]>
Commit | Line | Data |
---|---|---|
72d0e1cb SG |
1 | /* liblxcapi |
2 | * | |
3 | * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>. | |
4 | * Copyright © 2012 Canonical Ltd. | |
5 | * | |
d75462e4 SH |
6 | * This library is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU Lesser General Public | |
8 | * License as published by the Free Software Foundation; either | |
9 | * version 2.1 of the License, or (at your option) any later version. | |
10 | ||
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * Lesser General Public License for more details. | |
15 | ||
16 | * You should have received a copy of the GNU Lesser General Public | |
17 | * License along with this library; if not, write to the Free Software | |
18 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
72d0e1cb SG |
19 | */ |
20 | ||
9be53773 | 21 | #define _GNU_SOURCE |
38683db4 | 22 | #include <dirent.h> |
9be53773 | 23 | #include <errno.h> |
93dc5327 | 24 | #include <fcntl.h> |
38683db4 | 25 | #include <grp.h> |
f2363e38 | 26 | #include <libgen.h> |
38683db4 CB |
27 | #include <pthread.h> |
28 | #include <sched.h> | |
29 | #include <stdarg.h> | |
d659597e | 30 | #include <stdint.h> |
9fc7f8c0 | 31 | #include <stdio.h> |
38683db4 CB |
32 | #include <unistd.h> |
33 | #include <arpa/inet.h> | |
66c1f8c2 | 34 | #include <sys/sysmacros.h> |
38683db4 CB |
35 | #include <sys/mman.h> |
36 | #include <sys/mount.h> | |
5f7eba0b | 37 | #include <sys/syscall.h> |
38683db4 CB |
38 | #include <sys/types.h> |
39 | #include <sys/wait.h> | |
f2363e38 | 40 | |
5e5576a4 | 41 | #include "af_unix.h" |
38683db4 | 42 | #include "attach.h" |
38683db4 | 43 | #include "cgroup.h" |
72d0e1cb | 44 | #include "conf.h" |
38683db4 CB |
45 | #include "config.h" |
46 | #include "commands.h" | |
92e35018 | 47 | #include "commands_utils.h" |
72d0e1cb | 48 | #include "confile.h" |
4222a9f4 | 49 | #include "confile_utils.h" |
e29fe1dd | 50 | #include "criu.h" |
238b3e5e | 51 | #include "error.h" |
a6f151a7 | 52 | #include "initutils.h" |
72d0e1cb | 53 | #include "log.h" |
38683db4 CB |
54 | #include "lxc.h" |
55 | #include "lxccontainer.h" | |
56 | #include "lxclock.h" | |
f2363e38 ÇO |
57 | #include "monitor.h" |
58 | #include "namespace.h" | |
fed29fad | 59 | #include "network.h" |
9994d140 | 60 | #include "parse.h" |
aa460476 | 61 | #include "start.h" |
38683db4 | 62 | #include "state.h" |
28d832c4 | 63 | #include "storage.h" |
ec5d663c | 64 | #include "storage_utils.h" |
28d832c4 CB |
65 | #include "storage/btrfs.h" |
66 | #include "storage/overlay.h" | |
67 | #include "sync.h" | |
0ed9b1bc | 68 | #include "terminal.h" |
38683db4 CB |
69 | #include "utils.h" |
70 | #include "version.h" | |
4ba0d9af | 71 | |
af6824fc ST |
72 | /* major()/minor() */ |
73 | #ifdef MAJOR_IN_MKDEV | |
238b3e5e | 74 | #include <sys/mkdev.h> |
af6824fc | 75 | #endif |
af6824fc | 76 | |
4ba0d9af | 77 | #if HAVE_IFADDRS_H |
9c83a661 | 78 | #include <ifaddrs.h> |
4ba0d9af SG |
79 | #else |
80 | #include <../include/ifaddrs.h> | |
81 | #endif | |
72d0e1cb | 82 | |
684f79a5 SG |
83 | #if IS_BIONIC |
84 | #include <../include/lxcmntent.h> | |
85 | #else | |
86 | #include <mntent.h> | |
87 | #endif | |
88 | ||
5f7eba0b SG |
89 | /* Define faccessat() if missing from the C library */ |
90 | #ifndef HAVE_FACCESSAT | |
91 | static int faccessat(int __fd, const char *__file, int __type, int __flag) | |
92 | { | |
93 | #ifdef __NR_faccessat | |
238b3e5e | 94 | return syscall(__NR_faccessat, __fd, __file, __type, __flag); |
5f7eba0b | 95 | #else |
238b3e5e CB |
96 | errno = ENOSYS; |
97 | return -1; | |
5f7eba0b SG |
98 | #endif |
99 | } | |
100 | #endif | |
101 | ||
72d0e1cb SG |
102 | lxc_log_define(lxc_container, lxc); |
103 | ||
858377e4 SH |
104 | static bool do_lxcapi_destroy(struct lxc_container *c); |
105 | static const char *lxcapi_get_config_path(struct lxc_container *c); | |
106 | #define do_lxcapi_get_config_path(c) lxcapi_get_config_path(c) | |
107 | static bool do_lxcapi_set_config_item(struct lxc_container *c, const char *key, const char *v); | |
17a367d8 CB |
108 | static bool container_destroy(struct lxc_container *c, |
109 | struct lxc_storage *storage); | |
858377e4 SH |
110 | static bool get_snappath_dir(struct lxc_container *c, char *snappath); |
111 | static bool lxcapi_snapshot_destroy_all(struct lxc_container *c); | |
112 | static bool do_lxcapi_save_config(struct lxc_container *c, const char *alt_file); | |
113 | ||
a41f104b SH |
114 | static bool config_file_exists(const char *lxcpath, const char *cname) |
115 | { | |
ef1ab8f1 CB |
116 | int ret; |
117 | size_t len; | |
118 | char *fname; | |
a41f104b | 119 | |
ef1ab8f1 CB |
120 | /* $lxcpath + '/' + $cname + '/config' + \0 */ |
121 | len = strlen(lxcpath) + strlen(cname) + 9; | |
122 | fname = alloca(len); | |
123 | ret = snprintf(fname, len, "%s/%s/config", lxcpath, cname); | |
124 | if (ret < 0 || (size_t)ret >= len) | |
a41f104b SH |
125 | return false; |
126 | ||
127 | return file_exists(fname); | |
128 | } | |
129 | ||
444249ea CB |
130 | /* A few functions to help detect when a container creation failed. If a |
131 | * container creation was killed partway through, then trying to actually start | |
132 | * that container could harm the host. We detect this by creating a 'partial' | |
