]>
Commit | Line | Data |
---|---|---|
e29fe1dd TA |
1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * Copyright © 2014-2015 Canonical Ltd. | |
5 | * | |
6 | * Authors: | |
7 | * Tycho Andersen <tycho.andersen@canonical.com> | |
8 | * | |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
22 | */ | |
23 | #define _GNU_SOURCE | |
9b945f13 | 24 | #include <inttypes.h> |
e29fe1dd TA |
25 | #include <linux/limits.h> |
26 | #include <sched.h> | |
27 | #include <stdio.h> | |
28 | #include <stdlib.h> | |
29 | #include <string.h> | |
30 | #include <sys/mount.h> | |
31 | #include <sys/types.h> | |
32 | #include <sys/wait.h> | |
33 | #include <unistd.h> | |
34 | ||
35 | #include "config.h" | |
36 | ||
e29fe1dd TA |
37 | #include "cgroup.h" |
38 | #include "conf.h" | |
dc259399 | 39 | #include "commands.h" |
e29fe1dd TA |
40 | #include "criu.h" |
41 | #include "log.h" | |
42 | #include "lxc.h" | |
43 | #include "lxclock.h" | |
44 | #include "network.h" | |
28d832c4 | 45 | #include "storage.h" |
e29fe1dd TA |
46 | #include "utils.h" |
47 | ||
5f4e44a2 TA |
48 | #if IS_BIONIC |
49 | #include <../include/lxcmntent.h> | |
50 | #else | |
51 | #include <mntent.h> | |
52 | #endif | |
53 | ||
c33b0338 | 54 | #define CRIU_VERSION "2.0" |
73d46752 TA |
55 | |
56 | #define CRIU_GITID_VERSION "2.0" | |
57 | #define CRIU_GITID_PATCHLEVEL 0 | |
58 | ||
f1954503 | 59 | #define CRIU_IN_FLIGHT_SUPPORT "2.4" |
46c8ffd5 | 60 | #define CRIU_EXTERNAL_NOT_VETH "2.8" |
f1954503 | 61 | |
e29fe1dd TA |
62 | lxc_log_define(lxc_criu, lxc); |
63 | ||
73d46752 | 64 | struct criu_opts { |
5af85cb1 TA |
65 | /* the thing to hook to stdout and stderr for logging */ |
66 | int pipefd; | |
67 | ||
73d46752 TA |
68 | /* The type of criu invocation, one of "dump" or "restore" */ |
69 | char *action; | |
70 | ||
b2c3710f TA |
71 | /* the user-provided migrate options relevant to this action */ |
72 | struct migrate_opts *user; | |
73d46752 TA |
73 | |
74 | /* The container to dump */ | |
75 | struct lxc_container *c; | |
76 | ||
73d46752 | 77 | /* dump: stop the container or not after dumping? */ |
4b54788e | 78 | char tty_id[32]; /* the criu tty id for /dev/console, i.e. "tty[${rdev}:${dev}]" */ |
73d46752 TA |
79 | |
80 | /* restore: the file to write the init process' pid into */ | |
0ab5703f | 81 | struct lxc_handler *handler; |
4b54788e TA |
82 | int console_fd; |
83 | /* The path that is bind mounted from /dev/console, if any. We don't | |
84 | * want to use `--ext-mount-map auto`'s result here because the pts | |
85 | * device may have a different path (e.g. if the pty number is | |
3aed4934 | 86 | * different) on the target host. NULL if lxc.console.path = "none". |
4b54788e TA |
87 | */ |
88 | char *console_name; | |
f1954503 AR |
89 | |
90 | /* The detected version of criu */ | |
91 | char *criu_version; | |
73d46752 TA |
92 | }; |
93 | ||
4b54788e TA |
94 | static int load_tty_major_minor(char *directory, char *output, int len) |
95 | { | |
96 | FILE *f; | |
97 | char path[PATH_MAX]; | |
98 | int ret; | |
99 | ||
100 | ret = snprintf(path, sizeof(path), "%s/tty.info", directory); | |
101 | if (ret < 0 || ret >= sizeof(path)) { | |
102 | ERROR("snprintf'd too many chacters: %d", ret); | |
103 | return -1; | |
104 | } | |
105 | ||
106 | f = fopen(path, "r"); | |
107 | if (!f) { | |
108 | /* This means we're coming from a liblxc which didn't export | |
3aed4934 CB |
109 | * the tty info. In this case they had to have lxc.console.path |
110 | * = * none, so there's no problem restoring. | |
4b54788e TA |
111 | */ |
112 | if (errno == ENOENT) | |
113 | return 0; | |
114 | ||
115 | SYSERROR("couldn't open %s", path); | |
116 | return -1; | |
117 | } | |
118 | ||
119 | if (!fgets(output, len, f)) { | |
120 | fclose(f); | |
121 | SYSERROR("couldn't read %s", path); | |
122 | return -1; | |
123 | } | |
124 | ||
125 | fclose(f); | |
126 | return 0; | |
127 | } | |
128 | ||
74ad3607 FB |
129 | static int cmp_version(const char *v1, const char *v2) |
130 | { | |
131 | int ret; | |
132 | int oct_v1[3], oct_v2[3]; | |
133 | ||
134 | memset(oct_v1, -1, sizeof(oct_v1)); | |
135 | memset(oct_v2, -1, sizeof(oct_v2)); | |
136 | ||
137 | ret = sscanf(v1, "%d.%d.%d", &oct_v1[0], &oct_v1[1], &oct_v1[2]); | |
138 | if (ret < 1) | |
139 | return -1; | |
140 | ||
141 | ret = sscanf(v2, "%d.%d.%d", &oct_v2[0], &oct_v2[1], &oct_v2[2]); | |
142 | if (ret < 1) | |
143 | return -1; | |
144 | ||
145 | /* Major version is greater. */ | |
146 | if (oct_v1[0] > oct_v2[0]) | |
147 | return 1; | |
148 | ||
149 | if (oct_v1[0] < oct_v2[0]) | |
150 | return -1; | |
151 | ||
152 | /* Minor number is greater.*/ | |
153 | if (oct_v1[1] > oct_v2[1]) | |
154 | return 1; | |
155 | ||
156 | if (oct_v1[1] < oct_v2[1]) | |
157 | return -1; | |
158 | ||
159 | /* Patch number is greater. */ | |
160 | if (oct_v1[2] > oct_v2[2]) | |
161 | return 1; | |
162 | ||
163 | /* Patch numbers are equal. */ | |
164 | if (oct_v1[2] == oct_v2[2]) | |
165 | return 0; | |
166 | ||
167 | return -1; | |
168 | } | |
169 | ||
9451eeff | 170 | static void exec_criu(struct criu_opts *opts) |
e29fe1dd TA |
171 | { |
172 | char **argv, log[PATH_MAX]; | |
19d1509c | 173 | int static_args = 23, argc = 0, i, ret; |
e29fe1dd TA |
174 | int netnr = 0; |
175 | struct lxc_list *it; | |
5f4e44a2 TA |
176 | FILE *mnts; |
177 | struct mntent mntent; | |
e29fe1dd | 178 | |
a17fa3c0 NE |
179 | char buf[4096], tty_info[32]; |
180 | size_t pos; | |
5af85cb1 | 181 | |
e9195050 TA |
