]> git.proxmox.com Git - mirror_lxc.git/blame - src/lxc/commands.c
projects / mirror_lxc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
change defines for return value of handlers
[mirror_lxc.git] / src / lxc / commands.c
CommitLineData
724e753c
MN		 1/*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
9afe19d6 7 * Daniel Lezcano <daniel.lezcano at free.fr>
724e753c
MN		 8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
250b1eec 21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
724e753c
MN		 22 */
23
fe84a562
CB		 24#include "config.h"
25
cf685555 26#include <caps.h>
724e753c 27#include <errno.h>
91480a0f 28#include <fcntl.h>
fe84a562 29#include <malloc.h>
37515ebd 30#include <poll.h>
fe84a562
CB		 31#include <signal.h>
32#include <stdio.h>
33#include <stdlib.h>
34#include <unistd.h>
35#include <sys/param.h>
724e753c
MN		 36#include <sys/socket.h>
37#include <sys/un.h>
724e753c 38
fe84a562 39#include "af_unix.h"
f2363e38 40#include "cgroup.h"
724e753c 41#include "commands.h"
bbf5cf35 42#include "commands_utils.h"
fe84a562 43#include "conf.h"
ef6e34ee 44#include "confile.h"
fe84a562
CB		 45#include "log.h"
46#include "lxc.h"
dbc9832d 47#include "lxclock.h"
724e753c 48#include "mainloop.h"
dbc9832d 49#include "monitor.h"
fe84a562 50#include "start.h"
0ed9b1bc 51#include "terminal.h"
fe84a562 52#include "utils.h"
724e753c 53
ded1d23f 54/*
fe84a562
CB		 55 * This file provides the different functions for clients to query/command the
56 * server. The client is typically some lxc tool and the server is typically the
57 * container (ie. lxc-start).
ded1d23f 58 *
fe84a562
CB		 59 * Each command is transactional, the clients send a request to the server and
60 * the server answers the request with a message giving the request's status
61 * (zero or a negative errno value). Both the request and response may contain
62 * additional data.
ded1d23f 63 *
fe84a562
CB		 64 * Each command is wrapped in a ancillary message in order to pass a credential
65 * making possible to the server to check if the client is allowed to ask for
66 * this command or not.
80bcb053 67 *
fe84a562
CB		 68 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
69 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
70 * information to the end of cmd.data, then you must introduce a new
71 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
72 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
80bcb053
SH		 73 *
74 * This is necessary in order to avoid having a newly compiled lxc command
75 * communicating with a running (old) monitor from crashing the running
76 * container.
ded1d23f
DL		 77 */
78
724e753c
MN		 79lxc_log_define(lxc_commands, lxc);
80
ef6e34ee 81static const char *lxc_cmd_str(lxc_cmd_t cmd)
724e753c 82{
fe84a562 83 static const char *const cmdname[LXC_CMD_MAX] = {
974a8aba 84 [LXC_CMD_CONSOLE] = "console",
8ccbbf94 85 [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
974a8aba
CB		 86 [LXC_CMD_STOP] = "stop",
87 [LXC_CMD_GET_STATE] = "get_state",
88 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
89 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
90 [LXC_CMD_GET_CGROUP] = "get_cgroup",
91 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
92 [LXC_CMD_GET_NAME] = "get_name",
93 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
94 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
95 [LXC_CMD_CONSOLE_LOG] = "console_log",
96 [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
ef6e34ee 97 };
724e753c 98
f371aca9 99 if (cmd >= LXC_CMD_MAX)
ef6e34ee 100 return "Unknown cmd";
fe84a562 101
ef6e34ee
DE		 102 return cmdname[cmd];
103}
104
105/*
106 * lxc_cmd_rsp_recv: Receive a response to a command
107 *
108 * @sock : the socket connected to the container
109 * @cmd : command to put response in
110 *
111 * Returns the size of the response message or < 0 on failure
112 *
113 * Note that if the command response datalen > 0, then data is
114 * a malloc()ed buffer and should be free()ed by the caller. If
115 * the response data is <= a void * worth of data, it will be
116 * stored directly in data and datalen will be 0.
117 *
118 * As a special case, the response for LXC_CMD_CONSOLE is created
0115f8fd
DE		 119 * here as it contains an fd for the master pty passed through the
120 * unix socket.
