s\"",
ef6e34ee 154 lxc_cmd_str(cmd->req.cmd));
2a850b2c 155 return -1;
ef6e34ee 156 }
2a850b2c 157
0115f8fd 158 rspdata->masterfd = rspfd;
ef6e34ee
DE		 159 rspdata->ttynum = PTR_TO_INT(rsp->data);
160 rsp->data = rspdata;
161 }
162
860e7c43 163 if (rsp->datalen == 0) {
fe84a562 164 DEBUG("Response data length for command \"%s\" is 0",
860e7c43 165 lxc_cmd_str(cmd->req.cmd));
ae5c8b8e 166 return ret;
860e7c43 167 }
fe84a562 168
191d43cc
CB		 169 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
170 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
2a850b2c
CB		 171 ERROR("Response data for command \"%s\" is too long: %d bytes > %d",
172 lxc_cmd_str(cmd->req.cmd), rsp->datalen, LXC_CMD_DATA_MAX);
173 return -1;
2ac9aafc 174 }
ef6e34ee 175
191d43cc
CB		 176 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
177 rsp->data = malloc(rsp->datalen + 1);
178 ((char *)rsp->data)[rsp->datalen] = '\0';
179 } else {
180 rsp->data = malloc(rsp->datalen);
181 }
ef6e34ee 182 if (!rsp->data) {
fe84a562 183 errno = ENOMEM;
2a850b2c
CB		 184 ERROR("Failed to allocate response buffer for command \"%s\"",
185 lxc_cmd_str(cmd->req.cmd));
186 return -1;
ef6e34ee 187 }
fe84a562 188
2a850b2c 189 ret = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
ef6e34ee 190 if (ret != rsp->datalen) {
6d1400b5 191 SYSERROR("Failed to receive response data for command \"%s\"",
192 lxc_cmd_str(cmd->req.cmd));
2a850b2c 193 return -1;
ef6e34ee 194 }
724e753c
MN		 195
196 return ret;
197}
198
ef6e34ee
DE		 199/*
200 * lxc_cmd_rsp_send: Send a command response
201 *
202 * @fd : file descriptor of socket to send response on
203 * @rsp : response to send
204 *
205 * Returns 0 on success, < 0 on failure
206 */
207static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
208{
fe84a562 209 ssize_t ret;
ef6e34ee 210
7fbb15ec
CB		 211 errno = EMSGSIZE;
212 ret = lxc_send_nointr(fd, rsp, sizeof(*rsp), MSG_NOSIGNAL);
fe84a562 213 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
6d1400b5 214 SYSERROR("Failed to send command response %zd", ret);
ef6e34ee
DE		 215 return -1;
216 }
217
a674dfe1 218 if (!rsp->data || rsp->datalen <= 0)
fe84a562
CB		 219 return 0;
220
7fbb15ec
CB		 221 errno = EMSGSIZE;
222 ret = lxc_send_nointr(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
fe84a562 223 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
a24c5678 224 SYSWARN("Failed to send command response data %zd", ret);
fe84a562 225 return -1;
ef6e34ee 226 }
fe84a562 227
ef6e34ee
DE		 228 return 0;
229}
230
c01c2be6 231static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
fe84a562 232 const char *lxcpath, const char *hashed_sock_name)
c01c2be6 233{
2a850b2c 234 int client_fd, saved_errno;
fe84a562 235 ssize_t ret = -1;
c01c2be6 236
9dfa4041 237 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
2a850b2c 238 if (client_fd < 0)
fe84a562 239 return -1;
c01c2be6 240
fe84a562
CB		 241 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
242 sizeof(cmd->req));
2a850b2c
CB		 243 if (ret < 0 || (size_t)ret != sizeof(cmd->req))
244 goto on_error;
9044b79e 245
fe84a562
CB		 246 if (cmd->req.datalen <= 0)
247 return client_fd;
c01c2be6 248
7fbb15ec
CB		 249 errno = EMSGSIZE;
250 ret = lxc_send_nointr(client_fd, (void *)cmd->req.data,
251 cmd->req.datalen, MSG_NOSIGNAL);
2a850b2c
CB		 252 if (ret < 0 || ret != (ssize_t)cmd->req.datalen)
253 goto on_error;
c01c2be6 254
2a850b2c 255 return client_fd;
c01c2be6 256
2a850b2c
CB		 257on_error:
258 saved_errno = errno;
259 close(client_fd);
260 errno = saved_errno;
c01c2be6 261
2a850b2c 262 return -1;
c01c2be6
CB		 263}
264
ef6e34ee
DE		 265/*
266 * lxc_cmd: Connect to the specified running container, send it a command
267 * request and collect the response
268 *
269 * @name : name of container to connect to
1e8cfdf6 270 * @cmd : command with initialized request to send
ef6e34ee
DE		 271 * @stopped : output indicator if the container was not running
272 * @lxcpath : the lxcpath in which the container is running
273 *
274 * Returns the size of the response message on success, < 0 on failure
275 *
276 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
277 * the fd cannot be closed because it is used as a placeholder to indicate
278 * that a particular tty slot is in use. The fd is also used as a signal to
279 * the container that when the caller dies or closes the fd, the container
0115f8fd
DE		 280 * will notice the fd on its side of the socket in its mainloop select and
281 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
282 * returned in the cmd response structure.