182 | /* If we are currently in a cgroup /foo/bar, and the container is in a |
183 | * cgroup /lxc/foo, lxcfs will give us an ENOENT if some task in the | |
184 | * container has an open fd that points to one of the cgroup files | |
185 | * (systemd always opens its "root" cgroup). So, let's escape to the | |
186 | * /actual/ root cgroup so that lxcfs thinks criu has enough rights to | |
187 | * see all cgroups. | |
188 | */ | |
7103fe6f | 189 | if (!cgroup_escape()) { |
e9195050 TA |
190 | ERROR("failed to escape cgroups"); |
191 | return; | |
192 | } | |
193 | ||
e29fe1dd | 194 | /* The command line always looks like: |
19d1509c | 195 | * criu $(action) --tcp-established --file-locks --link-remap \ |
5f178bc9 | 196 | * --manage-cgroups=full --action-script foo.sh -D $(directory) \ |
e29fe1dd TA |
197 | * -o $(directory)/$(action).log --ext-mount-map auto |
198 | * --enable-external-sharing --enable-external-masters | |
4b54788e | 199 | * --enable-fs hugetlbfs --enable-fs tracefs --ext-mount-map console:/dev/pts/n |
e29fe1dd TA |
200 | * +1 for final NULL */ |
201 | ||
aef3d51e | 202 | if (strcmp(opts->action, "dump") == 0 || strcmp(opts->action, "pre-dump") == 0) { |
dc259399 TA |
203 | /* -t pid --freeze-cgroup /lxc/ct */ |
204 | static_args += 4; | |
e29fe1dd | 205 | |
aef3d51e | 206 | /* --prev-images-dir <path-to-directory-A-relative-to-B> */ |
b2c3710f | 207 | if (opts->user->predump_dir) |
aef3d51e TA |
208 | static_args += 2; |
209 | ||
74eb576c | 210 | /* --page-server --address <address> --port <port> */ |
b2c3710f | 211 | if (opts->user->pageserver_address && opts->user->pageserver_port) |
74eb576c NE |
212 | static_args += 5; |
213 | ||
aef3d51e | 214 | /* --leave-running (only for final dump) */ |
b2c3710f | 215 | if (strcmp(opts->action, "dump") == 0 && !opts->user->stop) |
e29fe1dd | 216 | static_args++; |
4b54788e TA |
217 | |
218 | /* --external tty[88,4] */ | |
219 | if (opts->tty_id[0]) | |
220 | static_args += 2; | |
19d1509c TA |
221 | |
222 | /* --force-irmap */ | |
223 | if (!opts->user->preserves_inodes) | |
224 | static_args++; | |
b2b7b0d2 TA |
225 | |
226 | /* --ghost-limit 1024 */ | |
227 | if (opts->user->ghost_limit) | |
228 | static_args += 2; | |
e29fe1dd TA |
229 | } else if (strcmp(opts->action, "restore") == 0) { |
230 | /* --root $(lxc_mount_point) --restore-detached | |
0ab5703f | 231 | * --restore-sibling |
13389b29 TA |
232 | * --lsm-profile apparmor:whatever |
233 | */ | |
0ab5703f | 234 | static_args += 6; |
4b54788e TA |
235 | |
236 | tty_info[0] = 0; | |
b2c3710f | 237 | if (load_tty_major_minor(opts->user->directory, tty_info, sizeof(tty_info))) |
4b54788e TA |
238 | return; |
239 | ||
240 | /* --inherit-fd fd[%d]:tty[%s] */ | |
241 | if (tty_info[0]) | |
242 | static_args += 2; | |
e29fe1dd TA |
243 | } else { |
244 | return; | |
245 | } | |
246 | ||
09e80d0c TA |
247 | if (cgroup_num_hierarchies() > 0) |
248 | static_args += 2 * cgroup_num_hierarchies(); | |
0ab5703f | 249 | |
b2c3710f | 250 | if (opts->user->verbose) |
e29fe1dd TA |
251 | static_args++; |
252 | ||
b9ee6643 TA |
253 | if (opts->user->action_script) |
254 | static_args += 2; | |
255 | ||
5f4e44a2 TA |
256 | static_args += 2 * lxc_list_len(&opts->c->lxc_conf->mount_list); |
257 | ||
b2c3710f | 258 | ret = snprintf(log, PATH_MAX, "%s/%s.log", opts->user->directory, opts->action); |
e29fe1dd | 259 | if (ret < 0 || ret >= PATH_MAX) { |
9f1f54b0 | 260 | ERROR("logfile name too long"); |
e29fe1dd TA |
261 | return; |
262 | } | |
263 | ||
264 | argv = malloc(static_args * sizeof(*argv)); | |
265 | if (!argv) | |
266 | return; | |
267 | ||
268 | memset(argv, 0, static_args * sizeof(*argv)); | |
269 | ||
270 | #define DECLARE_ARG(arg) \ | |
271 | do { \ | |
272 | if (arg == NULL) { \ | |
273 | ERROR("Got NULL argument for criu"); \ | |
274 | goto err; \ | |
275 | } \ | |
276 | argv[argc++] = strdup(arg); \ | |
277 | if (!argv[argc-1]) \ | |
278 | goto err; \ | |
279 | } while (0) | |
280 | ||
281 | argv[argc++] = on_path("criu", NULL); | |
282 | if (!argv[argc-1]) { | |
9f1f54b0 | 283 | ERROR("Couldn't find criu binary"); |
e29fe1dd TA |
284 | goto err; |
285 | } | |
286 | ||
287 | DECLARE_ARG(opts->action); | |
288 | DECLARE_ARG("--tcp-established"); | |
289 | DECLARE_ARG("--file-locks"); | |
290 | DECLARE_ARG("--link-remap"); | |
0a5fc6df | 291 | DECLARE_ARG("--manage-cgroups=full"); |
e29fe1dd TA |
292 | DECLARE_ARG("--ext-mount-map"); |
293 | DECLARE_ARG("auto"); | |
294 | DECLARE_ARG("--enable-external-sharing"); | |
295 | DECLARE_ARG("--enable-external-masters"); | |
dd62857a TA |
296 | DECLARE_ARG("--enable-fs"); |
297 | DECLARE_ARG("hugetlbfs"); | |
5b454329 TA |
298 | DECLARE_ARG("--enable-fs"); |
299 | DECLARE_ARG("tracefs"); | |
e29fe1dd | 300 | DECLARE_ARG("-D"); |
b2c3710f | 301 | DECLARE_ARG(opts->user->directory); |
e29fe1dd TA |
302 | DECLARE_ARG("-o"); |
303 | DECLARE_ARG(log); | |
304 | ||
0ab5703f TA |
305 | for (i = 0; i < cgroup_num_hierarchies(); i++) { |
306 | char **controllers = NULL, *fullname; | |
31b204e4 | 307 | char *path, *tmp; |
0ab5703f TA |
308 | |
309 | if (!cgroup_get_hierarchies(i, &controllers)) { | |
310 | ERROR("failed to get hierarchy %d", i); | |
311 | goto err; | |
312 | } | |
313 | ||
314 | /* if we are in a dump, we have to ask the monitor process what | |
315 | * the right cgroup is. if this is a restore, we can just use | |
316 | * the handler the restore task created. | |
317 | */ | |
318 | if (!strcmp(opts->action, "dump") || !strcmp(opts->action, "pre-dump")) { | |