ef6e34ee
DE		 121 */
122static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
123{
2945ea97 124 int ret, rspfd;
ef6e34ee
DE		 125 struct lxc_cmd_rsp *rsp = &cmd->rsp;
126
ae467c54 127 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
ef6e34ee 128 if (ret < 0) {
fe84a562
CB		 129 WARN("%s - Failed to receive response for command \"%s\"",
130 strerror(errno), lxc_cmd_str(cmd->req.cmd));
6b7f85cb
CB		 131 if (errno == ECONNRESET)
132 return -ECONNRESET;
133
ef6e34ee
DE		 134 return -1;
135 }
fe84a562 136 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
ef6e34ee
DE		 137
138 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
139 struct lxc_cmd_console_rsp_data *rspdata;
140
0115f8fd
DE		 141 /* recv() returns 0 bytes when a tty cannot be allocated,
142 * rsp->ret is < 0 when the peer permission check failed
143 */
144 if (ret == 0 || rsp->ret < 0)
145 return 0;
146
ef6e34ee
DE		 147 rspdata = malloc(sizeof(*rspdata));
148 if (!rspdata) {
fe84a562 149 ERROR("Failed to allocate response buffer for command \"%s\"",
ef6e34ee 150 lxc_cmd_str(cmd->req.cmd));
fe84a562 151 return -ENOMEM;
ef6e34ee 152 }
0115f8fd 153 rspdata->masterfd = rspfd;
ef6e34ee
DE		 154 rspdata->ttynum = PTR_TO_INT(rsp->data);
155 rsp->data = rspdata;
156 }
157
860e7c43 158 if (rsp->datalen == 0) {
fe84a562 159 DEBUG("Response data length for command \"%s\" is 0",
860e7c43 160 lxc_cmd_str(cmd->req.cmd));
ae5c8b8e 161 return ret;
860e7c43 162 }
fe84a562 163
191d43cc
CB		 164 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
165 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
ef6e34ee 166 errno = EFBIG;
fe84a562
CB		 167 ERROR("%s - Response data for command \"%s\" is too long: %d "
168 "bytes > %d", strerror(errno), lxc_cmd_str(cmd->req.cmd),
169 rsp->datalen, LXC_CMD_DATA_MAX);
170 return -EFBIG;
2ac9aafc 171 }
ef6e34ee 172
191d43cc
CB		 173 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
174 rsp->data = malloc(rsp->datalen + 1);
175 ((char *)rsp->data)[rsp->datalen] = '\0';
176 } else {
177 rsp->data = malloc(rsp->datalen);
178 }
ef6e34ee 179 if (!rsp->data) {
fe84a562
CB		 180 errno = ENOMEM;
181 ERROR("%s - Failed to allocate response buffer for command "
182 "\"%s\"", strerror(errno), lxc_cmd_str(cmd->req.cmd));
183 return -ENOMEM;
ef6e34ee 184 }
fe84a562 185
ef6e34ee
DE		 186 ret = recv(sock, rsp->data, rsp->datalen, 0);
187 if (ret != rsp->datalen) {
fe84a562 188 ERROR("%s - Failed to receive response data for command \"%s\"",
08aa08fe 189 lxc_cmd_str(cmd->req.cmd), strerror(errno));
ef6e34ee
DE		 190 if (ret >= 0)
191 ret = -1;
192 }
724e753c
MN		 193
194 return ret;
195}
196
ef6e34ee
DE		 197/*
198 * lxc_cmd_rsp_send: Send a command response
199 *
200 * @fd : file descriptor of socket to send response on
201 * @rsp : response to send
202 *
203 * Returns 0 on success, < 0 on failure
204 */
205static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
206{
fe84a562 207 ssize_t ret;
ef6e34ee
DE		 208
209 ret = send(fd, rsp, sizeof(*rsp), 0);
fe84a562
CB		 210 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
211 ERROR("%s - Failed to send command response %zd",
212 strerror(errno), ret);
ef6e34ee
DE		 213 return -1;
214 }
215
fe84a562
CB		 216 if (rsp->datalen <= 0)
217 return 0;
218
219 ret = send(fd, rsp->data, rsp->datalen, 0);
220 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
221 WARN("%s - Failed to send command response data %zd",
222 strerror(errno), ret);
223 return -1;
ef6e34ee 224 }
fe84a562 225
ef6e34ee
DE		 226 return 0;
227}
228
c01c2be6 229static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
fe84a562 230 const char *lxcpath, const char *hashed_sock_name)
c01c2be6
CB		 231{
232 int client_fd;
fe84a562 233 ssize_t ret = -1;
c01c2be6 234
9dfa4041 235 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
fe84a562
CB		 236 if (client_fd < 0) {
237 if (client_fd == -ECONNREFUSED)
238 return -ECONNREFUSED;
c01c2be6 239
fe84a562
CB		 240 return -1;
241 }
c01c2be6 242
fe84a562
CB		 243 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
244 sizeof(cmd->req));
245 if (ret < 0 || (size_t)ret != sizeof(cmd->req)) {
c01c2be6
CB		 246 close(client_fd);
247
248 if (errno == EPIPE)
249 return -EPIPE;
250
251 if (ret >= 0)
252 return -EMSGSIZE;
253
254 return -1;
255 }
256
fe84a562
CB		 257 if (cmd->req.datalen <= 0)
258 return client_fd;
c01c2be6 259
fe84a562
CB		 260 ret = send(client_fd, cmd->req.data, cmd->req.datalen, MSG_NOSIGNAL);
261 if (ret < 0 || ret != (ssize_t)cmd->req.datalen) {
262 close(client_fd);
c01c2be6 263
fe84a562
CB		 264 if (errno == EPIPE)
265 return -EPIPE;
c01c2be6 266
fe84a562
CB		 267 if (ret >= 0)
268 return -EMSGSIZE;
c01c2be6 269
fe84a562 270 return -1;
c01c2be6
CB		 271 }
272
273 return client_fd;
274}
275
ef6e34ee
DE		 276/*
277 * lxc_cmd: Connect to the specified running container, send it a command
278 * request and collect the response
279 *
280 * @name : name of container to connect to
1e8cfdf6 281 * @cmd : command with initialized request to send
ef6e34ee
DE		 282 * @stopped : output indicator if the container was not running
283 * @lxcpath : the lxcpath in which the container is running
284 *
285 * Returns the size of the response message on success, < 0 on failure
286 *
287 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
288 * the fd cannot be closed because it is used as a placeholder to indicate
289 * that a particular tty slot is in use. The fd is also used as a signal to
290 * the container that when the caller dies or closes the fd, the container
0115f8fd
DE		 291 * will notice the fd on its side of the socket in its mainloop select and
292 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
293 * returned in the cmd response structure.
