]>
Commit | Line | Data |
---|---|---|
0ad19a3f | 1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2008 | |
5 | * | |
6 | * Authors: | |
7 | * Daniel Lezcano <dlezcano at fr.ibm.com> | |
8 | * | |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
21 | * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
22 | */ | |
23 | #define _GNU_SOURCE | |
24 | #include <stdio.h> | |
25 | #undef _GNU_SOURCE | |
26 | #include <stdlib.h> | |
27 | #include <errno.h> | |
28 | #include <string.h> | |
29 | #include <dirent.h> | |
30 | #include <mntent.h> | |
31 | #include <unistd.h> | |
b0a33c1e | 32 | #include <pty.h> |
0ad19a3f | 33 | |
34 | #include <sys/types.h> | |
35 | #include <sys/utsname.h> | |
36 | #include <sys/param.h> | |
37 | #include <sys/stat.h> | |
38 | #include <sys/socket.h> | |
39 | #include <sys/mount.h> | |
40 | #include <sys/mman.h> | |
81810dd1 DL |
41 | #include <sys/prctl.h> |
42 | #include <sys/capability.h> | |
0ad19a3f | 43 | |
44 | #include <arpa/inet.h> | |
45 | #include <fcntl.h> | |
46 | #include <netinet/in.h> | |
47 | #include <net/if.h> | |
6f4a3756 | 48 | #include <libgen.h> |
0ad19a3f | 49 | |
e5bda9ee | 50 | #include "network.h" |
51 | #include "error.h" | |
b2718c72 | 52 | #include "parse.h" |
881450bb | 53 | #include "config.h" |
e5bda9ee | 54 | |
00b3c2e2 | 55 | #include <lxc/conf.h> |
36eb9bde | 56 | #include <lxc/log.h> |
00b3c2e2 | 57 | #include <lxc/lxc.h> /* for lxc_cgroup_set() */ |
36eb9bde CLG |
58 | |
59 | lxc_log_define(lxc_conf, lxc); | |
e5bda9ee | 60 | |
0ad19a3f | 61 | #define MAXHWLEN 18 |
62 | #define MAXINDEXLEN 20 | |
442cbbe6 | 63 | #define MAXMTULEN 16 |
0ad19a3f | 64 | #define MAXLINELEN 128 |
65 | ||
fdc03323 DL |
66 | #ifndef MS_REC |
67 | #define MS_REC 16384 | |
68 | #endif | |
69 | ||
b09094da MN |
70 | #ifndef CAP_SETFCAP |
71 | #define CAP_SETFCAP 31 | |
72 | #endif | |
73 | ||
74 | #ifndef CAP_MAC_OVERRIDE | |
75 | #define CAP_MAC_OVERRIDE 32 | |
76 | #endif | |
77 | ||
78 | #ifndef CAP_MAC_ADMIN | |
79 | #define CAP_MAC_ADMIN 33 | |
80 | #endif | |
81 | ||
82 | #ifndef PR_CAPBSET_DROP | |
83 | #define PR_CAPBSET_DROP 24 | |
84 | #endif | |
85 | ||
bf601689 MH |
86 | extern int pivot_root(const char * new_root, const char * put_old); |
87 | ||
82d5ae15 | 88 | typedef int (*instanciate_cb)(struct lxc_netdev *); |
0ad19a3f | 89 | |
998ac676 RT |
90 | struct mount_opt { |
91 | char *name; | |
92 | int clear; | |
93 | int flag; | |
94 | }; | |
95 | ||
81810dd1 DL |
96 | struct caps_opt { |
97 | char *name; | |
98 | int value; | |
99 | }; | |
100 | ||
82d5ae15 DL |
101 | static int instanciate_veth(struct lxc_netdev *); |
102 | static int instanciate_macvlan(struct lxc_netdev *); | |
26c39028 | 103 | static int instanciate_vlan(struct lxc_netdev *); |
82d5ae15 DL |
104 | static int instanciate_phys(struct lxc_netdev *); |
105 | static int instanciate_empty(struct lxc_netdev *); | |
106 | ||
107 | static instanciate_cb netdev_conf[MAXCONFTYPE + 1] = { | |
108 | [VETH] = instanciate_veth, | |
109 | [MACVLAN] = instanciate_macvlan, | |
26c39028 | 110 | [VLAN] = instanciate_vlan, |
82d5ae15 DL |
111 | [PHYS] = instanciate_phys, |
112 | [EMPTY] = instanciate_empty, | |
0ad19a3f | 113 | }; |
114 | ||
998ac676 RT |
115 | static struct mount_opt mount_opt[] = { |
116 | { "defaults", 0, 0 }, | |
117 | { "ro", 0, MS_RDONLY }, | |
118 | { "rw", 1, MS_RDONLY }, | |
119 | { "suid", 1, MS_NOSUID }, | |
120 | { "nosuid", 0, MS_NOSUID }, | |
121 | { "dev", 1, MS_NODEV }, | |
122 | { "nodev", 0, MS_NODEV }, | |
123 | { "exec", 1, MS_NOEXEC }, | |
124 | { "noexec", 0, MS_NOEXEC }, | |
125 | { "sync", 0, MS_SYNCHRONOUS }, | |
126 | { "async", 1, MS_SYNCHRONOUS }, | |
127 | { "remount", 0, MS_REMOUNT }, | |
128 | { "mand", 0, MS_MANDLOCK }, | |
129 | { "nomand", 1, MS_MANDLOCK }, | |
130 | { "atime", 1, MS_NOATIME }, | |
131 | { "noatime", 0, MS_NOATIME }, | |
132 | { "diratime", 1, MS_NODIRATIME }, | |
133 | { "nodiratime", 0, MS_NODIRATIME }, | |
134 | { "bind", 0, MS_BIND }, | |
135 | { "rbind", 0, MS_BIND|MS_REC }, | |
136 | { NULL, 0, 0 }, | |
137 | }; | |
138 | ||
81810dd1 | 139 | static struct caps_opt caps_opt[] = { |
1e11be34 DL |
140 | { "chown", CAP_CHOWN }, |
141 | { "dac_override", CAP_DAC_OVERRIDE }, | |
142 | { "dac_read_search", CAP_DAC_READ_SEARCH }, | |
143 | { "fowner", CAP_FOWNER }, | |
144 | { "fsetid", CAP_FSETID }, | |
81810dd1 DL |
145 | { "kill", CAP_KILL }, |
146 | { "setgid", CAP_SETGID }, | |
147 | { "setuid", CAP_SETUID }, | |
148 | { "setpcap", CAP_SETPCAP }, | |
149 | { "linux_immutable", CAP_LINUX_IMMUTABLE }, | |
150 | { "net_bind_service", CAP_NET_BIND_SERVICE }, | |
151 | { "net_broadcast", CAP_NET_BROADCAST }, | |
152 | { "net_admin", CAP_NET_ADMIN }, | |
153 | { "net_raw", CAP_NET_RAW }, | |
154 | { "ipc_lock", CAP_IPC_LOCK }, | |
155 | { "ipc_owner", CAP_IPC_OWNER }, | |
156 | { "sys_module", CAP_SYS_MODULE }, | |
157 | { "sys_rawio", CAP_SYS_RAWIO }, | |
158 | { "sys_chroot", CAP_SYS_CHROOT }, | |
159 | { "sys_ptrace", CAP_SYS_PTRACE }, | |
160 | { "sys_pacct", CAP_SYS_PACCT }, | |
161 | { "sys_admin", CAP_SYS_ADMIN }, | |
162 | { "sys_boot", CAP_SYS_BOOT }, | |
163 | { "sys_nice", CAP_SYS_NICE }, | |
164 | { "sys_resource", CAP_SYS_RESOURCE }, | |
165 | { "sys_time", CAP_SYS_TIME }, | |
166 | { "sys_tty_config", CAP_SYS_TTY_CONFIG }, | |
167 | { "mknod", CAP_MKNOD }, | |
168 | { "lease", CAP_LEASE }, | |
169 | { "audit_write", CAP_AUDIT_WRITE }, | |
170 | { "audit_control", CAP_AUDIT_CONTROL }, | |
171 | { "setfcap", CAP_SETFCAP }, | |
172 | { "mac_override", CAP_MAC_OVERRIDE }, | |
173 | { "mac_admin", CAP_MAC_ADMIN }, | |
81810dd1 DL |
174 | }; |
175 | ||
176 | ||
7a7ff0c6 | 177 | static int configure_find_fstype_cb(char* buffer, void *data) |
