]> git.proxmox.com Git - mirror_lxc.git/blame - src/lxc/commands.c
projects / mirror_lxc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
lxccontainer: non-functional changes
[mirror_lxc.git] / src / lxc / commands.c
CommitLineData
724e753c
MN		 1/*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
9afe19d6 7 * Daniel Lezcano <daniel.lezcano at free.fr>
724e753c
MN		 8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
250b1eec 21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
724e753c
MN		 22 */
23
fe84a562
CB		 24#include "config.h"
25
cf685555 26#include <caps.h>
724e753c 27#include <errno.h>
91480a0f 28#include <fcntl.h>
fe84a562 29#include <malloc.h>
37515ebd 30#include <poll.h>
fe84a562
CB		 31#include <signal.h>
32#include <stdio.h>
33#include <stdlib.h>
34#include <unistd.h>
35#include <sys/param.h>
724e753c
MN		 36#include <sys/socket.h>
37#include <sys/un.h>
724e753c 38
fe84a562 39#include "af_unix.h"
f2363e38 40#include "cgroup.h"
724e753c 41#include "commands.h"
bbf5cf35 42#include "commands_utils.h"
fe84a562 43#include "conf.h"
ef6e34ee 44#include "confile.h"
fe84a562
CB		 45#include "console.h"
46#include "log.h"
47#include "lxc.h"
dbc9832d 48#include "lxclock.h"
724e753c 49#include "mainloop.h"
dbc9832d 50#include "monitor.h"
fe84a562
CB		 51#include "start.h"
52#include "utils.h"
724e753c 53
ded1d23f 54/*
fe84a562
CB		 55 * This file provides the different functions for clients to query/command the
56 * server. The client is typically some lxc tool and the server is typically the
57 * container (ie. lxc-start).
ded1d23f 58 *
fe84a562
CB		 59 * Each command is transactional, the clients send a request to the server and
60 * the server answers the request with a message giving the request's status
61 * (zero or a negative errno value). Both the request and response may contain
62 * additional data.
ded1d23f 63 *
fe84a562
CB		 64 * Each command is wrapped in a ancillary message in order to pass a credential
65 * making possible to the server to check if the client is allowed to ask for
66 * this command or not.
80bcb053 67 *
fe84a562
CB		 68 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
69 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
70 * information to the end of cmd.data, then you must introduce a new
71 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
72 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
80bcb053
SH		 73 *
74 * This is necessary in order to avoid having a newly compiled lxc command
75 * communicating with a running (old) monitor from crashing the running
76 * container.
ded1d23f
DL		 77 */
78
724e753c
MN		 79lxc_log_define(lxc_commands, lxc);
80
ef6e34ee 81static const char *lxc_cmd_str(lxc_cmd_t cmd)
724e753c 82{
fe84a562 83 static const char *const cmdname[LXC_CMD_MAX] = {
54446942 84 [LXC_CMD_CONSOLE] = "console",
86a78f17 85 [LXC_CMD_CONSOLE_WINCH] = "console_winch",
54446942
CB		 86 [LXC_CMD_STOP] = "stop",
87 [LXC_CMD_GET_STATE] = "get_state",
88 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
89 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
90 [LXC_CMD_GET_CGROUP] = "get_cgroup",
91 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
92 [LXC_CMD_GET_NAME] = "get_name",
93 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
94 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
0d9cd9c3 95 [LXC_CMD_SET_CONFIG_ITEM] = "set_config_item",
191d43cc 96 [LXC_CMD_CONSOLE_LOG] = "console_log",
ef6e34ee 97 };
724e753c 98
f371aca9 99 if (cmd >= LXC_CMD_MAX)
ef6e34ee 100 return "Unknown cmd";
fe84a562 101
ef6e34ee
DE		 102 return cmdname[cmd];
103}
104
105/*
106 * lxc_cmd_rsp_recv: Receive a response to a command
107 *
108 * @sock : the socket connected to the container
109 * @cmd : command to put response in
110 *
111 * Returns the size of the response message or < 0 on failure
112 *
113 * Note that if the command response datalen > 0, then data is
114 * a malloc()ed buffer and should be free()ed by the caller. If
115 * the response data is <= a void * worth of data, it will be
116 * stored directly in data and datalen will be 0.
117 *
118 * As a special case, the response for LXC_CMD_CONSOLE is created
0115f8fd
DE		 119 * here as it contains an fd for the master pty passed through the
120 * unix socket.