ef6e34ee
DE		 294 */
295static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
88556fd7 296 const char *lxcpath, const char *hashed_sock_name)
724e753c 297{
fe84a562
CB		 298 int client_fd;
299 int ret = -1;
dbc9832d
CB		 300 bool stay_connected = false;
301
302 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
54446942 303 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
dbc9832d 304 stay_connected = true;
724e753c 305
0ecf64b5
SH		 306 *stopped = 0;
307
c01c2be6
CB		 308 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
309 if (client_fd < 0) {
fe84a562
CB		 310 TRACE("%s - Command \"%s\" failed to connect command socket",
311 strerror(errno), lxc_cmd_str(cmd->req.cmd));
c01c2be6 312 if (client_fd == -ECONNREFUSED) {
ef6e34ee 313 *stopped = 1;
c01c2be6 314 return -1;
3f903c04
CB		 315 }
316
c01c2be6 317 if (client_fd == -EPIPE)
6168ff15 318 goto epipe;
724e753c 319
c01c2be6 320 goto out;
724e753c
MN		 321 }
322
c01c2be6 323 ret = lxc_cmd_rsp_recv(client_fd, cmd);
6b7f85cb
CB		 324 if (ret == -ECONNRESET)
325 *stopped = 1;
724e753c 326out:
4575a9f9 327 if (!stay_connected || ret <= 0)
2a7de7ea
CB		 328 if (client_fd >= 0)
329 close(client_fd);
fe84a562 330
0115f8fd 331 if (stay_connected && ret > 0)
c01c2be6 332 cmd->rsp.ret = client_fd;
43eb6f29 333
1362f2eb 334 return ret;
6168ff15
SH		 335
336epipe:
6168ff15
SH		 337 *stopped = 1;
338 return 0;
724e753c
MN		 339}
340
b494d2dd
SH		 341int lxc_try_cmd(const char *name, const char *lxcpath)
342{
0ecf64b5 343 int stopped, ret;
b494d2dd
SH		 344 struct lxc_cmd_rr cmd = {
345 .req = { .cmd = LXC_CMD_GET_INIT_PID },
346 };
347
88556fd7 348 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
b494d2dd
SH		 349 if (stopped)
350 return 0;
351 if (ret > 0 && cmd.rsp.ret < 0) {
352 errno = cmd.rsp.ret;
353 return -1;
354 }
355 if (ret > 0)
356 return 0;
357
fe84a562
CB		 358 /* At this point we weren't denied access, and the container *was*
359 * started. There was some inexplicable error in the protocol. I'm not
360 * clear on whether we should return -1 here, but we didn't receive a
361 * -EACCES, so technically it's not that we're not allowed to control
362 * the container - it's just not behaving.
b494d2dd
SH		 363 */
364 return 0;
365}
366
ef6e34ee
DE		 367/* Implentations of the commands and their callbacks */
368
369/*
370 * lxc_cmd_get_init_pid: Get pid of the container's init process
371 *
372 * @name : name of container to connect to
373 * @lxcpath : the lxcpath in which the container is running
374 *
375 * Returns the pid on success, < 0 on failure
376 */
377pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
43eb6f29 378{
0ecf64b5 379 int ret, stopped;
ef6e34ee
DE		 380 struct lxc_cmd_rr cmd = {
381 .req = { .cmd = LXC_CMD_GET_INIT_PID },
382 };
383
88556fd7 384 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 385 if (ret < 0)
386 return ret;
387
388 return PTR_TO_INT(cmd.rsp.data);
43eb6f29
DL		 389}
390
ef6e34ee
DE		 391static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
392 struct lxc_handler *handler)
43eb6f29 393{
ef6e34ee
DE		 394 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->pid) };
395
396 return lxc_cmd_rsp_send(fd, &rsp);
43eb6f29
DL		 397}
398
ef6e34ee
DE		 399/*
400 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
401 *
402 * @name : name of container to connect to
403 * @lxcpath : the lxcpath in which the container is running
404 *
405 * Returns the clone flags on success, < 0 on failure
406 */
407int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
408{
0ecf64b5 409 int ret, stopped;
ef6e34ee
DE		 410 struct lxc_cmd_rr cmd = {
411 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
412 };
413
88556fd7 414 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 415 if (ret < 0)
416 return ret;
43eb6f29 417
ef6e34ee
DE		 418 return PTR_TO_INT(cmd.rsp.data);
419}
420
421static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
422 struct lxc_handler *handler)
26b2d152 423{
becad0ec 424 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->ns_clone_flags) };
ef6e34ee
DE		 425
426 return lxc_cmd_rsp_send(fd, &rsp);
427}
428
429/*
430 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
431 * particular subsystem. This is the cgroup path relative to the root
432 * of the cgroup filesystem.
433 *
ef6e34ee
DE		 434 * @name : name of container to connect to
435 * @lxcpath : the lxcpath in which the container is running
b98f7d6e 436 * @subsystem : the subsystem being asked about
ef6e34ee
DE		 437 *
438 * Returns the path on success, NULL on failure. The caller must free() the
439 * returned path.
440 */
b98f7d6e 441char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
fe84a562 442 const char *subsystem)
ef6e34ee 443{
0ecf64b5 444 int ret, stopped;
ef6e34ee 445 struct lxc_cmd_rr cmd = {
b98f7d6e
SH		 446 .req = {
447 .cmd = LXC_CMD_GET_CGROUP,
b98f7d6e 448 .data = subsystem,
c2aed66d 449 .datalen = 0,
b98f7d6e 450 },
26b2d152
MN		 451 };
452
c2aed66d
CB		 453 cmd.req.data = subsystem;
454 cmd.req.datalen = 0;
455 if (subsystem)
456 cmd.req.datalen = strlen(subsystem) + 1;
457
88556fd7 458 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
fe84a562 459 if (ret < 0)
ef6e34ee
DE		 460 return NULL;
461
fe84a562 462 if (ret == 0)
ef6e34ee 463 return NULL;
ef6e34ee 464
fe84a562 465 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
ef6e34ee 466 return NULL;
3f903c04 467
ef6e34ee
DE		 468 return cmd.rsp.data;
469}
470
471static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
472 struct lxc_handler *handler)
473{
4fb3cba5 474 const char *path;
fe84a562 475 struct lxc_cmd_rsp rsp;
2202afc9 476 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
b98f7d6e 477
c2aed66d 478 if (req->datalen > 0)
2202afc9 479 path = cgroup_ops->get_cgroup(cgroup_ops, req->data);
c2aed66d 480 else
2202afc9 481 path = cgroup_ops->get_cgroup(cgroup_ops, NULL);
b98f7d6e
SH		 482 if (!path)
483 return -1;
fe84a562 484
4f17323e 485 rsp.ret = 0;
fe84a562
CB		 486 rsp.datalen = strlen(path) + 1;
487 rsp.data = (char *)path;
ef6e34ee
DE		 488
489 return lxc_cmd_rsp_send(fd, &rsp);
490}
491
492/*
493 * lxc_cmd_get_config_item: Get config item the running container
494 *
495 * @name : name of container to connect to
7fa3f2e9 496 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
ef6e34ee
DE		 497 * @lxcpath : the lxcpath in which the container is running
498 *
499 * Returns the item on success, NULL on failure. The caller must free() the
500 * returned item.