78ae2fcc | 178 | { |
179 | struct cbarg { | |
180 | const char *rootfs; | |
181 | const char *testdir; | |
182 | char *fstype; | |
183 | int mntopt; | |
184 | } *cbarg = data; | |
185 | ||
186 | char *fstype; | |
187 | ||
188 | /* we don't try 'nodev' entries */ | |
189 | if (strstr(buffer, "nodev")) | |
190 | return 0; | |
191 | ||
192 | fstype = buffer; | |
b2718c72 | 193 | fstype += lxc_char_left_gc(fstype, strlen(fstype)); |
194 | fstype[lxc_char_right_gc(fstype, strlen(fstype))] = '\0'; | |
78ae2fcc | 195 | |
196 | if (mount(cbarg->rootfs, cbarg->testdir, fstype, cbarg->mntopt, NULL)) | |
197 | return 0; | |
198 | ||
199 | /* found ! */ | |
200 | umount(cbarg->testdir); | |
201 | strcpy(cbarg->fstype, fstype); | |
202 | ||
203 | return 1; | |
204 | } | |
205 | ||
206 | /* find the filesystem type with brute force */ | |
207 | static int configure_find_fstype(const char *rootfs, char *fstype, int mntopt) | |
208 | { | |
209 | int i, found; | |
78ae2fcc | 210 | |
211 | struct cbarg { | |
212 | const char *rootfs; | |
213 | const char *testdir; | |
214 | char *fstype; | |
215 | int mntopt; | |
216 | } cbarg = { | |
217 | .rootfs = rootfs, | |
218 | .fstype = fstype, | |
219 | .mntopt = mntopt, | |
220 | }; | |
221 | ||
222 | /* first we check with /etc/filesystems, in case the modules | |
223 | * are auto-loaded and fall back to the supported kernel fs | |
224 | */ | |
225 | char *fsfile[] = { | |
226 | "/etc/filesystems", | |
227 | "/proc/filesystems", | |
228 | }; | |
229 | ||
230 | cbarg.testdir = tempnam("/tmp", "lxc-"); | |
231 | if (!cbarg.testdir) { | |
36eb9bde | 232 | SYSERROR("failed to build a temp name"); |
78ae2fcc | 233 | return -1; |
234 | } | |
235 | ||
236 | if (mkdir(cbarg.testdir, 0755)) { | |
36eb9bde | 237 | SYSERROR("failed to create temporary directory"); |
78ae2fcc | 238 | return -1; |
239 | } | |
240 | ||
241 | for (i = 0; i < sizeof(fsfile)/sizeof(fsfile[0]); i++) { | |
242 | ||
b2718c72 | 243 | found = lxc_file_for_each_line(fsfile[i], |
244 | configure_find_fstype_cb, | |
2382ecff | 245 | &cbarg); |
78ae2fcc | 246 | |
247 | if (found < 0) { | |
36eb9bde | 248 | SYSERROR("failed to read '%s'", fsfile[i]); |
78ae2fcc | 249 | goto out; |
250 | } | |
251 | ||
252 | if (found) | |
253 | break; | |
254 | } | |
255 | ||
256 | if (!found) { | |
36eb9bde | 257 | ERROR("failed to determine fs type for '%s'", rootfs); |
78ae2fcc | 258 | goto out; |
259 | } | |
260 | ||
261 | out: | |
262 | rmdir(cbarg.testdir); | |
263 | return found - 1; | |
264 | } | |
265 | ||
266 | static int configure_rootfs_dir_cb(const char *rootfs, const char *absrootfs, | |
267 | FILE *f) | |
268 | { | |
fdc03323 | 269 | return fprintf(f, "%s %s none rbind 0 0\n", absrootfs, rootfs); |
78ae2fcc | 270 | } |
271 | ||
272 | static int configure_rootfs_blk_cb(const char *rootfs, const char *absrootfs, | |
273 | FILE *f) | |
274 | { | |
275 | char fstype[MAXPATHLEN]; | |
276 | ||
277 | if (configure_find_fstype(absrootfs, fstype, 0)) { | |
36eb9bde | 278 | ERROR("failed to configure mount for block device '%s'", |
78ae2fcc | 279 | absrootfs); |
280 | return -1; | |
281 | } | |
282 | ||
283 | return fprintf(f, "%s %s %s defaults 0 0\n", absrootfs, rootfs, fstype); | |
284 | } | |
285 | ||
eae6543d | 286 | static int configure_rootfs(const char *name, const char *rootfs) |
0ad19a3f | 287 | { |
288 | char path[MAXPATHLEN]; | |
b09ef133 | 289 | char absrootfs[MAXPATHLEN]; |
9b0f0477 | 290 | char fstab[MAXPATHLEN]; |
78ae2fcc | 291 | struct stat s; |
9b0f0477 | 292 | FILE *f; |
78ae2fcc | 293 | int i, ret; |
294 | ||
295 | typedef int (*rootfs_cb)(const char *, const char *, FILE *); | |
296 | ||
297 | struct rootfs_type { | |
298 | int type; | |
299 | rootfs_cb cb; | |
300 | } rtfs_type[] = { | |
301 | { __S_IFDIR, configure_rootfs_dir_cb }, | |
302 | { __S_IFBLK, configure_rootfs_blk_cb }, | |
303 | }; | |
0ad19a3f | 304 | |
4c8ab83b | 305 | if (!realpath(rootfs, absrootfs)) { |
36eb9bde | 306 | SYSERROR("failed to get real path for '%s'", rootfs); |
4c8ab83b | 307 | return -1; |
308 | } | |
b09ef133 | 309 | |
4c8ab83b | 310 | snprintf(path, MAXPATHLEN, LXCPATH "/%s/rootfs", name); |
b09ef133 | 311 | |
78ae2fcc | 312 | if (mkdir(path, 0755)) { |
36eb9bde | 313 | SYSERROR("failed to create the '%s' directory", path); |
78ae2fcc | 314 | return -1; |
315 | } | |
316 | ||
b09ef133 | 317 | if (access(absrootfs, F_OK)) { |
36eb9bde | 318 | SYSERROR("'%s' is not accessible", absrootfs); |
b09ef133 | 319 | return -1; |
320 | } | |
321 | ||
78ae2fcc | 322 | if (stat(absrootfs, &s)) { |
36eb9bde | 323 | SYSERROR("failed to stat '%s'", absrootfs); |
9b0f0477 | 324 | return -1; |
325 | } | |
326 | ||
78ae2fcc | 327 | for (i = 0; i < sizeof(rtfs_type)/sizeof(rtfs_type[0]); i++) { |
9b0f0477 | 328 | |
78ae2fcc | 329 | if (!__S_ISTYPE(s.st_mode, rtfs_type[i].type)) |
330 | continue; | |
9b0f0477 | 331 | |
78ae2fcc | 332 | snprintf(fstab, MAXPATHLEN, LXCPATH "/%s/fstab", name); |
4c8ab83b | 333 | |
78ae2fcc | 334 | f = fopen(fstab, "a+"); |
335 | if (!f) { | |
36eb9bde | 336 | SYSERROR("failed to open fstab file"); |
78ae2fcc | 337 | return -1; |
338 | } | |
9b0f0477 | 339 | |
78ae2fcc | 340 | ret = rtfs_type[i].cb(path, absrootfs, f); |
9b0f0477 | 341 | |
78ae2fcc | 342 | fclose(f); |
343 | ||
344 | if (ret < 0) { | |
36eb9bde | 345 | ERROR("failed to add rootfs mount in fstab"); |
78ae2fcc | 346 | return -1; |
347 | } | |
348 | ||
349 | snprintf(path, MAXPATHLEN, LXCPATH "/%s/rootfs/rootfs", name); | |
350 | ||
351 | return symlink(absrootfs, path); | |
352 | } | |
9b0f0477 | 353 | |
36eb9bde | 354 | ERROR("unsupported rootfs type for '%s'", absrootfs); |
78ae2fcc | 355 | return -1; |