ef6e34ee
DE		 121 */
122static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
123{
2945ea97 124 int ret, rspfd;
ef6e34ee
DE		 125 struct lxc_cmd_rsp *rsp = &cmd->rsp;
126
ae467c54 127 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
ef6e34ee 128 if (ret < 0) {
fe84a562
CB		 129 WARN("%s - Failed to receive response for command \"%s\"",
130 strerror(errno), lxc_cmd_str(cmd->req.cmd));
ef6e34ee
DE		 131 return -1;
132 }
fe84a562 133 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
ef6e34ee
DE		 134
135 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
136 struct lxc_cmd_console_rsp_data *rspdata;
137
0115f8fd
DE		 138 /* recv() returns 0 bytes when a tty cannot be allocated,
139 * rsp->ret is < 0 when the peer permission check failed
140 */
141 if (ret == 0 || rsp->ret < 0)
142 return 0;
143
ef6e34ee
DE		 144 rspdata = malloc(sizeof(*rspdata));
145 if (!rspdata) {
fe84a562 146 ERROR("Failed to allocate response buffer for command \"%s\"",
ef6e34ee 147 lxc_cmd_str(cmd->req.cmd));
fe84a562 148 return -ENOMEM;
ef6e34ee 149 }
0115f8fd 150 rspdata->masterfd = rspfd;
ef6e34ee
DE		 151 rspdata->ttynum = PTR_TO_INT(rsp->data);
152 rsp->data = rspdata;
153 }
154
860e7c43 155 if (rsp->datalen == 0) {
fe84a562 156 DEBUG("Response data length for command \"%s\" is 0",
860e7c43 157 lxc_cmd_str(cmd->req.cmd));
ae5c8b8e 158 return ret;
860e7c43 159 }
fe84a562 160
191d43cc
CB		 161 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
162 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
ef6e34ee 163 errno = EFBIG;
fe84a562
CB		 164 ERROR("%s - Response data for command \"%s\" is too long: %d "
165 "bytes > %d", strerror(errno), lxc_cmd_str(cmd->req.cmd),
166 rsp->datalen, LXC_CMD_DATA_MAX);
167 return -EFBIG;
2ac9aafc 168 }
ef6e34ee 169
191d43cc
CB		 170 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
171 rsp->data = malloc(rsp->datalen + 1);
172 ((char *)rsp->data)[rsp->datalen] = '\0';
173 } else {
174 rsp->data = malloc(rsp->datalen);
175 }
ef6e34ee 176 if (!rsp->data) {
fe84a562
CB		 177 errno = ENOMEM;
178 ERROR("%s - Failed to allocate response buffer for command "
179 "\"%s\"", strerror(errno), lxc_cmd_str(cmd->req.cmd));
180 return -ENOMEM;
ef6e34ee 181 }
fe84a562 182
ef6e34ee
DE		 183 ret = recv(sock, rsp->data, rsp->datalen, 0);
184 if (ret != rsp->datalen) {
fe84a562 185 ERROR("%s - Failed to receive response data for command \"%s\"",
08aa08fe 186 lxc_cmd_str(cmd->req.cmd), strerror(errno));
ef6e34ee
DE		 187 if (ret >= 0)
188 ret = -1;
189 }
724e753c
MN		 190
191 return ret;
192}
193
ef6e34ee
DE		 194/*
195 * lxc_cmd_rsp_send: Send a command response
196 *
197 * @fd : file descriptor of socket to send response on
198 * @rsp : response to send
199 *
200 * Returns 0 on success, < 0 on failure
201 */
202static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
203{
fe84a562 204 ssize_t ret;
ef6e34ee
DE		 205
206 ret = send(fd, rsp, sizeof(*rsp), 0);
fe84a562
CB		 207 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
208 ERROR("%s - Failed to send command response %zd",
209 strerror(errno), ret);
ef6e34ee
DE		 210 return -1;
211 }
212
fe84a562
CB		 213 if (rsp->datalen <= 0)
214 return 0;
215
216 ret = send(fd, rsp->data, rsp->datalen, 0);
217 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
218 WARN("%s - Failed to send command response data %zd",
219 strerror(errno), ret);
220 return -1;
ef6e34ee 221 }
fe84a562 222
ef6e34ee
DE		 223 return 0;
224}
225
c01c2be6 226static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
fe84a562 227 const char *lxcpath, const char *hashed_sock_name)
c01c2be6
CB		 228{
229 int client_fd;
fe84a562 230 ssize_t ret = -1;
c01c2be6 231
9dfa4041 232 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
fe84a562
CB		 233 if (client_fd < 0) {
234 if (client_fd == -ECONNREFUSED)
235 return -ECONNREFUSED;
c01c2be6 236
fe84a562
CB		 237 return -1;
238 }
c01c2be6 239
fe84a562
CB		 240 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
241 sizeof(cmd->req));
242 if (ret < 0 || (size_t)ret != sizeof(cmd->req)) {
c01c2be6
CB		 243 close(client_fd);
244
245 if (errno == EPIPE)
246 return -EPIPE;
247
248 if (ret >= 0)
249 return -EMSGSIZE;
250
251 return -1;
252 }
253
fe84a562
CB		 254 if (cmd->req.datalen <= 0)
255 return client_fd;
c01c2be6 256
fe84a562
CB		 257 ret = send(client_fd, cmd->req.data, cmd->req.datalen, MSG_NOSIGNAL);
258 if (ret < 0 || ret != (ssize_t)cmd->req.datalen) {
259 close(client_fd);
c01c2be6 260
fe84a562
CB		 261 if (errno == EPIPE)
262 return -EPIPE;
c01c2be6 263
fe84a562
CB		 264 if (ret >= 0)
265 return -EMSGSIZE;
c01c2be6 266
fe84a562 267 return -1;
c01c2be6
CB		 268 }
269
270 return client_fd;
271}
272
ef6e34ee
DE		 273/*
274 * lxc_cmd: Connect to the specified running container, send it a command
275 * request and collect the response
276 *
277 * @name : name of container to connect to
1e8cfdf6 278 * @cmd : command with initialized request to send
ef6e34ee
DE		 279 * @stopped : output indicator if the container was not running
280 * @lxcpath : the lxcpath in which the container is running
281 *
282 * Returns the size of the response message on success, < 0 on failure
283 *
284 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
285 * the fd cannot be closed because it is used as a placeholder to indicate
286 * that a particular tty slot is in use. The fd is also used as a signal to
287 * the container that when the caller dies or closes the fd, the container
0115f8fd
DE		 288 * will notice the fd on its side of the socket in its mainloop select and
289 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
290 * returned in the cmd response structure.
