]>
Commit | Line | Data |
---|---|---|
724e753c MN |
1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2009 | |
5 | * | |
6 | * Authors: | |
9afe19d6 | 7 | * Daniel Lezcano <daniel.lezcano at free.fr> |
724e753c MN |
8 | * |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
250b1eec | 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
724e753c MN |
22 | */ |
23 | ||
fe84a562 CB |
24 | #include "config.h" |
25 | ||
cf685555 | 26 | #include <caps.h> |
724e753c | 27 | #include <errno.h> |
91480a0f | 28 | #include <fcntl.h> |
fe84a562 | 29 | #include <malloc.h> |
37515ebd | 30 | #include <poll.h> |
fe84a562 CB |
31 | #include <signal.h> |
32 | #include <stdio.h> | |
33 | #include <stdlib.h> | |
34 | #include <unistd.h> | |
35 | #include <sys/param.h> | |
724e753c MN |
36 | #include <sys/socket.h> |
37 | #include <sys/un.h> | |
724e753c | 38 | |
fe84a562 | 39 | #include "af_unix.h" |
f2363e38 | 40 | #include "cgroup.h" |
724e753c | 41 | #include "commands.h" |
bbf5cf35 | 42 | #include "commands_utils.h" |
fe84a562 | 43 | #include "conf.h" |
ef6e34ee | 44 | #include "confile.h" |
fe84a562 CB |
45 | #include "console.h" |
46 | #include "log.h" | |
47 | #include "lxc.h" | |
dbc9832d | 48 | #include "lxclock.h" |
724e753c | 49 | #include "mainloop.h" |
dbc9832d | 50 | #include "monitor.h" |
fe84a562 CB |
51 | #include "start.h" |
52 | #include "utils.h" | |
724e753c | 53 | |
ded1d23f | 54 | /* |
fe84a562 CB |
55 | * This file provides the different functions for clients to query/command the |
56 | * server. The client is typically some lxc tool and the server is typically the | |
57 | * container (ie. lxc-start). | |
ded1d23f | 58 | * |
fe84a562 CB |
59 | * Each command is transactional, the clients send a request to the server and |
60 | * the server answers the request with a message giving the request's status | |
61 | * (zero or a negative errno value). Both the request and response may contain | |
62 | * additional data. | |
ded1d23f | 63 | * |
fe84a562 CB |
64 | * Each command is wrapped in a ancillary message in order to pass a credential |
65 | * making possible to the server to check if the client is allowed to ask for | |
66 | * this command or not. | |
80bcb053 | 67 | * |
fe84a562 CB |
68 | * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish |
69 | * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding | |
70 | * information to the end of cmd.data, then you must introduce a new | |
71 | * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also | |
72 | * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h. | |
80bcb053 SH |
73 | * |
74 | * This is necessary in order to avoid having a newly compiled lxc command | |
75 | * communicating with a running (old) monitor from crashing the running | |
76 | * container. | |
ded1d23f DL |
77 | */ |
78 | ||
724e753c MN |
79 | lxc_log_define(lxc_commands, lxc); |
80 | ||
ef6e34ee | 81 | static const char *lxc_cmd_str(lxc_cmd_t cmd) |
724e753c | 82 | { |
fe84a562 | 83 | static const char *const cmdname[LXC_CMD_MAX] = { |
54446942 | 84 | [LXC_CMD_CONSOLE] = "console", |
86a78f17 | 85 | [LXC_CMD_CONSOLE_WINCH] = "console_winch", |
54446942 CB |
86 | [LXC_CMD_STOP] = "stop", |
87 | [LXC_CMD_GET_STATE] = "get_state", | |
88 | [LXC_CMD_GET_INIT_PID] = "get_init_pid", | |
89 | [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags", | |
90 | [LXC_CMD_GET_CGROUP] = "get_cgroup", | |
91 | [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item", | |
92 | [LXC_CMD_GET_NAME] = "get_name", | |
93 | [LXC_CMD_GET_LXCPATH] = "get_lxcpath", | |
94 | [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client", | |
0d9cd9c3 | 95 | [LXC_CMD_SET_CONFIG_ITEM] = "set_config_item", |
191d43cc | 96 | [LXC_CMD_CONSOLE_LOG] = "console_log", |
ef6e34ee | 97 | }; |
724e753c | 98 | |
f371aca9 | 99 | if (cmd >= LXC_CMD_MAX) |
ef6e34ee | 100 | return "Unknown cmd"; |
fe84a562 | 101 | |
ef6e34ee DE |
102 | return cmdname[cmd]; |
103 | } | |
104 | ||
105 | /* | |
106 | * lxc_cmd_rsp_recv: Receive a response to a command | |
107 | * | |
108 | * @sock : the socket connected to the container | |
109 | * @cmd : command to put response in | |
110 | * | |
111 | * Returns the size of the response message or < 0 on failure | |
112 | * | |
113 | * Note that if the command response datalen > 0, then data is | |
114 | * a malloc()ed buffer and should be free()ed by the caller. If | |
115 | * the response data is <= a void * worth of data, it will be | |
116 | * stored directly in data and datalen will be 0. | |
117 | * | |
118 | * As a special case, the response for LXC_CMD_CONSOLE is created | |
0115f8fd DE |
119 | * here as it contains an fd for the master pty passed through the |
120 | * unix socket. | |
ef6e34ee DE |
121 | */ |
122 | static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd) | |
123 | { | |
2945ea97 | 124 | int ret, rspfd; |
ef6e34ee DE |
125 | struct lxc_cmd_rsp *rsp = &cmd->rsp; |
126 | ||
ae467c54 | 127 | ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp)); |
ef6e34ee | 128 | if (ret < 0) { |
fe84a562 CB |
129 | WARN("%s - Failed to receive response for command \"%s\"", |
130 | strerror(errno), lxc_cmd_str(cmd->req.cmd)); | |
ef6e34ee DE |
131 | return -1; |
132 | } | |
fe84a562 | 133 | TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd)); |
ef6e34ee DE |
134 | |
135 | if (cmd->req.cmd == LXC_CMD_CONSOLE) { | |
136 | struct lxc_cmd_console_rsp_data *rspdata; | |
137 | ||
0115f8fd DE |
138 | /* recv() returns 0 bytes when a tty cannot be allocated, |
139 | * rsp->ret is < 0 when the peer permission check failed | |
140 | */ | |
141 | if (ret == 0 || rsp->ret < 0) | |
142 | return 0; | |
143 | ||
ef6e34ee DE |
144 | rspdata = malloc(sizeof(*rspdata)); |
145 | if (!rspdata) { | |
fe84a562 | 146 | ERROR("Failed to allocate response buffer for command \"%s\"", |
ef6e34ee | 147 | lxc_cmd_str(cmd->req.cmd)); |
fe84a562 | 148 | return -ENOMEM; |
ef6e34ee | 149 | } |
0115f8fd | 150 | rspdata->masterfd = rspfd; |
ef6e34ee DE |
151 | rspdata->ttynum = PTR_TO_INT(rsp->data); |
152 | rsp->data = rspdata; | |
153 | } | |
154 | ||
860e7c43 | 155 | if (rsp->datalen == 0) { |
fe84a562 | 156 | DEBUG("Response data length for command \"%s\" is 0", |
860e7c43 | 157 | lxc_cmd_str(cmd->req.cmd)); |