501 */
502char *lxc_cmd_get_config_item(const char *name, const char *item,
503 const char *lxcpath)
504{
0ecf64b5 505 int ret, stopped;
ef6e34ee
DE		 506 struct lxc_cmd_rr cmd = {
507 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
508 .data = item,
fe84a562 509 .datalen = strlen(item) + 1,
ef6e34ee
DE		 510 },
511 };
512
88556fd7 513 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 514 if (ret < 0)
515 return NULL;
516
517 if (cmd.rsp.ret == 0)
518 return cmd.rsp.data;
fe84a562 519
ef6e34ee
DE		 520 return NULL;
521}
522
523static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
524 struct lxc_handler *handler)
525{
526 int cilen;
ef6e34ee 527 char *cidata;
30aec088 528 struct lxc_config_t *item;
fe84a562 529 struct lxc_cmd_rsp rsp;
ef6e34ee
DE		 530
531 memset(&rsp, 0, sizeof(rsp));
300df83e 532 item = lxc_get_config(req->data);
30aec088
CB		 533 if (!item)
534 goto err1;
fe84a562 535
cccd2219 536 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
ef6e34ee
DE		 537 if (cilen <= 0)
538 goto err1;
539
540 cidata = alloca(cilen + 1);
cccd2219 541 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
ef6e34ee 542 goto err1;
fe84a562 543
ef6e34ee
DE		 544 cidata[cilen] = '\0';
545 rsp.data = cidata;
546 rsp.datalen = cilen + 1;
547 rsp.ret = 0;
548 goto out;
549
550err1:
551 rsp.ret = -1;
552out:
553 return lxc_cmd_rsp_send(fd, &rsp);
554}
555
556/*
557 * lxc_cmd_get_state: Get current state of the container
558 *
559 * @name : name of container to connect to
560 * @lxcpath : the lxcpath in which the container is running
561 *
562 * Returns the state on success, < 0 on failure
563 */
dbc9832d 564int lxc_cmd_get_state(const char *name, const char *lxcpath)
ef6e34ee 565{
0ecf64b5 566 int ret, stopped;
ef6e34ee
DE		 567 struct lxc_cmd_rr cmd = {
568 .req = { .cmd = LXC_CMD_GET_STATE }
569 };
26b2d152 570
88556fd7 571 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ebdd307d 572 if (ret < 0 && stopped)
ef6e34ee
DE		 573 return STOPPED;
574
575 if (ret < 0)
26b2d152 576 return -1;
26b2d152 577
ef6e34ee 578 if (!ret) {
fe84a562 579 WARN("Container \"%s\" has stopped before sending its state", name);
ef6e34ee
DE		 580 return -1;
581 }
582
fe84a562 583 DEBUG("Container \"%s\" is in \"%s\" state", name,
ef6e34ee 584 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
fe84a562 585
ef6e34ee
DE		 586 return PTR_TO_INT(cmd.rsp.data);
587}
588
589static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
590 struct lxc_handler *handler)
591{
592 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
593
594 return lxc_cmd_rsp_send(fd, &rsp);
595}
596
597/*
598 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
599 * the processes running inside this container will be killed.
600 *
601 * @name : name of container to connect to
602 * @lxcpath : the lxcpath in which the container is running
603 *
604 * Returns 0 on success, < 0 on failure
605 */
606int lxc_cmd_stop(const char *name, const char *lxcpath)
607{
0ecf64b5 608 int ret, stopped;
ef6e34ee
DE		 609 struct lxc_cmd_rr cmd = {
610 .req = { .cmd = LXC_CMD_STOP },
611 };
612
88556fd7 613 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
26b2d152 614 if (ret < 0) {
ef6e34ee 615 if (stopped) {
fe84a562 616 INFO("Container \"%s\" is already stopped", name);
ef6e34ee
DE		 617 return 0;
618 }
fe84a562 619
26b2d152
MN		 620 return -1;
621 }
622
fe84a562
CB		 623 /* We do not expect any answer, because we wait for the connection to be
624 * closed.
95d5b147
SH		 625 */
626 if (ret > 0) {
fe84a562
CB		 627 ERROR("%s - Failed to stop container \"%s\"",
628 strerror(-cmd.rsp.ret), name);
26b2d152
MN		 629 return -1;
630 }
631
fe84a562 632 INFO("Container \"%s\" has stopped", name);
ef6e34ee 633 return 0;
26b2d152
MN		 634}
635
ef6e34ee
DE		 636static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
637 struct lxc_handler *handler)
d5088cf2 638{
ef6e34ee 639 struct lxc_cmd_rsp rsp;
ef6e34ee 640 int stopsignal = SIGKILL;
2202afc9 641 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
ef6e34ee
DE		 642
643 if (handler->conf->stopsignal)
644 stopsignal = handler->conf->stopsignal;
645 memset(&rsp, 0, sizeof(rsp));
646 rsp.ret = kill(handler->pid, stopsignal);
647 if (!rsp.ret) {
fe84a562 648 /* We can't just use lxc_unfreeze() since we are already in the
4fb3cba5
DE		 649 * context of handling the STOP cmd in lxc-start, and calling
650 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
fe84a562 651 * deadlock us.
