[mirror_lxc.git] / src / lxc / execute.c

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <dlezcano at fr.ibm.com>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */
#define _GNU_SOURCE
#include <stdio.h>
#undef _GNU_SOURCE
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <signal.h>
#include <fcntl.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/prctl.h>
#include <sys/wait.h>
#include <sys/file.h>
#include <sys/mount.h>

#include <lxc/lxc.h>

LXC_TTY_HANDLER(SIGINT);
LXC_TTY_HANDLER(SIGQUIT);

int lxc_execute(const char *name, int argc, char *argv[], 
		lxc_callback_t preexec, void *data)
{
	char init[MAXPATHLEN];
	char *val = NULL, *vinit = "[vinit]";
	int fd, lock, sv[2], sync = 0, err = -1;
	pid_t pid;
	int clone_flags;

	lock = lxc_get_lock(name);
	if (!lock) {
		lxc_log_error("'%s' is busy", name);
		return -1;
	}

	if (lock < 0) {
		lxc_log_error("failed to acquire lock on '%s':%s",
			      name, strerror(-lock));
		return -1;
	}

	if (lxc_setstate(name, STARTING)) {
		lxc_log_error("failed to set state %s", lxc_state2str(STARTING));
		goto out;
	}

	if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sv)) {
		lxc_log_syserror("failed to create communication socketpair");
		goto err;
	}

	LXC_TTY_ADD_HANDLER(SIGINT);
	LXC_TTY_ADD_HANDLER(SIGQUIT);

	clone_flags = CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
	if (conf_has_utsname(name))
		clone_flags |= CLONE_NEWUTS;
	if (conf_has_network(name))
		clone_flags |= CLONE_NEWNET;

	pid = fork_ns(clone_flags);
	if (pid < 0) {
		lxc_log_syserror("failed to fork into a new namespace");
		goto err_fork_ns;
	}

	if (!pid) {

		pid = fork();
		if (pid < 0) {
			lxc_log_syserror("failed to fork");
			return 1;
		}

		if (!pid) {
			close(sv[1]);
			fcntl(sv[0], F_SETFD, FD_CLOEXEC);

			if (write(sv[0], &sync, sizeof(sync)) < 0) {
				lxc_log_syserror("failed to write socket");
				return 1;
			}

			if (read(sv[0], &sync, sizeof(sync)) < 0) {
				lxc_log_syserror("failed to read socket");
				return 1;
			}

			if (lxc_setup(name)) {
				lxc_log_error("failed to setup the container");
				goto error;
			}

			if (mount("proc", "/proc", "proc", 0, NULL)) {
				lxc_log_syserror("failed to mount '/proc'");
				goto error;
			}

			if (clone_flags & CLONE_NEWNET)
				if (mount("sysfs", "/sys", "sysfs", 0, NULL)) {
					lxc_log_syserror("failed to mount '/sys'");
					/* continue: non fatal error until sysfs not per
					   namespace */
				}

			if (preexec)
				if (preexec(name, argc, argv, data)) {
					lxc_log_error("preexec callback has failed");
					return -1;
				}

			execvp(argv[0], argv);
			lxc_log_syserror("failed to exec %s", argv[0]);
		error:
			if (write(sv[0], &sync, sizeof(sync)) < 0)
				lxc_log_syserror("failed to write the socket");
			
			exit(1);
		}

		setsid();
		close(0);
		close(1);
		close(2);

		if (prctl(PR_SET_NAME, vinit, 0, 0, 0))
			lxc_log_syserror("failed to set process name");

		close(sv[0]);
		close(sv[1]);

		for (;;) {
			int status;
			if (wait(&status) < 0) {
				if (errno == ECHILD)
					return 0;
				if (errno == EINTR)
					continue;
				lxc_log_syserror("failed to wait child");
				return 1;
			}
		}
	}

	close(sv[0]);
	