ef6e34ee
DE		 291 */
292static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
88556fd7 293 const char *lxcpath, const char *hashed_sock_name)
724e753c 294{
fe84a562
CB		 295 int client_fd;
296 int ret = -1;
dbc9832d
CB		 297 bool stay_connected = false;
298
299 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
54446942 300 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
dbc9832d 301 stay_connected = true;
724e753c 302
0ecf64b5
SH		 303 *stopped = 0;
304
c01c2be6
CB		 305 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
306 if (client_fd < 0) {
fe84a562
CB		 307 TRACE("%s - Command \"%s\" failed to connect command socket",
308 strerror(errno), lxc_cmd_str(cmd->req.cmd));
c01c2be6 309 if (client_fd == -ECONNREFUSED) {
ef6e34ee 310 *stopped = 1;
c01c2be6 311 return -1;
3f903c04
CB		 312 }
313
c01c2be6 314 if (client_fd == -EPIPE)
6168ff15 315 goto epipe;
724e753c 316
c01c2be6 317 goto out;
724e753c
MN		 318 }
319
c01c2be6 320 ret = lxc_cmd_rsp_recv(client_fd, cmd);
724e753c 321out:
4575a9f9 322 if (!stay_connected || ret <= 0)
c01c2be6 323 close(client_fd);
fe84a562 324
0115f8fd 325 if (stay_connected && ret > 0)
c01c2be6 326 cmd->rsp.ret = client_fd;
43eb6f29 327
1362f2eb 328 return ret;
6168ff15
SH		 329
330epipe:
6168ff15
SH		 331 *stopped = 1;
332 return 0;
724e753c
MN		 333}
334
b494d2dd
SH		 335int lxc_try_cmd(const char *name, const char *lxcpath)
336{
0ecf64b5 337 int stopped, ret;
b494d2dd
SH		 338 struct lxc_cmd_rr cmd = {
339 .req = { .cmd = LXC_CMD_GET_INIT_PID },
340 };
341
88556fd7 342 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
b494d2dd
SH		 343 if (stopped)
344 return 0;
345 if (ret > 0 && cmd.rsp.ret < 0) {
346 errno = cmd.rsp.ret;
347 return -1;
348 }
349 if (ret > 0)
350 return 0;
351
fe84a562
CB		 352 /* At this point we weren't denied access, and the container *was*
353 * started. There was some inexplicable error in the protocol. I'm not
354 * clear on whether we should return -1 here, but we didn't receive a
355 * -EACCES, so technically it's not that we're not allowed to control
356 * the container - it's just not behaving.
b494d2dd
SH		 357 */
358 return 0;
359}
360
ef6e34ee
DE		 361/* Implentations of the commands and their callbacks */
362
363/*
364 * lxc_cmd_get_init_pid: Get pid of the container's init process
365 *
366 * @name : name of container to connect to
367 * @lxcpath : the lxcpath in which the container is running
368 *
369 * Returns the pid on success, < 0 on failure
370 */
371pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
43eb6f29 372{
0ecf64b5 373 int ret, stopped;
ef6e34ee
DE		 374 struct lxc_cmd_rr cmd = {
375 .req = { .cmd = LXC_CMD_GET_INIT_PID },
376 };
377
88556fd7 378 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 379 if (ret < 0)
380 return ret;
381
382 return PTR_TO_INT(cmd.rsp.data);
43eb6f29
DL		 383}
384
ef6e34ee
DE		 385static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
386 struct lxc_handler *handler)
43eb6f29 387{
ef6e34ee
DE		 388 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->pid) };
389
390 return lxc_cmd_rsp_send(fd, &rsp);
43eb6f29
DL		 391}
392
ef6e34ee
DE		 393/*
394 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
395 *
396 * @name : name of container to connect to
397 * @lxcpath : the lxcpath in which the container is running
398 *
399 * Returns the clone flags on success, < 0 on failure
400 */
401int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
402{
0ecf64b5 403 int ret, stopped;
ef6e34ee
DE		 404 struct lxc_cmd_rr cmd = {
405 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
406 };
407
88556fd7 408 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 409 if (ret < 0)
410 return ret;
43eb6f29 411
ef6e34ee
DE		 412 return PTR_TO_INT(cmd.rsp.data);
413}
414
415static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
416 struct lxc_handler *handler)
26b2d152 417{
ef6e34ee
DE		 418 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->clone_flags) };
419
420 return lxc_cmd_rsp_send(fd, &rsp);
421}
422
423/*
424 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
425 * particular subsystem. This is the cgroup path relative to the root
426 * of the cgroup filesystem.
427 *
ef6e34ee
DE		 428 * @name : name of container to connect to
429 * @lxcpath : the lxcpath in which the container is running
b98f7d6e 430 * @subsystem : the subsystem being asked about
ef6e34ee
DE		 431 *
432 * Returns the path on success, NULL on failure. The caller must free() the
433 * returned path.
434 */
b98f7d6e 435char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
fe84a562 436 const char *subsystem)
ef6e34ee 437{
0ecf64b5 438 int ret, stopped;
ef6e34ee 439 struct lxc_cmd_rr cmd = {
b98f7d6e
SH		 440 .req = {
441 .cmd = LXC_CMD_GET_CGROUP,
fe84a562 442 .datalen = strlen(subsystem) + 1,
b98f7d6e
SH		 443 .data = subsystem,
444 },
26b2d152
MN		 445 };
446
88556fd7 447 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
fe84a562 448 if (ret < 0)
ef6e34ee
DE		 449 return NULL;
450
fe84a562 451 if (ret == 0)
ef6e34ee 452 return NULL;
ef6e34ee 453
fe84a562 454 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
ef6e34ee 455 return NULL;
3f903c04 456
ef6e34ee
DE		 457 return cmd.rsp.data;
458}
459
460static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
461 struct lxc_handler *handler)
462{
4fb3cba5 463 const char *path;
fe84a562 464 struct lxc_cmd_rsp rsp;
b98f7d6e
SH		 465
466 if (req->datalen < 1)
467 return -1;
8900b9eb 468
d4ef7c50 469 path = cgroup_get_cgroup(handler, req->data);
b98f7d6e
SH		 470 if (!path)
471 return -1;
fe84a562 472
4f17323e 473 rsp.ret = 0;
fe84a562
CB		 474 rsp.datalen = strlen(path) + 1;
475 rsp.data = (char *)path;
ef6e34ee
DE		 476
477 return lxc_cmd_rsp_send(fd, &rsp);
478}
479
480/*
481 * lxc_cmd_get_config_item: Get config item the running container
482 *
483 * @name : name of container to connect to
7fa3f2e9 484 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
ef6e34ee
DE		 485 * @lxcpath : the lxcpath in which the container is running
486 *
487 * Returns the item on success, NULL on failure. The caller must free() the
488 * returned item.