ae5c8b8e | 158 | return ret; |
860e7c43 | 159 | } |
fe84a562 | 160 | |
191d43cc CB |
161 | if ((rsp->datalen > LXC_CMD_DATA_MAX) && |
162 | (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) { | |
ef6e34ee | 163 | errno = EFBIG; |
fe84a562 CB |
164 | ERROR("%s - Response data for command \"%s\" is too long: %d " |
165 | "bytes > %d", strerror(errno), lxc_cmd_str(cmd->req.cmd), | |
166 | rsp->datalen, LXC_CMD_DATA_MAX); | |
167 | return -EFBIG; | |
2ac9aafc | 168 | } |
ef6e34ee | 169 | |
191d43cc CB |
170 | if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) { |
171 | rsp->data = malloc(rsp->datalen + 1); | |
172 | ((char *)rsp->data)[rsp->datalen] = '\0'; | |
173 | } else { | |
174 | rsp->data = malloc(rsp->datalen); | |
175 | } | |
ef6e34ee | 176 | if (!rsp->data) { |
fe84a562 CB |
177 | errno = ENOMEM; |
178 | ERROR("%s - Failed to allocate response buffer for command " | |
179 | "\"%s\"", strerror(errno), lxc_cmd_str(cmd->req.cmd)); | |
180 | return -ENOMEM; | |
ef6e34ee | 181 | } |
fe84a562 | 182 | |
ef6e34ee DE |
183 | ret = recv(sock, rsp->data, rsp->datalen, 0); |
184 | if (ret != rsp->datalen) { | |
fe84a562 | 185 | ERROR("%s - Failed to receive response data for command \"%s\"", |
08aa08fe | 186 | lxc_cmd_str(cmd->req.cmd), strerror(errno)); |
ef6e34ee DE |
187 | if (ret >= 0) |
188 | ret = -1; | |
189 | } | |
724e753c MN |
190 | |
191 | return ret; | |
192 | } | |
193 | ||
ef6e34ee DE |
194 | /* |
195 | * lxc_cmd_rsp_send: Send a command response | |
196 | * | |
197 | * @fd : file descriptor of socket to send response on | |
198 | * @rsp : response to send | |
199 | * | |
200 | * Returns 0 on success, < 0 on failure | |
201 | */ | |
202 | static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp) | |
203 | { | |
fe84a562 | 204 | ssize_t ret; |
ef6e34ee DE |
205 | |
206 | ret = send(fd, rsp, sizeof(*rsp), 0); | |
fe84a562 CB |
207 | if (ret < 0 || (size_t)ret != sizeof(*rsp)) { |
208 | ERROR("%s - Failed to send command response %zd", | |
209 | strerror(errno), ret); | |
ef6e34ee DE |
210 | return -1; |
211 | } | |
212 | ||
fe84a562 CB |
213 | if (rsp->datalen <= 0) |
214 | return 0; | |
215 | ||
216 | ret = send(fd, rsp->data, rsp->datalen, 0); | |
217 | if (ret < 0 || ret != (ssize_t)rsp->datalen) { | |
218 | WARN("%s - Failed to send command response data %zd", | |
219 | strerror(errno), ret); | |
220 | return -1; | |
ef6e34ee | 221 | } |
fe84a562 | 222 | |
ef6e34ee DE |
223 | return 0; |
224 | } | |
225 | ||
c01c2be6 | 226 | static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd, |
fe84a562 | 227 | const char *lxcpath, const char *hashed_sock_name) |
c01c2be6 CB |
228 | { |
229 | int client_fd; | |
fe84a562 | 230 | ssize_t ret = -1; |
c01c2be6 | 231 | |
9dfa4041 | 232 | client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command"); |
fe84a562 CB |
233 | if (client_fd < 0) { |
234 | if (client_fd == -ECONNREFUSED) | |
235 | return -ECONNREFUSED; | |
c01c2be6 | 236 | |
fe84a562 CB |
237 | return -1; |
238 | } | |
c01c2be6 | 239 | |
fe84a562 CB |
240 | ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req, |
241 | sizeof(cmd->req)); | |
242 | if (ret < 0 || (size_t)ret != sizeof(cmd->req)) { | |
c01c2be6 CB |
243 | close(client_fd); |
244 | ||
245 | if (errno == EPIPE) | |
246 | return -EPIPE; | |
247 | ||
248 | if (ret >= 0) | |
249 | return -EMSGSIZE; | |
250 | ||
251 | return -1; | |
252 | } | |
253 | ||
fe84a562 CB |
254 | if (cmd->req.datalen <= 0) |
255 | return client_fd; | |
c01c2be6 | 256 | |
fe84a562 CB |
257 | ret = send(client_fd, cmd->req.data, cmd->req.datalen, MSG_NOSIGNAL); |
258 | if (ret < 0 || ret != (ssize_t)cmd->req.datalen) { | |
259 | close(client_fd); | |
c01c2be6 | 260 | |
fe84a562 CB |
261 | if (errno == EPIPE) |
262 | return -EPIPE; | |
c01c2be6 | 263 | |
fe84a562 CB |
264 | if (ret >= 0) |
265 | return -EMSGSIZE; | |
c01c2be6 | 266 | |
fe84a562 | 267 | return -1; |
c01c2be6 CB |
268 | } |
269 | ||
270 | return client_fd; | |
271 | } | |
272 | ||
ef6e34ee DE |
273 | /* |
274 | * lxc_cmd: Connect to the specified running container, send it a command | |
275 | * request and collect the response | |
276 | * | |
277 | * @name : name of container to connect to | |
1e8cfdf6 | 278 | * @cmd : command with initialized request to send |
ef6e34ee DE |
279 | * @stopped : output indicator if the container was not running |
280 | * @lxcpath : the lxcpath in which the container is running | |
281 | * | |
282 | * Returns the size of the response message on success, < 0 on failure | |
283 | * | |
284 | * Note that there is a special case for LXC_CMD_CONSOLE. For this command | |
285 | * the fd cannot be closed because it is used as a placeholder to indicate | |
286 | * that a particular tty slot is in use. The fd is also used as a signal to | |
287 | * the container that when the caller dies or closes the fd, the container | |
0115f8fd DE |
288 | * will notice the fd on its side of the socket in its mainloop select and |
289 | * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be | |
290 | * returned in the cmd response structure. | |
ef6e34ee DE |
291 | */ |
292 | static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped, | |
88556fd7 | 293 | const char *lxcpath, const char *hashed_sock_name) |
724e753c | 294 | { |
fe84a562 CB |
295 | int client_fd; |
296 | int ret = -1; | |
dbc9832d CB |
297 | bool stay_connected = false; |
298 | ||
299 | if (cmd->req.cmd == LXC_CMD_CONSOLE || | |
54446942 | 300 | cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT) |
dbc9832d | 301 | stay_connected = true; |
724e753c | 302 | |
0ecf64b5 SH |
303 | *stopped = 0; |
304 | ||
c01c2be6 CB |
305 | client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name); |
306 | if (client_fd < 0) { | |
fe84a562 CB |
307 | TRACE("%s - Command \"%s\" failed to connect command socket", |
308 | strerror(errno), lxc_cmd_str(cmd->req.cmd)); | |
c01c2be6 | 309 | if (client_fd == -ECONNREFUSED) { |
ef6e34ee | 310 | *stopped = 1; |
c01c2be6 | 311 | return -1; |
3f903c04 CB |
312 | } |
313 | ||
c01c2be6 | 314 | if (client_fd == -EPIPE) |
6168ff15 | 315 | goto epipe; |
724e753c | 316 | |
c01c2be6 | 317 | goto out; |
724e753c MN |
318 | } |
319 | ||
c01c2be6 | 320 | ret = lxc_cmd_rsp_recv(client_fd, cmd); |