ef6e34ee
DE		 283 */
284static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
88556fd7 285 const char *lxcpath, const char *hashed_sock_name)
724e753c 286{
2a850b2c 287 int client_fd, saved_errno;
fe84a562 288 int ret = -1;
dbc9832d
CB		 289 bool stay_connected = false;
290
291 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
54446942 292 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
dbc9832d 293 stay_connected = true;
724e753c 294
0ecf64b5
SH		 295 *stopped = 0;
296
c01c2be6
CB		 297 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
298 if (client_fd < 0) {
7874d81a 299 SYSTRACE("Command \"%s\" failed to connect command socket",
300 lxc_cmd_str(cmd->req.cmd));
6a93ae77 301
2a850b2c 302 if (errno == ECONNREFUSED)
ef6e34ee 303 *stopped = 1;
3f903c04 304
2a850b2c 305 if (errno == EPIPE) {
6a93ae77
CB		 306 *stopped = 1;
307 client_fd = 0;
308 }
724e753c 309
2a850b2c 310 return -1;
724e753c
MN		 311 }
312
c01c2be6 313 ret = lxc_cmd_rsp_recv(client_fd, cmd);
2a850b2c 314 if (ret < 0 && errno == ECONNRESET)
6b7f85cb 315 *stopped = 1;
6a93ae77 316
4575a9f9 317 if (!stay_connected || ret <= 0)
2a850b2c
CB		 318 if (client_fd >= 0) {
319 saved_errno = errno;
2a7de7ea 320 close(client_fd);
2a850b2c
CB		 321 errno = saved_errno;
322 }
fe84a562 323
0115f8fd 324 if (stay_connected && ret > 0)
c01c2be6 325 cmd->rsp.ret = client_fd;
43eb6f29 326
1362f2eb 327 return ret;
724e753c
MN		 328}
329
b494d2dd
SH		 330int lxc_try_cmd(const char *name, const char *lxcpath)
331{
0ecf64b5 332 int stopped, ret;
b494d2dd
SH		 333 struct lxc_cmd_rr cmd = {
334 .req = { .cmd = LXC_CMD_GET_INIT_PID },
335 };
336
88556fd7 337 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
b494d2dd
SH		 338 if (stopped)
339 return 0;
340 if (ret > 0 && cmd.rsp.ret < 0) {
341 errno = cmd.rsp.ret;
342 return -1;
343 }
344 if (ret > 0)
345 return 0;
346
fe84a562
CB		 347 /* At this point we weren't denied access, and the container *was*
348 * started. There was some inexplicable error in the protocol. I'm not
349 * clear on whether we should return -1 here, but we didn't receive a
350 * -EACCES, so technically it's not that we're not allowed to control
351 * the container - it's just not behaving.
b494d2dd
SH		 352 */
353 return 0;
354}
355
ef6e34ee
DE		 356/* Implentations of the commands and their callbacks */
357
358/*
359 * lxc_cmd_get_init_pid: Get pid of the container's init process
360 *
361 * @name : name of container to connect to
362 * @lxcpath : the lxcpath in which the container is running
363 *
364 * Returns the pid on success, < 0 on failure
365 */
366pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
43eb6f29 367{
0ecf64b5 368 int ret, stopped;
9234406b 369 intmax_t pid;
ef6e34ee 370 struct lxc_cmd_rr cmd = {
e8cd1208
CB		 371 .req = {
372 .cmd = LXC_CMD_GET_INIT_PID
373 },
374 .rsp = {
9234406b 375 .data = INTMAX_TO_PTR((intmax_t){-1})
e8cd1208 376 }
ef6e34ee
DE		 377 };
378
88556fd7 379 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee 380 if (ret < 0)
8ed8a626 381 return -1;
ef6e34ee 382
9234406b
CB		 383 pid = PTR_TO_INTMAX(cmd.rsp.data);
384 if (pid < 0)
385 return -1;
386
387 /* We need to assume that pid_t can actually hold any pid given to us
388 * by the kernel. If it can't it's a libc bug.
389 */
390 return (pid_t)pid;
43eb6f29
DL		 391}
392
ef6e34ee
DE		 393static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
394 struct lxc_handler *handler)
43eb6f29 395{
54dcfd81
CB		 396 intmax_t pid = handler->pid;
397
9234406b 398 struct lxc_cmd_rsp rsp = {
54dcfd81 399 .data = INTMAX_TO_PTR(pid)
9234406b 400 };
ef6e34ee
DE		 401
402 return lxc_cmd_rsp_send(fd, &rsp);
43eb6f29
DL		 403}
404
ef6e34ee
DE		 405/*
406 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
407 *
408 * @name : name of container to connect to
409 * @lxcpath : the lxcpath in which the container is running
410 *
411 * Returns the clone flags on success, < 0 on failure
412 */
413int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
414{
0ecf64b5 415 int ret, stopped;
ef6e34ee
DE		 416 struct lxc_cmd_rr cmd = {
417 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
418 };
419
88556fd7 420 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 421 if (ret < 0)
422 return ret;
43eb6f29 423
ef6e34ee
DE		 424 return PTR_TO_INT(cmd.rsp.data);
425}
426
427static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
428 struct lxc_handler *handler)
26b2d152 429{
becad0ec 430 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->ns_clone_flags) };
ef6e34ee
DE		 431
432 return lxc_cmd_rsp_send(fd, &rsp);
433}
434
435/*
436 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
437 * particular subsystem. This is the cgroup path relative to the root
438 * of the cgroup filesystem.