319 | path = lxc_cmd_get_cgroup_path(opts->c->name, opts->c->config_path, controllers[0]); | |
320 | if (!path) { | |
321 | ERROR("failed to get cgroup path for %s", controllers[0]); | |
322 | goto err; | |
323 | } | |
324 | } else { | |
325 | const char *p; | |
326 | ||
327 | p = cgroup_get_cgroup(opts->handler, controllers[0]); | |
328 | if (!p) { | |
329 | ERROR("failed to get cgroup path for %s", controllers[0]); | |
330 | goto err; | |
331 | } | |
332 | ||
333 | path = strdup(p); | |
334 | if (!path) { | |
335 | ERROR("strdup failed"); | |
336 | goto err; | |
337 | } | |
338 | } | |
339 | ||
31b204e4 CB |
340 | tmp = lxc_deslashify(path); |
341 | if (!tmp) { | |
342 | ERROR("Failed to remove extraneous slashes from \"%s\"", | |
343 | path); | |
0ab5703f TA |
344 | free(path); |
345 | goto err; | |
346 | } | |
31b204e4 CB |
347 | free(path); |
348 | path = tmp; | |
0ab5703f TA |
349 | |
350 | fullname = lxc_string_join(",", (const char **) controllers, false); | |
351 | if (!fullname) { | |
352 | ERROR("failed to join controllers"); | |
353 | free(path); | |
354 | goto err; | |
355 | } | |
356 | ||
357 | ret = sprintf(buf, "%s:%s", fullname, path); | |
358 | free(path); | |
359 | free(fullname); | |
360 | if (ret < 0 || ret >= sizeof(buf)) { | |
361 | ERROR("sprintf of cgroup root arg failed"); | |
362 | goto err; | |
363 | } | |
364 | ||
365 | DECLARE_ARG("--cgroup-root"); | |
366 | DECLARE_ARG(buf); | |
367 | } | |
368 | ||
b2c3710f | 369 | if (opts->user->verbose) |
e29fe1dd TA |
370 | DECLARE_ARG("-vvvvvv"); |
371 | ||
b9ee6643 TA |
372 | if (opts->user->action_script) { |
373 | DECLARE_ARG("--action-script"); | |
374 | DECLARE_ARG(opts->user->action_script); | |
375 | } | |
376 | ||
5ef5c9a3 | 377 | mnts = make_anonymous_mount_file(&opts->c->lxc_conf->mount_list); |
5f4e44a2 TA |
378 | if (!mnts) |
379 | goto err; | |
380 | ||
381 | while (getmntent_r(mnts, &mntent, buf, sizeof(buf))) { | |
19d2422b | 382 | char *fmt, *key, *val, *mntdata; |
5f4e44a2 | 383 | char arg[2 * PATH_MAX + 2]; |
19d2422b TA |
384 | unsigned long flags; |
385 | ||
386 | if (parse_mntopts(mntent.mnt_opts, &flags, &mntdata) < 0) | |
387 | goto err; | |
388 | ||
389 | free(mntdata); | |
390 | ||
391 | /* only add --ext-mount-map for actual bind mounts */ | |
392 | if (!(flags & MS_BIND)) | |
393 | continue; | |
5f4e44a2 TA |
394 | |
395 | if (strcmp(opts->action, "dump") == 0) { | |
396 | fmt = "/%s:%s"; | |
397 | key = mntent.mnt_dir; | |
398 | val = mntent.mnt_dir; | |
399 | } else { | |
400 | fmt = "%s:%s"; | |
401 | key = mntent.mnt_dir; | |
402 | val = mntent.mnt_fsname; | |
403 | } | |
404 | ||
405 | ret = snprintf(arg, sizeof(arg), fmt, key, val); | |
406 | if (ret < 0 || ret >= sizeof(arg)) { | |
407 | fclose(mnts); | |
408 | ERROR("snprintf failed"); | |
409 | goto err; | |
410 | } | |
411 | ||
412 | DECLARE_ARG("--ext-mount-map"); | |
413 | DECLARE_ARG(arg); | |
414 | } | |
415 | fclose(mnts); | |
416 | ||
aef3d51e | 417 | if (strcmp(opts->action, "dump") == 0 || strcmp(opts->action, "pre-dump") == 0) { |
dc259399 | 418 | char pid[32], *freezer_relative; |
e29fe1dd TA |
419 | |
420 | if (sprintf(pid, "%d", opts->c->init_pid(opts->c)) < 0) | |
421 | goto err; | |
422 | ||
423 | DECLARE_ARG("-t"); | |
424 | DECLARE_ARG(pid); | |
dc259399 TA |
425 | |
426 | freezer_relative = lxc_cmd_get_cgroup_path(opts->c->name, | |
427 | opts->c->config_path, | |
428 | "freezer"); | |
429 | if (!freezer_relative) { | |
430 | ERROR("failed getting freezer path"); | |
431 | goto err; | |
432 | } | |
433 | ||
434 | ret = snprintf(log, sizeof(log), "/sys/fs/cgroup/freezer/%s", freezer_relative); | |
435 | if (ret < 0 || ret >= sizeof(log)) | |
436 | goto err; | |
437 | ||
f1954503 AR |
438 | if (!opts->user->disable_skip_in_flight && |
439 | strcmp(opts->criu_version, CRIU_IN_FLIGHT_SUPPORT) >= 0) | |
440 | DECLARE_ARG("--skip-in-flight"); | |
441 | ||
dc259399 TA |
442 | DECLARE_ARG("--freeze-cgroup"); |
443 | DECLARE_ARG(log); | |
444 | ||
4b54788e | 445 | if (opts->tty_id[0]) { |
36d2096c TA |
446 | DECLARE_ARG("--ext-mount-map"); |
447 | DECLARE_ARG("/dev/console:console"); | |
448 | ||
4b54788e TA |
449 | DECLARE_ARG("--external"); |
450 | DECLARE_ARG(opts->tty_id); | |
451 | } | |
452 | ||
b2c3710f | 453 | if (opts->user->predump_dir) { |
aef3d51e | 454 | DECLARE_ARG("--prev-images-dir"); |
b2c3710f | 455 | DECLARE_ARG(opts->user->predump_dir); |
9f99a33f | 456 | DECLARE_ARG("--track-mem"); |
74eb576c | 457 | } |
4c0c0319 | 458 | |
b2c3710f | 459 | if (opts->user->pageserver_address && opts->user->pageserver_port) { |
74eb576c NE |
460 | DECLARE_ARG("--page-server"); |
461 | DECLARE_ARG("--address"); | |
b2c3710f | 462 | DECLARE_ARG(opts->user->pageserver_address); |
74eb576c | 463 | DECLARE_ARG("--port"); |
b2c3710f | 464 | DECLARE_ARG(opts->user->pageserver_port); |
74eb576c | 465 | } |
aef3d51e | 466 | |
19d1509c TA |
467 | if (!opts->user->preserves_inodes) |
468 | DECLARE_ARG("--force-irmap"); | |
469 | ||
b2b7b0d2 TA |
470 | if (opts->user->ghost_limit) { |
471 | char ghost_limit[32]; | |
472 | ||
9b945f13 | 473 | ret = sprintf(ghost_limit, "%"PRIu64, opts->user->ghost_limit); |
b2b7b0d2 | 474 | if (ret < 0 || ret >= sizeof(ghost_limit)) { |
9b945f13 | 475 | ERROR("failed to print ghost limit %"PRIu64, opts->user->ghost_limit); |
b2b7b0d2 TA |
476 | goto err; |
477 | } | |
478 | ||
479 | DECLARE_ARG("--ghost-limit"); | |
480 | DECLARE_ARG(ghost_limit); | |
481 | } | |