	if (read(sv[1], &sync, sizeof(sync)) < 0) {
		lxc_log_syserror("failed to read the socket");
		goto err_pipe_read;
	}

	if (clone_flags & CLONE_NEWNET && conf_create_network(name, pid)) {
		lxc_log_error("failed to create the configured network");
		goto err_create_network;
	}

	if (write(sv[1], &sync, sizeof(sync)) < 0) {
		lxc_log_syserror("failed to write the socket");
		goto err_pipe_write;
	}

	err = read(sv[1], &sync, sizeof(sync));
	if (err < 0) {
		lxc_log_error("failed to read the socket");
		goto err_pipe_read2;
	}

	if (err > 0) {
		lxc_log_error("something went wrong with %d", pid);
		/* TODO : check status etc ... */
		waitpid(pid, NULL, 0);
		goto err_child_failed;
	}

	snprintf(init, MAXPATHLEN, LXCPATH "/%s/init", name);
		
	fd = open(init, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
	if (fd < 0) {
		lxc_log_syserror("failed to open %s", init);
		goto err_open;
	}

	if (!asprintf(&val, "%d", pid)) {
		lxc_log_syserror("failed to allocate memory");
		goto err_open;
	}

	if (write(fd, val, strlen(val)) < 0) {
		lxc_log_syserror("failed to write init pid");
		goto err_write;
	}

	if (lxc_link_nsgroup(name, pid))
		lxc_log_warning("cgroupfs not found: cgroup disabled");

	if (lxc_setstate(name, RUNNING)) {
		lxc_log_error("failed to set state to %s", lxc_state2str(RUNNING));
		goto err_state_failed;
	}

wait_again:
	if (waitpid(pid, NULL, 0) < 0) {
		if (errno == EINTR) 
			goto wait_again;
		lxc_log_syserror("failed to wait the pid %d", pid);
		goto err_waitpid_failed;
	}

	if (lxc_setstate(name, STOPPING))
		lxc_log_error("failed to set state %s", lxc_state2str(STOPPING));

	if (clone_flags & CLONE_NEWNET && conf_destroy_network(name))
		lxc_log_error("failed to destroy the network");

	err = 0;
out:
	if (lxc_setstate(name, STOPPED))
		lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));

	lxc_unlink_nsgroup(name);
	unlink(init);
	free(val);
	lxc_put_lock(lock);

	return err;

err_write:
	close(fd);

err_state_failed:
err_child_failed:
err_pipe_read2:
err_pipe_write:
	conf_destroy_network(name);
err_create_network:
err_pipe_read:
err_open:
err_waitpid_failed:
	if (lxc_setstate(name, ABORTING))
		lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));