724e753c | 321 | out: |
4575a9f9 | 322 | if (!stay_connected || ret <= 0) |
c01c2be6 | 323 | close(client_fd); |
fe84a562 | 324 | |
0115f8fd | 325 | if (stay_connected && ret > 0) |
c01c2be6 | 326 | cmd->rsp.ret = client_fd; |
43eb6f29 | 327 | |
1362f2eb | 328 | return ret; |
6168ff15 SH |
329 | |
330 | epipe: | |
6168ff15 SH |
331 | *stopped = 1; |
332 | return 0; | |
724e753c MN |
333 | } |
334 | ||
b494d2dd SH |
335 | int lxc_try_cmd(const char *name, const char *lxcpath) |
336 | { | |
0ecf64b5 | 337 | int stopped, ret; |
b494d2dd SH |
338 | struct lxc_cmd_rr cmd = { |
339 | .req = { .cmd = LXC_CMD_GET_INIT_PID }, | |
340 | }; | |
341 | ||
88556fd7 | 342 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); |
b494d2dd SH |
343 | if (stopped) |
344 | return 0; | |
345 | if (ret > 0 && cmd.rsp.ret < 0) { | |
346 | errno = cmd.rsp.ret; | |
347 | return -1; | |
348 | } | |
349 | if (ret > 0) | |
350 | return 0; | |
351 | ||
fe84a562 CB |
352 | /* At this point we weren't denied access, and the container *was* |
353 | * started. There was some inexplicable error in the protocol. I'm not | |
354 | * clear on whether we should return -1 here, but we didn't receive a | |
355 | * -EACCES, so technically it's not that we're not allowed to control | |
356 | * the container - it's just not behaving. | |
b494d2dd SH |
357 | */ |
358 | return 0; | |
359 | } | |
360 | ||
ef6e34ee DE |
361 | /* Implentations of the commands and their callbacks */ |
362 | ||
363 | /* | |
364 | * lxc_cmd_get_init_pid: Get pid of the container's init process | |
365 | * | |
366 | * @name : name of container to connect to | |
367 | * @lxcpath : the lxcpath in which the container is running | |
368 | * | |
369 | * Returns the pid on success, < 0 on failure | |
370 | */ | |
371 | pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath) | |
43eb6f29 | 372 | { |
0ecf64b5 | 373 | int ret, stopped; |
ef6e34ee DE |
374 | struct lxc_cmd_rr cmd = { |
375 | .req = { .cmd = LXC_CMD_GET_INIT_PID }, | |
376 | }; | |
377 | ||
88556fd7 | 378 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); |
ef6e34ee DE |
379 | if (ret < 0) |
380 | return ret; | |
381 | ||
382 | return PTR_TO_INT(cmd.rsp.data); | |
43eb6f29 DL |
383 | } |
384 | ||
ef6e34ee DE |
385 | static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req, |
386 | struct lxc_handler *handler) | |
43eb6f29 | 387 | { |
ef6e34ee DE |
388 | struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->pid) }; |
389 | ||
390 | return lxc_cmd_rsp_send(fd, &rsp); | |
43eb6f29 DL |
391 | } |
392 | ||
ef6e34ee DE |
393 | /* |
394 | * lxc_cmd_get_clone_flags: Get clone flags container was spawned with | |
395 | * | |
396 | * @name : name of container to connect to | |
397 | * @lxcpath : the lxcpath in which the container is running | |
398 | * | |
399 | * Returns the clone flags on success, < 0 on failure | |
400 | */ | |
401 | int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath) | |
402 | { | |
0ecf64b5 | 403 | int ret, stopped; |
ef6e34ee DE |
404 | struct lxc_cmd_rr cmd = { |
405 | .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS }, | |
406 | }; | |
407 | ||
88556fd7 | 408 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); |
ef6e34ee DE |
409 | if (ret < 0) |
410 | return ret; | |
43eb6f29 | 411 | |
ef6e34ee DE |
412 | return PTR_TO_INT(cmd.rsp.data); |
413 | } | |
414 | ||
415 | static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req, | |
416 | struct lxc_handler *handler) | |
26b2d152 | 417 | { |
ef6e34ee DE |
418 | struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->clone_flags) }; |
419 | ||
420 | return lxc_cmd_rsp_send(fd, &rsp); | |
421 | } | |
422 | ||
423 | /* | |
424 | * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a | |
425 | * particular subsystem. This is the cgroup path relative to the root | |
426 | * of the cgroup filesystem. | |
427 | * | |
ef6e34ee DE |
428 | * @name : name of container to connect to |
429 | * @lxcpath : the lxcpath in which the container is running | |
b98f7d6e | 430 | * @subsystem : the subsystem being asked about |
ef6e34ee DE |
431 | * |
432 | * Returns the path on success, NULL on failure. The caller must free() the | |
433 | * returned path. | |
434 | */ | |
b98f7d6e | 435 | char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath, |
fe84a562 | 436 | const char *subsystem) |
ef6e34ee | 437 | { |
0ecf64b5 | 438 | int ret, stopped; |
ef6e34ee | 439 | struct lxc_cmd_rr cmd = { |
b98f7d6e SH |
440 | .req = { |
441 | .cmd = LXC_CMD_GET_CGROUP, | |
fe84a562 | 442 | .datalen = strlen(subsystem) + 1, |
b98f7d6e SH |
443 | .data = subsystem, |
444 | }, | |
26b2d152 MN |
445 | }; |
446 | ||
88556fd7 | 447 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); |
fe84a562 | 448 | if (ret < 0) |
ef6e34ee DE |
449 | return NULL; |
450 | ||
fe84a562 | 451 | if (ret == 0) |
ef6e34ee | 452 | return NULL; |
ef6e34ee | 453 | |
fe84a562 | 454 | if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0) |
ef6e34ee | 455 | return NULL; |
3f903c04 | 456 | |
ef6e34ee DE |
457 | return cmd.rsp.data; |
458 | } | |
459 | ||
460 | static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req, | |
461 | struct lxc_handler *handler) | |
462 | { | |
4fb3cba5 | 463 | const char *path; |
fe84a562 | 464 | struct lxc_cmd_rsp rsp; |
b98f7d6e SH |
465 | |
466 | if (req->datalen < 1) | |
467 | return -1; | |
8900b9eb | 468 | |
d4ef7c50 | 469 | path = cgroup_get_cgroup(handler, req->data); |
b98f7d6e SH |
470 | if (!path) |
471 | return -1; | |
fe84a562 | 472 | |
4f17323e | 473 | rsp.ret = 0; |
fe84a562 CB |
474 | rsp.datalen = strlen(path) + 1; |
475 | rsp.data = (char *)path; | |
ef6e34ee DE |
476 | |
477 | return lxc_cmd_rsp_send(fd, &rsp); | |
478 | } | |
479 | ||
480 | /* | |
481 | * lxc_cmd_get_config_item: Get config item the running container | |
482 | * | |
483 | * @name : name of container to connect to | |
7fa3f2e9 | 484 | * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair) |
ef6e34ee DE |
485 | * @lxcpath : the lxcpath in which the container is running |
486 | * | |
487 | * Returns the item on success, NULL on failure. The caller must free() the | |
488 | * returned item. | |
489 | */ | |