489 */
490char *lxc_cmd_get_config_item(const char *name, const char *item,
491 const char *lxcpath)
492{
0ecf64b5 493 int ret, stopped;
ef6e34ee
DE		 494 struct lxc_cmd_rr cmd = {
495 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
496 .data = item,
fe84a562 497 .datalen = strlen(item) + 1,
ef6e34ee
DE		 498 },
499 };
500
88556fd7 501 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 502 if (ret < 0)
503 return NULL;
504
505 if (cmd.rsp.ret == 0)
506 return cmd.rsp.data;
fe84a562 507
ef6e34ee
DE		 508 return NULL;
509}
510
511static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
512 struct lxc_handler *handler)
513{
514 int cilen;
ef6e34ee 515 char *cidata;
30aec088 516 struct lxc_config_t *item;
fe84a562 517 struct lxc_cmd_rsp rsp;
ef6e34ee
DE		 518
519 memset(&rsp, 0, sizeof(rsp));
300df83e 520 item = lxc_get_config(req->data);
30aec088
CB		 521 if (!item)
522 goto err1;
fe84a562 523
cccd2219 524 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
ef6e34ee
DE		 525 if (cilen <= 0)
526 goto err1;
527
528 cidata = alloca(cilen + 1);
cccd2219 529 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
ef6e34ee 530 goto err1;
fe84a562 531
ef6e34ee
DE		 532 cidata[cilen] = '\0';
533 rsp.data = cidata;
534 rsp.datalen = cilen + 1;
535 rsp.ret = 0;
536 goto out;
537
538err1:
539 rsp.ret = -1;
540out:
541 return lxc_cmd_rsp_send(fd, &rsp);
542}
543
0d9cd9c3
CB		 544/*
545 * lxc_cmd_set_config_item: Get config item the running container
546 *
547 * @name : name of container to connect to
548 * @item : the configuration item to set (ex: lxc.net.0.veth.pair)
549 * @value : the value to set (ex: "eth0")
550 * @lxcpath : the lxcpath in which the container is running
551 *
552 * Returns 0 on success, negative errno on failure.
553 */
554int lxc_cmd_set_config_item(const char *name, const char *item,
555 const char *value, const char *lxcpath)
556{
557 int ret, stopped;
558 struct lxc_cmd_set_config_item_req_data data;
559 struct lxc_cmd_rr cmd;
560
561 /* pre-validate request
562 Currently we only support live-patching network configurations.
563 */
564 if (strncmp(item, "lxc.net.", 8))
565 return -EINVAL;
566
567 data.item = item;
568 data.value = (void *)value;
569
570 cmd.req.cmd = LXC_CMD_SET_CONFIG_ITEM;
571 cmd.req.data = &data;
572 cmd.req.datalen = sizeof(data);
573
574 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
575 if (ret < 0)
576 return ret;
577
578 return cmd.rsp.ret;
579}
580
581static int lxc_cmd_set_config_item_callback(int fd, struct lxc_cmd_req *req,
582 struct lxc_handler *handler)
583{
584 const char *key, *value;
585 struct lxc_cmd_rsp rsp;
586 const struct lxc_cmd_set_config_item_req_data *data;
587
588 data = req->data;
589 key = data->item;
590 value = data->value;
591
592 memset(&rsp, 0, sizeof(rsp));
593 rsp.ret = lxc_set_config_item_locked(handler->conf, key, value);
fe84a562 594
0d9cd9c3
CB		 595 return lxc_cmd_rsp_send(fd, &rsp);
596}
597
ef6e34ee
DE		 598/*
599 * lxc_cmd_get_state: Get current state of the container
600 *
601 * @name : name of container to connect to
602 * @lxcpath : the lxcpath in which the container is running
603 *
604 * Returns the state on success, < 0 on failure
605 */
dbc9832d 606int lxc_cmd_get_state(const char *name, const char *lxcpath)
ef6e34ee 607{
0ecf64b5 608 int ret, stopped;
ef6e34ee
DE		 609 struct lxc_cmd_rr cmd = {
610 .req = { .cmd = LXC_CMD_GET_STATE }
611 };
26b2d152 612
88556fd7 613 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ebdd307d 614 if (ret < 0 && stopped)
ef6e34ee
DE		 615 return STOPPED;
616
617 if (ret < 0)
26b2d152 618 return -1;
26b2d152 619
ef6e34ee 620 if (!ret) {
fe84a562 621 WARN("Container \"%s\" has stopped before sending its state", name);
ef6e34ee
DE		 622 return -1;
623 }
624
fe84a562 625 DEBUG("Container \"%s\" is in \"%s\" state", name,
ef6e34ee 626 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
fe84a562 627
ef6e34ee
DE		 628 return PTR_TO_INT(cmd.rsp.data);
629}
630
631static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
632 struct lxc_handler *handler)
633{
634 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
635
636 return lxc_cmd_rsp_send(fd, &rsp);
637}
638
639/*
640 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
641 * the processes running inside this container will be killed.
642 *
643 * @name : name of container to connect to
644 * @lxcpath : the lxcpath in which the container is running
645 *
646 * Returns 0 on success, < 0 on failure
647 */
648int lxc_cmd_stop(const char *name, const char *lxcpath)
649{
0ecf64b5 650 int ret, stopped;
ef6e34ee
DE		 651 struct lxc_cmd_rr cmd = {
652 .req = { .cmd = LXC_CMD_STOP },
653 };
654
88556fd7 655 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
26b2d152 656 if (ret < 0) {
ef6e34ee 657 if (stopped) {
fe84a562 658 INFO("Container \"%s\" is already stopped", name);
ef6e34ee
DE		 659 return 0;
660 }
fe84a562 661
26b2d152
MN		 662 return -1;
663 }
664
fe84a562
CB		 665 /* We do not expect any answer, because we wait for the connection to be
666 * closed.
95d5b147
SH		 667 */
668 if (ret > 0) {
fe84a562
CB		 669 ERROR("%s - Failed to stop container \"%s\"",
670 strerror(-cmd.rsp.ret), name);
26b2d152
MN		 671 return -1;
672 }
673
fe84a562 674 INFO("Container \"%s\" has stopped", name);
ef6e34ee 675 return 0;
26b2d152
MN		 676}
677
ef6e34ee
DE		 678static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
679 struct lxc_handler *handler)
d5088cf2 680{
ef6e34ee 681 struct lxc_cmd_rsp rsp;
ef6e34ee
DE		 682 int stopsignal = SIGKILL;
683
684 if (handler->conf->stopsignal)
685 stopsignal = handler->conf->stopsignal;
686 memset(&rsp, 0, sizeof(rsp));
687 rsp.ret = kill(handler->pid, stopsignal);
688 if (!rsp.ret) {
fe84a562 689 /* We can't just use lxc_unfreeze() since we are already in the
4fb3cba5
DE		 690 * context of handling the STOP cmd in lxc-start, and calling
691 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
fe84a562 692 * deadlock us.