0ad19a3f | 356 | } |
357 | ||
4e5440c6 | 358 | static int setup_utsname(struct utsname *utsname) |
0ad19a3f | 359 | { |
4e5440c6 DL |
360 | if (!utsname) |
361 | return 0; | |
0ad19a3f | 362 | |
4e5440c6 DL |
363 | if (sethostname(utsname->nodename, strlen(utsname->nodename))) { |
364 | SYSERROR("failed to set the hostname to '%s'", utsname->nodename); | |
0ad19a3f | 365 | return -1; |
366 | } | |
367 | ||
4e5440c6 | 368 | INFO("'%s' hostname has been setup", utsname->nodename); |
cd54d859 | 369 | |
0ad19a3f | 370 | return 0; |
371 | } | |
372 | ||
52e35957 | 373 | static int setup_tty(const char *rootfs, const struct lxc_tty_info *tty_info) |
b0a33c1e | 374 | { |
375 | char path[MAXPATHLEN]; | |
376 | int i; | |
377 | ||
378 | for (i = 0; i < tty_info->nbtty; i++) { | |
379 | ||
380 | struct lxc_pty_info *pty_info = &tty_info->pty_info[i]; | |
381 | ||
52e35957 DL |
382 | snprintf(path, sizeof(path), "%s/dev/tty%d", |
383 | rootfs ? rootfs : "", i + 1); | |
b0a33c1e | 384 | |
13954cce | 385 | /* At this point I can not use the "access" function |
b0a33c1e | 386 | * to check the file is present or not because it fails |
387 | * with EACCES errno and I don't know why :( */ | |
13954cce | 388 | |
b0a33c1e | 389 | if (mount(pty_info->name, path, "none", MS_BIND, 0)) { |
36eb9bde | 390 | WARN("failed to mount '%s'->'%s'", |
52e35957 | 391 | pty_info->name, path); |
b0a33c1e | 392 | continue; |
393 | } | |
394 | } | |
395 | ||
cd54d859 DL |
396 | INFO("%d tty(s) has been setup", tty_info->nbtty); |
397 | ||
b0a33c1e | 398 | return 0; |
399 | } | |
400 | ||
7a7ff0c6 | 401 | static int setup_rootfs_pivot_root_cb(char *buffer, void *data) |
bf601689 MH |
402 | { |
403 | struct lxc_list *mountlist, *listentry, *iterator; | |
404 | char *pivotdir, *mountpoint, *mountentry; | |
405 | int found; | |
406 | void **cbparm; | |
407 | ||
408 | mountentry = buffer; | |
409 | cbparm = (void **)data; | |
410 | ||
411 | mountlist = cbparm[0]; | |
412 | pivotdir = cbparm[1]; | |
413 | ||
414 | /* parse entry, first field is mountname, ignore */ | |
415 | mountpoint = strtok(mountentry, " "); | |
416 | if (!mountpoint) | |
417 | return -1; | |
418 | ||
419 | /* second field is mountpoint */ | |
420 | mountpoint = strtok(NULL, " "); | |
421 | if (!mountpoint) | |
422 | return -1; | |
423 | ||
424 | /* only consider mountpoints below old root fs */ | |
425 | if (strncmp(mountpoint, pivotdir, strlen(pivotdir))) | |
426 | return 0; | |
427 | ||
428 | /* filter duplicate mountpoints */ | |
429 | found = 0; | |
430 | lxc_list_for_each(iterator, mountlist) { | |
431 | if (!strcmp(iterator->elem, mountpoint)) { | |
432 | found = 1; | |
433 | break; | |
434 | } | |
435 | } | |
436 | if (found) | |
437 | return 0; | |
438 | ||
439 | /* add entry to list */ | |
440 | listentry = malloc(sizeof(*listentry)); | |
441 | if (!listentry) { | |
442 | SYSERROR("malloc for mountpoint listentry failed"); | |
443 | return -1; | |
444 | } | |
445 | ||
446 | listentry->elem = strdup(mountpoint); | |
447 | if (!listentry->elem) { | |
448 | SYSERROR("strdup failed"); | |
449 | return -1; | |
450 | } | |
451 | lxc_list_add_tail(mountlist, listentry); | |
452 | ||
453 | return 0; | |
454 | } | |
455 | ||
456 | ||
457 | static int setup_rootfs_pivot_root(const char *rootfs, const char *pivotdir) | |
458 | { | |
2382ecff | 459 | char path[MAXPATHLEN]; |
bf601689 MH |
460 | void *cbparm[2]; |
461 | struct lxc_list mountlist, *iterator; | |
462 | int ok, still_mounted, last_still_mounted; | |
463 | int pivotdir_is_temp = 0; | |
464 | ||
465 | /* change into new root fs */ | |
466 | if (chdir(rootfs)) { | |
467 | SYSERROR("can't chroot to new rootfs '%s'", rootfs); | |
468 | return -1; | |
469 | } | |
470 | ||
471 | /* create temporary mountpoint if none specified */ | |
472 | if (!pivotdir) { | |
473 | ||
474 | snprintf(path, sizeof(path), "./lxc-oldrootfs-XXXXXX" ); | |
475 | if (!mkdtemp(path)) { | |
476 | SYSERROR("can't make temporary mountpoint"); | |
477 | return -1; | |
478 | } | |
479 | ||
480 | pivotdir = strdup(&path[1]); /* get rid of leading dot */ | |
481 | if (!pivotdir) { | |
482 | SYSERROR("strdup failed"); | |
483 | return -1; | |
484 | } | |
485 | ||
486 | pivotdir_is_temp = 1; | |
487 | } | |
488 | else { | |
489 | snprintf(path, sizeof(path), ".%s", pivotdir); | |
490 | } | |
491 | ||
492 | DEBUG("temporary mountpoint for old rootfs is '%s'", path); | |
493 | ||
494 | /* pivot_root into our new root fs */ | |
495 | ||
496 | if (pivot_root(".", path)) { | |
497 | SYSERROR("pivot_root syscall failed"); | |
498 | return -1; | |
499 | } | |
500 | ||
501 | if (chdir("/")) { | |
502 | SYSERROR("can't chroot to / after pivot_root"); | |
503 | return -1; | |
504 | } | |
505 | ||
506 | DEBUG("pivot_root syscall to '%s' successful", pivotdir); | |
507 | ||
508 | /* read and parse /proc/mounts in old root fs */ | |
509 | lxc_list_init(&mountlist); | |
510 | ||
511 | snprintf(path, sizeof(path), "%s/", pivotdir); | |
512 | cbparm[0] = &mountlist; | |
513 | cbparm[1] = strdup(path); | |
514 | ||
515 | if (!cbparm[1]) { | |
516 | SYSERROR("strdup failed"); | |
517 | return -1; | |
518 | } | |
519 | ||
520 | snprintf(path, sizeof(path), "/%s/proc/mounts", pivotdir); | |
2382ecff | 521 | ok = lxc_file_for_each_line(path, setup_rootfs_pivot_root_cb, &cbparm); |
bf601689 MH |
522 | if (ok < 0) { |
523 | SYSERROR("failed to read or parse mount list '%s'", path); | |
524 | return -1; | |
525 | } | |
526 | ||
527 | /* umount filesystems until none left or list no longer shrinks */ | |
528 | still_mounted = 0; | |
529 | do { | |
530 | last_still_mounted = still_mounted; | |
531 | still_mounted = 0; | |
532 | ||
533 | lxc_list_for_each(iterator, &mountlist) { | |