482 | ||
aef3d51e | 483 | /* only for final dump */ |
b2c3710f | 484 | if (strcmp(opts->action, "dump") == 0 && !opts->user->stop) |
e29fe1dd TA |
485 | DECLARE_ARG("--leave-running"); |
486 | } else if (strcmp(opts->action, "restore") == 0) { | |
487 | void *m; | |
488 | int additional; | |
13389b29 | 489 | struct lxc_conf *lxc_conf = opts->c->lxc_conf; |
e29fe1dd TA |
490 | |
491 | DECLARE_ARG("--root"); | |
492 | DECLARE_ARG(opts->c->lxc_conf->rootfs.mount); | |
493 | DECLARE_ARG("--restore-detached"); | |
494 | DECLARE_ARG("--restore-sibling"); | |
e29fe1dd | 495 | |
4b54788e | 496 | if (tty_info[0]) { |
97e4f1a9 | 497 | if (opts->console_fd < 0) { |
3aed4934 | 498 | ERROR("lxc.console.path configured on source host but not target"); |
97e4f1a9 TA |
499 | goto err; |
500 | } | |
501 | ||
4b54788e TA |
502 | ret = snprintf(buf, sizeof(buf), "fd[%d]:%s", opts->console_fd, tty_info); |
503 | if (ret < 0 || ret >= sizeof(buf)) | |
504 | goto err; | |
505 | ||
506 | DECLARE_ARG("--inherit-fd"); | |
507 | DECLARE_ARG(buf); | |
508 | } | |
509 | if (opts->console_name) { | |
510 | if (snprintf(buf, sizeof(buf), "console:%s", opts->console_name) < 0) { | |
511 | SYSERROR("sprintf'd too many bytes"); | |
512 | } | |
513 | DECLARE_ARG("--ext-mount-map"); | |
514 | DECLARE_ARG(buf); | |
515 | } | |
516 | ||
13389b29 TA |
517 | if (lxc_conf->lsm_aa_profile || lxc_conf->lsm_se_context) { |
518 | ||
519 | if (lxc_conf->lsm_aa_profile) | |
520 | ret = snprintf(buf, sizeof(buf), "apparmor:%s", lxc_conf->lsm_aa_profile); | |
521 | else | |
522 | ret = snprintf(buf, sizeof(buf), "selinux:%s", lxc_conf->lsm_se_context); | |
523 | ||
524 | if (ret < 0 || ret >= sizeof(buf)) | |
525 | goto err; | |
526 | ||
527 | DECLARE_ARG("--lsm-profile"); | |
528 | DECLARE_ARG(buf); | |
529 | } | |
530 | ||
e29fe1dd TA |
531 | additional = lxc_list_len(&opts->c->lxc_conf->network) * 2; |
532 | ||
fa071249 TA |
533 | m = realloc(argv, (argc + additional + 1) * sizeof(*argv)); |
534 | if (!m) | |
535 | goto err; | |
e29fe1dd TA |
536 | argv = m; |
537 | ||
538 | lxc_list_for_each(it, &opts->c->lxc_conf->network) { | |
539 | char eth[128], *veth; | |
46c8ffd5 | 540 | char *fmt; |
e29fe1dd | 541 | struct lxc_netdev *n = it->elem; |
46c8ffd5 AR |
542 | bool external_not_veth; |
543 | ||
74ad3607 | 544 | if (cmp_version(opts->criu_version, CRIU_EXTERNAL_NOT_VETH) >= 0) { |
46c8ffd5 AR |
545 | /* Since criu version 2.8 the usage of --veth-pair |
546 | * has been deprecated: | |
547 | * git tag --contains f2037e6d3445fc400 | |
548 | * v2.8 */ | |
549 | external_not_veth = true; | |
550 | } else { | |
551 | external_not_veth = false; | |
552 | } | |
e29fe1dd | 553 | |
42277b1c | 554 | if (n->name[0] != '\0') { |
e29fe1dd TA |
555 | if (strlen(n->name) >= sizeof(eth)) |
556 | goto err; | |
557 | strncpy(eth, n->name, sizeof(eth)); | |
796a109d TA |
558 | } else { |
559 | ret = snprintf(eth, sizeof(eth), "eth%d", netnr); | |
560 | if (ret < 0 || ret >= sizeof(eth)) | |
561 | goto err; | |
562 | } | |
e29fe1dd | 563 | |
e2697330 TA |
564 | switch (n->type) { |
565 | case LXC_NET_VETH: | |
566 | veth = n->priv.veth_attr.pair; | |
ea7f6b29 CB |
567 | if (veth[0] == '\0') |
568 | veth = n->priv.veth_attr.veth1; | |
e29fe1dd | 569 | |
de4855a8 | 570 | if (n->link[0] != '\0') { |
46c8ffd5 AR |
571 | if (external_not_veth) |
572 | fmt = "veth[%s]:%s@%s"; | |
573 | else | |
574 | fmt = "%s=%s@%s"; | |
575 | ||
576 | ret = snprintf(buf, sizeof(buf), fmt, eth, veth, n->link); | |
577 | } else { | |
578 | if (external_not_veth) | |
579 | fmt = "veth[%s]:%s"; | |
580 | else | |
581 | fmt = "%s=%s"; | |
582 | ||
583 | ret = snprintf(buf, sizeof(buf), fmt, eth, veth); | |
584 | } | |
e2697330 TA |
585 | if (ret < 0 || ret >= sizeof(buf)) |
586 | goto err; | |
587 | break; | |
588 | case LXC_NET_MACVLAN: | |
de4855a8 | 589 | if (n->link[0] == '\0') { |
9f1f54b0 | 590 | ERROR("no host interface for macvlan %s", n->name); |
e2697330 TA |
591 | goto err; |
592 | } | |
593 | ||
594 | ret = snprintf(buf, sizeof(buf), "macvlan[%s]:%s", eth, n->link); | |
595 | if (ret < 0 || ret >= sizeof(buf)) | |
596 | goto err; | |
597 | break; | |
598 | case LXC_NET_NONE: | |
599 | case LXC_NET_EMPTY: | |
600 | break; | |
601 | default: | |
602 | /* we have screened for this earlier... */ | |
9f1f54b0 | 603 | ERROR("unexpected network type %d", n->type); |
e29fe1dd | 604 | goto err; |
e2697330 | 605 | } |
e29fe1dd | 606 | |
46c8ffd5 AR |
607 | if (external_not_veth) |
608 | DECLARE_ARG("--external"); | |
609 | else | |
610 | DECLARE_ARG("--veth-pair"); | |
e29fe1dd | 611 | DECLARE_ARG(buf); |
2f3fbc6b | 612 | netnr++; |
e29fe1dd TA |
613 | } |
614 | ||
615 | } | |
616 | ||
617 | argv[argc] = NULL; | |
618 | ||
cf4b07a5 | 619 | buf[0] = 0; |
a17fa3c0 | 620 | pos = 0; |
72a30576 | 621 | |
cf4b07a5 | 622 | for (i = 0; argv[i]; i++) { |
72a30576 NE |
623 | ret = snprintf(buf + pos, sizeof(buf) - pos, "%s ", argv[i]); |
624 | if (ret < 0 || ret >= sizeof(buf) - pos) | |
625 | goto err; | |
626 | else | |
627 | pos += ret; | |
cf4b07a5 TA |
628 | } |
629 | ||
630 | INFO("execing: %s", buf); | |
631 | ||
5af85cb1 TA |
632 | /* before criu inits its log, it sometimes prints things to stdout/err; |
633 | * let's be sure we capture that. | |
634 | */ | |
635 | if (dup2(opts->pipefd, STDOUT_FILENO) < 0) { | |
636 | SYSERROR("dup2 stdout failed"); | |
637 | goto err; | |
638 | } | |
639 | ||
640 | if (dup2(opts->pipefd, STDERR_FILENO) < 0) { | |