4fb3cba5 652 */
2202afc9 653 if (cgroup_ops->unfreeze(cgroup_ops))
95d5b147 654 return 0;
fe84a562
CB		 655
656 ERROR("Failed to unfreeze container \"%s\"", handler->name);
ecfcb3f0 657 rsp.ret = -1;
ef6e34ee
DE		 658 }
659
660 return lxc_cmd_rsp_send(fd, &rsp);
661}
d5088cf2 662
b5159817 663/*
8ccbbf94 664 * lxc_cmd_terminal_winch: To process as if a SIGWINCH were received
b5159817
DE		 665 *
666 * @name : name of container to connect to
667 * @lxcpath : the lxcpath in which the container is running
668 *
669 * Returns 0 on success, < 0 on failure
670 */
8ccbbf94 671int lxc_cmd_terminal_winch(const char *name, const char *lxcpath)
b5159817 672{
0ecf64b5 673 int ret, stopped;
b5159817 674 struct lxc_cmd_rr cmd = {
8ccbbf94 675 .req = { .cmd = LXC_CMD_TERMINAL_WINCH },
b5159817
DE		 676 };
677
88556fd7 678 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
b5159817
DE		 679 if (ret < 0)
680 return ret;
681
682 return 0;
683}
684
8ccbbf94
CB		 685static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
686 struct lxc_handler *handler)
b5159817
DE		 687{
688 struct lxc_cmd_rsp rsp = { .data = 0 };
689
dad4a039 690 lxc_terminal_sigwinch(SIGWINCH);
fe84a562 691
b5159817
DE		 692 return lxc_cmd_rsp_send(fd, &rsp);
693}
694
ef6e34ee
DE		 695/*
696 * lxc_cmd_console: Open an fd to a tty in the container
697 *
698 * @name : name of container to connect to
699 * @ttynum : in: the tty to open or -1 for next available
700 * : out: the tty allocated
701 * @fd : out: file descriptor for master side of pty
702 * @lxcpath : the lxcpath in which the container is running
703 *
0115f8fd 704 * Returns fd holding tty allocated on success, < 0 on failure
ef6e34ee
DE		 705 */
706int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
707{
0ecf64b5 708 int ret, stopped;
ef6e34ee
DE		 709 struct lxc_cmd_console_rsp_data *rspdata;
710 struct lxc_cmd_rr cmd = {
711 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
712 };
d5088cf2 713
88556fd7 714 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 715 if (ret < 0)
716 return ret;
0115f8fd
DE		 717
718 if (cmd.rsp.ret < 0) {
fe84a562 719 ERROR("%s - Denied access to tty", strerror(-cmd.rsp.ret));
ef6e34ee
DE		 720 ret = -1;
721 goto out;
722 }
d5088cf2 723
0115f8fd 724 if (ret == 0) {
fe84a562 725 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
0115f8fd 726 ret = -1;
ef6e34ee
DE		 727 goto out;
728 }
ef6e34ee
DE		 729
730 rspdata = cmd.rsp.data;
0115f8fd 731 if (rspdata->masterfd < 0) {
fe84a562 732 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
ef6e34ee
DE		 733 goto out;
734 }
735
fe84a562 736 ret = cmd.rsp.ret; /* socket fd */
0115f8fd 737 *fd = rspdata->masterfd;
ef6e34ee 738 *ttynum = rspdata->ttynum;
fe84a562
CB		 739 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
740
ef6e34ee
DE		 741out:
742 free(cmd.rsp.data);
743 return ret;
744}
745
746static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
747 struct lxc_handler *handler)
748{
fe84a562 749 int masterfd, ret;
ef6e34ee 750 struct lxc_cmd_rsp rsp;
fe84a562 751 int ttynum = PTR_TO_INT(req->data);
ef6e34ee 752
c1ee47cd 753 masterfd = lxc_terminal_allocate(handler->conf, fd, &ttynum);
b5159817 754 if (masterfd < 0)
ef6e34ee
DE		 755 goto out_close;
756
ef6e34ee
DE		 757 memset(&rsp, 0, sizeof(rsp));
758 rsp.data = INT_TO_PTR(ttynum);
fe84a562
CB		 759 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
760 if (ret < 0) {
761 ERROR("Failed to send tty to client");
3dfe6f8d 762 lxc_terminal_free(handler->conf, fd);
ef6e34ee
DE		 763 goto out_close;
764 }
765
ef6e34ee
DE		 766 return 0;
767
768out_close:
fe84a562
CB		 769 /* Special indicator to lxc_cmd_handler() to close the fd and do
770 * related cleanup.
ef6e34ee
DE		 771 */
772 return 1;
d5088cf2
CS		 773}
774
88556fd7
ÇO		 775/*
776 * lxc_cmd_get_name: Returns the name of the container
777 *
778 * @hashed_sock_name: hashed socket name
779 *
780 * Returns the name on success, NULL on failure.
781 */
782char *lxc_cmd_get_name(const char *hashed_sock_name)
783{
784 int ret, stopped;
785 struct lxc_cmd_rr cmd = {
786 .req = { .cmd = LXC_CMD_GET_NAME},
787 };
788
789 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
fe84a562 790 if (ret < 0)
88556fd7 791 return NULL;
88556fd7
ÇO		 792
793 if (cmd.rsp.ret == 0)
794 return cmd.rsp.data;
fe84a562 795
88556fd7
ÇO		 796 return NULL;
797}
798
799static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
fe84a562 800 struct lxc_handler *handler)
88556fd7
ÇO		 801{
802 struct lxc_cmd_rsp rsp;
803
804 memset(&rsp, 0, sizeof(rsp));
805
f0ecc19d 806 rsp.data = (char *)handler->name;
88556fd7
ÇO		 807 rsp.datalen = strlen(handler->name) + 1;
808 rsp.ret = 0;
809
810 return lxc_cmd_rsp_send(fd, &rsp);
811}
812
813/*
814 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
815 *
816 * @hashed_sock_name: hashed socket name
817 *
818 * Returns the lxcpath on success, NULL on failure.