	kill(pid, SIGKILL);
err_fork_ns:
	LXC_TTY_DEL_HANDLER(SIGQUIT);
	LXC_TTY_DEL_HANDLER(SIGINT);
	close(sv[0]);
	close(sv[1]);
err:
	goto out;
}
Commit	Line	Data
0ad19a3f	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
	7	* Daniel Lezcano <dlezcano at fr.ibm.com>
	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
	21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	22	*/
	23	#define _GNU_SOURCE
	24	#include <stdio.h>
	25	#undef _GNU_SOURCE
	26	#include <stdlib.h>
	27	#include <string.h>
	28	#include <unistd.h>
	29	#include <errno.h>
	30	#include <signal.h>
	31	#include <fcntl.h>
	32	#include <sys/types.h>
0ad19a3f	33	#include <sys/param.h>
	34	#include <sys/prctl.h>
	35	#include <sys/wait.h>
	36	#include <sys/file.h>
	37	#include <sys/mount.h>
0ad19a3f	38
b113348e	39	#include <lxc/lxc.h>
0ad19a3f	40
	41	LXC_TTY_HANDLER(SIGINT);
	42	LXC_TTY_HANDLER(SIGQUIT);
	43
	44	int lxc_execute(const char name, int argc, char argv[],
	45	lxc_callback_t preexec, void *data)
	46	{
22ebac19	47	char init[MAXPATHLEN];
22ebac19	48	char val = NULL, vinit = "[vinit]";
0ad19a3f	49	int fd, lock, sv[2], sync = 0, err = -1;
	50	pid_t pid;
	51	int clone_flags;
	52
	53	lock = lxc_get_lock(name);
	54	if (!lock) {
	55	lxc_log_error("'%s' is busy", name);
	56	return -1;
	57	}
	58
	59	if (lock < 0) {
	60	lxc_log_error("failed to acquire lock on '%s':%s",
	61	name, strerror(-lock));
	62	return -1;
	63	}
	64
	65	if (lxc_setstate(name, STARTING)) {
	66	lxc_log_error("failed to set state %s", lxc_state2str(STARTING));
	67	goto out;
	68	}
	69
	70	if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sv)) {
	71	lxc_log_syserror("failed to create communication socketpair");
	72	goto err;
	73	}
	74
	75	LXC_TTY_ADD_HANDLER(SIGINT);
	76	LXC_TTY_ADD_HANDLER(SIGQUIT);
	77
	78	clone_flags = CLONE_NEWPID\|CLONE_NEWIPC\|CLONE_NEWNS;
	79	if (conf_has_utsname(name))
	80	clone_flags \|= CLONE_NEWUTS;
	81	if (conf_has_network(name))
	82	clone_flags \|= CLONE_NEWNET;
	83
	84	pid = fork_ns(clone_flags);
	85	if (pid < 0) {
	86	lxc_log_syserror("failed to fork into a new namespace");
	87	goto err_fork_ns;
	88	}
	89
	90	if (!pid) {
	91
	92	pid = fork();
	93	if (pid < 0) {
	94	lxc_log_syserror("failed to fork");
	95	return 1;
	96	}
	97
	98	if (!pid) {
	99	close(sv[1]);
	100	fcntl(sv[0], F_SETFD, FD_CLOEXEC);
	101
	102	if (write(sv[0], &sync, sizeof(sync)) < 0) {
	103	lxc_log_syserror("failed to write socket");
	104	return 1;
	105	}
	106
	107	if (read(sv[0], &sync, sizeof(sync)) < 0) {
	108	lxc_log_syserror("failed to read socket");
	109	return 1;
	110	}
	111
	112	if (lxc_setup(name)) {
113	lxc_log_error("failed to setup the container");
114	goto error;
115	}
116
117	if (mount("proc", "/proc", "proc", 0, NULL)) {
118	lxc_log_syserror("failed to mount '/proc'");
119	goto error;
120	}
121
f3184c77	122	if (clone_flags & CLONE_NEWNET)
0ad19a3f	123	if (mount("sysfs", "/sys", "sysfs", 0, NULL)) {
	124	lxc_log_syserror("failed to mount '/sys'");
	125	/* continue: non fatal error until sysfs not per
	126	namespace */
	127	}
	128
	129	if (preexec)
	130	if (preexec(name, argc, argv, data)) {
	131	lxc_log_error("preexec callback has failed");
	132	return -1;
	133	}
	134
	135	execvp(argv[0], argv);
	136	lxc_log_syserror("failed to exec %s", argv[0]);
	137	error:
	138	if (write(sv[0], &sync, sizeof(sync)) < 0)