641 | SYSERROR("dup2 stderr failed"); | |
642 | goto err; | |
643 | } | |
644 | ||
645 | close(opts->pipefd); | |
646 | ||
e29fe1dd TA |
647 | #undef DECLARE_ARG |
648 | execv(argv[0], argv); | |
649 | err: | |
e29fe1dd TA |
650 | for (i = 0; argv[i]; i++) |
651 | free(argv[i]); | |
652 | free(argv); | |
653 | } | |
654 | ||
8ba5ced7 TA |
655 | /* |
656 | * Check to see if the criu version is recent enough for all the features we | |
657 | * use. This version allows either CRIU_VERSION or (CRIU_GITID_VERSION and | |
658 | * CRIU_GITID_PATCHLEVEL) to work, enabling users building from git to c/r | |
659 | * things potentially before a version is released with a particular feature. | |
660 | * | |
661 | * The intent is that when criu development slows down, we can drop this, but | |
662 | * for now we shouldn't attempt to c/r with versions that we know won't work. | |
5407e2ab CB |
663 | * |
664 | * Note: If version != NULL criu_version() stores the detected criu version in | |
665 | * version. Allocates memory for version which must be freed by caller. | |
8ba5ced7 | 666 | */ |
5407e2ab | 667 | static bool criu_version_ok(char **version) |
8ba5ced7 TA |
668 | { |
669 | int pipes[2]; | |
670 | pid_t pid; | |
671 | ||
672 | if (pipe(pipes) < 0) { | |
673 | SYSERROR("pipe() failed"); | |
674 | return false; | |
675 | } | |
676 | ||
677 | pid = fork(); | |
678 | if (pid < 0) { | |
679 | SYSERROR("fork() failed"); | |
680 | return false; | |
681 | } | |
682 | ||
683 | if (pid == 0) { | |
684 | char *args[] = { "criu", "--version", NULL }; | |
755fa453 | 685 | char *path; |
8ba5ced7 TA |
686 | close(pipes[0]); |
687 | ||
688 | close(STDERR_FILENO); | |
689 | if (dup2(pipes[1], STDOUT_FILENO) < 0) | |
690 | exit(1); | |
691 | ||
755fa453 | 692 | path = on_path("criu", NULL); |
d9b32b09 SH |
693 | if (!path) |
694 | exit(1); | |
695 | ||
755fa453 | 696 | execv(path, args); |
8ba5ced7 TA |
697 | exit(1); |
698 | } else { | |
699 | FILE *f; | |
5407e2ab | 700 | char *tmp; |
8ba5ced7 TA |
701 | int patch; |
702 | ||
703 | close(pipes[1]); | |
704 | if (wait_for_pid(pid) < 0) { | |
705 | close(pipes[0]); | |
4eae4051 | 706 | SYSERROR("execing criu failed, is it installed?"); |
8ba5ced7 TA |
707 | return false; |
708 | } | |
709 | ||
710 | f = fdopen(pipes[0], "r"); | |
711 | if (!f) { | |
712 | close(pipes[0]); | |
713 | return false; | |
714 | } | |
715 | ||
5407e2ab CB |
716 | tmp = malloc(1024); |
717 | if (!tmp) { | |
718 | fclose(f); | |
719 | return false; | |
720 | } | |
721 | ||
722 | if (fscanf(f, "Version: %1023[^\n]s", tmp) != 1) | |
8ba5ced7 TA |
723 | goto version_error; |
724 | ||
725 | if (fgetc(f) != '\n') | |
726 | goto version_error; | |
727 | ||
5407e2ab | 728 | if (strcmp(tmp, CRIU_VERSION) >= 0) |
8ba5ced7 TA |
729 | goto version_match; |
730 | ||
5407e2ab | 731 | if (fscanf(f, "GitID: v%1023[^-]s", tmp) != 1) |
8ba5ced7 TA |
732 | goto version_error; |
733 | ||
734 | if (fgetc(f) != '-') | |
735 | goto version_error; | |
736 | ||
737 | if (fscanf(f, "%d", &patch) != 1) | |
738 | goto version_error; | |
739 | ||
5407e2ab | 740 | if (strcmp(tmp, CRIU_GITID_VERSION) < 0) |
8ba5ced7 TA |
741 | goto version_error; |
742 | ||
743 | if (patch < CRIU_GITID_PATCHLEVEL) | |
744 | goto version_error; | |
745 | ||
746 | version_match: | |
3158ab5b | 747 | fclose(f); |
5407e2ab CB |
748 | if (!version) |
749 | free(tmp); | |
750 | else | |
751 | *version = tmp; | |
8ba5ced7 TA |
752 | return true; |
753 | ||
754 | version_error: | |
3158ab5b | 755 | fclose(f); |
5407e2ab | 756 | free(tmp); |
9f1f54b0 | 757 | ERROR("must have criu " CRIU_VERSION " or greater to checkpoint/restore"); |
8ba5ced7 TA |
758 | return false; |
759 | } | |
760 | } | |
761 | ||
e29fe1dd TA |
762 | /* Check and make sure the container has a configuration that we know CRIU can |
763 | * dump. */ | |
f1954503 | 764 | static bool criu_ok(struct lxc_container *c, char **criu_version) |
e29fe1dd TA |
765 | { |
766 | struct lxc_list *it; | |
e29fe1dd | 767 | |
f1954503 | 768 | if (!criu_version_ok(criu_version)) |
8ba5ced7 TA |
769 | return false; |
770 | ||
e29fe1dd | 771 | if (geteuid()) { |
9f1f54b0 | 772 | ERROR("Must be root to checkpoint"); |
e29fe1dd TA |
773 | return false; |
774 | } | |
775 | ||
776 | /* We only know how to restore containers with veth networks. */ | |
777 | lxc_list_for_each(it, &c->lxc_conf->network) { | |
778 | struct lxc_netdev *n = it->elem; | |
65b20221 TA |
779 | switch(n->type) { |
780 | case LXC_NET_VETH: | |
781 | case LXC_NET_NONE: | |
782 | case LXC_NET_EMPTY: | |
e2697330 | 783 | case LXC_NET_MACVLAN: |
65b20221 TA |
784 | break; |
785 | default: | |
9f1f54b0 | 786 | ERROR("Found un-dumpable network: %s (%s)", lxc_net_type_to_str(n->type), n->name); |
e29fe1dd TA |
787 | return false; |
788 | } | |
789 | } | |
790 | ||
e29fe1dd TA |
791 | return true; |
792 | } | |
793 | ||
e29fe1dd TA |
794 | static bool restore_net_info(struct lxc_container *c) |
795 | { | |
796 | struct lxc_list *it; | |
797 | bool has_error = true; | |
798 | ||
799 | if (container_mem_lock(c)) | |
800 | return false; | |
801 | ||
802 | lxc_list_for_each(it, &c->lxc_conf->network) { | |
803 | struct lxc_netdev *netdev = it->elem; | |
804 | char template[IFNAMSIZ]; | |
65b20221 TA |
805 | |
806 | if (netdev->type != LXC_NET_VETH) | |
807 | continue; | |
808 | ||
e29fe1dd TA |
809 | snprintf(template, sizeof(template), "vethXXXXXX"); |
810 | ||
de4855a8 CB |
811 | if (netdev->priv.veth_attr.pair[0] == '\0' && |