534 | ||
535 | if (!umount(iterator->elem)) { | |
536 | DEBUG("umounted '%s'", (char *)iterator->elem); | |
537 | lxc_list_del(iterator); | |
538 | continue; | |
539 | } | |
540 | ||
541 | if (errno != EBUSY) { | |
542 | SYSERROR("failed to umount '%s'", (char *)iterator->elem); | |
543 | return -1; | |
544 | } | |
545 | ||
546 | still_mounted++; | |
547 | } | |
548 | } while (still_mounted > 0 && still_mounted != last_still_mounted); | |
549 | ||
550 | if (still_mounted) { | |
551 | ERROR("could not umount %d mounts", still_mounted); | |
552 | return -1; | |
553 | } | |
554 | ||
555 | /* umount old root fs */ | |
556 | if (umount(pivotdir)) { | |
557 | SYSERROR("could not unmount old rootfs"); | |
558 | return -1; | |
559 | } | |
560 | DEBUG("umounted '%s'", pivotdir); | |
561 | ||
562 | /* remove temporary mount point */ | |
563 | if (pivotdir_is_temp) { | |
564 | if (rmdir(pivotdir)) { | |
565 | SYSERROR("can't remove temporary mountpoint"); | |
566 | return -1; | |
567 | } | |
568 | ||
569 | } | |
570 | ||
571 | INFO("pivoted to '%s'", rootfs); | |
572 | return 0; | |
573 | } | |
574 | ||
575 | static int setup_rootfs(const char *rootfs, const char *pivotdir) | |
0ad19a3f | 576 | { |
c69bd12f DL |
577 | char *tmpname; |
578 | int ret = -1; | |
0ad19a3f | 579 | |
c69bd12f DL |
580 | if (!rootfs) |
581 | return 0; | |
0ad19a3f | 582 | |
c69bd12f DL |
583 | tmpname = tempnam("/tmp", "lxc-rootfs"); |
584 | if (!tmpname) { | |
585 | SYSERROR("failed to generate temporary name"); | |
c3f0a28c | 586 | return -1; |
587 | } | |
0ad19a3f | 588 | |
c69bd12f DL |
589 | if (mkdir(tmpname, 0700)) { |
590 | SYSERROR("failed to create temporary directory '%s'", tmpname); | |
591 | return -1; | |
592 | } | |
593 | ||
594 | if (mount(rootfs, tmpname, "none", MS_BIND|MS_REC, NULL)) { | |
595 | SYSERROR("failed to mount '%s'->'%s'", rootfs, tmpname); | |
596 | goto out; | |
597 | } | |
598 | ||
bf601689 MH |
599 | if (setup_rootfs_pivot_root(tmpname, pivotdir)) { |
600 | ERROR("failed to pivot_root to '%s'", rootfs); | |
c69bd12f DL |
601 | goto out; |
602 | } | |
603 | ||
c69bd12f DL |
604 | ret = 0; |
605 | out: | |
606 | rmdir(tmpname); | |
607 | return ret; | |
0ad19a3f | 608 | } |
609 | ||
d852c78c | 610 | static int setup_pts(int pts) |
3c26f34e | 611 | { |
d852c78c DL |
612 | if (!pts) |
613 | return 0; | |
3c26f34e | 614 | |
615 | if (!access("/dev/pts/ptmx", F_OK) && umount("/dev/pts")) { | |
36eb9bde | 616 | SYSERROR("failed to umount 'dev/pts'"); |
3c26f34e | 617 | return -1; |
618 | } | |
619 | ||
d852c78c | 620 | if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL, "newinstance")) { |
36eb9bde | 621 | SYSERROR("failed to mount a new instance of '/dev/pts'"); |
3c26f34e | 622 | return -1; |
623 | } | |
624 | ||
625 | if (chmod("/dev/pts/ptmx", 0666)) { | |
36eb9bde | 626 | SYSERROR("failed to set permission for '/dev/pts/ptmx'"); |
3c26f34e | 627 | return -1; |
628 | } | |
629 | ||
630 | if (access("/dev/ptmx", F_OK)) { | |
631 | if (!symlink("/dev/pts/ptmx", "/dev/ptmx")) | |
632 | goto out; | |
36eb9bde | 633 | SYSERROR("failed to symlink '/dev/pts/ptmx'->'/dev/ptmx'"); |
3c26f34e | 634 | return -1; |
635 | } | |
636 | ||
637 | /* fallback here, /dev/pts/ptmx exists just mount bind */ | |
638 | if (mount("/dev/pts/ptmx", "/dev/ptmx", "none", MS_BIND, 0)) { | |
36eb9bde | 639 | SYSERROR("mount failed '/dev/pts/ptmx'->'/dev/ptmx'"); |
3c26f34e | 640 | return -1; |
641 | } | |
cd54d859 DL |
642 | |
643 | INFO("created new pts instance"); | |
d852c78c | 644 | |
3c26f34e | 645 | out: |
646 | return 0; | |
647 | } | |
648 | ||
52e35957 | 649 | static int setup_console(const char *rootfs, const char *tty) |
6e590161 | 650 | { |
ed502555 | 651 | char console[MAXPATHLEN]; |
652 | ||
52e35957 DL |
653 | snprintf(console, sizeof(console), "%s/dev/console", |
654 | rootfs ? rootfs : ""); | |
655 | ||
656 | /* we have the rootfs with /dev/console but no tty | |
657 | * to be used as console, let's remap /dev/console | |
658 | * to /dev/null to avoid to log to the system console | |
659 | */ | |
660 | if (rootfs && !tty[0]) { | |
661 | ||
662 | if (!access(console, F_OK)) { | |
663 | ||
664 | if (mount("/dev/null", console, "none", MS_BIND, 0)) { | |
665 | SYSERROR("failed to mount '/dev/null'->'%s'", | |
666 | console); | |
667 | return -1; | |
668 | } | |
669 | } | |
670 | } | |
671 | ||
672 | if (!tty[0]) | |
673 | return 0; | |
ed502555 | 674 | |
675 | if (access(console, R_OK|W_OK)) | |
6e590161 | 676 | return 0; |
13954cce | 677 | |
ed502555 | 678 | if (mount(tty, console, "none", MS_BIND, 0)) { |
36eb9bde | 679 | ERROR("failed to mount the console"); |
6e590161 | 680 | return -1; |
681 | } | |
682 | ||
cd54d859 DL |
683 | INFO("console '%s' mounted to '%s'", tty, console); |
684 | ||
6e590161 | 685 | return 0; |
686 | } | |
687 | ||
102a5303 | 688 | static int setup_cgroup(const char *name, struct lxc_list *cgroups) |
576f946d | 689 | { |
102a5303 DL |
690 | struct lxc_list *iterator; |
691 | struct lxc_cgroup *cg; | |
88329c69 | 692 | int ret = -1; |
6f4a3756 | 693 | |
102a5303 DL |
694 | if (lxc_list_empty(cgroups)) |
695 | return 0; | |
6f4a3756 | 696 | |
102a5303 | 697 | lxc_list_for_each(iterator, cgroups) { |
13954cce | 698 | |
102a5303 | 699 | cg = iterator->elem; |
6f4a3756 | 700 | |
102a5303 | 701 | if (lxc_cgroup_set(name, cg->subsystem, cg->value)) |
88329c69 | 702 | goto out; |
6f4a3756 | 703 | |
102a5303 | 704 | DEBUG("cgroup '%s' set to '%s'", cg->subsystem, cg->value); |
6f4a3756 | 705 | } |
13954cce | 706 | |
88329c69 | 707 | ret = 0; |
cd54d859 | 708 | INFO("cgroup has been setup"); |
88329c69 MN |
709 | out: |
710 | return ret; | |
576f946d | 711 | } |
712 | ||