819 */
820char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
821{
822 int ret, stopped;
823 struct lxc_cmd_rr cmd = {
824 .req = { .cmd = LXC_CMD_GET_LXCPATH},
825 };
724e753c 826
88556fd7 827 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
fe84a562 828 if (ret < 0)
88556fd7 829 return NULL;
88556fd7
ÇO		 830
831 if (cmd.rsp.ret == 0)
832 return cmd.rsp.data;
fe84a562 833
88556fd7
ÇO		 834 return NULL;
835}
836
837static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
838 struct lxc_handler *handler)
839{
840 struct lxc_cmd_rsp rsp;
841
842 memset(&rsp, 0, sizeof(rsp));
843
fe84a562 844 rsp.ret = 0;
88556fd7
ÇO		 845 rsp.data = (char *)handler->lxcpath;
846 rsp.datalen = strlen(handler->lxcpath) + 1;
88556fd7
ÇO		 847
848 return lxc_cmd_rsp_send(fd, &rsp);
849}
ef6e34ee 850
54446942 851int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
92e35018
CB		 852 lxc_state_t states[MAX_STATE],
853 int *state_client_fd)
dbc9832d 854{
bc631984 855 int state, stopped;
dbc9832d 856 ssize_t ret;
dbc9832d
CB		 857 struct lxc_cmd_rr cmd = {
858 .req = {
54446942 859 .cmd = LXC_CMD_ADD_STATE_CLIENT,
dbc9832d
CB		 860 .data = states,
861 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
862 },
863 };
864
dbc9832d 865 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
bc631984
CB		 866 if (states[STOPPED] != 0 && stopped != 0)
867 return STOPPED;
868
dbc9832d 869 if (ret < 0) {
f577e061
CB		 870 if (errno != ECONNREFUSED)
871 ERROR("%s - Failed to execute command", strerror(errno));
dbc9832d
CB		 872 return -1;
873 }
fe84a562 874
dbc9832d
CB		 875 /* We should now be guaranteed to get an answer from the state sending
876 * function.
877 */
dbc9832d 878 if (cmd.rsp.ret < 0) {
bc631984 879 ERROR("%s - Failed to receive socket fd", strerror(-cmd.rsp.ret));
dbc9832d
CB		 880 return -1;
881 }
882
bc631984
CB		 883 state = PTR_TO_INT(cmd.rsp.data);
884 if (state < MAX_STATE) {
44552fb2
CB		 885 TRACE("Container is already in requested state %s", lxc_state2str(state));
886 close(cmd.rsp.ret);
bc631984
CB		 887 return state;
888 }
889
92e35018 890 *state_client_fd = cmd.rsp.ret;
bc631984 891 TRACE("Added state client %d to state client list", cmd.rsp.ret);
92e35018 892 return MAX_STATE;
dbc9832d
CB		 893}
894
54446942
CB		 895static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
896 struct lxc_handler *handler)
dbc9832d 897{
44552fb2 898 int ret;
dbc9832d 899 struct lxc_cmd_rsp rsp = {0};
dbc9832d 900
fe84a562 901 if (req->datalen < 0)
44552fb2 902 goto reap_client_fd;
dbc9832d 903
fe84a562 904 if (req->datalen > (sizeof(lxc_state_t) * MAX_STATE))
44552fb2 905 goto reap_client_fd;
dbc9832d 906
fe84a562 907 if (!req->data)
44552fb2 908 goto reap_client_fd;
dbc9832d 909
c01c2be6 910 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
44552fb2
CB		 911 if (rsp.ret < 0)
912 goto reap_client_fd;
913
bc631984 914 rsp.data = INT_TO_PTR(rsp.ret);
dbc9832d 915
44552fb2
CB		 916 ret = lxc_cmd_rsp_send(fd, &rsp);
917 if (ret < 0)
918 goto reap_client_fd;
919
920 return 0;
921
922reap_client_fd:
923 /* Special indicator to lxc_cmd_handler() to close the fd and do related
924 * cleanup.
925 */
926 return 1;
dbc9832d
CB		 927}
928
191d43cc
CB		 929int lxc_cmd_console_log(const char *name, const char *lxcpath,
930 struct lxc_console_log *log)
931{
932 int ret, stopped;
933 struct lxc_cmd_console_log data;
934 struct lxc_cmd_rr cmd;
935
936 data.clear = log->clear;
937 data.read = log->read;
938 data.read_max = *log->read_max;
939
940 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
941 cmd.req.data = &data;
942 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
943
944 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
945 if (ret < 0)
946 return ret;
947
948 /* There is nothing to be read from the buffer. So clear any values we
949 * where passed to clearly indicate to the user that nothing went wrong.