812 | netdev->priv.veth_attr.veth1[0] == '\0') { | |
966e9f1f | 813 | if (!lxc_mkifname(template)) |
de4855a8 CB |
814 | goto out_unlock; |
815 | ||
966e9f1f | 816 | strcpy(netdev->priv.veth_attr.veth1, template); |
de4855a8 | 817 | } |
e29fe1dd TA |
818 | } |
819 | ||
820 | has_error = false; | |
821 | ||
822 | out_unlock: | |
823 | container_mem_unlock(c); | |
824 | return !has_error; | |
825 | } | |
826 | ||
1a0e70ac CB |
827 | /* do_restore never returns, the calling process is used as the monitor process. |
828 | * do_restore calls exit() if it fails. | |
829 | */ | |
c33b0338 | 830 | static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_opts *opts, char *criu_version) |
e29fe1dd | 831 | { |
5af9369b | 832 | int fd, ret; |
e29fe1dd | 833 | pid_t pid; |
e29fe1dd | 834 | struct lxc_handler *handler; |
113ebd57 | 835 | int status = 0; |
9b1e2e6e | 836 | int pipes[2] = {-1, -1}; |
e29fe1dd | 837 | |
a7fb6043 TA |
838 | /* Try to detach from the current controlling tty if it exists. |
839 | * Othwerise, lxc_init (via lxc_console) will attach the container's | |
840 | * console output to the current tty, which is probably not what any | |
841 | * library user wants, and if they do, they can just manually configure | |
842 | * it :) | |
843 | */ | |
844 | fd = open("/dev/tty", O_RDWR); | |
845 | if (fd >= 0) { | |
846 | if (ioctl(fd, TIOCNOTTY, NULL) < 0) | |
847 | SYSERROR("couldn't detach from tty"); | |
848 | close(fd); | |
849 | } | |
850 | ||
5e5576a4 | 851 | handler = lxc_init_handler(c->name, c->lxc_conf, c->config_path, false); |
e29fe1dd TA |
852 | if (!handler) |
853 | goto out; | |
854 | ||
aa460476 CB |
855 | if (lxc_init(c->name, handler) < 0) |
856 | goto out; | |
857 | ||
e29fe1dd TA |
858 | if (!cgroup_init(handler)) { |
859 | ERROR("failed initing cgroups"); | |
860 | goto out_fini_handler; | |
861 | } | |
862 | ||
863 | if (!cgroup_create(handler)) { | |
864 | ERROR("failed creating groups"); | |
865 | goto out_fini_handler; | |
866 | } | |
867 | ||
868 | if (!restore_net_info(c)) { | |
869 | ERROR("failed restoring network info"); | |
870 | goto out_fini_handler; | |
871 | } | |
872 | ||
5af9369b CB |
873 | ret = resolve_clone_flags(handler); |
874 | if (ret < 0) { | |
875 | ERROR("%s - Unsupported clone flag specified", strerror(errno)); | |
876 | goto out_fini_handler; | |
877 | } | |
e29fe1dd | 878 | |
3d9a5c85 TA |
879 | if (pipe(pipes) < 0) { |
880 | SYSERROR("pipe() failed"); | |
881 | goto out_fini_handler; | |
882 | } | |
883 | ||
e29fe1dd TA |
884 | pid = fork(); |
885 | if (pid < 0) | |
886 | goto out_fini_handler; | |
887 | ||
888 | if (pid == 0) { | |
889 | struct criu_opts os; | |
890 | struct lxc_rootfs *rootfs; | |
4b54788e | 891 | int flags; |
e29fe1dd | 892 | |
3d9a5c85 TA |
893 | close(status_pipe); |
894 | status_pipe = -1; | |
895 | ||
896 | close(pipes[0]); | |
897 | pipes[0] = -1; | |
e29fe1dd TA |
898 | |
899 | if (unshare(CLONE_NEWNS)) | |
900 | goto out_fini_handler; | |
901 | ||
902 | /* CRIU needs the lxc root bind mounted so that it is the root of some | |
903 | * mount. */ | |
904 | rootfs = &c->lxc_conf->rootfs; | |
905 | ||
906 | if (rootfs_is_blockdev(c->lxc_conf)) { | |
907 | if (do_rootfs_setup(c->lxc_conf, c->name, c->config_path) < 0) | |
908 | goto out_fini_handler; | |
909 | } else { | |
910 | if (mkdir(rootfs->mount, 0755) < 0 && errno != EEXIST) | |
911 | goto out_fini_handler; | |
912 | ||
913 | if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0) { | |
914 | SYSERROR("remount / to private failed"); | |
915 | goto out_fini_handler; | |
916 | } | |
917 | ||
918 | if (mount(rootfs->path, rootfs->mount, NULL, MS_BIND, NULL) < 0) { | |
919 | rmdir(rootfs->mount); | |
920 | goto out_fini_handler; | |
921 | } | |
922 | } | |
923 | ||
5af85cb1 | 924 | os.pipefd = pipes[1]; |
e29fe1dd | 925 | os.action = "restore"; |
b2c3710f | 926 | os.user = opts; |
e29fe1dd | 927 | os.c = c; |
4b54788e | 928 | os.console_fd = c->lxc_conf->console.slave; |
f1954503 | 929 | os.criu_version = criu_version; |
0ab5703f | 930 | os.handler = handler; |
4b54788e | 931 | |
97e4f1a9 TA |
932 | if (os.console_fd >= 0) { |
933 | /* Twiddle the FD_CLOEXEC bit. We want to pass this FD to criu | |
934 | * via --inherit-fd, so we don't want it to close. | |
935 | */ | |
936 | flags = fcntl(os.console_fd, F_GETFD); | |
937 | if (flags < 0) { | |
938 | SYSERROR("F_GETFD failed: %d", os.console_fd); | |
939 | goto out_fini_handler; | |
940 | } | |
4b54788e | 941 | |
97e4f1a9 | 942 | flags &= ~FD_CLOEXEC; |
4b54788e | 943 | |
97e4f1a9 TA |
944 | if (fcntl(os.console_fd, F_SETFD, flags) < 0) { |
945 | SYSERROR("F_SETFD failed"); | |
946 | goto out_fini_handler; | |
947 | } | |
4b54788e TA |
948 | } |
949 | os.console_name = c->lxc_conf->console.name; | |
e29fe1dd TA |
950 | |
951 | /* exec_criu() returning is an error */ | |
7103fe6f | 952 | exec_criu(&os); |
e29fe1dd TA |
953 | umount(rootfs->mount); |
954 | rmdir(rootfs->mount); | |
955 | goto out_fini_handler; | |
956 | } else { | |
957 | int ret; | |
958 | char title[2048]; | |
959 | ||
3d9a5c85 TA |
960 | close(pipes[1]); |
961 | pipes[1] = -1; | |
962 | ||
e29fe1dd TA |
963 | pid_t w = waitpid(pid, &status, 0); |
964 | if (w == -1) { | |
965 | SYSERROR("waitpid"); | |
966 | goto out_fini_handler; | |
967 | } | |
968 | ||
e29fe1dd | 969 | if (WIFEXITED(status)) { |
75d219f0 TA |
970 | char buf[4096]; |
971 | ||
e29fe1dd | 972 | if (WEXITSTATUS(status)) { |
3d9a5c85 TA |
973 | int n; |
974 | ||