133 | * file under the container directory, and keeping an advisory lock. When | |
134 | * container creation completes, we remove that file. When we load or try to | |
135 | * start a container, if we find that file, without a flock, we remove the | |
136 | * container. | |
3e625e2d | 137 | */ |
74a3920a | 138 | static int ongoing_create(struct lxc_container *c) |
3e625e2d | 139 | { |
3e625e2d | 140 | int fd, ret; |
444249ea CB |
141 | size_t len; |
142 | char *path; | |
93dc5327 SH |
143 | struct flock lk; |
144 | ||
444249ea CB |
145 | len = strlen(c->config_path) + strlen(c->name) + 10; |
146 | path = alloca(len); | |
3e625e2d | 147 | ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name); |
444249ea | 148 | if (ret < 0 || (size_t)ret >= len) |
3e625e2d | 149 | return -1; |
3e625e2d SH |
150 | |
151 | if (!file_exists(path)) | |
152 | return 0; | |
444249ea | 153 | |
025ed0f3 | 154 | fd = open(path, O_RDWR); |
444249ea | 155 | if (fd < 0) |
3e625e2d | 156 | return 0; |
444249ea | 157 | |
93dc5327 SH |
158 | lk.l_type = F_WRLCK; |
159 | lk.l_whence = SEEK_SET; | |
160 | lk.l_start = 0; | |
161 | lk.l_len = 0; | |
162 | lk.l_pid = -1; | |
444249ea CB |
163 | |
164 | ret = fcntl(fd, F_GETLK, &lk); | |
165 | close(fd); | |
166 | if (ret == 0 && lk.l_pid != -1) { | |
1a0e70ac | 167 | /* create is still ongoing */ |
3e625e2d SH |
168 | return 1; |
169 | } | |
444249ea CB |
170 | |
171 | /* Create completed but partial is still there. */ | |
3e625e2d SH |
172 | return 2; |
173 | } | |
174 | ||
74a3920a | 175 | static int create_partial(struct lxc_container *c) |
3e625e2d | 176 | { |
3e625e2d | 177 | int fd, ret; |
f5cd0252 CB |
178 | size_t len; |
179 | char *path; | |
93dc5327 SH |
180 | struct flock lk; |
181 | ||
f5cd0252 CB |
182 | /* $lxcpath + '/' + $name + '/partial' + \0 */ |
183 | len = strlen(c->config_path) + strlen(c->name) + 10; | |
184 | path = alloca(len); | |
3e625e2d | 185 | ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name); |
f5cd0252 | 186 | if (ret < 0 || (size_t)ret >= len) |
3e625e2d | 187 | return -1; |
f5cd0252 CB |
188 | |
189 | fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0755); | |
190 | if (fd < 0) | |
3e625e2d | 191 | return -1; |
f5cd0252 | 192 | |
93dc5327 SH |
193 | lk.l_type = F_WRLCK; |
194 | lk.l_whence = SEEK_SET; | |
195 | lk.l_start = 0; | |
196 | lk.l_len = 0; | |
f5cd0252 CB |
197 | |
198 | ret = fcntl(fd, F_SETLKW, &lk); | |
199 | if (ret < 0) { | |
200 | SYSERROR("Failed to lock partial file %s", path); | |
3e625e2d | 201 | close(fd); |
3e625e2d SH |
202 | return -1; |
203 | } | |
3e625e2d SH |
204 | |
205 | return fd; | |
206 | } | |
207 | ||
74a3920a | 208 | static void remove_partial(struct lxc_container *c, int fd) |
3e625e2d | 209 | { |
3e625e2d | 210 | int ret; |
a3740e80 CB |
211 | size_t len; |
212 | char *path; | |
3e625e2d SH |
213 | |
214 | close(fd); | |
a3740e80 CB |
215 | /* $lxcpath + '/' + $name + '/partial' + \0 */ |
216 | len = strlen(c->config_path) + strlen(c->name) + 10; | |
217 | path = alloca(len); | |
3e625e2d | 218 | ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name); |
a3740e80 | 219 | if (ret < 0 || (size_t)ret >= len) |
3e625e2d | 220 | return; |
a3740e80 CB |
221 | |
222 | ret = unlink(path); | |
223 | if (ret < 0) | |
224 | SYSERROR("Failed to remove partial file %s", path); | |
3e625e2d SH |
225 | } |
226 | ||
72d0e1cb | 227 | /* LOCKING |
3bc449ed SH |
228 | * 1. container_mem_lock(c) protects the struct lxc_container from multiple threads. |
229 | * 2. container_disk_lock(c) protects the on-disk container data - in particular the | |
230 | * container configuration file. | |
231 | * The container_disk_lock also takes the container_mem_lock. | |
232 | * 3. thread_mutex protects process data (ex: fd table) from multiple threads. | |
72d0e1cb SG |
233 | * NOTHING mutexes two independent programs with their own struct |
234 | * lxc_container for the same c->name, between API calls. For instance, | |
235 | * c->config_read(); c->start(); Between those calls, data on disk | |
236 | * could change (which shouldn't bother the caller unless for instance | |
237 | * the rootfs get moved). c->config_read(); update; c->config_write(); | |
238 | * Two such updaters could race. The callers should therefore check their | |
239 | * results. Trying to prevent that would necessarily expose us to deadlocks | |
240 | * due to hung callers. So I prefer to keep the locks only within our own | |
241 | * functions, not across functions. | |
242 | * | |
3bc449ed | 243 | * If you're going to clone while holding a lxccontainer, increment |
72d0e1cb SG |
244 | * c->numthreads (under privlock) before forking. When deleting, |
245 | * decrement numthreads under privlock, then if it hits 0 you can delete. | |
246 | * Do not ever use a lxccontainer whose numthreads you did not bump. | |
247 | */ | |
248 | ||
249 | static void lxc_container_free(struct lxc_container *c) | |
250 | { | |
251 | if (!c) | |
252 | return; | |
253 | ||
f10fad2f ME |
254 | free(c->configfile); |
255 | c->configfile = NULL; | |
70849dc2 | 256 | |
f10fad2f ME |
257 | free(c->error_string); |
258 | c->error_string = NULL; | |
70849dc2 | 259 | |
d95db067 | 260 | if (c->slock) { |
df271a59 | 261 | lxc_putlock(c->slock); |
d95db067 DE |