439 *
ef6e34ee
DE		 440 * @name : name of container to connect to
441 * @lxcpath : the lxcpath in which the container is running
b98f7d6e 442 * @subsystem : the subsystem being asked about
ef6e34ee
DE		 443 *
444 * Returns the path on success, NULL on failure. The caller must free() the
445 * returned path.
446 */
b98f7d6e 447char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
fe84a562 448 const char *subsystem)
ef6e34ee 449{
0ecf64b5 450 int ret, stopped;
ef6e34ee 451 struct lxc_cmd_rr cmd = {
b98f7d6e
SH		 452 .req = {
453 .cmd = LXC_CMD_GET_CGROUP,
b98f7d6e 454 .data = subsystem,
c2aed66d 455 .datalen = 0,
b98f7d6e 456 },
26b2d152
MN		 457 };
458
c2aed66d
CB		 459 cmd.req.data = subsystem;
460 cmd.req.datalen = 0;
461 if (subsystem)
462 cmd.req.datalen = strlen(subsystem) + 1;
463
88556fd7 464 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
fe84a562 465 if (ret < 0)
ef6e34ee
DE		 466 return NULL;
467
fe84a562 468 if (ret == 0)
ef6e34ee 469 return NULL;
ef6e34ee 470
fe84a562 471 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
ef6e34ee 472 return NULL;
3f903c04 473
ef6e34ee
DE		 474 return cmd.rsp.data;
475}
476
477static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
478 struct lxc_handler *handler)
479{
4fb3cba5 480 const char *path;
fe84a562 481 struct lxc_cmd_rsp rsp;
2202afc9 482 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
b98f7d6e 483
c2aed66d 484 if (req->datalen > 0)
2202afc9 485 path = cgroup_ops->get_cgroup(cgroup_ops, req->data);
c2aed66d 486 else
2202afc9 487 path = cgroup_ops->get_cgroup(cgroup_ops, NULL);
b98f7d6e
SH		 488 if (!path)
489 return -1;
fe84a562 490
4f17323e 491 rsp.ret = 0;
fe84a562
CB		 492 rsp.datalen = strlen(path) + 1;
493 rsp.data = (char *)path;
ef6e34ee
DE		 494
495 return lxc_cmd_rsp_send(fd, &rsp);
496}
497
498/*
499 * lxc_cmd_get_config_item: Get config item the running container
500 *
501 * @name : name of container to connect to
7fa3f2e9 502 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
ef6e34ee
DE		 503 * @lxcpath : the lxcpath in which the container is running
504 *
505 * Returns the item on success, NULL on failure. The caller must free() the
506 * returned item.
507 */
508char *lxc_cmd_get_config_item(const char *name, const char *item,
509 const char *lxcpath)
510{
0ecf64b5 511 int ret, stopped;
ef6e34ee
DE		 512 struct lxc_cmd_rr cmd = {
513 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
514 .data = item,
fe84a562 515 .datalen = strlen(item) + 1,
ef6e34ee
DE		 516 },
517 };
518
88556fd7 519 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 520 if (ret < 0)
521 return NULL;
522
523 if (cmd.rsp.ret == 0)
524 return cmd.rsp.data;
fe84a562 525
ef6e34ee
DE		 526 return NULL;
527}
528
529static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
530 struct lxc_handler *handler)
531{
532 int cilen;
ef6e34ee 533 char *cidata;
30aec088 534 struct lxc_config_t *item;
fe84a562 535 struct lxc_cmd_rsp rsp;
ef6e34ee
DE		 536
537 memset(&rsp, 0, sizeof(rsp));
300df83e 538 item = lxc_get_config(req->data);
30aec088
CB		 539 if (!item)
540 goto err1;
fe84a562 541
cccd2219 542 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
ef6e34ee
DE		 543 if (cilen <= 0)
544 goto err1;
545
546 cidata = alloca(cilen + 1);
cccd2219 547 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
ef6e34ee 548 goto err1;
fe84a562 549
ef6e34ee
DE		 550 cidata[cilen] = '\0';
551 rsp.data = cidata;
552 rsp.datalen = cilen + 1;
553 rsp.ret = 0;
554 goto out;
555
556err1:
557 rsp.ret = -1;
558out:
559 return lxc_cmd_rsp_send(fd, &rsp);
560}
561
562/*
563 * lxc_cmd_get_state: Get current state of the container
564 *
565 * @name : name of container to connect to
566 * @lxcpath : the lxcpath in which the container is running
567 *
568 * Returns the state on success, < 0 on failure
569 */
dbc9832d 570int lxc_cmd_get_state(const char *name, const char *lxcpath)
ef6e34ee 571{
0ecf64b5 572 int ret, stopped;
ef6e34ee
DE		 573 struct lxc_cmd_rr cmd = {
574 .req = { .cmd = LXC_CMD_GET_STATE }
575 };
26b2d152 576
88556fd7 577 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ebdd307d 578 if (ret < 0 && stopped)
ef6e34ee
DE		 579 return STOPPED;
580
581 if (ret < 0)
26b2d152 582 return -1;
26b2d152 583
ef6e34ee 584 if (!ret) {
fe84a562 585 WARN("Container \"%s\" has stopped before sending its state", name);
ef6e34ee
DE		 586 return -1;
587 }
588
fe84a562 589 DEBUG("Container \"%s\" is in \"%s\" state", name,
ef6e34ee 590 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
fe84a562 591
ef6e34ee
DE		 592 return PTR_TO_INT(cmd.rsp.data);
593}
594
595static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
596 struct lxc_handler *handler)
597{
598 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
599
600 return lxc_cmd_rsp_send(fd, &rsp);
601}
602
603/*
604 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
605 * the processes running inside this container will be killed.