490 | char *lxc_cmd_get_config_item(const char *name, const char *item, | |
491 | const char *lxcpath) | |
492 | { | |
0ecf64b5 | 493 | int ret, stopped; |
ef6e34ee DE |
494 | struct lxc_cmd_rr cmd = { |
495 | .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM, | |
496 | .data = item, | |
fe84a562 | 497 | .datalen = strlen(item) + 1, |
ef6e34ee DE |
498 | }, |
499 | }; | |
500 | ||
88556fd7 | 501 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); |
ef6e34ee DE |
502 | if (ret < 0) |
503 | return NULL; | |
504 | ||
505 | if (cmd.rsp.ret == 0) | |
506 | return cmd.rsp.data; | |
fe84a562 | 507 | |
ef6e34ee DE |
508 | return NULL; |
509 | } | |
510 | ||
511 | static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req, | |
512 | struct lxc_handler *handler) | |
513 | { | |
514 | int cilen; | |
ef6e34ee | 515 | char *cidata; |
30aec088 | 516 | struct lxc_config_t *item; |
fe84a562 | 517 | struct lxc_cmd_rsp rsp; |
ef6e34ee DE |
518 | |
519 | memset(&rsp, 0, sizeof(rsp)); | |
300df83e | 520 | item = lxc_get_config(req->data); |
30aec088 CB |
521 | if (!item) |
522 | goto err1; | |
fe84a562 | 523 | |
cccd2219 | 524 | cilen = item->get(req->data, NULL, 0, handler->conf, NULL); |
ef6e34ee DE |
525 | if (cilen <= 0) |
526 | goto err1; | |
527 | ||
528 | cidata = alloca(cilen + 1); | |
cccd2219 | 529 | if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen) |
ef6e34ee | 530 | goto err1; |
fe84a562 | 531 | |
ef6e34ee DE |
532 | cidata[cilen] = '\0'; |
533 | rsp.data = cidata; | |
534 | rsp.datalen = cilen + 1; | |
535 | rsp.ret = 0; | |
536 | goto out; | |
537 | ||
538 | err1: | |
539 | rsp.ret = -1; | |
540 | out: | |
541 | return lxc_cmd_rsp_send(fd, &rsp); | |
542 | } | |
543 | ||
0d9cd9c3 CB |
544 | /* |
545 | * lxc_cmd_set_config_item: Get config item the running container | |
546 | * | |
547 | * @name : name of container to connect to | |
548 | * @item : the configuration item to set (ex: lxc.net.0.veth.pair) | |
549 | * @value : the value to set (ex: "eth0") | |
550 | * @lxcpath : the lxcpath in which the container is running | |
551 | * | |
552 | * Returns 0 on success, negative errno on failure. | |
553 | */ | |
554 | int lxc_cmd_set_config_item(const char *name, const char *item, | |
555 | const char *value, const char *lxcpath) | |
556 | { | |
557 | int ret, stopped; | |
558 | struct lxc_cmd_set_config_item_req_data data; | |
559 | struct lxc_cmd_rr cmd; | |
560 | ||
561 | /* pre-validate request | |
562 | Currently we only support live-patching network configurations. | |
563 | */ | |
564 | if (strncmp(item, "lxc.net.", 8)) | |
565 | return -EINVAL; | |
566 | ||
567 | data.item = item; | |
568 | data.value = (void *)value; | |
569 | ||
570 | cmd.req.cmd = LXC_CMD_SET_CONFIG_ITEM; | |
571 | cmd.req.data = &data; | |
572 | cmd.req.datalen = sizeof(data); | |
573 | ||
574 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); | |
575 | if (ret < 0) | |
576 | return ret; | |
577 | ||
578 | return cmd.rsp.ret; | |
579 | } | |
580 | ||
581 | static int lxc_cmd_set_config_item_callback(int fd, struct lxc_cmd_req *req, | |
582 | struct lxc_handler *handler) | |
583 | { | |
584 | const char *key, *value; | |
585 | struct lxc_cmd_rsp rsp; | |
586 | const struct lxc_cmd_set_config_item_req_data *data; | |
587 | ||
588 | data = req->data; | |
589 | key = data->item; | |
590 | value = data->value; | |
591 | ||
592 | memset(&rsp, 0, sizeof(rsp)); | |
593 | rsp.ret = lxc_set_config_item_locked(handler->conf, key, value); | |
fe84a562 | 594 | |
0d9cd9c3 CB |
595 | return lxc_cmd_rsp_send(fd, &rsp); |
596 | } | |
597 | ||
ef6e34ee DE |
598 | /* |
599 | * lxc_cmd_get_state: Get current state of the container | |
600 | * | |
601 | * @name : name of container to connect to | |
602 | * @lxcpath : the lxcpath in which the container is running | |
603 | * | |
604 | * Returns the state on success, < 0 on failure | |
605 | */ | |
dbc9832d | 606 | int lxc_cmd_get_state(const char *name, const char *lxcpath) |
ef6e34ee | 607 | { |
0ecf64b5 | 608 | int ret, stopped; |
ef6e34ee DE |
609 | struct lxc_cmd_rr cmd = { |
610 | .req = { .cmd = LXC_CMD_GET_STATE } | |
611 | }; | |
26b2d152 | 612 | |
88556fd7 | 613 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); |
ebdd307d | 614 | if (ret < 0 && stopped) |
ef6e34ee DE |
615 | return STOPPED; |
616 | ||
617 | if (ret < 0) | |
26b2d152 | 618 | return -1; |
26b2d152 | 619 | |
ef6e34ee | 620 | if (!ret) { |
fe84a562 | 621 | WARN("Container \"%s\" has stopped before sending its state", name); |
ef6e34ee DE |
622 | return -1; |
623 | } | |
624 | ||
fe84a562 | 625 | DEBUG("Container \"%s\" is in \"%s\" state", name, |
ef6e34ee | 626 | lxc_state2str(PTR_TO_INT(cmd.rsp.data))); |
fe84a562 | 627 | |
ef6e34ee DE |
628 | return PTR_TO_INT(cmd.rsp.data); |
629 | } | |
630 | ||
631 | static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req, | |
632 | struct lxc_handler *handler) | |
633 | { | |
634 | struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) }; | |
635 | ||
636 | return lxc_cmd_rsp_send(fd, &rsp); | |
637 | } | |
638 | ||
639 | /* | |
640 | * lxc_cmd_stop: Stop the container previously started with lxc_start. All | |
641 | * the processes running inside this container will be killed. | |
642 | * | |
643 | * @name : name of container to connect to | |
644 | * @lxcpath : the lxcpath in which the container is running | |
645 | * | |
646 | * Returns 0 on success, < 0 on failure | |
647 | */ | |
648 | int lxc_cmd_stop(const char *name, const char *lxcpath) | |
649 | { | |
0ecf64b5 | 650 | int ret, stopped; |
ef6e34ee DE |
651 | struct lxc_cmd_rr cmd = { |
652 | .req = { .cmd = LXC_CMD_STOP }, | |
653 | }; | |
654 | ||
88556fd7 | 655 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); |
26b2d152 | 656 | if (ret < 0) { |
ef6e34ee | 657 | if (stopped) { |
fe84a562 | 658 | INFO("Container \"%s\" is already stopped", name); |
ef6e34ee DE |
659 | return 0; |
660 | } | |
fe84a562 | 661 | |
26b2d152 MN |
662 | return -1; |
663 | } | |
664 | ||
fe84a562 CB |
665 | /* We do not expect any answer, because we wait for the connection to be |
666 | * closed. | |
95d5b147 SH |
667 | */ |
668 | if (ret > 0) { | |
fe84a562 CB |
669 | ERROR("%s - Failed to stop container \"%s\"", |
670 | strerror(-cmd.rsp.ret), name); | |
26b2d152 MN |