262 | c->slock = NULL; |
263 | } | |
70849dc2 | 264 | |
72d0e1cb | 265 | if (c->privlock) { |
df271a59 | 266 | lxc_putlock(c->privlock); |
72d0e1cb SG |
267 | c->privlock = NULL; |
268 | } | |
70849dc2 | 269 | |
f10fad2f ME |
270 | free(c->name); |
271 | c->name = NULL; | |
70849dc2 | 272 | |
d95db067 DE |
273 | if (c->lxc_conf) { |
274 | lxc_conf_free(c->lxc_conf); | |
275 | c->lxc_conf = NULL; | |
276 | } | |
70849dc2 | 277 | |
f10fad2f ME |
278 | free(c->config_path); |
279 | c->config_path = NULL; | |
72cf75fa | 280 | |
72d0e1cb SG |
281 | free(c); |
282 | } | |
283 | ||
045552aa CB |
284 | /* Consider the following case: |
285 | * | |
286 | * |====================================================================| | |
287 | * | freer | racing get()er | | |
288 | * |====================================================================| | |
289 | * | lxc_container_put() | lxc_container_get() | | |
290 | * | \ lxclock(c->privlock) | c->numthreads < 1? (no) | | |
291 | * | \ c->numthreads = 0 | \ lxclock(c->privlock) -> waits | | |
292 | * | \ lxcunlock() | \ | | |
293 | * | \ lxc_container_free() | \ lxclock() returns | | |
294 | * | | \ c->numthreads < 1 -> return 0 | | |
295 | * | \ \ (free stuff) | | | |
296 | * | \ \ sem_destroy(privlock) | | | |
297 | * |_______________________________|____________________________________| | |
298 | * | |
43d1aa34 SH |
299 | * When the get()er checks numthreads the first time, one of the following |
300 | * is true: | |
301 | * 1. freer has set numthreads = 0. get() returns 0 | |
302 | * 2. freer is between lxclock and setting numthreads to 0. get()er will | |
303 | * sem_wait on privlock, get lxclock after freer() drops it, then see | |
304 | * numthreads is 0 and exit without touching lxclock again.. | |
305 | * 3. freer has not yet locked privlock. If get()er runs first, then put()er | |
306 | * will see --numthreads = 1 and not call lxc_container_free(). | |
307 | */ | |
308 | ||
72d0e1cb SG |
309 | int lxc_container_get(struct lxc_container *c) |
310 | { | |
311 | if (!c) | |
312 | return 0; | |
313 | ||
1a0e70ac CB |
314 | /* If someone else has already started freeing the container, don't try |
315 | * to take the lock, which may be invalid. | |
316 | */ | |
43d1aa34 SH |
317 | if (c->numthreads < 1) |
318 | return 0; | |
319 | ||
5cee8c50 | 320 | if (container_mem_lock(c)) |
72d0e1cb | 321 | return 0; |
1a0e70ac CB |
322 | |
323 | /* Bail without trying to unlock, bc the privlock is now probably in | |
324 | * freed memory. | |
325 | */ | |
326 | if (c->numthreads < 1) | |
72d0e1cb | 327 | return 0; |
1a0e70ac | 328 | |
72d0e1cb | 329 | c->numthreads++; |
5cee8c50 | 330 | container_mem_unlock(c); |
045552aa | 331 | |
72d0e1cb SG |
332 | return 1; |
333 | } | |
334 | ||
335 | int lxc_container_put(struct lxc_container *c) | |
336 | { | |
337 | if (!c) | |
338 | return -1; | |
045552aa | 339 | |
5cee8c50 | 340 | if (container_mem_lock(c)) |
72d0e1cb | 341 | return -1; |
045552aa | 342 | |
72d0e1cb | 343 | if (--c->numthreads < 1) { |
5cee8c50 | 344 | container_mem_unlock(c); |
72d0e1cb SG |
345 | lxc_container_free(c); |
346 | return 1; | |
347 | } | |
045552aa | 348 | |
5cee8c50 | 349 | container_mem_unlock(c); |
045552aa | 350 | |
72d0e1cb SG |
351 | return 0; |
352 | } | |
353 | ||
858377e4 | 354 | static bool do_lxcapi_is_defined(struct lxc_container *c) |
72d0e1cb | 355 | { |
428ad142 | 356 | int statret; |
72d0e1cb SG |
357 | struct stat statbuf; |
358 | bool ret = false; | |
72d0e1cb SG |
359 | |
360 | if (!c) | |
361 | return false; | |
362 | ||
5cee8c50 | 363 | if (container_mem_lock(c)) |
72d0e1cb | 364 | return false; |
428ad142 | 365 | |
72d0e1cb | 366 | if (!c->configfile) |
428ad142 CB |
367 | goto on_error; |
368 | ||
72d0e1cb SG |
369 | statret = stat(c->configfile, &statbuf); |
370 | if (statret != 0) | |
428ad142 CB |
371 | goto on_error; |
372 | ||
72d0e1cb SG |
373 | ret = true; |
374 | ||
428ad142 | 375 | on_error: |
5cee8c50 | 376 | container_mem_unlock(c); |
428ad142 | 377 | |
72d0e1cb SG |
378 | return ret; |
379 | } | |
380 | ||
858377e4 SH |
381 | #define WRAP_API(rettype, fnname) \ |
382 | static rettype fnname(struct lxc_container *c) \ | |
383 | { \ | |
384 | rettype ret; \ | |
8164f0e2 TA |
385 | bool reset_config = false; \ |
386 | \ | |
387 | if (!current_config && c && c->lxc_conf) { \ | |
388 | current_config = c->lxc_conf; \ | |
389 | reset_config = true; \ | |
390 | } \ | |
391 | \ | |
858377e4 | 392 | ret = do_##fnname(c); \ |
8164f0e2 TA |
393 | if (reset_config) \ |
394 | current_config = NULL; \ | |
395 | \ | |
858377e4 SH |
396 | return ret; \ |
397 | } | |
398 | ||
399 | #define WRAP_API_1(rettype, fnname, t1) \ | |
400 | static rettype fnname(struct lxc_container *c, t1 a1) \ | |
401 | { \ | |
402 | rettype ret; \ | |
8164f0e2 TA |
403 | bool reset_config = false; \ |
404 | \ | |
405 | if (!current_config && c && c->lxc_conf) { \ | |
406 | current_config = c->lxc_conf; \ | |
407 | reset_config = true; \ | |
408 | } \ | |
409 | \ | |
858377e4 | 410 | ret = do_##fnname(c, a1); \ |
8164f0e2 TA |
411 | if (reset_config) \ |
412 | current_config = NULL; \ | |
413 | \ | |
858377e4 SH |
414 | return ret; \ |
415 | } | |
416 | ||
417 | #define WRAP_API_2(rettype, fnname, t1, t2) \ | |