4fb3cba5
DE		 693 */
694 if (cgroup_unfreeze(handler))
95d5b147 695 return 0;
fe84a562
CB		 696
697 ERROR("Failed to unfreeze container \"%s\"", handler->name);
ecfcb3f0 698 rsp.ret = -1;
ef6e34ee
DE		 699 }
700
701 return lxc_cmd_rsp_send(fd, &rsp);
702}
d5088cf2 703
b5159817
DE		 704/*
705 * lxc_cmd_console_winch: To process as if a SIGWINCH were received
706 *
707 * @name : name of container to connect to
708 * @lxcpath : the lxcpath in which the container is running
709 *
710 * Returns 0 on success, < 0 on failure
711 */
712int lxc_cmd_console_winch(const char *name, const char *lxcpath)
713{
0ecf64b5 714 int ret, stopped;
b5159817
DE		 715 struct lxc_cmd_rr cmd = {
716 .req = { .cmd = LXC_CMD_CONSOLE_WINCH },
717 };
718
88556fd7 719 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
b5159817
DE		 720 if (ret < 0)
721 return ret;
722
723 return 0;
724}
725
726static int lxc_cmd_console_winch_callback(int fd, struct lxc_cmd_req *req,
727 struct lxc_handler *handler)
728{
729 struct lxc_cmd_rsp rsp = { .data = 0 };
730
731 lxc_console_sigwinch(SIGWINCH);
fe84a562 732
b5159817
DE		 733 return lxc_cmd_rsp_send(fd, &rsp);
734}
735
ef6e34ee
DE		 736/*
737 * lxc_cmd_console: Open an fd to a tty in the container
738 *
739 * @name : name of container to connect to
740 * @ttynum : in: the tty to open or -1 for next available
741 * : out: the tty allocated
742 * @fd : out: file descriptor for master side of pty
743 * @lxcpath : the lxcpath in which the container is running
744 *
0115f8fd 745 * Returns fd holding tty allocated on success, < 0 on failure
ef6e34ee
DE		 746 */
747int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
748{
0ecf64b5 749 int ret, stopped;
ef6e34ee
DE		 750 struct lxc_cmd_console_rsp_data *rspdata;
751 struct lxc_cmd_rr cmd = {
752 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
753 };
d5088cf2 754
88556fd7 755 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
ef6e34ee
DE		 756 if (ret < 0)
757 return ret;
0115f8fd
DE		 758
759 if (cmd.rsp.ret < 0) {
fe84a562 760 ERROR("%s - Denied access to tty", strerror(-cmd.rsp.ret));
ef6e34ee
DE		 761 ret = -1;
762 goto out;
763 }
d5088cf2 764
0115f8fd 765 if (ret == 0) {
fe84a562 766 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
0115f8fd 767 ret = -1;
ef6e34ee
DE		 768 goto out;
769 }
ef6e34ee
DE		 770
771 rspdata = cmd.rsp.data;
0115f8fd 772 if (rspdata->masterfd < 0) {
fe84a562 773 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
ef6e34ee
DE		 774 goto out;
775 }
776
fe84a562 777 ret = cmd.rsp.ret; /* socket fd */
0115f8fd 778 *fd = rspdata->masterfd;
ef6e34ee 779 *ttynum = rspdata->ttynum;
fe84a562
CB		 780 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
781
ef6e34ee
DE		 782out:
783 free(cmd.rsp.data);
784 return ret;
785}
786
787static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
788 struct lxc_handler *handler)
789{
fe84a562 790 int masterfd, ret;
ef6e34ee 791 struct lxc_cmd_rsp rsp;
fe84a562 792 int ttynum = PTR_TO_INT(req->data);
ef6e34ee 793
b5159817
DE		 794 masterfd = lxc_console_allocate(handler->conf, fd, &ttynum);
795 if (masterfd < 0)
ef6e34ee
DE		 796 goto out_close;
797
ef6e34ee
DE		 798 memset(&rsp, 0, sizeof(rsp));
799 rsp.data = INT_TO_PTR(ttynum);
fe84a562
CB		 800 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
801 if (ret < 0) {
802 ERROR("Failed to send tty to client");
b5159817 803 lxc_console_free(handler->conf, fd);
ef6e34ee
DE		 804 goto out_close;
805 }
806
ef6e34ee
DE		 807 return 0;
808
809out_close:
fe84a562
CB		 810 /* Special indicator to lxc_cmd_handler() to close the fd and do
811 * related cleanup.
ef6e34ee
DE		 812 */
813 return 1;
d5088cf2
CS		 814}
815
88556fd7
ÇO		 816/*
817 * lxc_cmd_get_name: Returns the name of the container
818 *
819 * @hashed_sock_name: hashed socket name
820 *
821 * Returns the name on success, NULL on failure.
822 */
823char *lxc_cmd_get_name(const char *hashed_sock_name)
824{
825 int ret, stopped;
826 struct lxc_cmd_rr cmd = {
827 .req = { .cmd = LXC_CMD_GET_NAME},
828 };
829
830 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
fe84a562 831 if (ret < 0)
88556fd7 832 return NULL;
88556fd7
ÇO		 833
834 if (cmd.rsp.ret == 0)
835 return cmd.rsp.data;
fe84a562 836
88556fd7
ÇO		 837 return NULL;
838}
839
840static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
fe84a562 841 struct lxc_handler *handler)
88556fd7
ÇO		 842{
843 struct lxc_cmd_rsp rsp;
844
845 memset(&rsp, 0, sizeof(rsp));
846
f0ecc19d 847 rsp.data = (char *)handler->name;
88556fd7
ÇO		 848 rsp.datalen = strlen(handler->name) + 1;
849 rsp.ret = 0;
850
851 return lxc_cmd_rsp_send(fd, &rsp);
852}
853
854/*
855 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
856 *
857 * @hashed_sock_name: hashed socket name
858 *
859 * Returns the lxcpath on success, NULL on failure.