606 *
607 * @name : name of container to connect to
608 * @lxcpath : the lxcpath in which the container is running
609 *
610 * Returns 0 on success, < 0 on failure
611 */
612int lxc_cmd_stop(const char *name, const char *lxcpath)
613{
0ecf64b5 614 int ret, stopped;
ef6e34ee
DE		 615 struct lxc_cmd_rr cmd = {
616 .req = { .cmd = LXC_CMD_STOP },
617 };
618
88556fd7 619 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
26b2d152 620 if (ret < 0) {
ef6e34ee 621 if (stopped) {
fe84a562 622 INFO("Container \"%s\" is already stopped", name);
ef6e34ee
DE		 623 return 0;
624 }
fe84a562 625
26b2d152
MN		 626 return -1;
627 }
628
fe84a562
CB		 629 /* We do not expect any answer, because we wait for the connection to be
630 * closed.
95d5b147
SH		 631 */
632 if (ret > 0) {
6d1400b5 633 errno = -cmd.rsp.ret;
634 SYSERROR("Failed to stop container \"%s\"", name);
26b2d152
MN		 635 return -1;
636 }
637
fe84a562 638 INFO("Container \"%s\" has stopped", name);
ef6e34ee 639 return 0;
26b2d152
MN		 640}
641
ef6e34ee
DE		 642static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
643 struct lxc_handler *handler)
d5088cf2 644{
ef6e34ee 645 struct lxc_cmd_rsp rsp;
ef6e34ee 646 int stopsignal = SIGKILL;
2202afc9 647 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
ef6e34ee
DE		 648
649 if (handler->conf->stopsignal)
650 stopsignal = handler->conf->stopsignal;
651 memset(&rsp, 0, sizeof(rsp));
652 rsp.ret = kill(handler->pid, stopsignal);
653 if (!rsp.ret) {
fe84a562 654 /* We can't just use lxc_unfreeze() since we are already in the
4fb3cba5
DE		 655 * context of handling the STOP cmd in lxc-start, and calling
656 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
fe84a562 657 * deadlock us.
4fb3cba5 658 */
27a5132c 659 if (!cgroup_ops->get_cgroup(cgroup_ops, "freezer"))
d18d43da
SG		 660 return 0;
661
2202afc9 662 if (cgroup_ops->unfreeze(cgroup_ops))
95d5b147 663 return 0;
fe84a562
CB		 664
665 ERROR("Failed to unfreeze container \"%s\"", handler->name);
ecfcb3f0 666 rsp.ret = -1;
ef6e34ee
DE		 667 }
668
669 return lxc_cmd_rsp_send(fd, &rsp);
670}
d5088cf2 671
b5159817 672/*
8ccbbf94 673 * lxc_cmd_terminal_winch: To process as if a SIGWINCH were received
b5159817
DE		 674 *
675 * @name : name of container to connect to
676 * @lxcpath : the lxcpath in which the container is running
677 *
678 * Returns 0 on success, < 0 on failure
679 */
8ccbbf94 680int lxc_cmd_terminal_winch(const char *name, const char *lxcpath)
b5159817 681{
0ecf64b5 682 int ret, stopped;
b5159817 683 struct lxc_cmd_rr cmd = {
8ccbbf94 684 .req = { .cmd = LXC_CMD_TERMINAL_WINCH },
b5159817
DE		 685 };
686
88556fd7 687 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
b5159817
DE		 688 if (ret < 0)
689 return ret;
690
691 return 0;
692}
693
8ccbbf94
CB		 694static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
695 struct lxc_handler *handler)
b5159817
DE		 696{
697 struct lxc_cmd_rsp rsp = { .data = 0 };
698
dad4a039 699 lxc_terminal_sigwinch(SIGWINCH);
fe84a562 700
b5159817
DE		 701 return lxc_cmd_rsp_send(fd, &rsp);
702}
703
ef6e34ee
DE		 704/*
705 * lxc_cmd_console: Open an fd to a tty in the container
706 *
707 * @name : name of container to connect to
708 * @ttynum : in: the tty to open or -1 for next available
709 * : out: the tty allocated
710 * @fd : out: file descriptor for master side of pty
711 * @lxcpath : the lxcpath in which the container is running
712 *
0115f8fd 713 * Returns fd holding tty allocated on success, < 0 on failure
ef6e34ee
DE		 714 */
715int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
716{
0ecf64b5 717 int ret, stopped;
ef6e34ee
DE		 718 struct lxc_cmd_console_rsp_data *rspdata;
719 struct lxc_cmd_rr cmd = {
720 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
721 };
d5088cf2 722
88556fd7 723 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 724 if (ret < 0)
725 return ret;
0115f8fd
DE		 726
727 if (cmd.rsp.ret < 0) {
6d1400b5 728 errno = -cmd.rsp.ret;
729 SYSERROR("Denied access to tty");
ef6e34ee
DE		 730 ret = -1;
731 goto out;
732 }
d5088cf2 733
0115f8fd 734 if (ret == 0) {
fe84a562 735 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
0115f8fd 736 ret = -1;
ef6e34ee
DE		 737 goto out;