998ac676 RT |
713 | static void parse_mntopt(char *opt, unsigned long *flags, char **data) |
714 | { | |
715 | struct mount_opt *mo; | |
716 | ||
717 | /* If opt is found in mount_opt, set or clear flags. | |
718 | * Otherwise append it to data. */ | |
719 | ||
720 | for (mo = &mount_opt[0]; mo->name != NULL; mo++) { | |
721 | if (!strncmp(opt, mo->name, strlen(mo->name))) { | |
722 | if (mo->clear) | |
723 | *flags &= ~mo->flag; | |
724 | else | |
725 | *flags |= mo->flag; | |
726 | return; | |
727 | } | |
728 | } | |
729 | ||
730 | if (strlen(*data)) | |
731 | strcat(*data, ","); | |
732 | strcat(*data, opt); | |
733 | } | |
734 | ||
735 | static int parse_mntopts(struct mntent *mntent, unsigned long *mntflags, | |
736 | char **mntdata) | |
737 | { | |
738 | char *s, *data; | |
739 | char *p, *saveptr = NULL; | |
740 | ||
741 | if (!mntent->mnt_opts) | |
742 | return 0; | |
743 | ||
744 | s = strdup(mntent->mnt_opts); | |
745 | if (!s) { | |
36eb9bde | 746 | SYSERROR("failed to allocate memory"); |
998ac676 RT |
747 | return -1; |
748 | } | |
749 | ||
750 | data = malloc(strlen(s) + 1); | |
751 | if (!data) { | |
36eb9bde | 752 | SYSERROR("failed to allocate memory"); |
998ac676 RT |
753 | free(s); |
754 | return -1; | |
755 | } | |
756 | *data = 0; | |
757 | ||
758 | for (p = strtok_r(s, ",", &saveptr); p != NULL; | |
759 | p = strtok_r(NULL, ",", &saveptr)) | |
760 | parse_mntopt(p, mntflags, &data); | |
761 | ||
762 | if (*data) | |
763 | *mntdata = data; | |
764 | else | |
765 | free(data); | |
766 | free(s); | |
767 | ||
768 | return 0; | |
769 | } | |
770 | ||
e7938e9e | 771 | static int mount_file_entries(FILE *file) |
0ad19a3f | 772 | { |
0ad19a3f | 773 | struct mntent *mntent; |
0ad19a3f | 774 | int ret = -1; |
998ac676 RT |
775 | unsigned long mntflags; |
776 | char *mntdata; | |
0ad19a3f | 777 | |
998ac676 | 778 | while ((mntent = getmntent(file))) { |
1bc60a65 | 779 | |
998ac676 RT |
780 | mntflags = 0; |
781 | mntdata = NULL; | |
782 | if (parse_mntopts(mntent, &mntflags, &mntdata) < 0) { | |
36eb9bde | 783 | ERROR("failed to parse mount option '%s'", |
998ac676 RT |
784 | mntent->mnt_opts); |
785 | goto out; | |
786 | } | |
0ad19a3f | 787 | |
788 | if (mount(mntent->mnt_fsname, mntent->mnt_dir, | |
998ac676 | 789 | mntent->mnt_type, mntflags, mntdata)) { |
36eb9bde | 790 | SYSERROR("failed to mount '%s' on '%s'", |
0ad19a3f | 791 | mntent->mnt_fsname, mntent->mnt_dir); |
792 | goto out; | |
793 | } | |
998ac676 | 794 | |
cd54d859 DL |
795 | DEBUG("mounted %s on %s, type %s", mntent->mnt_fsname, |
796 | mntent->mnt_dir, mntent->mnt_type); | |
797 | ||
998ac676 | 798 | free(mntdata); |
0ad19a3f | 799 | } |
cd54d859 | 800 | |
0ad19a3f | 801 | ret = 0; |
cd54d859 DL |
802 | |
803 | INFO("mount points have been setup"); | |
0ad19a3f | 804 | out: |
e7938e9e MN |
805 | return ret; |
806 | } | |
807 | ||
808 | static int setup_mount(const char *fstab) | |
809 | { | |
810 | FILE *file; | |
811 | int ret; | |
812 | ||
813 | if (!fstab) | |
814 | return 0; | |
815 | ||
816 | file = setmntent(fstab, "r"); | |
817 | if (!file) { | |
818 | SYSERROR("failed to use '%s'", fstab); | |
819 | return -1; | |
820 | } | |
821 | ||
822 | ret = mount_file_entries(file); | |
823 | ||
0ad19a3f | 824 | endmntent(file); |
825 | return ret; | |
826 | } | |
827 | ||
e7938e9e MN |
828 | static int setup_mount_entries(struct lxc_list *mount) |
829 | { | |
830 | FILE *file; | |
831 | struct lxc_list *iterator; | |
832 | char *mount_entry; | |
833 | int ret; | |
834 | ||
835 | file = tmpfile(); | |
836 | if (!file) { | |
837 | ERROR("tmpfile error: %m"); | |
838 | return -1; | |
839 | } | |
840 | ||
841 | lxc_list_for_each(iterator, mount) { | |
842 | mount_entry = iterator->elem; | |
1d6b1976 | 843 | fprintf(file, "%s\n", mount_entry); |
e7938e9e MN |
844 | } |
845 | ||
846 | rewind(file); | |
847 | ||
848 | ret = mount_file_entries(file); | |
849 | ||
850 | fclose(file); | |
851 | return ret; | |
852 | } | |
853 | ||
81810dd1 DL |
854 | static int setup_caps(struct lxc_list *caps) |
855 | { | |
856 | struct lxc_list *iterator; | |
857 | char *drop_entry; | |
858 | int i, capid; | |
859 | ||
860 | lxc_list_for_each(iterator, caps) { | |
861 | ||
862 | drop_entry = iterator->elem; | |
863 | ||
864 | capid = -1; | |
865 | ||
866 | for (i = 0; i < sizeof(caps_opt)/sizeof(caps_opt[0]); i++) { | |
867 | ||
868 | if (strcmp(drop_entry, caps_opt[i].name)) | |
869 | continue; | |
870 | ||
871 | capid = caps_opt[i].value; | |
872 | break; | |
873 | } | |
874 | ||
875 | if (capid < 0) { | |
1e11be34 DL |
876 | ERROR("unknown capability %s", drop_entry); |
877 | return -1; | |
81810dd1 DL |
878 | } |
879 | ||
880 | DEBUG("drop capability '%s' (%d)", drop_entry, capid); | |
881 | ||
882 | if (prctl(PR_CAPBSET_DROP, capid, 0, 0, 0)) { | |
883 | SYSERROR("failed to remove %s capability", drop_entry); | |
884 | return -1; | |
885 | } | |
886 | ||
887 | } | |
888 | ||
889 | DEBUG("capabilities has been setup"); | |
890 | ||
891 | return 0; | |
892 | } | |
893 | ||
0ad19a3f | 894 | static int setup_hw_addr(char *hwaddr, const char *ifname) |
895 | { | |
896 | struct sockaddr sockaddr; | |
897 | struct ifreq ifr; | |
898 | int ret, fd; | |
899 | ||
900 | if (lxc_convert_mac(hwaddr, &sockaddr)) { | |
3ab87b66 | 901 | ERROR("conversion has failed"); |
0ad19a3f | 902 | return -1; |
903 | } | |
904 | ||
905 | memcpy(ifr.ifr_name, ifname, IFNAMSIZ); | |
906 | memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr)); | |
907 | ||
908 | fd = socket(AF_INET, SOCK_DGRAM, 0); | |
909 | if (fd < 0) { | |
3ab87b66 | 910 | ERROR("socket failure : %s", strerror(errno)); |
0ad19a3f | 911 | return -1; |
912 | } | |
913 | ||