975 | n = read(pipes[0], buf, sizeof(buf)); | |
976 | if (n < 0) { | |
977 | SYSERROR("failed reading from criu stderr"); | |
978 | goto out_fini_handler; | |
979 | } | |
980 | ||
2735dfae TA |
981 | if (n == sizeof(buf)) |
982 | n--; | |
3d9a5c85 TA |
983 | buf[n] = 0; |
984 | ||
9f1f54b0 | 985 | ERROR("criu process exited %d, output:\n%s", WEXITSTATUS(status), buf); |
e29fe1dd TA |
986 | goto out_fini_handler; |
987 | } else { | |
3eba9b49 | 988 | ret = snprintf(buf, sizeof(buf), "/proc/self/task/%lu/children", (unsigned long)syscall(__NR_gettid)); |
75d219f0 TA |
989 | if (ret < 0 || ret >= sizeof(buf)) { |
990 | ERROR("snprintf'd too many characters: %d", ret); | |
991 | goto out_fini_handler; | |
992 | } | |
993 | ||
994 | FILE *f = fopen(buf, "r"); | |
e29fe1dd | 995 | if (!f) { |
9f1f54b0 | 996 | SYSERROR("couldn't read restore's children file %s", buf); |
e29fe1dd TA |
997 | goto out_fini_handler; |
998 | } | |
999 | ||
1000 | ret = fscanf(f, "%d", (int*) &handler->pid); | |
1001 | fclose(f); | |
1002 | if (ret != 1) { | |
1003 | ERROR("reading restore pid failed"); | |
1004 | goto out_fini_handler; | |
1005 | } | |
1006 | ||
f8a41688 TA |
1007 | if (lxc_set_state(c->name, handler, RUNNING)) { |
1008 | ERROR("error setting running state after restore"); | |
e29fe1dd | 1009 | goto out_fini_handler; |
f8a41688 | 1010 | } |
e29fe1dd TA |
1011 | } |
1012 | } else { | |
9f1f54b0 | 1013 | ERROR("CRIU was killed with signal %d", WTERMSIG(status)); |
e29fe1dd TA |
1014 | goto out_fini_handler; |
1015 | } | |
1016 | ||
3d9a5c85 TA |
1017 | close(pipes[0]); |
1018 | ||
f3886023 TA |
1019 | ret = write(status_pipe, &status, sizeof(status)); |
1020 | close(status_pipe); | |
1021 | status_pipe = -1; | |
1022 | ||
1023 | if (sizeof(status) != ret) { | |
1024 | SYSERROR("failed to write all of status"); | |
1025 | goto out_fini_handler; | |
1026 | } | |
1027 | ||
e29fe1dd TA |
1028 | /* |
1029 | * See comment in lxcapi_start; we don't care if these | |
1030 | * fail because it's just a beauty thing. We just | |
1031 | * assign the return here to silence potential. | |
1032 | */ | |
1033 | ret = snprintf(title, sizeof(title), "[lxc monitor] %s %s", c->config_path, c->name); | |
223e30c1 CB |
1034 | if (ret < 0 || (size_t)ret >= sizeof(title)) |
1035 | INFO("Setting truncated process name"); | |
1036 | ||
e29fe1dd | 1037 | ret = setproctitle(title); |
223e30c1 CB |
1038 | if (ret < 0) |
1039 | INFO("Failed to set process name"); | |
e29fe1dd TA |
1040 | |
1041 | ret = lxc_poll(c->name, handler); | |
1042 | if (ret) | |
1043 | lxc_abort(c->name, handler); | |
1044 | lxc_fini(c->name, handler); | |
1045 | exit(ret); | |
1046 | } | |
1047 | ||
1048 | out_fini_handler: | |
3d9a5c85 TA |
1049 | if (pipes[0] >= 0) |
1050 | close(pipes[0]); | |
1051 | if (pipes[1] >= 0) | |
1052 | close(pipes[1]); | |
1053 | ||
e29fe1dd TA |
1054 | lxc_fini(c->name, handler); |
1055 | ||
1056 | out: | |
3d9a5c85 | 1057 | if (status_pipe >= 0) { |
f3886023 TA |
1058 | /* ensure getting here was a failure, e.g. if we failed to |
1059 | * parse the child pid or something, even after a successful | |
1060 | * restore | |
1061 | */ | |
1062 | if (!status) | |
1063 | status = 1; | |
113ebd57 CB |
1064 | |
1065 | if (write(status_pipe, &status, sizeof(status)) != sizeof(status)) | |
e29fe1dd | 1066 | SYSERROR("writing status failed"); |
3d9a5c85 | 1067 | close(status_pipe); |
e29fe1dd TA |
1068 | } |
1069 | ||
1070 | exit(1); | |
1071 | } | |
aef3d51e | 1072 | |
4b54788e TA |
1073 | static int save_tty_major_minor(char *directory, struct lxc_container *c, char *tty_id, int len) |
1074 | { | |
1075 | FILE *f; | |
1076 | char path[PATH_MAX]; | |
1077 | int ret; | |
1078 | struct stat sb; | |
1079 | ||
1080 | if (c->lxc_conf->console.path && !strcmp(c->lxc_conf->console.path, "none")) { | |
1081 | tty_id[0] = 0; | |
1082 | return 0; | |
1083 | } | |
1084 | ||
1085 | ret = snprintf(path, sizeof(path), "/proc/%d/root/dev/console", c->init_pid(c)); | |
1086 | if (ret < 0 || ret >= sizeof(path)) { | |
1087 | ERROR("snprintf'd too many chacters: %d", ret); | |
1088 | return -1; | |
1089 | } | |
1090 | ||
1091 | ret = stat(path, &sb); | |
1092 | if (ret < 0) { | |
1093 | SYSERROR("stat of %s failed", path); | |
1094 | return -1; | |
1095 | } | |
1096 | ||
1097 | ret = snprintf(path, sizeof(path), "%s/tty.info", directory); | |
1098 | if (ret < 0 || ret >= sizeof(path)) { | |
1099 | ERROR("snprintf'd too many characters: %d", ret); | |
1100 | return -1; | |
1101 | } | |
1102 | ||
f03280a7 TA |
1103 | ret = snprintf(tty_id, len, "tty[%llx:%llx]", |
1104 | (long long unsigned) sb.st_rdev, | |
1105 | (long long unsigned) sb.st_dev); | |
4b54788e TA |
1106 | if (ret < 0 || ret >= sizeof(path)) { |
1107 | ERROR("snprintf'd too many characters: %d", ret); | |
1108 | return -1; | |
1109 | } | |
1110 | ||
1111 | f = fopen(path, "w"); | |
1112 | if (!f) { | |
1113 | SYSERROR("failed to open %s", path); | |
1114 | return -1; | |
1115 | } | |
1116 | ||
1117 | ret = fprintf(f, "%s", tty_id); | |
1118 | fclose(f); | |
1119 | if (ret < 0) | |
1120 | SYSERROR("failed to write to %s", path); | |
1121 | return ret; | |
1122 | } | |
1123 | ||
aef3d51e | 1124 | /* do one of either predump or a regular dump */ |
b2c3710f | 1125 | static bool do_dump(struct lxc_container *c, char *mode, struct migrate_opts *opts) |
aef3d51e TA |
1126 | { |
1127 | pid_t pid; | |
f1954503 | 1128 | char *criu_version = NULL; |
5af85cb1 | 1129 | int criuout[2]; |
aef3d51e | 1130 | |