738 }
ef6e34ee
DE		 739
740 rspdata = cmd.rsp.data;
0115f8fd 741 if (rspdata->masterfd < 0) {
fe84a562 742 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
ef6e34ee
DE		 743 goto out;
744 }
745
fe84a562 746 ret = cmd.rsp.ret; /* socket fd */
0115f8fd 747 *fd = rspdata->masterfd;
ef6e34ee 748 *ttynum = rspdata->ttynum;
fe84a562
CB		 749 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
750
ef6e34ee
DE		 751out:
752 free(cmd.rsp.data);
753 return ret;
754}
755
756static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
757 struct lxc_handler *handler)
758{
fe84a562 759 int masterfd, ret;
ef6e34ee 760 struct lxc_cmd_rsp rsp;
fe84a562 761 int ttynum = PTR_TO_INT(req->data);
ef6e34ee 762
c1ee47cd 763 masterfd = lxc_terminal_allocate(handler->conf, fd, &ttynum);
b5159817 764 if (masterfd < 0)
ef6e34ee
DE		 765 goto out_close;
766
ef6e34ee
DE		 767 memset(&rsp, 0, sizeof(rsp));
768 rsp.data = INT_TO_PTR(ttynum);
fe84a562
CB		 769 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
770 if (ret < 0) {
9044b79e 771 SYSERROR("Failed to send tty to client");
3dfe6f8d 772 lxc_terminal_free(handler->conf, fd);
ef6e34ee
DE		 773 goto out_close;
774 }
775
ef6e34ee
DE		 776 return 0;
777
778out_close:
fe84a562
CB		 779 /* Special indicator to lxc_cmd_handler() to close the fd and do
780 * related cleanup.
ef6e34ee
DE		 781 */
782 return 1;
d5088cf2
CS		 783}
784
88556fd7
ÇO		 785/*
786 * lxc_cmd_get_name: Returns the name of the container
787 *
788 * @hashed_sock_name: hashed socket name
789 *
790 * Returns the name on success, NULL on failure.
791 */
792char *lxc_cmd_get_name(const char *hashed_sock_name)
793{
794 int ret, stopped;
795 struct lxc_cmd_rr cmd = {
796 .req = { .cmd = LXC_CMD_GET_NAME},
797 };
798
799 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
fe84a562 800 if (ret < 0)
88556fd7 801 return NULL;
88556fd7
ÇO		 802
803 if (cmd.rsp.ret == 0)
804 return cmd.rsp.data;
fe84a562 805
88556fd7
ÇO		 806 return NULL;
807}
808
809static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
fe84a562 810 struct lxc_handler *handler)
88556fd7
ÇO		 811{
812 struct lxc_cmd_rsp rsp;
813
814 memset(&rsp, 0, sizeof(rsp));
815
f0ecc19d 816 rsp.data = (char *)handler->name;
88556fd7
ÇO		 817 rsp.datalen = strlen(handler->name) + 1;
818 rsp.ret = 0;
819
820 return lxc_cmd_rsp_send(fd, &rsp);
821}
822
823/*
824 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
825 *
826 * @hashed_sock_name: hashed socket name
827 *
828 * Returns the lxcpath on success, NULL on failure.
829 */
830char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
831{
832 int ret, stopped;
833 struct lxc_cmd_rr cmd = {
834 .req = { .cmd = LXC_CMD_GET_LXCPATH},
835 };
724e753c 836
88556fd7 837 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
fe84a562 838 if (ret < 0)
88556fd7 839 return NULL;
88556fd7
ÇO		 840
841 if (cmd.rsp.ret == 0)
842 return cmd.rsp.data;
fe84a562 843
88556fd7
ÇO		 844 return NULL;
845}
846
847static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
848 struct lxc_handler *handler)
849{
850 struct lxc_cmd_rsp rsp;
851
852 memset(&rsp, 0, sizeof(rsp));
853
fe84a562 854 rsp.ret = 0;
88556fd7
ÇO		 855 rsp.data = (char *)handler->lxcpath;
856 rsp.datalen = strlen(handler->lxcpath) + 1;
88556fd7
ÇO		 857
858 return lxc_cmd_rsp_send(fd, &rsp);
859}
ef6e34ee 860
54446942 861int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
92e35018
CB		 862 lxc_state_t states[MAX_STATE],
863 int *state_client_fd)
dbc9832d 864{
bc631984 865 int state, stopped;
dbc9832d 866 ssize_t ret;
dbc9832d
CB		 867 struct lxc_cmd_rr cmd = {
868 .req = {
54446942 869 .cmd = LXC_CMD_ADD_STATE_CLIENT,
dbc9832d
CB		 870 .data = states,
871 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
872 },
873 };
874
dbc9832d 875 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
bc631984
CB		 876 if (states[STOPPED] != 0 && stopped != 0)
877 return STOPPED;
878
dbc9832d 879 if (ret < 0) {
f577e061 880 if (errno != ECONNREFUSED)
6d1400b5 881 SYSERROR("Failed to execute command");
882
dbc9832d
CB		 883 return -1;
884 }
fe84a562 885
dbc9832d
CB		 886 /* We should now be guaranteed to get an answer from the state sending
887 * function.