860 */
861char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
862{
863 int ret, stopped;
864 struct lxc_cmd_rr cmd = {
865 .req = { .cmd = LXC_CMD_GET_LXCPATH},
866 };
724e753c 867
88556fd7 868 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
fe84a562 869 if (ret < 0)
88556fd7 870 return NULL;
88556fd7
ÇO		 871
872 if (cmd.rsp.ret == 0)
873 return cmd.rsp.data;
fe84a562 874
88556fd7
ÇO		 875 return NULL;
876}
877
878static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
879 struct lxc_handler *handler)
880{
881 struct lxc_cmd_rsp rsp;
882
883 memset(&rsp, 0, sizeof(rsp));
884
fe84a562 885 rsp.ret = 0;
88556fd7
ÇO		 886 rsp.data = (char *)handler->lxcpath;
887 rsp.datalen = strlen(handler->lxcpath) + 1;
88556fd7
ÇO		 888
889 return lxc_cmd_rsp_send(fd, &rsp);
890}
ef6e34ee 891
54446942 892int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
92e35018
CB		 893 lxc_state_t states[MAX_STATE],
894 int *state_client_fd)
dbc9832d
CB		 895{
896 int stopped;
897 ssize_t ret;
898 int state = -1;
dbc9832d
CB		 899 struct lxc_cmd_rr cmd = {
900 .req = {
54446942 901 .cmd = LXC_CMD_ADD_STATE_CLIENT,
dbc9832d
CB		 902 .data = states,
903 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
904 },
905 };
906
54446942
CB		 907 /* Lock the whole lxc_cmd_add_state_client_callback() call to ensure
908 * that lxc_set_state() doesn't cause us to miss a state.
dbc9832d
CB		 909 */
910 process_lock();
911 /* Check if already in requested state. */
912 state = lxc_getstate(name, lxcpath);
913 if (state < 0) {
914 process_unlock();
fe84a562 915 TRACE("%s - Failed to retrieve state of container", strerror(errno));
dbc9832d
CB		 916 return -1;
917 } else if (states[state]) {
918 process_unlock();
fe84a562 919 TRACE("Container is %s state", lxc_state2str(state));
dbc9832d
CB		 920 return state;
921 }
922
923 if ((state == STARTING) && !states[RUNNING] && !states[STOPPING] && !states[STOPPED]) {
924 process_unlock();
fe84a562
CB		 925 TRACE("Container is in %s state and caller requested to be "
926 "informed about a previous state", lxc_state2str(state));
dbc9832d
CB		 927 return state;
928 } else if ((state == RUNNING) && !states[STOPPING] && !states[STOPPED]) {
929 process_unlock();
fe84a562
CB		 930 TRACE("Container is in %s state and caller requested to be "
931 "informed about a previous state", lxc_state2str(state));
dbc9832d
CB		 932 return state;
933 } else if ((state == STOPPING) && !states[STOPPED]) {
934 process_unlock();
fe84a562
CB		 935 TRACE("Container is in %s state and caller requested to be "
936 "informed about a previous state", lxc_state2str(state));
dbc9832d
CB		 937 return state;
938 } else if ((state == STOPPED) || (state == ABORTING)) {
939 process_unlock();
fe84a562
CB		 940 TRACE("Container is in %s state and caller requested to be "
941 "informed about a previous state", lxc_state2str(state));
dbc9832d
CB		 942 return state;
943 }
944
945 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
946 process_unlock();
947 if (ret < 0) {
fe84a562 948 ERROR("%s - Failed to execute command", strerror(errno));
dbc9832d
CB		 949 return -1;
950 }
fe84a562 951
dbc9832d
CB		 952 /* We should now be guaranteed to get an answer from the state sending
953 * function.
954 */
955
956 if (cmd.rsp.ret < 0) {
fe84a562 957 ERROR("Failed to receive socket fd");
dbc9832d
CB		 958 return -1;
959 }
960
92e35018
CB		 961 *state_client_fd = cmd.rsp.ret;
962 return MAX_STATE;
dbc9832d
CB		 963}
964
54446942
CB		 965static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
966 struct lxc_handler *handler)
dbc9832d
CB		 967{
968 struct lxc_cmd_rsp rsp = {0};
dbc9832d 969
fe84a562 970 if (req->datalen < 0)
dbc9832d 971 return -1;
dbc9832d 972
fe84a562 973 if (req->datalen > (sizeof(lxc_state_t) * MAX_STATE))
dbc9832d 974 return -1;
dbc9832d 975
fe84a562 976 if (!req->data)
dbc9832d 977 return -1;
dbc9832d 978
c01c2be6
CB		 979 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
980 if (rsp.ret < 0)
981 ERROR("Failed to add state client %d to state client list", fd);
982 else
983 TRACE("Added state client %d to state client list", fd);
dbc9832d
CB		 984
985 return lxc_cmd_rsp_send(fd, &rsp);
986}
987
191d43cc
CB		 988int lxc_cmd_console_log(const char *name, const char *lxcpath,
989 struct lxc_console_log *log)
990{
991 int ret, stopped;
992 struct lxc_cmd_console_log data;
993 struct lxc_cmd_rr cmd;
994
995 data.clear = log->clear;
996 data.read = log->read;
997 data.read_max = *log->read_max;
63b74cda 998 data.write_logfile = log->write_logfile;
191d43cc
CB		 999
1000 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
1001 cmd.req.data = &data;
1002 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
1003
1004 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
1005 if (ret < 0)
1006 return ret;
1007
1008 /* There is nothing to be read from the buffer. So clear any values we
1009 * where passed to clearly indicate to the user that nothing went wrong.