671 | return -1; |
672 | } | |
673 | ||
fe84a562 | 674 | INFO("Container \"%s\" has stopped", name); |
ef6e34ee | 675 | return 0; |
26b2d152 MN |
676 | } |
677 | ||
ef6e34ee DE |
678 | static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req, |
679 | struct lxc_handler *handler) | |
d5088cf2 | 680 | { |
ef6e34ee | 681 | struct lxc_cmd_rsp rsp; |
ef6e34ee DE |
682 | int stopsignal = SIGKILL; |
683 | ||
684 | if (handler->conf->stopsignal) | |
685 | stopsignal = handler->conf->stopsignal; | |
686 | memset(&rsp, 0, sizeof(rsp)); | |
687 | rsp.ret = kill(handler->pid, stopsignal); | |
688 | if (!rsp.ret) { | |
fe84a562 | 689 | /* We can't just use lxc_unfreeze() since we are already in the |
4fb3cba5 DE |
690 | * context of handling the STOP cmd in lxc-start, and calling |
691 | * lxc_unfreeze() would do another cmd (GET_CGROUP) which would | |
fe84a562 | 692 | * deadlock us. |
4fb3cba5 DE |
693 | */ |
694 | if (cgroup_unfreeze(handler)) | |
95d5b147 | 695 | return 0; |
fe84a562 CB |
696 | |
697 | ERROR("Failed to unfreeze container \"%s\"", handler->name); | |
ecfcb3f0 | 698 | rsp.ret = -1; |
ef6e34ee DE |
699 | } |
700 | ||
701 | return lxc_cmd_rsp_send(fd, &rsp); | |
702 | } | |
d5088cf2 | 703 | |
b5159817 DE |
704 | /* |
705 | * lxc_cmd_console_winch: To process as if a SIGWINCH were received | |
706 | * | |
707 | * @name : name of container to connect to | |
708 | * @lxcpath : the lxcpath in which the container is running | |
709 | * | |
710 | * Returns 0 on success, < 0 on failure | |
711 | */ | |
712 | int lxc_cmd_console_winch(const char *name, const char *lxcpath) | |
713 | { | |
0ecf64b5 | 714 | int ret, stopped; |
b5159817 DE |
715 | struct lxc_cmd_rr cmd = { |
716 | .req = { .cmd = LXC_CMD_CONSOLE_WINCH }, | |
717 | }; | |
718 | ||
88556fd7 | 719 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); |
b5159817 DE |
720 | if (ret < 0) |
721 | return ret; | |
722 | ||
723 | return 0; | |
724 | } | |
725 | ||
726 | static int lxc_cmd_console_winch_callback(int fd, struct lxc_cmd_req *req, | |
727 | struct lxc_handler *handler) | |
728 | { | |
729 | struct lxc_cmd_rsp rsp = { .data = 0 }; | |
730 | ||
731 | lxc_console_sigwinch(SIGWINCH); | |
fe84a562 | 732 | |
b5159817 DE |
733 | return lxc_cmd_rsp_send(fd, &rsp); |
734 | } | |
735 | ||
ef6e34ee DE |
736 | /* |
737 | * lxc_cmd_console: Open an fd to a tty in the container | |
738 | * | |
739 | * @name : name of container to connect to | |
740 | * @ttynum : in: the tty to open or -1 for next available | |
741 | * : out: the tty allocated | |
742 | * @fd : out: file descriptor for master side of pty | |
743 | * @lxcpath : the lxcpath in which the container is running | |
744 | * | |
0115f8fd | 745 | * Returns fd holding tty allocated on success, < 0 on failure |
ef6e34ee DE |
746 | */ |
747 | int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath) | |
748 | { | |
0ecf64b5 | 749 | int ret, stopped; |
ef6e34ee DE |
750 | struct lxc_cmd_console_rsp_data *rspdata; |
751 | struct lxc_cmd_rr cmd = { | |
752 | .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) }, | |
753 | }; | |
d5088cf2 | 754 | |
88556fd7 | 755 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); |
ef6e34ee DE |
756 | if (ret < 0) |
757 | return ret; | |
0115f8fd DE |
758 | |
759 | if (cmd.rsp.ret < 0) { | |
fe84a562 | 760 | ERROR("%s - Denied access to tty", strerror(-cmd.rsp.ret)); |
ef6e34ee DE |
761 | ret = -1; |
762 | goto out; | |
763 | } | |
d5088cf2 | 764 | |
0115f8fd | 765 | if (ret == 0) { |
fe84a562 | 766 | ERROR("tty number %d invalid, busy or all ttys busy", *ttynum); |
0115f8fd | 767 | ret = -1; |
ef6e34ee DE |
768 | goto out; |
769 | } | |
ef6e34ee DE |
770 | |
771 | rspdata = cmd.rsp.data; | |
0115f8fd | 772 | if (rspdata->masterfd < 0) { |
fe84a562 | 773 | ERROR("Unable to allocate fd for tty %d", rspdata->ttynum); |
ef6e34ee DE |
774 | goto out; |
775 | } | |
776 | ||
fe84a562 | 777 | ret = cmd.rsp.ret; /* socket fd */ |
0115f8fd | 778 | *fd = rspdata->masterfd; |
ef6e34ee | 779 | *ttynum = rspdata->ttynum; |
fe84a562 CB |
780 | INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret); |
781 | ||
ef6e34ee DE |
782 | out: |
783 | free(cmd.rsp.data); | |
784 | return ret; | |
785 | } | |
786 | ||
787 | static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req, | |
788 | struct lxc_handler *handler) | |
789 | { | |
fe84a562 | 790 | int masterfd, ret; |
ef6e34ee | 791 | struct lxc_cmd_rsp rsp; |
fe84a562 | 792 | int ttynum = PTR_TO_INT(req->data); |
ef6e34ee | 793 | |
b5159817 DE |
794 | masterfd = lxc_console_allocate(handler->conf, fd, &ttynum); |
795 | if (masterfd < 0) | |
ef6e34ee DE |
796 | goto out_close; |
797 | ||
ef6e34ee DE |
798 | memset(&rsp, 0, sizeof(rsp)); |
799 | rsp.data = INT_TO_PTR(ttynum); | |
fe84a562 CB |
800 | ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp)); |
801 | if (ret < 0) { | |
802 | ERROR("Failed to send tty to client"); | |
b5159817 | 803 | lxc_console_free(handler->conf, fd); |
ef6e34ee DE |
804 | goto out_close; |
805 | } | |
806 | ||
ef6e34ee DE |
807 | return 0; |
808 | ||
809 | out_close: | |
fe84a562 CB |
810 | /* Special indicator to lxc_cmd_handler() to close the fd and do |
811 | * related cleanup. | |
ef6e34ee DE |
812 | */ |
813 | return 1; | |
d5088cf2 CS |
814 | } |
815 | ||
88556fd7 ÇO |
816 | /* |
817 | * lxc_cmd_get_name: Returns the name of the container | |
818 | * | |
819 | * @hashed_sock_name: hashed socket name | |
820 | * | |
821 | * Returns the name on success, NULL on failure. | |
822 | */ | |
823 | char *lxc_cmd_get_name(const char *hashed_sock_name) | |
824 | { | |
825 | int ret, stopped; | |
826 | struct lxc_cmd_rr cmd = { | |
827 | .req = { .cmd = LXC_CMD_GET_NAME}, | |
828 | }; | |
829 | ||
830 | ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name); | |
fe84a562 | 831 | if (ret < 0) |
88556fd7 | 832 | return NULL; |
88556fd7 ÇO |
833 | |
834 | if (cmd.rsp.ret == 0) | |
835 | return cmd.rsp.data; | |
fe84a562 | 836 | |
88556fd7 ÇO |
837 | return NULL; |
838 | } | |
839 | ||
840 | static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req, | |
fe84a562 | 841 | struct lxc_handler *handler) |
88556fd7 ÇO |
842 | { |
843 | struct lxc_cmd_rsp rsp; | |
844 | ||
845 | memset(&rsp, 0, sizeof(rsp)); | |