888 */
dbc9832d 889 if (cmd.rsp.ret < 0) {
6d1400b5 890 errno = -cmd.rsp.ret;
891 SYSERROR("Failed to receive socket fd");
dbc9832d
CB		 892 return -1;
893 }
894
bc631984
CB		 895 state = PTR_TO_INT(cmd.rsp.data);
896 if (state < MAX_STATE) {
44552fb2
CB		 897 TRACE("Container is already in requested state %s", lxc_state2str(state));
898 close(cmd.rsp.ret);
bc631984
CB		 899 return state;
900 }
901
92e35018 902 *state_client_fd = cmd.rsp.ret;
bc631984 903 TRACE("Added state client %d to state client list", cmd.rsp.ret);
92e35018 904 return MAX_STATE;
dbc9832d
CB		 905}
906
54446942
CB		 907static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
908 struct lxc_handler *handler)
dbc9832d 909{
44552fb2 910 int ret;
dbc9832d 911 struct lxc_cmd_rsp rsp = {0};
dbc9832d 912
fe84a562 913 if (req->datalen < 0)
44552fb2 914 goto reap_client_fd;
dbc9832d 915
fe84a562 916 if (req->datalen > (sizeof(lxc_state_t) * MAX_STATE))
44552fb2 917 goto reap_client_fd;
dbc9832d 918
fe84a562 919 if (!req->data)
44552fb2 920 goto reap_client_fd;
dbc9832d 921
c01c2be6 922 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
44552fb2
CB		 923 if (rsp.ret < 0)
924 goto reap_client_fd;
925
bc631984 926 rsp.data = INT_TO_PTR(rsp.ret);
dbc9832d 927
44552fb2
CB		 928 ret = lxc_cmd_rsp_send(fd, &rsp);
929 if (ret < 0)
930 goto reap_client_fd;
931
932 return 0;
933
934reap_client_fd:
935 /* Special indicator to lxc_cmd_handler() to close the fd and do related
936 * cleanup.
937 */
938 return 1;
dbc9832d
CB		 939}
940
191d43cc
CB		 941int lxc_cmd_console_log(const char *name, const char *lxcpath,
942 struct lxc_console_log *log)
943{
944 int ret, stopped;
945 struct lxc_cmd_console_log data;
946 struct lxc_cmd_rr cmd;
947
948 data.clear = log->clear;
949 data.read = log->read;
950 data.read_max = *log->read_max;
951
952 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
953 cmd.req.data = &data;
954 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
955
956 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
957 if (ret < 0)
958 return ret;
959
960 /* There is nothing to be read from the buffer. So clear any values we
961 * where passed to clearly indicate to the user that nothing went wrong.
962 */
63b74cda 963 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
191d43cc
CB		 964 *log->read_max = 0;
965 log->data = NULL;
966 }
967
968 /* This is a proper error so don't touch any values we were passed. */
969 if (cmd.rsp.ret < 0)
970 return cmd.rsp.ret;
971
972 *log->read_max = cmd.rsp.datalen;
973 log->data = cmd.rsp.data;
974
975 return 0;
976}
977
978static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
979 struct lxc_handler *handler)
980{
981 struct lxc_cmd_rsp rsp;
28f3b1cd 982 uint64_t buffer_size = handler->conf->console.buffer_size;
191d43cc
CB		 983 const struct lxc_cmd_console_log *log = req->data;
984 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
985
986 rsp.ret = -EFAULT;
987 rsp.datalen = 0;
988 rsp.data = NULL;
28f3b1cd 989 if (buffer_size <= 0)
191d43cc
CB		 990 goto out;
991
5928191e
CB		 992 if (log->read || log->write_logfile)
993 rsp.datalen = lxc_ringbuf_used(buf);
994
191d43cc
CB		 995 if (log->read)
996 rsp.data = lxc_ringbuf_get_read_addr(buf);
997
998 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
999 rsp.datalen = log->read_max;
1000
1001 /* there's nothing to read */
63b74cda 1002 rsp.ret = -ENODATA;
191d43cc 1003 if (log->read && (buf->r_off == buf->w_off))
63b74cda
CB		 1004 goto out;
1005
63b74cda 1006 rsp.ret = 0;
23e0d9af 1007 if (log->clear)
43366ca2 1008 lxc_ringbuf_clear(buf); /* clear the ringbuffer */
23e0d9af 1009 else if (rsp.datalen > 0)
191d43cc
CB		 1010 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
1011
1012out:
1013 return lxc_cmd_rsp_send(fd, &rsp);
1014}
1015
974a8aba
CB		 1016int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
1017 lxc_state_t state)
1018{
1019 int stopped;
1020 ssize_t ret;
1021 struct lxc_cmd_rr cmd = {
1022 .req = {
1023 .cmd = LXC_CMD_SERVE_STATE_CLIENTS,
1024 .data = INT_TO_PTR(state)
1025 },
1026 };
1027
1028 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
1029 if (ret < 0) {
6d1400b5 1030 SYSERROR("Failed to execute command");
974a8aba
CB		 1031 return -1;
1032 }
1033
1034 return 0;
1035}
1036
1037static int lxc_cmd_serve_state_clients_callback(int fd, struct lxc_cmd_req *req,
1038 struct lxc_handler *handler)
1039{
1040 int ret;
1041 lxc_state_t state = PTR_TO_INT(req->data);
1042 struct lxc_cmd_rsp rsp = {0};
1043
1044 ret = lxc_serve_state_clients(handler->name, handler, state);
1045 if (ret < 0)
1046 goto reap_client_fd;
1047
1048 ret = lxc_cmd_rsp_send(fd, &rsp);
1049 if (ret < 0)
1050 goto reap_client_fd;
1051
1052 return 0;
1053
1054reap_client_fd:
1055 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1056 * cleanup.