418 | static rettype fnname(struct lxc_container *c, t1 a1, t2 a2) \ | |
419 | { \ | |
420 | rettype ret; \ | |
8164f0e2 TA |
421 | bool reset_config = false; \ |
422 | \ | |
423 | if (!current_config && c && c->lxc_conf) { \ | |
424 | current_config = c->lxc_conf; \ | |
425 | reset_config = true; \ | |
426 | } \ | |
427 | \ | |
858377e4 | 428 | ret = do_##fnname(c, a1, a2); \ |
8164f0e2 TA |
429 | if (reset_config) \ |
430 | current_config = NULL; \ | |
431 | \ | |
858377e4 SH |
432 | return ret; \ |
433 | } | |
434 | ||
435 | #define WRAP_API_3(rettype, fnname, t1, t2, t3) \ | |
436 | static rettype fnname(struct lxc_container *c, t1 a1, t2 a2, t3 a3) \ | |
437 | { \ | |
438 | rettype ret; \ | |
8164f0e2 TA |
439 | bool reset_config = false; \ |
440 | \ | |
441 | if (!current_config && c && c->lxc_conf) { \ | |
442 | current_config = c->lxc_conf; \ | |
443 | reset_config = true; \ | |
444 | } \ | |
445 | \ | |
858377e4 | 446 | ret = do_##fnname(c, a1, a2, a3); \ |
8164f0e2 TA |
447 | if (reset_config) \ |
448 | current_config = NULL; \ | |
449 | \ | |
858377e4 SH |
450 | return ret; \ |
451 | } | |
452 | ||
453 | WRAP_API(bool, lxcapi_is_defined) | |
454 | ||
455 | static const char *do_lxcapi_state(struct lxc_container *c) | |
72d0e1cb | 456 | { |
72d0e1cb SG |
457 | lxc_state_t s; |
458 | ||
459 | if (!c) | |
460 | return NULL; | |
b547d79f | 461 | |
13f5be62 | 462 | s = lxc_getstate(c->name, c->config_path); |
39dc698c | 463 | return lxc_state2str(s); |
72d0e1cb SG |
464 | } |
465 | ||
858377e4 SH |
466 | WRAP_API(const char *, lxcapi_state) |
467 | ||
39dc698c | 468 | static bool is_stopped(struct lxc_container *c) |
794dd120 SH |
469 | { |
470 | lxc_state_t s; | |
5bddcb62 | 471 | |
13f5be62 | 472 | s = lxc_getstate(c->name, c->config_path); |
794dd120 SH |
473 | return (s == STOPPED); |
474 | } | |
475 | ||
858377e4 | 476 | static bool do_lxcapi_is_running(struct lxc_container *c) |
72d0e1cb SG |
477 | { |
478 | const char *s; | |
479 | ||
480 | if (!c) | |
481 | return false; | |
1b61062f | 482 | |
858377e4 | 483 | s = do_lxcapi_state(c); |
72d0e1cb SG |
484 | if (!s || strcmp(s, "STOPPED") == 0) |
485 | return false; | |
1b61062f | 486 | |
72d0e1cb SG |
487 | return true; |
488 | } | |
489 | ||
858377e4 SH |
490 | WRAP_API(bool, lxcapi_is_running) |
491 | ||
492 | static bool do_lxcapi_freeze(struct lxc_container *c) | |
72d0e1cb SG |
493 | { |
494 | int ret; | |
8787b387 | 495 | |
72d0e1cb SG |
496 | if (!c) |
497 | return false; | |
498 | ||
9123e471 | 499 | ret = lxc_freeze(c->name, c->config_path); |
72d0e1cb SG |
500 | if (ret) |
501 | return false; | |
8787b387 | 502 | |
72d0e1cb SG |
503 | return true; |
504 | } | |
505 | ||
858377e4 SH |
506 | WRAP_API(bool, lxcapi_freeze) |
507 | ||
508 | static bool do_lxcapi_unfreeze(struct lxc_container *c) | |
72d0e1cb SG |
509 | { |
510 | int ret; | |
8e59e0ba | 511 | |
72d0e1cb SG |
512 | if (!c) |
513 | return false; | |
514 | ||
9123e471 | 515 | ret = lxc_unfreeze(c->name, c->config_path); |
72d0e1cb SG |
516 | if (ret) |
517 | return false; | |
8e59e0ba | 518 | |
72d0e1cb SG |
519 | return true; |
520 | } | |
521 | ||
858377e4 SH |
522 | WRAP_API(bool, lxcapi_unfreeze) |
523 | ||
524 | static int do_lxcapi_console_getfd(struct lxc_container *c, int *ttynum, int *masterfd) | |
0115f8fd | 525 | { |
0115f8fd DE |
526 | if (!c) |
527 | return -1; | |
528 | ||
c86e2584 | 529 | return lxc_terminal_getfd(c, ttynum, masterfd); |
0115f8fd DE |
530 | } |
531 | ||
858377e4 SH |
532 | WRAP_API_2(int, lxcapi_console_getfd, int *, int *) |
533 | ||
b5159817 DE |
534 | static int lxcapi_console(struct lxc_container *c, int ttynum, int stdinfd, |
535 | int stdoutfd, int stderrfd, int escape) | |
536 | { | |
858377e4 SH |
537 | int ret; |
538 | ||
539 | if (!c) | |
540 | return -1; | |
541 | ||
542 | current_config = c->lxc_conf; | |
543 | ret = lxc_console(c, ttynum, stdinfd, stdoutfd, stderrfd, escape); | |
544 | current_config = NULL; | |
49cfedb3 | 545 | |
858377e4 | 546 | return ret; |
b5159817 DE |
547 | } |
548 | ||
191d43cc CB |
549 | static int do_lxcapi_console_log(struct lxc_container *c, struct lxc_console_log *log) |
550 | { | |
551 | int ret; | |
552 | ||
553 | ret = lxc_cmd_console_log(c->name, do_lxcapi_get_config_path(c), log); | |
554 | if (ret < 0) { | |
555 | if (ret == -ENODATA) | |
63b74cda | 556 | NOTICE("The console log is empty"); |
191d43cc | 557 | else if (ret == -EFAULT) |
63b74cda CB |
558 | NOTICE("The container does not keep a console log"); |
559 | else if (ret == -ENOENT) | |
560 | NOTICE("The container does not keep a console log file"); | |
561 | else if (ret == -EIO) | |
562 | NOTICE("Failed to write console log to log file"); | |
191d43cc | 563 | else |
63b74cda | 564 | ERROR("Failed to retrieve console log"); |
191d43cc CB |
565 | } |
566 | ||
567 | return ret; | |
568 | } | |
569 | ||
570 | WRAP_API_1(int, lxcapi_console_log, struct lxc_console_log *) | |
571 | ||
858377e4 | 572 | static pid_t do_lxcapi_init_pid(struct lxc_container *c) |
72d0e1cb | 573 | { |
72d0e1cb SG |
574 | if (!c) |
575 | return -1; | |
576 | ||
5cee8c50 | 577 | return lxc_cmd_get_init_pid(c->name, c->config_path); |
72d0e1cb SG |
578 | } |
579 | ||
858377e4 SH |
580 | WRAP_API(pid_t, lxcapi_init_pid) |
581 | ||