846 | ||
f0ecc19d | 847 | rsp.data = (char *)handler->name; |
88556fd7 ÇO |
848 | rsp.datalen = strlen(handler->name) + 1; |
849 | rsp.ret = 0; | |
850 | ||
851 | return lxc_cmd_rsp_send(fd, &rsp); | |
852 | } | |
853 | ||
854 | /* | |
855 | * lxc_cmd_get_lxcpath: Returns the lxcpath of the container | |
856 | * | |
857 | * @hashed_sock_name: hashed socket name | |
858 | * | |
859 | * Returns the lxcpath on success, NULL on failure. | |
860 | */ | |
861 | char *lxc_cmd_get_lxcpath(const char *hashed_sock_name) | |
862 | { | |
863 | int ret, stopped; | |
864 | struct lxc_cmd_rr cmd = { | |
865 | .req = { .cmd = LXC_CMD_GET_LXCPATH}, | |
866 | }; | |
724e753c | 867 | |
88556fd7 | 868 | ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name); |
fe84a562 | 869 | if (ret < 0) |
88556fd7 | 870 | return NULL; |
88556fd7 ÇO |
871 | |
872 | if (cmd.rsp.ret == 0) | |
873 | return cmd.rsp.data; | |
fe84a562 | 874 | |
88556fd7 ÇO |
875 | return NULL; |
876 | } | |
877 | ||
878 | static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req, | |
879 | struct lxc_handler *handler) | |
880 | { | |
881 | struct lxc_cmd_rsp rsp; | |
882 | ||
883 | memset(&rsp, 0, sizeof(rsp)); | |
884 | ||
fe84a562 | 885 | rsp.ret = 0; |
88556fd7 ÇO |
886 | rsp.data = (char *)handler->lxcpath; |
887 | rsp.datalen = strlen(handler->lxcpath) + 1; | |
88556fd7 ÇO |
888 | |
889 | return lxc_cmd_rsp_send(fd, &rsp); | |
890 | } | |
ef6e34ee | 891 | |
54446942 | 892 | int lxc_cmd_add_state_client(const char *name, const char *lxcpath, |
92e35018 CB |
893 | lxc_state_t states[MAX_STATE], |
894 | int *state_client_fd) | |
dbc9832d CB |
895 | { |
896 | int stopped; | |
897 | ssize_t ret; | |
898 | int state = -1; | |
dbc9832d CB |
899 | struct lxc_cmd_rr cmd = { |
900 | .req = { | |
54446942 | 901 | .cmd = LXC_CMD_ADD_STATE_CLIENT, |
dbc9832d CB |
902 | .data = states, |
903 | .datalen = (sizeof(lxc_state_t) * MAX_STATE) | |
904 | }, | |
905 | }; | |
906 | ||
54446942 CB |
907 | /* Lock the whole lxc_cmd_add_state_client_callback() call to ensure |
908 | * that lxc_set_state() doesn't cause us to miss a state. | |
dbc9832d CB |
909 | */ |
910 | process_lock(); | |
911 | /* Check if already in requested state. */ | |
912 | state = lxc_getstate(name, lxcpath); | |
913 | if (state < 0) { | |
914 | process_unlock(); | |
fe84a562 | 915 | TRACE("%s - Failed to retrieve state of container", strerror(errno)); |
dbc9832d CB |
916 | return -1; |
917 | } else if (states[state]) { | |
918 | process_unlock(); | |
fe84a562 | 919 | TRACE("Container is %s state", lxc_state2str(state)); |
dbc9832d CB |
920 | return state; |
921 | } | |
922 | ||
923 | if ((state == STARTING) && !states[RUNNING] && !states[STOPPING] && !states[STOPPED]) { | |
924 | process_unlock(); | |
fe84a562 CB |
925 | TRACE("Container is in %s state and caller requested to be " |
926 | "informed about a previous state", lxc_state2str(state)); | |
dbc9832d CB |
927 | return state; |
928 | } else if ((state == RUNNING) && !states[STOPPING] && !states[STOPPED]) { | |
929 | process_unlock(); | |
fe84a562 CB |
930 | TRACE("Container is in %s state and caller requested to be " |
931 | "informed about a previous state", lxc_state2str(state)); | |
dbc9832d CB |
932 | return state; |
933 | } else if ((state == STOPPING) && !states[STOPPED]) { | |
934 | process_unlock(); | |
fe84a562 CB |
935 | TRACE("Container is in %s state and caller requested to be " |
936 | "informed about a previous state", lxc_state2str(state)); | |
dbc9832d CB |
937 | return state; |
938 | } else if ((state == STOPPED) || (state == ABORTING)) { | |
939 | process_unlock(); | |
fe84a562 CB |
940 | TRACE("Container is in %s state and caller requested to be " |
941 | "informed about a previous state", lxc_state2str(state)); | |
dbc9832d CB |
942 | return state; |
943 | } | |
944 | ||
945 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); | |
946 | process_unlock(); | |
947 | if (ret < 0) { | |
fe84a562 | 948 | ERROR("%s - Failed to execute command", strerror(errno)); |
dbc9832d CB |
949 | return -1; |
950 | } | |
fe84a562 | 951 | |
dbc9832d CB |
952 | /* We should now be guaranteed to get an answer from the state sending |
953 | * function. | |
954 | */ | |
955 | ||
956 | if (cmd.rsp.ret < 0) { | |
fe84a562 | 957 | ERROR("Failed to receive socket fd"); |
dbc9832d CB |
958 | return -1; |
959 | } | |
960 | ||
92e35018 CB |
961 | *state_client_fd = cmd.rsp.ret; |
962 | return MAX_STATE; | |
dbc9832d CB |
963 | } |
964 | ||
54446942 CB |
965 | static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req, |
966 | struct lxc_handler *handler) | |
dbc9832d CB |
967 | { |
968 | struct lxc_cmd_rsp rsp = {0}; | |
dbc9832d | 969 | |
fe84a562 | 970 | if (req->datalen < 0) |
dbc9832d | 971 | return -1; |
dbc9832d | 972 | |
fe84a562 | 973 | if (req->datalen > (sizeof(lxc_state_t) * MAX_STATE)) |
dbc9832d | 974 | return -1; |
dbc9832d | 975 | |
fe84a562 | 976 | if (!req->data) |
dbc9832d | 977 | return -1; |
dbc9832d | 978 | |
c01c2be6 CB |
979 | rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data); |
980 | if (rsp.ret < 0) | |
981 | ERROR("Failed to add state client %d to state client list", fd); | |
982 | else | |
983 | TRACE("Added state client %d to state client list", fd); | |
dbc9832d CB |
984 | |
985 | return lxc_cmd_rsp_send(fd, &rsp); | |
986 | } | |
987 | ||
191d43cc CB |
988 | int lxc_cmd_console_log(const char *name, const char *lxcpath, |
989 | struct lxc_console_log *log) | |
990 | { | |
991 | int ret, stopped; | |
992 | struct lxc_cmd_console_log data; | |
993 | struct lxc_cmd_rr cmd; | |
994 | ||
995 | data.clear = log->clear; | |
996 | data.read = log->read; | |
997 | data.read_max = *log->read_max; | |
63b74cda | 998 | data.write_logfile = log->write_logfile; |
191d43cc CB |
999 | |
1000 | cmd.req.cmd = LXC_CMD_CONSOLE_LOG; | |
1001 | cmd.req.data = &data; | |
1002 | cmd.req.datalen = sizeof(struct lxc_cmd_console_log); | |
1003 | ||
1004 | ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); | |
1005 | if (ret < 0) | |
1006 | return ret; | |
1007 | ||
1008 | /* There is nothing to be read from the buffer. So clear any values we | |
1009 | * where passed to clearly indicate to the user that nothing went wrong. | |