f1954503 | 1131 | if (!criu_ok(c, &criu_version)) |
aef3d51e TA |
1132 | return false; |
1133 | ||
5af85cb1 TA |
1134 | if (pipe(criuout) < 0) { |
1135 | SYSERROR("pipe() failed"); | |
aef3d51e | 1136 | return false; |
5af85cb1 TA |
1137 | } |
1138 | ||
1139 | if (mkdir_p(opts->directory, 0700) < 0) | |
1140 | goto fail; | |
aef3d51e TA |
1141 | |
1142 | pid = fork(); | |
1143 | if (pid < 0) { | |
1144 | SYSERROR("fork failed"); | |
5af85cb1 | 1145 | goto fail; |
aef3d51e TA |
1146 | } |
1147 | ||
1148 | if (pid == 0) { | |
1149 | struct criu_opts os; | |
0ab5703f TA |
1150 | struct lxc_handler h; |
1151 | ||
5af85cb1 TA |
1152 | close(criuout[0]); |
1153 | ||
0ab5703f TA |
1154 | h.name = c->name; |
1155 | if (!cgroup_init(&h)) { | |
1156 | ERROR("failed to cgroup_init()"); | |
1157 | exit(1); | |
1158 | } | |
aef3d51e | 1159 | |
5af85cb1 | 1160 | os.pipefd = criuout[1]; |
aef3d51e | 1161 | os.action = mode; |
b2c3710f | 1162 | os.user = opts; |
aef3d51e | 1163 | os.c = c; |
4b54788e | 1164 | os.console_name = c->lxc_conf->console.path; |
f1954503 | 1165 | os.criu_version = criu_version; |
74eb576c | 1166 | |
b2c3710f | 1167 | if (save_tty_major_minor(opts->directory, c, os.tty_id, sizeof(os.tty_id)) < 0) |
4b54788e | 1168 | exit(1); |
aef3d51e TA |
1169 | |
1170 | /* exec_criu() returning is an error */ | |
7103fe6f | 1171 | exec_criu(&os); |
aef3d51e TA |
1172 | exit(1); |
1173 | } else { | |
1174 | int status; | |
5af85cb1 TA |
1175 | ssize_t n; |
1176 | char buf[4096]; | |
1177 | bool ret; | |
1178 | ||
1179 | close(criuout[1]); | |
1180 | ||
aef3d51e TA |
1181 | pid_t w = waitpid(pid, &status, 0); |
1182 | if (w == -1) { | |
1183 | SYSERROR("waitpid"); | |
5af85cb1 | 1184 | close(criuout[0]); |
aef3d51e TA |
1185 | return false; |
1186 | } | |
1187 | ||
5af85cb1 TA |
1188 | n = read(criuout[0], buf, sizeof(buf)); |
1189 | close(criuout[0]); | |
1190 | if (n < 0) { | |
1191 | SYSERROR("read"); | |
1192 | n = 0; | |
1193 | } | |
1194 | buf[n] = 0; | |
1195 | ||
aef3d51e TA |
1196 | if (WIFEXITED(status)) { |
1197 | if (WEXITSTATUS(status)) { | |
9f1f54b0 | 1198 | ERROR("dump failed with %d", WEXITSTATUS(status)); |
5af85cb1 TA |
1199 | ret = false; |
1200 | } else { | |
1201 | ret = true; | |
aef3d51e | 1202 | } |
aef3d51e | 1203 | } else if (WIFSIGNALED(status)) { |
9f1f54b0 | 1204 | ERROR("dump signaled with %d", WTERMSIG(status)); |
5af85cb1 | 1205 | ret = false; |
aef3d51e | 1206 | } else { |
9f1f54b0 | 1207 | ERROR("unknown dump exit %d", status); |
5af85cb1 | 1208 | ret = false; |
aef3d51e | 1209 | } |
5af85cb1 TA |
1210 | |
1211 | if (!ret) | |
1212 | ERROR("criu output: %s", buf); | |
1213 | return ret; | |
aef3d51e | 1214 | } |
5af85cb1 TA |
1215 | fail: |
1216 | close(criuout[0]); | |
1217 | close(criuout[1]); | |
1218 | rmdir(opts->directory); | |
1219 | return false; | |
aef3d51e TA |
1220 | } |
1221 | ||
b2c3710f | 1222 | bool __criu_pre_dump(struct lxc_container *c, struct migrate_opts *opts) |
aef3d51e | 1223 | { |
b2c3710f | 1224 | return do_dump(c, "pre-dump", opts); |
aef3d51e TA |
1225 | } |
1226 | ||
b2c3710f | 1227 | bool __criu_dump(struct lxc_container *c, struct migrate_opts *opts) |
aef3d51e TA |
1228 | { |
1229 | char path[PATH_MAX]; | |
1230 | int ret; | |
1231 | ||
b2c3710f | 1232 | ret = snprintf(path, sizeof(path), "%s/inventory.img", opts->directory); |
aef3d51e TA |
1233 | if (ret < 0 || ret >= sizeof(path)) |
1234 | return false; | |
1235 | ||
1236 | if (access(path, F_OK) == 0) { | |
9f1f54b0 | 1237 | ERROR("please use a fresh directory for the dump directory"); |
aef3d51e TA |
1238 | return false; |
1239 | } | |
1240 | ||
b2c3710f | 1241 | return do_dump(c, "dump", opts); |
aef3d51e TA |
1242 | } |
1243 | ||
b2c3710f | 1244 | bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts) |
aef3d51e TA |
1245 | { |
1246 | pid_t pid; | |
1247 | int status, nread; | |
1248 | int pipefd[2]; | |
f1954503 | 1249 | char *criu_version = NULL; |
aef3d51e | 1250 | |
f1954503 | 1251 | if (!criu_ok(c, &criu_version)) |
aef3d51e TA |
1252 | return false; |
1253 | ||
1254 | if (geteuid()) { | |
9f1f54b0 | 1255 | ERROR("Must be root to restore"); |
aef3d51e TA |
1256 | return false; |
1257 | } | |
1258 | ||
1259 | if (pipe(pipefd)) { | |
1260 | ERROR("failed to create pipe"); | |
1261 | return false; | |
1262 | } | |
1263 | ||
1264 | pid = fork(); | |
1265 | if (pid < 0) { | |
1266 | close(pipefd[0]); | |
1267 | close(pipefd[1]); | |
1268 | return false; | |
1269 | } | |
1270 | ||
1271 | if (pid == 0) { | |
1272 | close(pipefd[0]); | |
1a0e70ac | 1273 | /* this never returns */ |
f1954503 | 1274 | do_restore(c, pipefd[1], opts, criu_version); |
aef3d51e TA |
1275 | } |
1276 | ||
1277 | close(pipefd[1]); | |
1278 | ||
1279 | nread = read(pipefd[0], &status, sizeof(status)); | |
1280 | close(pipefd[0]); | |
1281 | if (sizeof(status) != nread) { | |
1282 | ERROR("reading status from pipe failed"); | |
1283 | goto err_wait; | |
1284 | } | |
1285 | ||
1a0e70ac CB |
1286 | /* If the criu process was killed or exited nonzero, wait() for the |
1287 | * handler, since the restore process died. Otherwise, we don't need to | |
1288 | * wait, since the child becomes the monitor process. | |
1289 | */ | |
aef3d51e TA |
1290 | if (!WIFEXITED(status) || WEXITSTATUS(status)) |
1291 | goto err_wait; | |
1292 | return true; | |
1293 | ||
1294 | err_wait: | |
1295 | if (wait_for_pid(pid)) | |
1296 | ERROR("restore process died"); | |
1297 | return false; | |
1298 | } |