1057 */
1058 return 1;
1059}
1060
ef6e34ee 1061static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
ded1d23f 1062 struct lxc_handler *handler)
724e753c 1063{
ef6e34ee
DE		 1064 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1065
1066 callback cb[LXC_CMD_MAX] = {
974a8aba 1067 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
8ccbbf94 1068 [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
974a8aba
CB		 1069 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1070 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1071 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1072 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1073 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1074 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1075 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1076 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1077 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
1078 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
1079 [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
724e753c
MN		 1080 };
1081
f371aca9 1082 if (req->cmd >= LXC_CMD_MAX) {
fe84a562 1083 ERROR("Undefined command id %d", req->cmd);
724e753c 1084 return -1;
ef6e34ee
DE		 1085 }
1086 return cb[req->cmd](fd, req, handler);
724e753c
MN		 1087}
1088
ef6e34ee 1089static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
f6fc1565
CB		 1090 struct lxc_epoll_descr *descr,
1091 const lxc_cmd_t cmd)
724e753c 1092{
d39b10eb 1093 struct lxc_state_client *client;
f6fc1565
CB		 1094 struct lxc_list *cur, *next;
1095
3dfe6f8d 1096 lxc_terminal_free(handler->conf, fd);
724e753c 1097 lxc_mainloop_del_handler(descr, fd);
f6fc1565
CB		 1098 if (cmd != LXC_CMD_ADD_STATE_CLIENT) {
1099 close(fd);
1100 return;
1101 }
1102
d39b10eb 1103 lxc_list_for_each_safe(cur, &handler->conf->state_clients, next) {
f6fc1565
CB		 1104 client = cur->elem;
1105 if (client->clientfd != fd)
1106 continue;
1107
1108 /* kick client from list */
f6fc1565 1109 lxc_list_del(cur);
300d1cb4 1110 close(client->clientfd);
f6fc1565
CB		 1111 free(cur->elem);
1112 free(cur);
b1ca434a
CB		 1113 /* No need to walk the whole list. If we found the state client
1114 * fd there can't be a second one.
1115 */
1116 break;
f6fc1565 1117 }
724e753c
MN		 1118}
1119
84c92abd
DE		 1120static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1121 struct lxc_epoll_descr *descr)
724e753c
MN		 1122{
1123 int ret;
ef6e34ee 1124 struct lxc_cmd_req req;
191d43cc 1125 void *reqdata = NULL;
724e753c
MN		 1126 struct lxc_handler *handler = data;
1127
aae93dd3 1128 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
ded1d23f 1129 if (ret < 0) {
fe84a562 1130 SYSERROR("Failed to receive data on command socket for command "
9044b79e 1131 "\"%s\"", lxc_cmd_str(req.cmd));
1132
1133 if (errno == EACCES) {
1134 /* We don't care for the peer, just send and close. */
1135 struct lxc_cmd_rsp rsp = {.ret = ret};
1136
1137 lxc_cmd_rsp_send(fd, &rsp);
1138 }
1139
724e753c
MN		 1140 goto out_close;
1141 }
1142
fe84a562 1143 if (ret == 0)
724e753c 1144 goto out_close;
724e753c 1145
ef6e34ee 1146 if (ret != sizeof(req)) {
c01c2be6 1147 WARN("Failed to receive full command request. Ignoring request "
fe84a562 1148 "for \"%s\"", lxc_cmd_str(req.cmd));
ef6e34ee
DE		 1149 ret = -1;
1150 goto out_close;
1151 }
1152
191d43cc
CB		 1153 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1154 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
c01c2be6 1155 ERROR("Received command data length %d is too large for "
fe84a562
CB		 1156 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1157 errno = EFBIG;
1158 ret = -EFBIG;
724e753c
MN		 1159 goto out_close;
1160 }
1161
ef6e34ee 1162 if (req.datalen > 0) {
191d43cc
CB		 1163 /* LXC_CMD_CONSOLE_LOG needs to be able to allocate data
1164 * that exceeds LXC_CMD_DATA_MAX: use malloc() for that.