1010 | */ | |
63b74cda | 1011 | if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) { |
191d43cc CB |
1012 | *log->read_max = 0; |
1013 | log->data = NULL; | |
1014 | } | |
1015 | ||
1016 | /* This is a proper error so don't touch any values we were passed. */ | |
1017 | if (cmd.rsp.ret < 0) | |
1018 | return cmd.rsp.ret; | |
1019 | ||
1020 | *log->read_max = cmd.rsp.datalen; | |
1021 | log->data = cmd.rsp.data; | |
1022 | ||
1023 | return 0; | |
1024 | } | |
1025 | ||
1026 | static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req, | |
1027 | struct lxc_handler *handler) | |
1028 | { | |
1029 | struct lxc_cmd_rsp rsp; | |
28f3b1cd | 1030 | uint64_t buffer_size = handler->conf->console.buffer_size; |
191d43cc | 1031 | const struct lxc_cmd_console_log *log = req->data; |
63b74cda | 1032 | struct lxc_console *console = &handler->conf->console; |
191d43cc CB |
1033 | struct lxc_ringbuf *buf = &handler->conf->console.ringbuf; |
1034 | ||
1035 | rsp.ret = -EFAULT; | |
1036 | rsp.datalen = 0; | |
1037 | rsp.data = NULL; | |
28f3b1cd | 1038 | if (buffer_size <= 0) |
191d43cc CB |
1039 | goto out; |
1040 | ||
5928191e CB |
1041 | if (log->read || log->write_logfile) |
1042 | rsp.datalen = lxc_ringbuf_used(buf); | |
1043 | ||
191d43cc CB |
1044 | if (log->read) |
1045 | rsp.data = lxc_ringbuf_get_read_addr(buf); | |
1046 | ||
1047 | if (log->read_max > 0 && (log->read_max <= rsp.datalen)) | |
1048 | rsp.datalen = log->read_max; | |
1049 | ||
1050 | /* there's nothing to read */ | |
63b74cda | 1051 | rsp.ret = -ENODATA; |
191d43cc | 1052 | if (log->read && (buf->r_off == buf->w_off)) |
63b74cda CB |
1053 | goto out; |
1054 | ||
1055 | if (log->write_logfile && rsp.datalen > 0) { | |
1056 | rsp.ret = -ENOENT; | |
3a784510 | 1057 | if (!console->buffer_log_file) |
63b74cda CB |
1058 | goto out; |
1059 | ||
1060 | rsp.ret = lxc_console_write_ringbuffer(console); | |
1061 | if (rsp.ret < 0) | |
1062 | goto out; | |
1063 | } | |
1064 | ||
1065 | rsp.ret = 0; | |
cf685555 | 1066 | if (log->clear) { |
966b9ecd CB |
1067 | int ret; |
1068 | size_t len; | |
1069 | char *tmp; | |
1070 | ||
cf685555 | 1071 | /* clear the ringbuffer */ |
191d43cc | 1072 | lxc_ringbuf_clear(buf); |
cf685555 CB |
1073 | |
1074 | /* truncate the ringbuffer log file */ | |
1075 | if (console->buffer_log_file) { | |
1076 | rsp.ret = -ENOENT; | |
1077 | if (!file_exists(console->buffer_log_file)) | |
1078 | goto out; | |
1079 | ||
1080 | /* be very certain things are kosher */ | |
1081 | rsp.ret = -EBADF; | |
1082 | if (console->buffer_log_file_fd < 0) | |
1083 | goto out; | |
1084 | ||
1085 | rsp.ret = lxc_unpriv(ftruncate(console->buffer_log_file_fd, 0)); | |
1086 | if (rsp.ret < 0) { | |
1087 | ERROR("%s - Failed to truncate console " | |
1088 | "ringbuffer log file \"%s\"", | |
1089 | strerror(errno), console->buffer_log_file); | |
1090 | goto out; | |
1091 | } | |
1092 | } | |
966b9ecd CB |
1093 | |
1094 | /* rotate the console log file */ | |
1095 | if (!console->log_path || console->log_rotate == 0) | |
1096 | goto out; | |
1097 | ||
1098 | /* be very certain things are kosher */ | |
1099 | rsp.ret = -EBADF; | |
1100 | if (console->log_fd < 0) | |
1101 | goto out; | |
1102 | ||
1103 | len = strlen(console->log_path) + sizeof(".1"); | |
1104 | tmp = alloca(len); | |
1105 | ||
1106 | rsp.ret = -EFBIG; | |
1107 | ret = snprintf(tmp, len, "%s.1", console->log_path); | |
1108 | if (ret < 0 || (size_t)ret >= len) | |
1109 | goto out; | |
1110 | ||
1111 | close(console->log_fd); | |
1112 | console->log_fd = -1; | |
1113 | rsp.ret = lxc_unpriv(rename(console->log_path, tmp)); | |
1114 | if (rsp.ret < 0) | |
1115 | goto out; | |
1116 | ||
1117 | rsp.ret = lxc_console_create_log_file(console); | |
cf685555 | 1118 | } else if (rsp.datalen > 0) { |
191d43cc | 1119 | lxc_ringbuf_move_read_addr(buf, rsp.datalen); |
cf685555 | 1120 | } |
191d43cc CB |
1121 | |
1122 | out: | |
1123 | return lxc_cmd_rsp_send(fd, &rsp); | |
1124 | } | |
1125 | ||
ef6e34ee | 1126 | static int lxc_cmd_process(int fd, struct lxc_cmd_req *req, |
ded1d23f | 1127 | struct lxc_handler *handler) |
724e753c | 1128 | { |
ef6e34ee DE |
1129 | typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *); |
1130 | ||
1131 | callback cb[LXC_CMD_MAX] = { | |
54446942 CB |
1132 | [LXC_CMD_CONSOLE] = lxc_cmd_console_callback, |
1133 | [LXC_CMD_CONSOLE_WINCH] = lxc_cmd_console_winch_callback, | |
1134 | [LXC_CMD_STOP] = lxc_cmd_stop_callback, | |
1135 | [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback, | |
1136 | [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback, | |
1137 | [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback, | |
1138 | [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback, | |
1139 | [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback, | |
1140 | [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback, | |
1141 | [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback, | |
1142 | [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback, | |
0d9cd9c3 | 1143 | [LXC_CMD_SET_CONFIG_ITEM] = lxc_cmd_set_config_item_callback, |
191d43cc | 1144 | [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback, |
724e753c MN |
1145 | }; |
1146 | ||
f371aca9 | 1147 | if (req->cmd >= LXC_CMD_MAX) { |
fe84a562 | 1148 | ERROR("Undefined command id %d", req->cmd); |
724e753c | 1149 | return -1; |
ef6e34ee DE |
1150 | } |
1151 | return cb[req->cmd](fd, req, handler); | |
724e753c MN |
1152 | } |
1153 | ||
ef6e34ee | 1154 | static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler, |
ded1d23f | 1155 | struct lxc_epoll_descr *descr) |
724e753c | 1156 | { |
b5159817 | 1157 | lxc_console_free(handler->conf, fd); |
724e753c MN |
1158 | lxc_mainloop_del_handler(descr, fd); |
1159 | close(fd); | |
1160 | } | |
1161 | ||
84c92abd DE |
1162 | static int lxc_cmd_handler(int fd, uint32_t events, void *data, |
1163 | struct lxc_epoll_descr *descr) | |
724e753c MN |
1164 | { |
1165 | int ret; | |
ef6e34ee | 1166 | struct lxc_cmd_req req; |
191d43cc | 1167 | void *reqdata = NULL; |
724e753c MN |
1168 | struct lxc_handler *handler = data; |
1169 | ||
aae93dd3 | 1170 | ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req)); |
0a3ec350 | 1171 | if (ret == -EACCES) { |