1010 */
63b74cda 1011 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
191d43cc
CB		 1012 *log->read_max = 0;
1013 log->data = NULL;
1014 }
1015
1016 /* This is a proper error so don't touch any values we were passed. */
1017 if (cmd.rsp.ret < 0)
1018 return cmd.rsp.ret;
1019
1020 *log->read_max = cmd.rsp.datalen;
1021 log->data = cmd.rsp.data;
1022
1023 return 0;
1024}
1025
1026static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
1027 struct lxc_handler *handler)
1028{
1029 struct lxc_cmd_rsp rsp;
28f3b1cd 1030 uint64_t buffer_size = handler->conf->console.buffer_size;
191d43cc 1031 const struct lxc_cmd_console_log *log = req->data;
63b74cda 1032 struct lxc_console *console = &handler->conf->console;
191d43cc
CB		 1033 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
1034
1035 rsp.ret = -EFAULT;
1036 rsp.datalen = 0;
1037 rsp.data = NULL;
28f3b1cd 1038 if (buffer_size <= 0)
191d43cc
CB		 1039 goto out;
1040
5928191e
CB		 1041 if (log->read || log->write_logfile)
1042 rsp.datalen = lxc_ringbuf_used(buf);
1043
191d43cc
CB		 1044 if (log->read)
1045 rsp.data = lxc_ringbuf_get_read_addr(buf);
1046
1047 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
1048 rsp.datalen = log->read_max;
1049
1050 /* there's nothing to read */
63b74cda 1051 rsp.ret = -ENODATA;
191d43cc 1052 if (log->read && (buf->r_off == buf->w_off))
63b74cda
CB		 1053 goto out;
1054
1055 if (log->write_logfile && rsp.datalen > 0) {
1056 rsp.ret = -ENOENT;
3a784510 1057 if (!console->buffer_log_file)
63b74cda
CB		 1058 goto out;
1059
1060 rsp.ret = lxc_console_write_ringbuffer(console);
1061 if (rsp.ret < 0)
1062 goto out;
1063 }
1064
1065 rsp.ret = 0;
cf685555 1066 if (log->clear) {
966b9ecd
CB		 1067 int ret;
1068 size_t len;
1069 char *tmp;
1070
cf685555 1071 /* clear the ringbuffer */
191d43cc 1072 lxc_ringbuf_clear(buf);
cf685555
CB		 1073
1074 /* truncate the ringbuffer log file */
1075 if (console->buffer_log_file) {
1076 rsp.ret = -ENOENT;
1077 if (!file_exists(console->buffer_log_file))
1078 goto out;
1079
1080 /* be very certain things are kosher */
1081 rsp.ret = -EBADF;
1082 if (console->buffer_log_file_fd < 0)
1083 goto out;
1084
1085 rsp.ret = lxc_unpriv(ftruncate(console->buffer_log_file_fd, 0));
1086 if (rsp.ret < 0) {
1087 ERROR("%s - Failed to truncate console "
1088 "ringbuffer log file \"%s\"",
1089 strerror(errno), console->buffer_log_file);
1090 goto out;
1091 }
1092 }
966b9ecd
CB		 1093
1094 /* rotate the console log file */
1095 if (!console->log_path || console->log_rotate == 0)
1096 goto out;
1097
1098 /* be very certain things are kosher */
1099 rsp.ret = -EBADF;
1100 if (console->log_fd < 0)
1101 goto out;
1102
1103 len = strlen(console->log_path) + sizeof(".1");
1104 tmp = alloca(len);
1105
1106 rsp.ret = -EFBIG;
1107 ret = snprintf(tmp, len, "%s.1", console->log_path);
1108 if (ret < 0 || (size_t)ret >= len)
1109 goto out;
1110
1111 close(console->log_fd);
1112 console->log_fd = -1;
1113 rsp.ret = lxc_unpriv(rename(console->log_path, tmp));
1114 if (rsp.ret < 0)
1115 goto out;
1116
1117 rsp.ret = lxc_console_create_log_file(console);
cf685555 1118 } else if (rsp.datalen > 0) {
191d43cc 1119 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
cf685555 1120 }
191d43cc
CB		 1121
1122out:
1123 return lxc_cmd_rsp_send(fd, &rsp);
1124}
1125
ef6e34ee 1126static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
ded1d23f 1127 struct lxc_handler *handler)
724e753c 1128{
ef6e34ee
DE		 1129 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1130
1131 callback cb[LXC_CMD_MAX] = {
54446942
CB		 1132 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
1133 [LXC_CMD_CONSOLE_WINCH] = lxc_cmd_console_winch_callback,
1134 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1135 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1136 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1137 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1138 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1139 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1140 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1141 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1142 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
0d9cd9c3 1143 [LXC_CMD_SET_CONFIG_ITEM] = lxc_cmd_set_config_item_callback,
191d43cc 1144 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
724e753c
MN		 1145 };
1146
f371aca9 1147 if (req->cmd >= LXC_CMD_MAX) {
fe84a562 1148 ERROR("Undefined command id %d", req->cmd);
724e753c 1149 return -1;
ef6e34ee
DE		 1150 }
1151 return cb[req->cmd](fd, req, handler);
724e753c
MN		 1152}
1153
ef6e34ee 1154static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
ded1d23f 1155 struct lxc_epoll_descr *descr)
724e753c 1156{
b5159817 1157 lxc_console_free(handler->conf, fd);
724e753c
MN		 1158 lxc_mainloop_del_handler(descr, fd);
1159 close(fd);
1160}
1161
84c92abd
DE		 1162static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1163 struct lxc_epoll_descr *descr)
724e753c
MN		 1164{
1165 int ret;
ef6e34ee 1166 struct lxc_cmd_req req;
191d43cc 1167 void *reqdata = NULL;
724e753c
MN		 1168 struct lxc_handler *handler = data;
1169
aae93dd3 1170 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
0a3ec350 1171 if (ret == -EACCES) {
fe84a562
CB		 1172 /* We don't care for the peer, just send and close. */
1173 struct lxc_cmd_rsp rsp = {.ret = ret};
ef6e34ee
DE		 1174
1175 lxc_cmd_rsp_send(fd, &rsp);
3cc5de36 1176 goto out_close;
ded1d23f
DL		 1177 }
1178
1179 if (ret < 0) {
fe84a562
CB		 1180 SYSERROR("Failed to receive data on command socket for command "
1181 "\"%s\"", lxc_cmd_str(req.cmd));
724e753c
MN		 1182 goto out_close;
1183 }
1184
fe84a562 1185 if (ret == 0)
724e753c 1186 goto out_close;
724e753c 1187
ef6e34ee 1188 if (ret != sizeof(req)) {
c01c2be6 1189 WARN("Failed to receive full command request. Ignoring request "
fe84a562 1190 "for \"%s\"", lxc_cmd_str(req.cmd));
ef6e34ee
DE		 1191 ret = -1;
1192 goto out_close;
1193 }
1194
191d43cc
CB		 1195 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1196 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
c01c2be6 1197 ERROR("Received command data length %d is too large for "
fe84a562
CB		 1198 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1199 errno = EFBIG;
1200 ret = -EFBIG;
724e753c
MN		 1201 goto out_close;
1202 }
1203
ef6e34ee 1204 if (req.datalen > 0) {
191d43cc
CB		 1205 /* LXC_CMD_CONSOLE_LOG needs to be able to allocate data
1206 * that exceeds LXC_CMD_DATA_MAX: use malloc() for that.