	139	lxc_log_syserror("failed to write the socket");
	140
	141	exit(1);
	142	}
	143
	144	setsid();
	145	close(0);
	146	close(1);
	147	close(2);
	148
	149	if (prctl(PR_SET_NAME, vinit, 0, 0, 0))
	150	lxc_log_syserror("failed to set process name");
	151
	152	close(sv[0]);
	153	close(sv[1]);
	154
	155	for (;;) {
	156	int status;
	157	if (wait(&status) < 0) {
	158	if (errno == ECHILD)
	159	return 0;
	160	if (errno == EINTR)
	161	continue;
	162	lxc_log_syserror("failed to wait child");
	163	return 1;
	164	}
	165	}
	166	}
	167
	168	close(sv[0]);
	169
	170	if (read(sv[1], &sync, sizeof(sync)) < 0) {
	171	lxc_log_syserror("failed to read the socket");
	172	goto err_pipe_read;
	173	}
	174
	175	if (clone_flags & CLONE_NEWNET && conf_create_network(name, pid)) {
	176	lxc_log_error("failed to create the configured network");
	177	goto err_create_network;
	178	}
	179
	180	if (write(sv[1], &sync, sizeof(sync)) < 0) {
	181	lxc_log_syserror("failed to write the socket");
	182	goto err_pipe_write;
	183	}
	184
	185	err = read(sv[1], &sync, sizeof(sync));
	186	if (err < 0) {
187	lxc_log_error("failed to read the socket");
188	goto err_pipe_read2;
189	}
190
191	if (err > 0) {
192	lxc_log_error("something went wrong with %d", pid);
193	/* TODO : check status etc ... */
194	waitpid(pid, NULL, 0);
195	goto err_child_failed;
196	}
197
22ebac19	198	snprintf(init, MAXPATHLEN, LXCPATH "/%s/init", name);
22ebac19	199
0ad19a3f	200	fd = open(init, O_WRONLY\|O_CREAT\|O_TRUNC, S_IRUSR\|S_IWUSR);
	201	if (fd < 0) {
	202	lxc_log_syserror("failed to open %s", init);
	203	goto err_open;
	204	}
	205
22ebac19	206	if (!asprintf(&val, "%d", pid)) {
	207	lxc_log_syserror("failed to allocate memory");
	208	goto err_open;
	209	}
	210
0ad19a3f	211	if (write(fd, val, strlen(val)) < 0) {
	212	lxc_log_syserror("failed to write init pid");
	213	goto err_write;
	214	}
	215
	216	if (lxc_link_nsgroup(name, pid))
	217	lxc_log_warning("cgroupfs not found: cgroup disabled");
	218
	219	if (lxc_setstate(name, RUNNING)) {
	220	lxc_log_error("failed to set state to %s", lxc_state2str(RUNNING));
	221	goto err_state_failed;
	222	}
	223
	224	wait_again:
	225	if (waitpid(pid, NULL, 0) < 0) {
	226	if (errno == EINTR)
	227	goto wait_again;
	228	lxc_log_syserror("failed to wait the pid %d", pid);
	229	goto err_waitpid_failed;
	230	}
	231
	232	if (lxc_setstate(name, STOPPING))
	233	lxc_log_error("failed to set state %s", lxc_state2str(STOPPING));
	234
	235	if (clone_flags & CLONE_NEWNET && conf_destroy_network(name))
	236	lxc_log_error("failed to destroy the network");
	237
	238	err = 0;
	239	out:
	240	if (lxc_setstate(name, STOPPED))
	241	lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));
	242
	243	lxc_unlink_nsgroup(name);
	244	unlink(init);
0ad19a3f	245	free(val);
	246	lxc_put_lock(lock);
	247
	248	return err;
	249
	250	err_write:
	251	close(fd);
	252
	253	err_state_failed:
	254	err_child_failed:
	255	err_pipe_read2:
	256	err_pipe_write:
	257	conf_destroy_network(name);
	258	err_create_network:
	259	err_pipe_read:
	260	err_open:
	261	err_waitpid_failed:
	262	if (lxc_setstate(name, ABORTING))
	263	lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));
	264
	265	kill(pid, SIGKILL);
	266	err_fork_ns:
	267	LXC_TTY_DEL_HANDLER(SIGQUIT);
	268	LXC_TTY_DEL_HANDLER(SIGINT);
	269	close(sv[0]);
	270	close(sv[1]);
	271	err:
	272	goto out;
	273	}