914 | ret = ioctl(fd, SIOCSIFHWADDR, &ifr); | |
915 | close(fd); | |
916 | if (ret) | |
3ab87b66 | 917 | ERROR("ioctl failure : %s", strerror(errno)); |
0ad19a3f | 918 | |
cd54d859 DL |
919 | DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifname); |
920 | ||
0ad19a3f | 921 | return ret; |
922 | } | |
923 | ||
82d5ae15 | 924 | static int setup_ipv4_addr(struct lxc_list *ip, int ifindex) |
0ad19a3f | 925 | { |
82d5ae15 DL |
926 | struct lxc_list *iterator; |
927 | struct lxc_inetdev *inetdev; | |
0ad19a3f | 928 | |
82d5ae15 DL |
929 | lxc_list_for_each(iterator, ip) { |
930 | ||
931 | inetdev = iterator->elem; | |
932 | ||
4bf1968d DL |
933 | if (lxc_ip_addr_add(AF_INET, ifindex, |
934 | &inetdev->addr, inetdev->prefix)) { | |
82d5ae15 DL |
935 | return -1; |
936 | } | |
937 | } | |
938 | ||
939 | return 0; | |
0ad19a3f | 940 | } |
941 | ||
82d5ae15 | 942 | static int setup_ipv6_addr(struct lxc_list *ip, int ifindex) |
0ad19a3f | 943 | { |
82d5ae15 | 944 | struct lxc_list *iterator; |
7fa9074f | 945 | struct lxc_inet6dev *inet6dev; |
0ad19a3f | 946 | |
82d5ae15 DL |
947 | lxc_list_for_each(iterator, ip) { |
948 | ||
949 | inet6dev = iterator->elem; | |
950 | ||
4bf1968d DL |
951 | if (lxc_ip_addr_add(AF_INET6, ifindex, |
952 | & inet6dev->addr, inet6dev->prefix)) | |
82d5ae15 | 953 | return -1; |
82d5ae15 DL |
954 | } |
955 | ||
956 | return 0; | |
0ad19a3f | 957 | } |
958 | ||
82d5ae15 | 959 | static int setup_netdev(struct lxc_netdev *netdev) |
0ad19a3f | 960 | { |
0ad19a3f | 961 | char ifname[IFNAMSIZ]; |
0ad19a3f | 962 | char *current_ifname = ifname; |
0ad19a3f | 963 | |
82d5ae15 DL |
964 | /* empty network namespace */ |
965 | if (!netdev->ifindex) { | |
966 | if (netdev->flags | IFF_UP) { | |
967 | if (lxc_device_up("lo")) { | |
968 | ERROR("failed to set the loopback up"); | |
969 | return -1; | |
970 | } | |
971 | return 0; | |
972 | } | |
0ad19a3f | 973 | } |
13954cce | 974 | |
82d5ae15 DL |
975 | /* retrieve the name of the interface */ |
976 | if (!if_indextoname(netdev->ifindex, current_ifname)) { | |
36eb9bde | 977 | ERROR("no interface corresponding to index '%d'", |
82d5ae15 | 978 | netdev->ifindex); |
0ad19a3f | 979 | return -1; |
980 | } | |
13954cce | 981 | |
018ef520 | 982 | /* default: let the system to choose one interface name */ |
9d083402 MT |
983 | if (!netdev->name) |
984 | netdev->name = "eth%d"; | |
018ef520 | 985 | |
82d5ae15 | 986 | /* rename the interface name */ |
9d083402 | 987 | if (lxc_device_rename(ifname, netdev->name)) { |
018ef520 DL |
988 | ERROR("failed to rename %s->%s", ifname, current_ifname); |
989 | return -1; | |
990 | } | |
991 | ||
992 | /* Re-read the name of the interface because its name has changed | |
993 | * and would be automatically allocated by the system | |
994 | */ | |
82d5ae15 | 995 | if (!if_indextoname(netdev->ifindex, current_ifname)) { |
018ef520 | 996 | ERROR("no interface corresponding to index '%d'", |
82d5ae15 | 997 | netdev->ifindex); |
018ef520 | 998 | return -1; |
0ad19a3f | 999 | } |
1000 | ||
82d5ae15 DL |
1001 | /* set a mac address */ |
1002 | if (netdev->hwaddr) { | |
1003 | if (setup_hw_addr(netdev->hwaddr, current_ifname)) { | |
36eb9bde | 1004 | ERROR("failed to setup hw address for '%s'", |
82d5ae15 | 1005 | current_ifname); |
0ad19a3f | 1006 | return -1; |
1007 | } | |
1008 | } | |
1009 | ||
82d5ae15 DL |
1010 | /* setup ipv4 addresses on the interface */ |
1011 | if (setup_ipv4_addr(&netdev->ipv4, netdev->ifindex)) { | |
36eb9bde | 1012 | ERROR("failed to setup ip addresses for '%s'", |
0ad19a3f | 1013 | ifname); |
1014 | return -1; | |
1015 | } | |
1016 | ||
82d5ae15 DL |
1017 | /* setup ipv6 addresses on the interface */ |
1018 | if (setup_ipv6_addr(&netdev->ipv6, netdev->ifindex)) { | |
36eb9bde | 1019 | ERROR("failed to setup ipv6 addresses for '%s'", |
0ad19a3f | 1020 | ifname); |
1021 | return -1; | |
1022 | } | |
1023 | ||
82d5ae15 DL |
1024 | /* set the network device up */ |
1025 | if (netdev->flags | IFF_UP) { | |
497353b6 | 1026 | if (lxc_device_up(current_ifname)) { |
36eb9bde | 1027 | ERROR("failed to set '%s' up", current_ifname); |
0ad19a3f | 1028 | return -1; |
1029 | } | |
1030 | ||
1031 | /* the network is up, make the loopback up too */ | |
497353b6 | 1032 | if (lxc_device_up("lo")) { |
36eb9bde | 1033 | ERROR("failed to set the loopback up"); |
0ad19a3f | 1034 | return -1; |
1035 | } | |
1036 | } | |
1037 | ||
cd54d859 DL |
1038 | DEBUG("'%s' has been setup", current_ifname); |
1039 | ||
0ad19a3f | 1040 | return 0; |
1041 | } | |
1042 | ||
5f4535a3 | 1043 | static int setup_network(struct lxc_list *network) |
0ad19a3f | 1044 | { |
82d5ae15 | 1045 | struct lxc_list *iterator; |
82d5ae15 | 1046 | struct lxc_netdev *netdev; |
0ad19a3f | 1047 | |
5f4535a3 | 1048 | lxc_list_for_each(iterator, network) { |
cd54d859 | 1049 | |
5f4535a3 | 1050 | netdev = iterator->elem; |
82d5ae15 DL |
1051 | |
1052 | if (setup_netdev(netdev)) { | |
1053 | ERROR("failed to setup netdev"); | |
1054 | return -1; | |
1055 | } | |
1056 | } | |
cd54d859 | 1057 | |
5f4535a3 DL |
1058 | if (!lxc_list_empty(network)) |
1059 | INFO("network has been setup"); | |
cd54d859 DL |
1060 | |
1061 | return 0; | |
0ad19a3f | 1062 | } |
1063 | ||
7b379ab3 | 1064 | struct lxc_conf *lxc_conf_init(void) |
089cd8b8 | 1065 | { |
7b379ab3 MN |
1066 | struct lxc_conf *new; |
1067 | ||
1068 | new = malloc(sizeof(*new)); | |
1069 | if (!new) { | |
1070 | ERROR("lxc_conf_init : %m"); | |
1071 | return NULL; | |
1072 | } | |
1073 | memset(new, 0, sizeof(*new)); | |
1074 | ||
1075 | new->rootfs = NULL; | |
bf601689 | 1076 | new->pivotdir = NULL; |
7b379ab3 MN |
1077 | new->fstab = NULL; |
1078 | new->utsname = NULL; | |
1079 | new->tty = 0; | |