950 */
63b74cda 951 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
191d43cc
CB		 952 *log->read_max = 0;
953 log->data = NULL;
954 }
955
956 /* This is a proper error so don't touch any values we were passed. */
957 if (cmd.rsp.ret < 0)
958 return cmd.rsp.ret;
959
960 *log->read_max = cmd.rsp.datalen;
961 log->data = cmd.rsp.data;
962
963 return 0;
964}
965
966static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
967 struct lxc_handler *handler)
968{
969 struct lxc_cmd_rsp rsp;
28f3b1cd 970 uint64_t buffer_size = handler->conf->console.buffer_size;
191d43cc
CB		 971 const struct lxc_cmd_console_log *log = req->data;
972 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
973
974 rsp.ret = -EFAULT;
975 rsp.datalen = 0;
976 rsp.data = NULL;
28f3b1cd 977 if (buffer_size <= 0)
191d43cc
CB		 978 goto out;
979
5928191e
CB		 980 if (log->read || log->write_logfile)
981 rsp.datalen = lxc_ringbuf_used(buf);
982
191d43cc
CB		 983 if (log->read)
984 rsp.data = lxc_ringbuf_get_read_addr(buf);
985
986 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
987 rsp.datalen = log->read_max;
988
989 /* there's nothing to read */
63b74cda 990 rsp.ret = -ENODATA;
191d43cc 991 if (log->read && (buf->r_off == buf->w_off))
63b74cda
CB		 992 goto out;
993
63b74cda 994 rsp.ret = 0;
23e0d9af 995 if (log->clear)
43366ca2 996 lxc_ringbuf_clear(buf); /* clear the ringbuffer */
23e0d9af 997 else if (rsp.datalen > 0)
191d43cc
CB		 998 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
999
1000out:
1001 return lxc_cmd_rsp_send(fd, &rsp);
1002}
1003
974a8aba
CB		 1004int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
1005 lxc_state_t state)
1006{
1007 int stopped;
1008 ssize_t ret;
1009 struct lxc_cmd_rr cmd = {
1010 .req = {
1011 .cmd = LXC_CMD_SERVE_STATE_CLIENTS,
1012 .data = INT_TO_PTR(state)
1013 },
1014 };
1015
1016 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
1017 if (ret < 0) {
1018 ERROR("%s - Failed to execute command", strerror(errno));
1019 return -1;
1020 }
1021
1022 return 0;
1023}
1024
1025static int lxc_cmd_serve_state_clients_callback(int fd, struct lxc_cmd_req *req,
1026 struct lxc_handler *handler)
1027{
1028 int ret;
1029 lxc_state_t state = PTR_TO_INT(req->data);
1030 struct lxc_cmd_rsp rsp = {0};
1031
1032 ret = lxc_serve_state_clients(handler->name, handler, state);
1033 if (ret < 0)
1034 goto reap_client_fd;
1035
1036 ret = lxc_cmd_rsp_send(fd, &rsp);
1037 if (ret < 0)
1038 goto reap_client_fd;
1039
1040 return 0;
1041
1042reap_client_fd:
1043 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1044 * cleanup.
1045 */
1046 return 1;
1047}
1048
ef6e34ee 1049static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
ded1d23f 1050 struct lxc_handler *handler)
724e753c 1051{
ef6e34ee
DE		 1052 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1053
1054 callback cb[LXC_CMD_MAX] = {
974a8aba 1055 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
8ccbbf94 1056 [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
974a8aba
CB		 1057 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1058 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1059 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1060 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1061 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1062 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1063 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1064 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1065 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
1066 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
1067 [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
724e753c
MN		 1068 };
1069
f371aca9 1070 if (req->cmd >= LXC_CMD_MAX) {
fe84a562 1071 ERROR("Undefined command id %d", req->cmd);
724e753c 1072 return -1;
ef6e34ee
DE		 1073 }
1074 return cb[req->cmd](fd, req, handler);
724e753c
MN		 1075}
1076
ef6e34ee 1077static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
f6fc1565
CB		 1078 struct lxc_epoll_descr *descr,
1079 const lxc_cmd_t cmd)
724e753c 1080{
d39b10eb 1081 struct lxc_state_client *client;
f6fc1565
CB		 1082 struct lxc_list *cur, *next;
1083
3dfe6f8d 1084 lxc_terminal_free(handler->conf, fd);
724e753c 1085 lxc_mainloop_del_handler(descr, fd);
f6fc1565
CB		 1086 if (cmd != LXC_CMD_ADD_STATE_CLIENT) {
1087 close(fd);
1088 return;
1089 }
1090
d39b10eb 1091 lxc_list_for_each_safe(cur, &handler->conf->state_clients, next) {
f6fc1565
CB		 1092 client = cur->elem;
1093 if (client->clientfd != fd)
1094 continue;
1095
1096 /* kick client from list */
f6fc1565 1097 lxc_list_del(cur);
300d1cb4 1098 close(client->clientfd);
f6fc1565
CB		 1099 free(cur->elem);
1100 free(cur);
b1ca434a
CB		 1101 /* No need to walk the whole list. If we found the state client
1102 * fd there can't be a second one.
1103 */
1104 break;
f6fc1565 1105 }
724e753c
MN		 1106}
1107
84c92abd
DE		 1108static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1109 struct lxc_epoll_descr *descr)
724e753c
MN		 1110{
1111 int ret;
ef6e34ee 1112 struct lxc_cmd_req req;
191d43cc 1113 void *reqdata = NULL;
724e753c
MN		 1114 struct lxc_handler *handler = data;
1115
aae93dd3 1116 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
0a3ec350 1117 if (ret == -EACCES) {
fe84a562
CB		 1118 /* We don't care for the peer, just send and close. */
1119 struct lxc_cmd_rsp rsp = {.ret = ret};
ef6e34ee
DE		 1120
1121 lxc_cmd_rsp_send(fd, &rsp);
3cc5de36 1122 goto out_close;
ded1d23f
DL		 1123 }
1124
1125 if (ret < 0) {
fe84a562
CB		 1126 SYSERROR("Failed to receive data on command socket for command "
1127 "\"%s\"", lxc_cmd_str(req.cmd));
724e753c
MN		 1128 goto out_close;
1129 }
1130
fe84a562 1131 if (ret == 0)
724e753c 1132 goto out_close;
724e753c 1133
ef6e34ee 1134 if (ret != sizeof(req)) {
c01c2be6 1135 WARN("Failed to receive full command request. Ignoring request "
fe84a562 1136 "for \"%s\"", lxc_cmd_str(req.cmd));
ef6e34ee
DE		 1137 ret = -1;
1138 goto out_close;
1139 }
1140
191d43cc
CB		 1141 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1142 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
c01c2be6 1143 ERROR("Received command data length %d is too large for "
fe84a562
CB		 1144 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1145 errno = EFBIG;
1146 ret = -EFBIG;
724e753c
MN		 1147 goto out_close;
1148 }
1149
ef6e34ee 1150 if (req.datalen > 0) {
191d43cc
CB		 1151 /* LXC_CMD_CONSOLE_LOG needs to be able to allocate data
1152 * that exceeds LXC_CMD_DATA_MAX: use malloc() for that.