12a50cc6 | 582 | static bool load_config_locked(struct lxc_container *c, const char *fname) |
8eb5694b SH |
583 | { |
584 | if (!c->lxc_conf) | |
585 | c->lxc_conf = lxc_conf_init(); | |
e3246ab9 | 586 | |
6b0d5538 SH |
587 | if (!c->lxc_conf) |
588 | return false; | |
e3246ab9 | 589 | |
d08779d4 SH |
590 | if (lxc_config_read(fname, c->lxc_conf, false) != 0) |
591 | return false; | |
e3246ab9 | 592 | |
d08779d4 | 593 | return true; |
8eb5694b SH |
594 | } |
595 | ||
858377e4 | 596 | static bool do_lxcapi_load_config(struct lxc_container *c, const char *alt_file) |
72d0e1cb | 597 | { |
39dc698c | 598 | int lret; |
12a50cc6 | 599 | const char *fname; |
d03ab308 CB |
600 | bool need_disklock = false, ret = false; |
601 | ||
72d0e1cb SG |
602 | if (!c) |
603 | return false; | |
604 | ||
605 | fname = c->configfile; | |
606 | if (alt_file) | |
607 | fname = alt_file; | |
608 | if (!fname) | |
609 | return false; | |
d03ab308 CB |
610 | |
611 | /* If we're reading something other than the container's config, we only | |
612 | * need to lock the in-memory container. If loading the container's | |
613 | * config file, take the disk lock. | |
39dc698c SH |
614 | */ |
615 | if (strcmp(fname, c->configfile) == 0) | |
616 | need_disklock = true; | |
617 | ||
618 | if (need_disklock) | |
619 | lret = container_disk_lock(c); | |
620 | else | |
621 | lret = container_mem_lock(c); | |
622 | if (lret) | |
72d0e1cb | 623 | return false; |
39dc698c | 624 | |
8eb5694b | 625 | ret = load_config_locked(c, fname); |
39dc698c SH |
626 | |
627 | if (need_disklock) | |
628 | container_disk_unlock(c); | |
629 | else | |
630 | container_mem_unlock(c); | |
d03ab308 | 631 | |
72d0e1cb SG |
632 | return ret; |
633 | } | |
634 | ||
858377e4 SH |
635 | WRAP_API_1(bool, lxcapi_load_config, const char *) |
636 | ||
637 | static bool do_lxcapi_want_daemonize(struct lxc_container *c, bool state) | |
72d0e1cb | 638 | { |
497a2995 | 639 | if (!c || !c->lxc_conf) |
540f932a | 640 | return false; |
fb5999f6 CB |
641 | |
642 | if (container_mem_lock(c)) | |
540f932a | 643 | return false; |
fb5999f6 | 644 | |
a2739df5 | 645 | c->daemonize = state; |
3bc449ed | 646 | container_mem_unlock(c); |
fb5999f6 | 647 | |
540f932a | 648 | return true; |
72d0e1cb SG |
649 | } |
650 | ||
858377e4 SH |
651 | WRAP_API_1(bool, lxcapi_want_daemonize, bool) |
652 | ||
653 | static bool do_lxcapi_want_close_all_fds(struct lxc_container *c, bool state) | |
130a1888 ÇO |
654 | { |
655 | if (!c || !c->lxc_conf) | |
49badbbe | 656 | return false; |
871ed23b CB |
657 | |
658 | if (container_mem_lock(c)) | |
49badbbe | 659 | return false; |
871ed23b | 660 | |
540f932a | 661 | c->lxc_conf->close_all_fds = state; |
130a1888 | 662 | container_mem_unlock(c); |
871ed23b | 663 | |
49badbbe | 664 | return true; |
130a1888 ÇO |
665 | } |
666 | ||
858377e4 SH |
667 | WRAP_API_1(bool, lxcapi_want_close_all_fds, bool) |
668 | ||
e202dfb8 CB |
669 | static bool do_lxcapi_wait(struct lxc_container *c, const char *state, |
670 | int timeout) | |
7a44c8b4 SG |
671 | { |
672 | int ret; | |
673 | ||
674 | if (!c) | |
675 | return false; | |
676 | ||
67e571de | 677 | ret = lxc_wait(c->name, state, timeout, c->config_path); |
7a44c8b4 SG |
678 | return ret == 0; |
679 | } | |
680 | ||
858377e4 | 681 | WRAP_API_2(bool, lxcapi_wait, const char *, int) |
7a44c8b4 | 682 | |
2d834aa8 SH |
683 | static bool am_single_threaded(void) |
684 | { | |
74f96976 | 685 | struct dirent *direntp; |
2d834aa8 | 686 | DIR *dir; |
6b0297e3 | 687 | int count = 0; |
2d834aa8 | 688 | |
2d834aa8 | 689 | dir = opendir("/proc/self/task"); |
6b0297e3 | 690 | if (!dir) |
2d834aa8 | 691 | return false; |
2d834aa8 | 692 | |
74f96976 | 693 | while ((direntp = readdir(dir))) { |
2d834aa8 SH |
694 | if (!strcmp(direntp->d_name, ".")) |
695 | continue; | |
696 | ||
697 | if (!strcmp(direntp->d_name, "..")) | |
698 | continue; | |
6b0297e3 | 699 | |
2d834aa8 SH |
700 | if (++count > 1) |
701 | break; | |
702 | } | |
2d834aa8 | 703 | closedir(dir); |
6b0297e3 | 704 | |
2d834aa8 SH |
705 | return count == 1; |
706 | } | |
707 | ||
fd51a89b SH |
708 | static void push_arg(char ***argp, char *arg, int *nargs) |
709 | { | |
fd51a89b | 710 | char *copy; |
1452d3fe | 711 | char **argv; |
fd51a89b SH |
712 | |
713 | do { | |
714 | copy = strdup(arg); | |
715 | } while (!copy); | |
1452d3fe | 716 | |
fd51a89b SH |
717 | do { |
718 | argv = realloc(*argp, (*nargs + 2) * sizeof(char *)); | |
719 | } while (!argv); | |
1452d3fe | 720 | |
fd51a89b SH |
721 | *argp = argv; |
722 | argv[*nargs] = copy; | |
723 | (*nargs)++; | |
724 | argv[*nargs] = NULL; | |
725 | } | |
726 | ||
727 | static char **split_init_cmd(const char *incmd) | |
728 | { | |
729 | size_t len; | |
75bd13ab | 730 | char *copy, *p; |
fd51a89b | 731 | char **argv; |
75bd13ab CB |
732 | int nargs = 0; |
733 | char *saveptr = NULL; | |
fd51a89b SH |
734 | |
735 | if (!incmd) | |
736 | return NULL; | |
737 | ||
738 | len = strlen(incmd) + 1; | |
739 | copy = alloca(len); | |
740 | strncpy(copy, incmd, len); | |
75bd13ab | 741 | copy[len - 1] = '\0'; |
fd51a89b SH |
742 | |
743 | do { | |
744 | argv = malloc(sizeof(char *)); | |
745 | } while (!argv); | |
75bd13ab | 746 | |
fd51a89b | 747 | argv[0] = NULL; |
75bd13ab | 748 | for (; (p = strtok_r(copy, " ", &saveptr)); copy = NULL) |