1080 | new->pts = 0; | |
1081 | new->console[0] = '\0'; | |
1082 | lxc_list_init(&new->cgroup); | |
1083 | lxc_list_init(&new->network); | |
1084 | lxc_list_init(&new->mount_list); | |
81810dd1 | 1085 | lxc_list_init(&new->caps); |
7b379ab3 MN |
1086 | |
1087 | return new; | |
089cd8b8 DL |
1088 | } |
1089 | ||
82d5ae15 | 1090 | static int instanciate_veth(struct lxc_netdev *netdev) |
0ad19a3f | 1091 | { |
8634bc19 | 1092 | char veth1buf[IFNAMSIZ], *veth1; |
82d5ae15 | 1093 | char veth2[IFNAMSIZ]; |
13954cce | 1094 | |
e892973e DL |
1095 | if (netdev->priv.veth_attr.pair) |
1096 | veth1 = netdev->priv.veth_attr.pair; | |
8634bc19 MT |
1097 | else { |
1098 | snprintf(veth1buf, sizeof(veth1buf), "vethXXXXXX"); | |
1099 | mktemp(veth1buf); | |
1100 | veth1 = veth1buf; | |
1101 | } | |
82d5ae15 | 1102 | |
8634bc19 | 1103 | snprintf(veth2, sizeof(veth2), "vethXXXXXX"); |
82d5ae15 DL |
1104 | mktemp(veth2); |
1105 | ||
1106 | if (!strlen(veth1) || !strlen(veth2)) { | |
1107 | ERROR("failed to allocate a temporary name"); | |
1108 | return -1; | |
0ad19a3f | 1109 | } |
1110 | ||
eb14c10a | 1111 | if (lxc_veth_create(veth1, veth2)) { |
734915ac | 1112 | ERROR("failed to create %s-%s", veth1, veth2); |
6ab9ab6d | 1113 | return -1; |
0ad19a3f | 1114 | } |
13954cce | 1115 | |
82d5ae15 | 1116 | if (netdev->mtu) { |
6ab9ab6d MT |
1117 | if (lxc_device_set_mtu(veth1, atoi(netdev->mtu)) || |
1118 | lxc_device_set_mtu(veth2, atoi(netdev->mtu))) { | |
1119 | ERROR("failed to set mtu '%s' for %s-%s", | |
1120 | netdev->mtu, veth1, veth2); | |
eb14c10a | 1121 | goto out_delete; |
75d09f83 DL |
1122 | } |
1123 | } | |
1124 | ||
734915ac | 1125 | if (netdev->link && lxc_bridge_attach(netdev->link, veth1)) { |
36eb9bde | 1126 | ERROR("failed to attach '%s' to the bridge '%s'", |
9d083402 | 1127 | veth1, netdev->link); |
eb14c10a DL |
1128 | goto out_delete; |
1129 | } | |
1130 | ||
82d5ae15 DL |
1131 | netdev->ifindex = if_nametoindex(veth2); |
1132 | if (!netdev->ifindex) { | |
36eb9bde | 1133 | ERROR("failed to retrieve the index for %s", veth2); |
eb14c10a DL |
1134 | goto out_delete; |
1135 | } | |
1136 | ||
82d5ae15 | 1137 | if (netdev->flags & IFF_UP) { |
497353b6 | 1138 | if (lxc_device_up(veth1)) { |
36eb9bde | 1139 | ERROR("failed to set %s up", veth1); |
eb14c10a | 1140 | goto out_delete; |
0ad19a3f | 1141 | } |
1142 | } | |
1143 | ||
82d5ae15 DL |
1144 | DEBUG("instanciated veth '%s/%s', index is '%d'", |
1145 | veth1, veth2, netdev->ifindex); | |
1146 | ||
6ab9ab6d | 1147 | return 0; |
eb14c10a DL |
1148 | |
1149 | out_delete: | |
1150 | lxc_device_delete(veth1); | |
6ab9ab6d | 1151 | return -1; |
13954cce | 1152 | } |
d957ae2d | 1153 | |
82d5ae15 | 1154 | static int instanciate_macvlan(struct lxc_netdev *netdev) |
0ad19a3f | 1155 | { |
82d5ae15 | 1156 | char peer[IFNAMSIZ]; |
d957ae2d MT |
1157 | |
1158 | if (!netdev->link) { | |
1159 | ERROR("no link specified for macvlan netdev"); | |
1160 | return -1; | |
1161 | } | |
13954cce | 1162 | |
82d5ae15 | 1163 | snprintf(peer, sizeof(peer), "mcXXXXXX"); |
22ebac19 | 1164 | |
82d5ae15 DL |
1165 | mktemp(peer); |
1166 | ||
1167 | if (!strlen(peer)) { | |
1168 | ERROR("failed to make a temporary name"); | |
1169 | return -1; | |
0ad19a3f | 1170 | } |
1171 | ||
e892973e DL |
1172 | if (lxc_macvlan_create(netdev->link, peer, |
1173 | netdev->priv.macvlan_attr.mode)) { | |
36eb9bde | 1174 | ERROR("failed to create macvlan interface '%s' on '%s'", |
9d083402 | 1175 | peer, netdev->link); |
d957ae2d | 1176 | return -1; |
0ad19a3f | 1177 | } |
1178 | ||
82d5ae15 DL |
1179 | netdev->ifindex = if_nametoindex(peer); |
1180 | if (!netdev->ifindex) { | |
36eb9bde | 1181 | ERROR("failed to retrieve the index for %s", peer); |
d957ae2d MT |
1182 | lxc_device_delete(peer); |
1183 | return -1; | |
22ebac19 | 1184 | } |
1185 | ||
e892973e DL |
1186 | DEBUG("instanciated macvlan '%s', index is '%d' and mode '%d'", |
1187 | peer, netdev->ifindex, netdev->priv.macvlan_attr.mode); | |
0ad19a3f | 1188 | |
d957ae2d | 1189 | return 0; |
0ad19a3f | 1190 | } |
1191 | ||
26c39028 JHS |
1192 | /* XXX: merge with instanciate_macvlan */ |
1193 | static int instanciate_vlan(struct lxc_netdev *netdev) | |
1194 | { | |
1195 | char peer[IFNAMSIZ]; | |
1196 | ||
1197 | if (!netdev->link) { | |
1198 | ERROR("no link specified for vlan netdev"); | |
1199 | return -1; | |
1200 | } | |
1201 | ||
e892973e | 1202 | snprintf(peer, sizeof(peer), "vlan%d", netdev->priv.vlan_attr.vid); |
26c39028 | 1203 | |
f6cc1de1 | 1204 | if (lxc_vlan_create(netdev->link, peer, netdev->priv.vlan_attr.vid)) { |
26c39028 JHS |
1205 | ERROR("failed to create vlan interface '%s' on '%s'", |
1206 | peer, netdev->link); | |
1207 | return -1; | |
1208 | } | |
1209 | ||
1210 | netdev->ifindex = if_nametoindex(peer); | |
1211 | if (!netdev->ifindex) { | |
1212 | ERROR("failed to retrieve the ifindex for %s", peer); | |
1213 | lxc_device_delete(peer); | |
1214 | return -1; | |
1215 | } | |
1216 | ||
e892973e DL |
1217 | DEBUG("instanciated vlan '%s', ifindex is '%d'", " vlan1000", |
1218 | netdev->ifindex); | |
1219 | ||
26c39028 JHS |
1220 | return 0; |
1221 | } | |
1222 | ||
82d5ae15 | 1223 | static int instanciate_phys(struct lxc_netdev *netdev) |
0ad19a3f | 1224 | { |
9d083402 | 1225 | netdev->ifindex = if_nametoindex(netdev->link); |
82d5ae15 | 1226 | if (!netdev->ifindex) { |
9d083402 | 1227 | ERROR("failed to retrieve the index for %s", netdev->link); |
0ad19a3f | 1228 | return -1; |
1229 | } | |
1230 | ||
82d5ae15 | 1231 | return 0; |
0ad19a3f | 1232 | } |
1233 | ||
82d5ae15 | 1234 | static int instanciate_empty(struct lxc_netdev *netdev) |
0ad19a3f | 1235 | { |
82d5ae15 DL |
1236 | netdev->ifindex = 0; |