1165 */
1166 if (req.cmd == LXC_CMD_CONSOLE_LOG)
1167 reqdata = malloc(req.datalen);
1168 else
1169 reqdata = alloca(req.datalen);
1170 if (!reqdata) {
1171 ERROR("Failed to allocate memory for \"%s\" command",
1172 lxc_cmd_str(req.cmd));
1173 errno = ENOMEM;
1174 ret = -ENOMEM;
1175 goto out_close;
1176 }
ef6e34ee 1177
e3233f26 1178 ret = lxc_recv_nointr(fd, reqdata, req.datalen, 0);
ef6e34ee 1179 if (ret != req.datalen) {
c01c2be6 1180 WARN("Failed to receive full command request. Ignoring "
fe84a562 1181 "request for \"%s\"", lxc_cmd_str(req.cmd));
b2a48508 1182 ret = LXC_MAINLOOP_ERROR;
ef6e34ee
DE		 1183 goto out_close;
1184 }
fe84a562 1185
ef6e34ee
DE		 1186 req.data = reqdata;
1187 }
1188
1189 ret = lxc_cmd_process(fd, &req, handler);
724e753c 1190 if (ret) {
fe84a562 1191 /* This is not an error, but only a request to close fd. */
b2a48508 1192 ret = LXC_MAINLOOP_CONTINUE;
724e753c
MN		 1193 goto out_close;
1194 }
1195
1196out:
191d43cc
CB		 1197 if (req.cmd == LXC_CMD_CONSOLE_LOG && reqdata)
1198 free(reqdata);
1199
724e753c 1200 return ret;
fe84a562 1201
724e753c 1202out_close:
f6fc1565 1203 lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);
724e753c
MN		 1204 goto out;
1205}
1206
84c92abd
DE		 1207static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1208 struct lxc_epoll_descr *descr)
724e753c 1209{
fe84a562
CB		 1210 int connection;
1211 int opt = 1, ret = -1;
724e753c
MN		 1212
1213 connection = accept(fd, NULL, 0);
1214 if (connection < 0) {
08aa08fe 1215 SYSERROR("Failed to accept connection to run command.");
b2a48508 1216 return LXC_MAINLOOP_ERROR;
724e753c
MN		 1217 }
1218
fe84a562
CB		 1219 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1220 if (ret < 0) {
1221 SYSERROR("Failed to set close-on-exec on incoming command connection");
9ccb2dbc
DL		 1222 goto out_close;
1223 }
1224
fe84a562
CB		 1225 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1226 if (ret < 0) {
1227 SYSERROR("Failed to enable necessary credentials on command socket");
724e753c
MN		 1228 goto out_close;
1229 }
1230
ef6e34ee 1231 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
724e753c 1232 if (ret) {
fe84a562 1233 ERROR("Failed to add command handler");
724e753c
MN		 1234 goto out_close;
1235 }
1236
1237out:
1238 return ret;
1239
1240out_close:
1241 close(connection);
1242 goto out;
1243}
1244
9dfa4041 1245int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
724e753c 1246{
fe84a562 1247 int fd, len, ret;
b1234129 1248 char path[LXC_AUDS_ADDR_LEN] = {0};
46968ea3 1249 char *offset = &path[1];
724e753c 1250
6f2944c1
TA		 1251 /* -2 here because this is an abstract unix socket so it needs a
1252 * leading \0, and we null terminate, so it needs a trailing \0.
1253 * Although null termination isn't required by the API, we do it anyway
1254 * because we print the sockname out sometimes.
1255 */
860e7c43 1256 len = sizeof(path) - 2;
9dfa4041 1257 ret = lxc_make_abstract_socket_name(offset, len, name, lxcpath, NULL, suffix);
fe84a562 1258 if (ret < 0)
9ba8130c 1259 return -1;
9dfa4041 1260 TRACE("Creating abstract unix socket \"%s\"", offset);
724e753c 1261
aae93dd3 1262 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
724e753c 1263 if (fd < 0) {
6d1400b5 1264 SYSERROR("Failed to create command socket %s", offset);
08aa08fe 1265 if (errno == EADDRINUSE)
fe84a562 1266 ERROR("Container \"%s\" appears to be already running", name);
6d1400b5 1267
724e753c
MN		 1268 return -1;
1269 }
1270
fe84a562
CB		 1271 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1272 if (ret < 0) {
1273 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
91480a0f
DL		 1274 close(fd);
1275 return -1;
1276 }
1277
9dfa4041 1278 return fd;
d2e30e99
DE		 1279}
1280
fe84a562 1281int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
ef6e34ee 1282 struct lxc_handler *handler)
d2e30e99 1283{
fe84a562
CB		 1284 int ret;
1285 int fd = handler->conf->maincmd_fd;
d2e30e99 1286
ef6e34ee 1287 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
fe84a562
CB		 1288 if (ret < 0) {
1289 ERROR("Failed to add handler for command socket");
724e753c
MN		 1290 close(fd);
1291 }
1292
1293 return ret;
1294}
LXC mirror