fd51a89b SH |
749 | push_arg(&argv, p, &nargs); |
750 | ||
751 | if (nargs == 0) { | |
752 | free(argv); | |
753 | return NULL; | |
754 | } | |
75bd13ab | 755 | |
fd51a89b SH |
756 | return argv; |
757 | } | |
758 | ||
759 | static void free_init_cmd(char **argv) | |
760 | { | |
761 | int i = 0; | |
762 | ||
763 | if (!argv) | |
764 | return; | |
702bf732 | 765 | |
fd51a89b SH |
766 | while (argv[i]) |
767 | free(argv[i++]); | |
702bf732 | 768 | |
fd51a89b SH |
769 | free(argv); |
770 | } | |
771 | ||
5e5576a4 CB |
772 | static int lxc_rcv_status(int state_socket) |
773 | { | |
774 | int ret; | |
ee8377bd | 775 | int state = -1; |
5e5576a4 | 776 | |
ee8377bd | 777 | again: |
5e5576a4 CB |
778 | /* Receive container state. */ |
779 | ret = lxc_abstract_unix_rcv_credential(state_socket, &state, | |
ee8377bd CB |
780 | sizeof(int)); |
781 | if (ret <= 0) { | |
782 | if (errno != EINTR) | |
783 | return -1; | |
784 | TRACE("Caught EINTR; retrying"); | |
785 | goto again; | |
786 | } | |
5e5576a4 CB |
787 | |
788 | return state; | |
789 | } | |
790 | ||
791 | static bool wait_on_daemonized_start(struct lxc_handler *handler, int pid) | |
792 | { | |
01c1b11e | 793 | int ret, state; |
5e5576a4 CB |
794 | |
795 | /* Close write end of the socket pair. */ | |
796 | close(handler->state_socket_pair[1]); | |
797 | handler->state_socket_pair[1] = -1; | |
798 | ||
799 | state = lxc_rcv_status(handler->state_socket_pair[0]); | |
800 | ||
801 | /* Close read end of the socket pair. */ | |
802 | close(handler->state_socket_pair[0]); | |
803 | handler->state_socket_pair[0] = -1; | |
804 | ||
805 | /* The first child is going to fork() again and then exits. So we reap | |
806 | * the first child here. | |
807 | */ | |
01c1b11e CB |
808 | ret = wait_for_pid(pid); |
809 | if (ret < 0) | |
810 | DEBUG("Failed waiting on first child %d", pid); | |
811 | else | |
812 | DEBUG("First child %d exited", pid); | |
5e5576a4 CB |
813 | |
814 | if (state < 0) { | |
815 | SYSERROR("Failed to receive the container state"); | |
816 | return false; | |
817 | } | |
818 | ||
819 | /* If we receive anything else then running we know that the container | |
820 | * failed to start. | |
821 | */ | |
822 | if (state != RUNNING) { | |
823 | ERROR("Received container state \"%s\" instead of \"RUNNING\"", | |
824 | lxc_state2str(state)); | |
825 | return false; | |
826 | } | |
827 | ||
828 | TRACE("Container is in \"RUNNING\" state"); | |
829 | return true; | |
830 | } | |
831 | ||
858377e4 | 832 | static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const argv[]) |
72d0e1cb SG |
833 | { |
834 | int ret; | |
aa460476 | 835 | struct lxc_handler *handler; |
72d0e1cb | 836 | struct lxc_conf *conf; |
540f932a | 837 | bool daemonize = false; |
6eaac303 | 838 | FILE *pid_fp = NULL; |
72d0e1cb SG |
839 | char *default_args[] = { |
840 | "/sbin/init", | |
13aad0ae | 841 | NULL, |
72d0e1cb | 842 | }; |
fd51a89b | 843 | char **init_cmd = NULL; |
c1a3e547 | 844 | int keepfds[3] = {-1, -1, -1}; |
72d0e1cb | 845 | |
7cb19d44 | 846 | /* container does exist */ |
72d0e1cb SG |
847 | if (!c) |
848 | return false; | |
120146b9 | 849 | |
7cb19d44 CB |
850 | /* If anything fails before we set error_num, we want an error in there. |
851 | */ | |
120146b9 SG |
852 | c->error_num = 1; |
853 | ||
7cb19d44 | 854 | /* Container has not been setup. */ |
72d0e1cb SG |
855 | if (!c->lxc_conf) |
856 | return false; | |
857 | ||
c47eafec CB |
858 | ret = ongoing_create(c); |
859 | if (ret < 0) { | |
7cb19d44 | 860 | ERROR("Failed checking for incomplete container creation"); |
3e625e2d | 861 | return false; |
3e625e2d | 862 | } else if (ret == 1) { |
7cb19d44 | 863 | ERROR("Ongoing container creation detected"); |
3e625e2d | 864 | return false; |
c47eafec | 865 | } else if (ret == 2) { |
7cb19d44 | 866 | ERROR("Failed to create container"); |
c47eafec CB |
867 | do_lxcapi_destroy(c); |
868 | return false; | |
3e625e2d SH |
869 | } |
870 | ||
5cee8c50 | 871 | if (container_mem_lock(c)) |
72d0e1cb SG |
872 | return false; |
873 | conf = c->lxc_conf; | |
874 | daemonize = c->daemonize; | |
72d0e1cb | 875 | |
aa460476 | 876 | /* initialize handler */ |
5e5576a4 | 877 | handler = lxc_init_handler(c->name, conf, c->config_path, daemonize); |
dbc9832d | 878 | container_mem_unlock(c); |
aa460476 CB |
879 | if (!handler) |
880 | return false; | |
881 | ||
fa30091b CB |
882 | if (!argv) { |
883 | if (useinit && conf->execute_cmd) | |
884 | argv = init_cmd = split_init_cmd(conf->execute_cmd); | |
885 | else | |
886 | argv = init_cmd = split_init_cmd(conf->init_cmd); | |
887 | } | |
fd51a89b | 888 | |
7cb19d44 | 889 | /* ... otherwise use default_args. */ |
fa30091b | 890 | if (!argv) { |
e1e76423 CB |
891 | if (useinit) { |
892 | ERROR("No valid init detected"); | |
893 | lxc_free_handler(handler); | |
fa30091b | 894 | return false; |
e1e76423 CB |
895 | } |
896 | argv = default_args; | |
fa30091b | 897 | } |
72d0e1cb | 898 | |
7cb19d44 CB |
899 | /* I'm not sure what locks we want here.Any? Is liblxc's locking enough |
900 | * here to protect the on disk container? We don't want to exclude | |
901 | * things like lxc_info while the container is running. | |
902 | */ | |
72d0e1cb | 903 | if (daemonize) { |
a6b6ad7b | 904 | bool started; |
0a4be28d | 905 | char title[2048]; |