1237 | return 0; | |
0ad19a3f | 1238 | } |
1239 | ||
5f4535a3 | 1240 | int lxc_create_network(struct lxc_list *network) |
0ad19a3f | 1241 | { |
82d5ae15 | 1242 | struct lxc_list *iterator; |
82d5ae15 | 1243 | struct lxc_netdev *netdev; |
0ad19a3f | 1244 | |
5f4535a3 | 1245 | lxc_list_for_each(iterator, network) { |
0ad19a3f | 1246 | |
5f4535a3 | 1247 | netdev = iterator->elem; |
13954cce | 1248 | |
5f4535a3 | 1249 | if (netdev->type < 0 || netdev->type > MAXCONFTYPE) { |
82d5ae15 | 1250 | ERROR("invalid network configuration type '%d'", |
5f4535a3 | 1251 | netdev->type); |
82d5ae15 DL |
1252 | return -1; |
1253 | } | |
0ad19a3f | 1254 | |
5f4535a3 | 1255 | if (netdev_conf[netdev->type](netdev)) { |
82d5ae15 DL |
1256 | ERROR("failed to create netdev"); |
1257 | return -1; | |
1258 | } | |
0ad19a3f | 1259 | } |
1260 | ||
1261 | return 0; | |
1262 | } | |
1263 | ||
5f4535a3 | 1264 | int lxc_assign_network(struct lxc_list *network, pid_t pid) |
0ad19a3f | 1265 | { |
82d5ae15 | 1266 | struct lxc_list *iterator; |
82d5ae15 | 1267 | struct lxc_netdev *netdev; |
0ad19a3f | 1268 | |
5f4535a3 | 1269 | lxc_list_for_each(iterator, network) { |
82d5ae15 | 1270 | |
5f4535a3 | 1271 | netdev = iterator->elem; |
82d5ae15 DL |
1272 | |
1273 | if (lxc_device_move(netdev->ifindex, pid)) { | |
1274 | ERROR("failed to move '%s' to the container", | |
9d083402 | 1275 | netdev->link); |
82d5ae15 DL |
1276 | return -1; |
1277 | } | |
1278 | ||
9d083402 | 1279 | DEBUG("move '%s' to '%d'", netdev->link, pid); |
0ad19a3f | 1280 | } |
1281 | ||
1282 | return 0; | |
1283 | } | |
1284 | ||
5e4a62bf | 1285 | int lxc_create_tty(const char *name, struct lxc_conf *conf) |
b0a33c1e | 1286 | { |
5e4a62bf | 1287 | struct lxc_tty_info *tty_info = &conf->tty_info; |
985d15b1 | 1288 | int i; |
b0a33c1e | 1289 | |
5e4a62bf DL |
1290 | /* no tty in the configuration */ |
1291 | if (!conf->tty) | |
b0a33c1e | 1292 | return 0; |
1293 | ||
13954cce | 1294 | tty_info->pty_info = |
e4e7d59d | 1295 | malloc(sizeof(*tty_info->pty_info)*conf->tty); |
b0a33c1e | 1296 | if (!tty_info->pty_info) { |
36eb9bde | 1297 | SYSERROR("failed to allocate pty_info"); |
985d15b1 | 1298 | return -1; |
b0a33c1e | 1299 | } |
1300 | ||
985d15b1 | 1301 | for (i = 0; i < conf->tty; i++) { |
13954cce | 1302 | |
b0a33c1e | 1303 | struct lxc_pty_info *pty_info = &tty_info->pty_info[i]; |
1304 | ||
13954cce | 1305 | if (openpty(&pty_info->master, &pty_info->slave, |
b0a33c1e | 1306 | pty_info->name, NULL, NULL)) { |
36eb9bde | 1307 | SYSERROR("failed to create pty #%d", i); |
985d15b1 MT |
1308 | tty_info->nbtty = i; |
1309 | lxc_delete_tty(tty_info); | |
1310 | return -1; | |
b0a33c1e | 1311 | } |
1312 | ||
b035ad62 MS |
1313 | /* Prevent leaking the file descriptors to the container */ |
1314 | fcntl(pty_info->master, F_SETFD, FD_CLOEXEC); | |
1315 | fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC); | |
1316 | ||
b0a33c1e | 1317 | pty_info->busy = 0; |
1318 | } | |
1319 | ||
985d15b1 | 1320 | tty_info->nbtty = conf->tty; |
1ac470c0 DL |
1321 | |
1322 | INFO("tty's configured"); | |
1323 | ||
985d15b1 | 1324 | return 0; |
b0a33c1e | 1325 | } |
1326 | ||
1327 | void lxc_delete_tty(struct lxc_tty_info *tty_info) | |
1328 | { | |
1329 | int i; | |
1330 | ||
1331 | for (i = 0; i < tty_info->nbtty; i++) { | |
1332 | struct lxc_pty_info *pty_info = &tty_info->pty_info[i]; | |
1333 | ||
1334 | close(pty_info->master); | |
1335 | close(pty_info->slave); | |
1336 | } | |
1337 | ||
1338 | free(tty_info->pty_info); | |
1339 | tty_info->nbtty = 0; | |
1340 | } | |
1341 | ||
571e6ec8 | 1342 | int lxc_setup(const char *name, struct lxc_conf *lxc_conf) |
0ad19a3f | 1343 | { |
571e6ec8 | 1344 | if (setup_utsname(lxc_conf->utsname)) { |
36eb9bde | 1345 | ERROR("failed to setup the utsname for '%s'", name); |
95b5ffaf | 1346 | return -1; |
0ad19a3f | 1347 | } |
1348 | ||
5f4535a3 | 1349 | if (setup_network(&lxc_conf->network)) { |
36eb9bde | 1350 | ERROR("failed to setup the network for '%s'", name); |
95b5ffaf | 1351 | return -1; |
0ad19a3f | 1352 | } |
1353 | ||
571e6ec8 | 1354 | if (setup_cgroup(name, &lxc_conf->cgroup)) { |
36eb9bde | 1355 | ERROR("failed to setup the cgroups for '%s'", name); |
95b5ffaf | 1356 | return -1; |
0ad19a3f | 1357 | } |
1358 | ||
571e6ec8 | 1359 | if (setup_mount(lxc_conf->fstab)) { |
36eb9bde | 1360 | ERROR("failed to setup the mounts for '%s'", name); |
95b5ffaf | 1361 | return -1; |
576f946d | 1362 | } |
1363 | ||
e7938e9e MN |
1364 | if (setup_mount_entries(&lxc_conf->mount_list)) { |
1365 | ERROR("failed to setup the mount entries for '%s'", name); | |
1366 | return -1; | |
1367 | } | |
1368 | ||
571e6ec8 | 1369 | if (setup_console(lxc_conf->rootfs, lxc_conf->console)) { |
36eb9bde | 1370 | ERROR("failed to setup the console for '%s'", name); |
95b5ffaf | 1371 | return -1; |
6e590161 | 1372 | } |
1373 | ||
571e6ec8 | 1374 | if (setup_tty(lxc_conf->rootfs, &lxc_conf->tty_info)) { |
36eb9bde | 1375 | ERROR("failed to setup the ttys for '%s'", name); |
95b5ffaf | 1376 | return -1; |
b0a33c1e | 1377 | } |
1378 | ||
bf601689 | 1379 | if (setup_rootfs(lxc_conf->rootfs, lxc_conf->pivotdir)) { |
36eb9bde | 1380 | ERROR("failed to set rootfs for '%s'", name); |
95b5ffaf | 1381 | return -1; |
ed502555 | 1382 | } |
1383 | ||
571e6ec8 | 1384 | if (setup_pts(lxc_conf->pts)) { |
36eb9bde | 1385 | ERROR("failed to setup the new pts instance"); |
95b5ffaf | 1386 | return -1; |
3c26f34e | 1387 | } |
1388 | ||
81810dd1 DL |
1389 | if (setup_caps(&lxc_conf->caps)) { |
1390 | ERROR("failed to drop capabilities"); | |
1391 | return -1; | |
1392 | } | |
1393 | ||
cd54d859 DL |
1394 | NOTICE("'%s' is setup.", name); |
1395 | ||
0ad19a3f | 1396 | return 0; |
1397 | } |