fe84a562 CB |
1172 | /* We don't care for the peer, just send and close. */ |
1173 | struct lxc_cmd_rsp rsp = {.ret = ret}; | |
ef6e34ee DE |
1174 | |
1175 | lxc_cmd_rsp_send(fd, &rsp); | |
3cc5de36 | 1176 | goto out_close; |
ded1d23f DL |
1177 | } |
1178 | ||
1179 | if (ret < 0) { | |
fe84a562 CB |
1180 | SYSERROR("Failed to receive data on command socket for command " |
1181 | "\"%s\"", lxc_cmd_str(req.cmd)); | |
724e753c MN |
1182 | goto out_close; |
1183 | } | |
1184 | ||
fe84a562 | 1185 | if (ret == 0) |
724e753c | 1186 | goto out_close; |
724e753c | 1187 | |
ef6e34ee | 1188 | if (ret != sizeof(req)) { |
c01c2be6 | 1189 | WARN("Failed to receive full command request. Ignoring request " |
fe84a562 | 1190 | "for \"%s\"", lxc_cmd_str(req.cmd)); |
ef6e34ee DE |
1191 | ret = -1; |
1192 | goto out_close; | |
1193 | } | |
1194 | ||
191d43cc CB |
1195 | if ((req.datalen > LXC_CMD_DATA_MAX) && |
1196 | (req.cmd != LXC_CMD_CONSOLE_LOG)) { | |
c01c2be6 | 1197 | ERROR("Received command data length %d is too large for " |
fe84a562 CB |
1198 | "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd)); |
1199 | errno = EFBIG; | |
1200 | ret = -EFBIG; | |
724e753c MN |
1201 | goto out_close; |
1202 | } | |
1203 | ||
ef6e34ee | 1204 | if (req.datalen > 0) { |
191d43cc CB |
1205 | /* LXC_CMD_CONSOLE_LOG needs to be able to allocate data |
1206 | * that exceeds LXC_CMD_DATA_MAX: use malloc() for that. | |
1207 | */ | |
1208 | if (req.cmd == LXC_CMD_CONSOLE_LOG) | |
1209 | reqdata = malloc(req.datalen); | |
1210 | else | |
1211 | reqdata = alloca(req.datalen); | |
1212 | if (!reqdata) { | |
1213 | ERROR("Failed to allocate memory for \"%s\" command", | |
1214 | lxc_cmd_str(req.cmd)); | |
1215 | errno = ENOMEM; | |
1216 | ret = -ENOMEM; | |
1217 | goto out_close; | |
1218 | } | |
ef6e34ee | 1219 | |
ef6e34ee DE |
1220 | ret = recv(fd, reqdata, req.datalen, 0); |
1221 | if (ret != req.datalen) { | |
c01c2be6 | 1222 | WARN("Failed to receive full command request. Ignoring " |
fe84a562 | 1223 | "request for \"%s\"", lxc_cmd_str(req.cmd)); |
ef6e34ee DE |
1224 | ret = -1; |
1225 | goto out_close; | |
1226 | } | |
fe84a562 | 1227 | |
ef6e34ee DE |
1228 | req.data = reqdata; |
1229 | } | |
1230 | ||
1231 | ret = lxc_cmd_process(fd, &req, handler); | |
724e753c | 1232 | if (ret) { |
fe84a562 | 1233 | /* This is not an error, but only a request to close fd. */ |
724e753c MN |
1234 | ret = 0; |
1235 | goto out_close; | |
1236 | } | |
1237 | ||
1238 | out: | |
191d43cc CB |
1239 | if (req.cmd == LXC_CMD_CONSOLE_LOG && reqdata) |
1240 | free(reqdata); | |
1241 | ||
724e753c | 1242 | return ret; |
fe84a562 | 1243 | |
724e753c | 1244 | out_close: |
ef6e34ee | 1245 | lxc_cmd_fd_cleanup(fd, handler, descr); |
724e753c MN |
1246 | goto out; |
1247 | } | |
1248 | ||
84c92abd DE |
1249 | static int lxc_cmd_accept(int fd, uint32_t events, void *data, |
1250 | struct lxc_epoll_descr *descr) | |
724e753c | 1251 | { |
fe84a562 CB |
1252 | int connection; |
1253 | int opt = 1, ret = -1; | |
724e753c MN |
1254 | |
1255 | connection = accept(fd, NULL, 0); | |
1256 | if (connection < 0) { | |
08aa08fe | 1257 | SYSERROR("Failed to accept connection to run command."); |
724e753c MN |
1258 | return -1; |
1259 | } | |
1260 | ||
fe84a562 CB |
1261 | ret = fcntl(connection, F_SETFD, FD_CLOEXEC); |
1262 | if (ret < 0) { | |
1263 | SYSERROR("Failed to set close-on-exec on incoming command connection"); | |
9ccb2dbc DL |
1264 | goto out_close; |
1265 | } | |
1266 | ||
fe84a562 CB |
1267 | ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt)); |
1268 | if (ret < 0) { | |
1269 | SYSERROR("Failed to enable necessary credentials on command socket"); | |
724e753c MN |
1270 | goto out_close; |
1271 | } | |
1272 | ||
ef6e34ee | 1273 | ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data); |
724e753c | 1274 | if (ret) { |
fe84a562 | 1275 | ERROR("Failed to add command handler"); |
724e753c MN |
1276 | goto out_close; |
1277 | } | |
1278 | ||
1279 | out: | |
1280 | return ret; | |
1281 | ||
1282 | out_close: | |
1283 | close(connection); | |
1284 | goto out; | |
1285 | } | |
1286 | ||
9dfa4041 | 1287 | int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix) |
724e753c | 1288 | { |
fe84a562 CB |
1289 | int fd, len, ret; |
1290 | char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = {0}; | |
46968ea3 | 1291 | char *offset = &path[1]; |
724e753c | 1292 | |
6f2944c1 TA |
1293 | /* -2 here because this is an abstract unix socket so it needs a |
1294 | * leading \0, and we null terminate, so it needs a trailing \0. | |
1295 | * Although null termination isn't required by the API, we do it anyway | |
1296 | * because we print the sockname out sometimes. | |
1297 | */ | |
860e7c43 | 1298 | len = sizeof(path) - 2; |
9dfa4041 | 1299 | ret = lxc_make_abstract_socket_name(offset, len, name, lxcpath, NULL, suffix); |
fe84a562 | 1300 | if (ret < 0) |
9ba8130c | 1301 | return -1; |
9dfa4041 | 1302 | TRACE("Creating abstract unix socket \"%s\"", offset); |
724e753c | 1303 | |
aae93dd3 | 1304 | fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0); |
724e753c | 1305 | if (fd < 0) { |
fe84a562 CB |
1306 | ERROR("%s - Failed to create command socket %s", |
1307 | strerror(errno), offset); | |
08aa08fe | 1308 | if (errno == EADDRINUSE) |
fe84a562 | 1309 | ERROR("Container \"%s\" appears to be already running", name); |
724e753c MN |
1310 | return -1; |
1311 | } | |
1312 | ||
fe84a562 CB |
1313 | ret = fcntl(fd, F_SETFD, FD_CLOEXEC); |
1314 | if (ret < 0) { | |
1315 | SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor"); | |
91480a0f DL |
1316 | close(fd); |
1317 | return -1; | |
1318 | } | |
1319 | ||
9dfa4041 | 1320 | return fd; |
d2e30e99 DE |
1321 | } |
1322 | ||
fe84a562 | 1323 | int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr, |
ef6e34ee | 1324 | struct lxc_handler *handler) |
d2e30e99 | 1325 | { |
fe84a562 CB |
1326 | int ret; |
1327 | int fd = handler->conf->maincmd_fd; | |
d2e30e99 | 1328 | |
ef6e34ee | 1329 | ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler); |
fe84a562 CB |
1330 | if (ret < 0) { |
1331 | ERROR("Failed to add handler for command socket"); | |
724e753c MN |
1332 | close(fd); |
1333 | } | |
1334 | ||
1335 | return ret; | |
1336 | } |