c47eafec | 906 | pid_t pid; |
71454076 | 907 | |
c47eafec | 908 | pid = fork(); |
f2e07cb6 | 909 | if (pid < 0) { |
c47eafec | 910 | free_init_cmd(init_cmd); |
f2e07cb6 | 911 | lxc_free_handler(handler); |
72d0e1cb | 912 | return false; |
f2e07cb6 | 913 | } |
6eaac303 | 914 | |
7cb19d44 | 915 | /* first parent */ |
6eaac303 QH |
916 | if (pid != 0) { |
917 | /* Set to NULL because we don't want father unlink | |
918 | * the PID file, child will do the free and unlink. | |
919 | */ | |
920 | c->pidfile = NULL; | |
5e5576a4 | 921 | |
7cb19d44 CB |
922 | /* Wait for container to tell us whether it started |
923 | * successfully. | |
924 | */ | |
a6b6ad7b CB |
925 | started = wait_on_daemonized_start(handler, pid); |
926 | ||
927 | free_init_cmd(init_cmd); | |
928 | lxc_free_handler(handler); | |
929 | return started; | |
6eaac303 | 930 | } |
025ed0f3 | 931 | |
7cb19d44 CB |
932 | /* first child */ |
933 | ||
0a4be28d | 934 | /* We don't really care if this doesn't print all the |
7cb19d44 CB |
935 | * characters. All that it means is that the proctitle will be |
936 | * ugly. Similarly, we also don't care if setproctitle() fails. | |
937 | * */ | |
0a4be28d TA |
938 | snprintf(title, sizeof(title), "[lxc monitor] %s %s", c->config_path, c->name); |
939 | INFO("Attempting to set proc title to %s", title); | |
940 | setproctitle(title); | |
941 | ||
7cb19d44 CB |
942 | /* We fork() a second time to be reparented to init. Like |
943 | * POSIX's daemon() function we change to "/" and redirect | |
944 | * std{in,out,err} to /dev/null. | |
945 | */ | |
697fa639 SH |
946 | pid = fork(); |
947 | if (pid < 0) { | |
7cb19d44 | 948 | SYSERROR("Failed to fork first child process"); |
d608fbda | 949 | _exit(EXIT_FAILURE); |
697fa639 | 950 | } |
a6b6ad7b | 951 | |
7cb19d44 | 952 | /* second parent */ |
a6b6ad7b CB |
953 | if (pid != 0) { |
954 | free_init_cmd(init_cmd); | |
955 | lxc_free_handler(handler); | |
d608fbda | 956 | _exit(EXIT_SUCCESS); |
a6b6ad7b CB |
957 | } |
958 | ||
7cb19d44 CB |
959 | /* second child */ |
960 | ||
961 | /* change to / directory */ | |
962 | ret = chdir("/"); | |
963 | if (ret < 0) { | |
964 | SYSERROR("Failed to change to \"/\" directory"); | |
d608fbda | 965 | _exit(EXIT_FAILURE); |
c278cef2 | 966 | } |
7cb19d44 | 967 | |
c1a3e547 CB |
968 | keepfds[0] = handler->conf->maincmd_fd; |
969 | keepfds[1] = handler->state_socket_pair[0]; | |
970 | keepfds[2] = handler->state_socket_pair[1]; | |
971 | ret = lxc_check_inherited(conf, true, keepfds, | |
972 | sizeof(keepfds) / sizeof(keepfds[0])); | |
7cb19d44 | 973 | if (ret < 0) |
d608fbda | 974 | _exit(EXIT_FAILURE); |
7cb19d44 CB |
975 | |
976 | /* redirect std{in,out,err} to /dev/null */ | |
977 | ret = null_stdfds(); | |
978 | if (ret < 0) { | |
979 | ERROR("Failed to redirect std{in,out,err} to /dev/null"); | |
d608fbda | 980 | _exit(EXIT_FAILURE); |
69aeabac | 981 | } |
7cb19d44 CB |
982 | |
983 | /* become session leader */ | |
984 | ret = setsid(); | |
985 | if (ret < 0) | |
0059379f | 986 | TRACE("Process %d is already process group leader", lxc_raw_getpid()); |
2d834aa8 SH |
987 | } else { |
988 | if (!am_single_threaded()) { | |
989 | ERROR("Cannot start non-daemonized container when threaded"); | |
a6b6ad7b | 990 | free_init_cmd(init_cmd); |
f2e07cb6 | 991 | lxc_free_handler(handler); |
2d834aa8 SH |
992 | return false; |
993 | } | |
72d0e1cb SG |
994 | } |
995 | ||
aa460476 | 996 | /* We need to write PID file after daemonize, so we always |
6eaac303 QH |
997 | * write the right PID. |
998 | */ | |
999 | if (c->pidfile) { | |
1000 | pid_fp = fopen(c->pidfile, "w"); | |
1001 | if (pid_fp == NULL) { | |
1002 | SYSERROR("Failed to create pidfile '%s' for '%s'", | |
1003 | c->pidfile, c->name); | |
c47eafec | 1004 | free_init_cmd(init_cmd); |
f2e07cb6 | 1005 | lxc_free_handler(handler); |
13353dc4 | 1006 | if (daemonize) |
d608fbda | 1007 | _exit(EXIT_FAILURE); |
6eaac303 QH |
1008 | return false; |
1009 | } | |
1010 | ||
0059379f | 1011 | if (fprintf(pid_fp, "%d\n", lxc_raw_getpid()) < 0) { |
6eaac303 QH |
1012 | SYSERROR("Failed to write '%s'", c->pidfile); |
1013 | fclose(pid_fp); | |
1014 | pid_fp = NULL; | |
c47eafec | 1015 | free_init_cmd(init_cmd); |
f2e07cb6 | 1016 | lxc_free_handler(handler); |
13353dc4 | 1017 | if (daemonize) |
d608fbda | 1018 | _exit(EXIT_FAILURE); |
6eaac303 QH |
1019 | return false; |
1020 | } | |
1021 | ||
1022 | fclose(pid_fp); | |
1023 | pid_fp = NULL; | |
1024 | } | |
1025 | ||
72d0e1cb | 1026 | conf->reboot = 0; |
d2cf4c37 | 1027 | |
a8dfe4e0 WB |
1028 | /* Unshare the mount namespace if requested */ |
1029 | if (conf->monitor_unshare) { | |
7cb19d44 CB |
1030 | ret = unshare(CLONE_NEWNS); |
1031 | if (ret < 0) { | |
a8dfe4e0 | 1032 | SYSERROR("failed to unshare mount namespace"); |
f2e07cb6 | 1033 | lxc_free_handler(handler); |
a6b6ad7b | 1034 | ret = 1; |
7cb19d44 | 1035 | goto on_error; |
a8dfe4e0 | 1036 | } |
7cb19d44 CB |
1037 | |
1038 | ret = mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL); | |
1039 | if (ret < 0) { | |
a8dfe4e0 | 1040 | SYSERROR("Failed to make / rslave at startup"); |
f2e07cb6 | 1041 | lxc_free_handler(handler); |
a6b6ad7b | 1042 | ret = 1; |
7cb19d44 | 1043 | goto on_error; |
a8dfe4e0 WB |
1044 | } |
1045 | } | |
1046 | ||