1207 */
1208 if (req.cmd == LXC_CMD_CONSOLE_LOG)
1209 reqdata = malloc(req.datalen);
1210 else
1211 reqdata = alloca(req.datalen);
1212 if (!reqdata) {
1213 ERROR("Failed to allocate memory for \"%s\" command",
1214 lxc_cmd_str(req.cmd));
1215 errno = ENOMEM;
1216 ret = -ENOMEM;
1217 goto out_close;
1218 }
ef6e34ee 1219
ef6e34ee
DE		 1220 ret = recv(fd, reqdata, req.datalen, 0);
1221 if (ret != req.datalen) {
c01c2be6 1222 WARN("Failed to receive full command request. Ignoring "
fe84a562 1223 "request for \"%s\"", lxc_cmd_str(req.cmd));
ef6e34ee
DE		 1224 ret = -1;
1225 goto out_close;
1226 }
fe84a562 1227
ef6e34ee
DE		 1228 req.data = reqdata;
1229 }
1230
1231 ret = lxc_cmd_process(fd, &req, handler);
724e753c 1232 if (ret) {
fe84a562 1233 /* This is not an error, but only a request to close fd. */
724e753c
MN		 1234 ret = 0;
1235 goto out_close;
1236 }
1237
1238out:
191d43cc
CB		 1239 if (req.cmd == LXC_CMD_CONSOLE_LOG && reqdata)
1240 free(reqdata);
1241
724e753c 1242 return ret;
fe84a562 1243
724e753c 1244out_close:
ef6e34ee 1245 lxc_cmd_fd_cleanup(fd, handler, descr);
724e753c
MN		 1246 goto out;
1247}
1248
84c92abd
DE		 1249static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1250 struct lxc_epoll_descr *descr)
724e753c 1251{
fe84a562
CB		 1252 int connection;
1253 int opt = 1, ret = -1;
724e753c
MN		 1254
1255 connection = accept(fd, NULL, 0);
1256 if (connection < 0) {
08aa08fe 1257 SYSERROR("Failed to accept connection to run command.");
724e753c
MN		 1258 return -1;
1259 }
1260
fe84a562
CB		 1261 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1262 if (ret < 0) {
1263 SYSERROR("Failed to set close-on-exec on incoming command connection");
9ccb2dbc
DL		 1264 goto out_close;
1265 }
1266
fe84a562
CB		 1267 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1268 if (ret < 0) {
1269 SYSERROR("Failed to enable necessary credentials on command socket");
724e753c
MN		 1270 goto out_close;
1271 }
1272
ef6e34ee 1273 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
724e753c 1274 if (ret) {
fe84a562 1275 ERROR("Failed to add command handler");
724e753c
MN		 1276 goto out_close;
1277 }
1278
1279out:
1280 return ret;
1281
1282out_close:
1283 close(connection);
1284 goto out;
1285}
1286
9dfa4041 1287int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
724e753c 1288{
fe84a562
CB		 1289 int fd, len, ret;
1290 char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = {0};
46968ea3 1291 char *offset = &path[1];
724e753c 1292
6f2944c1
TA		 1293 /* -2 here because this is an abstract unix socket so it needs a
1294 * leading \0, and we null terminate, so it needs a trailing \0.
1295 * Although null termination isn't required by the API, we do it anyway
1296 * because we print the sockname out sometimes.
1297 */
860e7c43 1298 len = sizeof(path) - 2;
9dfa4041 1299 ret = lxc_make_abstract_socket_name(offset, len, name, lxcpath, NULL, suffix);
fe84a562 1300 if (ret < 0)
9ba8130c 1301 return -1;
9dfa4041 1302 TRACE("Creating abstract unix socket \"%s\"", offset);
724e753c 1303
aae93dd3 1304 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
724e753c 1305 if (fd < 0) {
fe84a562
CB		 1306 ERROR("%s - Failed to create command socket %s",
1307 strerror(errno), offset);
08aa08fe 1308 if (errno == EADDRINUSE)
fe84a562 1309 ERROR("Container \"%s\" appears to be already running", name);
724e753c
MN		 1310 return -1;
1311 }
1312
fe84a562
CB		 1313 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1314 if (ret < 0) {
1315 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
91480a0f
DL		 1316 close(fd);
1317 return -1;
1318 }
1319
9dfa4041 1320 return fd;
d2e30e99
DE		 1321}
1322
fe84a562 1323int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
ef6e34ee 1324 struct lxc_handler *handler)
d2e30e99 1325{
fe84a562
CB		 1326 int ret;
1327 int fd = handler->conf->maincmd_fd;
d2e30e99 1328
ef6e34ee 1329 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
fe84a562
CB		 1330 if (ret < 0) {
1331 ERROR("Failed to add handler for command socket");
724e753c
MN		 1332 close(fd);
1333 }
1334
1335 return ret;
1336}
LXC mirror