1153 */
1154 if (req.cmd == LXC_CMD_CONSOLE_LOG)
1155 reqdata = malloc(req.datalen);
1156 else
1157 reqdata = alloca(req.datalen);
1158 if (!reqdata) {
1159 ERROR("Failed to allocate memory for \"%s\" command",
1160 lxc_cmd_str(req.cmd));
1161 errno = ENOMEM;
1162 ret = -ENOMEM;
1163 goto out_close;
1164 }
ef6e34ee 1165
ef6e34ee
DE		 1166 ret = recv(fd, reqdata, req.datalen, 0);
1167 if (ret != req.datalen) {
c01c2be6 1168 WARN("Failed to receive full command request. Ignoring "
fe84a562 1169 "request for \"%s\"", lxc_cmd_str(req.cmd));
b2a48508 1170 ret = LXC_MAINLOOP_ERROR;
ef6e34ee
DE		 1171 goto out_close;
1172 }
fe84a562 1173
ef6e34ee
DE		 1174 req.data = reqdata;
1175 }
1176
1177 ret = lxc_cmd_process(fd, &req, handler);
724e753c 1178 if (ret) {
fe84a562 1179 /* This is not an error, but only a request to close fd. */
b2a48508 1180 ret = LXC_MAINLOOP_CONTINUE;
724e753c
MN		 1181 goto out_close;
1182 }
1183
1184out:
191d43cc
CB		 1185 if (req.cmd == LXC_CMD_CONSOLE_LOG && reqdata)
1186 free(reqdata);
1187
724e753c 1188 return ret;
fe84a562 1189
724e753c 1190out_close:
f6fc1565 1191 lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);
724e753c
MN		 1192 goto out;
1193}
1194
84c92abd
DE		 1195static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1196 struct lxc_epoll_descr *descr)
724e753c 1197{
fe84a562
CB		 1198 int connection;
1199 int opt = 1, ret = -1;
724e753c
MN		 1200
1201 connection = accept(fd, NULL, 0);
1202 if (connection < 0) {
08aa08fe 1203 SYSERROR("Failed to accept connection to run command.");
b2a48508 1204 return LXC_MAINLOOP_ERROR;
724e753c
MN		 1205 }
1206
fe84a562
CB		 1207 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1208 if (ret < 0) {
1209 SYSERROR("Failed to set close-on-exec on incoming command connection");
9ccb2dbc
DL		 1210 goto out_close;
1211 }
1212
fe84a562
CB		 1213 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1214 if (ret < 0) {
1215 SYSERROR("Failed to enable necessary credentials on command socket");
724e753c
MN		 1216 goto out_close;
1217 }
1218
ef6e34ee 1219 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
724e753c 1220 if (ret) {
fe84a562 1221 ERROR("Failed to add command handler");
724e753c
MN		 1222 goto out_close;
1223 }
1224
1225out:
1226 return ret;
1227
1228out_close:
1229 close(connection);
1230 goto out;
1231}
1232
9dfa4041 1233int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
724e753c 1234{
fe84a562
CB		 1235 int fd, len, ret;
1236 char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = {0};
46968ea3 1237 char *offset = &path[1];
724e753c 1238
6f2944c1
TA		 1239 /* -2 here because this is an abstract unix socket so it needs a
1240 * leading \0, and we null terminate, so it needs a trailing \0.
1241 * Although null termination isn't required by the API, we do it anyway
1242 * because we print the sockname out sometimes.
1243 */
860e7c43 1244 len = sizeof(path) - 2;
9dfa4041 1245 ret = lxc_make_abstract_socket_name(offset, len, name, lxcpath, NULL, suffix);
fe84a562 1246 if (ret < 0)
9ba8130c 1247 return -1;
9dfa4041 1248 TRACE("Creating abstract unix socket \"%s\"", offset);
724e753c 1249
aae93dd3 1250 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
724e753c 1251 if (fd < 0) {
fe84a562
CB		 1252 ERROR("%s - Failed to create command socket %s",
1253 strerror(errno), offset);
08aa08fe 1254 if (errno == EADDRINUSE)
fe84a562 1255 ERROR("Container \"%s\" appears to be already running", name);
724e753c
MN		 1256 return -1;
1257 }
1258
fe84a562
CB		 1259 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1260 if (ret < 0) {
1261 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
91480a0f
DL		 1262 close(fd);
1263 return -1;
1264 }
1265
9dfa4041 1266 return fd;
d2e30e99
DE		 1267}
1268
fe84a562 1269int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
ef6e34ee 1270 struct lxc_handler *handler)
d2e30e99 1271{
fe84a562
CB		 1272 int ret;
1273 int fd = handler->conf->maincmd_fd;
d2e30e99 1274
ef6e34ee 1275 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
fe84a562
CB		 1276 if (ret < 0) {
1277 ERROR("Failed to add handler for command socket");
724e753c
MN		 1278 close(fd);
1279 }
1280
1281 return ret;
1282}
LXC mirror