8bee8851 | 1047 | reboot: |
aa460476 CB |
1048 | if (conf->reboot == 2) { |
1049 | /* initialize handler */ | |
5e5576a4 | 1050 | handler = lxc_init_handler(c->name, conf, c->config_path, daemonize); |
a6b6ad7b CB |
1051 | if (!handler) { |
1052 | ret = 1; | |
7cb19d44 | 1053 | goto on_error; |
a6b6ad7b | 1054 | } |
aa460476 CB |
1055 | } |
1056 | ||
c1a3e547 CB |
1057 | keepfds[0] = handler->conf->maincmd_fd; |
1058 | keepfds[1] = handler->state_socket_pair[0]; | |
1059 | keepfds[2] = handler->state_socket_pair[1]; | |
1060 | ret = lxc_check_inherited(conf, daemonize, keepfds, | |
1061 | sizeof(keepfds) / sizeof(keepfds[0])); | |
7cb19d44 | 1062 | if (ret < 0) { |
f2e07cb6 | 1063 | lxc_free_handler(handler); |
d2cf4c37 | 1064 | ret = 1; |
7cb19d44 | 1065 | goto on_error; |
d2cf4c37 SH |
1066 | } |
1067 | ||
9605460f | 1068 | if (useinit) |
a3b4f3d6 | 1069 | ret = lxc_execute(c->name, argv, 1, handler, c->config_path, daemonize, &c->error_num); |
9605460f | 1070 | else |
a3b4f3d6 | 1071 | ret = lxc_start(c->name, argv, handler, c->config_path, daemonize, &c->error_num); |
72d0e1cb | 1072 | |
8bee8851 | 1073 | if (conf->reboot == 1) { |
7cb19d44 | 1074 | INFO("Container requested reboot"); |
8bee8851 | 1075 | conf->reboot = 2; |
72d0e1cb SG |
1076 | goto reboot; |
1077 | } | |
1078 | ||
7cb19d44 | 1079 | on_error: |
487d8008 QH |
1080 | if (c->pidfile) { |
1081 | unlink(c->pidfile); | |
1082 | free(c->pidfile); | |
1083 | c->pidfile = NULL; | |
1084 | } | |
fd51a89b SH |
1085 | free_init_cmd(init_cmd); |
1086 | ||
7cb19d44 | 1087 | if (daemonize && ret != 0) |
d608fbda | 1088 | _exit(EXIT_FAILURE); |
7cb19d44 | 1089 | else if (daemonize) |
d608fbda | 1090 | _exit(EXIT_SUCCESS); |
7cb19d44 CB |
1091 | |
1092 | if (ret != 0) | |
1093 | return false; | |
1094 | ||
1095 | return true; | |
72d0e1cb SG |
1096 | } |
1097 | ||
0c14779f CB |
1098 | static bool lxcapi_start(struct lxc_container *c, int useinit, |
1099 | char *const argv[]) | |
858377e4 SH |
1100 | { |
1101 | bool ret; | |
0c14779f | 1102 | |
858377e4 SH |
1103 | current_config = c ? c->lxc_conf : NULL; |
1104 | ret = do_lxcapi_start(c, useinit, argv); | |
1105 | current_config = NULL; | |
0c14779f | 1106 | |
858377e4 SH |
1107 | return ret; |
1108 | } | |
1109 | ||
9f52e331 | 1110 | /* Note, there MUST be an ending NULL. */ |
72d0e1cb SG |
1111 | static bool lxcapi_startl(struct lxc_container *c, int useinit, ...) |
1112 | { | |
1113 | va_list ap; | |
a0e93eeb | 1114 | char **inargs = NULL; |
72d0e1cb SG |
1115 | bool bret = false; |
1116 | ||
1117 | /* container exists */ | |
1118 | if (!c) | |
1119 | return false; | |
1120 | ||
858377e4 SH |
1121 | current_config = c->lxc_conf; |
1122 | ||
72d0e1cb | 1123 | va_start(ap, useinit); |
a0e93eeb | 1124 | inargs = lxc_va_arg_list_to_argv(ap, 0, 1); |
72d0e1cb | 1125 | va_end(ap); |
9f52e331 CB |
1126 | if (!inargs) |
1127 | goto on_error; | |
72d0e1cb | 1128 | |
a0e93eeb | 1129 | /* pass NULL if no arguments were supplied */ |
858377e4 | 1130 | bret = do_lxcapi_start(c, useinit, *inargs ? inargs : NULL); |
72d0e1cb | 1131 | |
9f52e331 | 1132 | on_error: |
72d0e1cb | 1133 | if (inargs) { |
4e03ae57 DE |
1134 | char **arg; |
1135 | for (arg = inargs; *arg; arg++) | |
1136 | free(*arg); | |
72d0e1cb SG |
1137 | free(inargs); |
1138 | } | |
1139 | ||
858377e4 | 1140 | current_config = NULL; |
9f52e331 | 1141 | |
72d0e1cb SG |
1142 | return bret; |
1143 | } | |
1144 | ||
858377e4 | 1145 | static bool do_lxcapi_stop(struct lxc_container *c) |
72d0e1cb SG |
1146 | { |
1147 | int ret; | |
1148 | ||
1149 | if (!c) | |
1150 | return false; | |
1151 | ||
ef6e34ee | 1152 | ret = lxc_cmd_stop(c->name, c->config_path); |
72d0e1cb | 1153 | |
d775f21b | 1154 | return ret == 0; |
72d0e1cb SG |
1155 | } |
1156 | ||
858377e4 SH |
1157 | WRAP_API(bool, lxcapi_stop) |
1158 | ||
d5752559 SH |
1159 | static int do_create_container_dir(const char *path, struct lxc_conf *conf) |
1160 | { | |
78d44e5a CB |
1161 | int lasterr; |
1162 | size_t len; | |
1163 | char *p; | |
1164 | int ret = -1; | |
1165 | ||
d5752559 SH |
1166 | mode_t mask = umask(0002); |
1167 | ret = mkdir(path, 0770); | |
1168 | lasterr = errno; | |
1169 | umask(mask); | |
1170 | errno = lasterr; | |
1171 | if (ret) { | |
78d44e5a | 1172 | if (errno != EEXIST) |
d5752559 | 1173 | return -1; |
78d44e5a CB |
1174 | |
1175 | ret = 0; | |
d5752559 | 1176 | } |
78d44e5a CB |
1177 | |
1178 | len = strlen(path); | |
1179 | p = alloca(len + 1); | |
d5752559 | 1180 | strcpy(p, path); |
78d44e5a CB |
1181 | if (!lxc_list_empty(&conf->id_map)) { |
1182 | ret = chown_mapped_root(p, conf); | |
1183 | if (ret < 0) | |
1184 | ret = -1; | |
d5752559 | 1185 | } |
78d44e5a | 1186 | |
d5752559 SH |
1187 | return ret; |
1188 | } | |
1189 | ||
dfa7eaeb | 1190 | /* Create the standard expected container dir. */ |
72d0e1cb SG |
1191 | static bool create_container_dir(struct lxc_container *c) |
1192 | { | |
dfa7eaeb CB |
1193 | int ret; |
1194 | size_t len; | |
72d0e1cb | 1195 | char *s; |
72d0e1cb | 1196 | |
2a59a681 | 1197 | len = strlen(c->config_path) + strlen(c->name) + 2; |
72d0e1cb SG |
1198 | s = malloc(len); |
1199 | if (!s) | |
1200 | return false; | |
dfa7eaeb | 1201 | |
2a59a681 | 1202 | ret = snprintf(s, len, "%s/%s", c->config_path, c->name); |
dfa7eaeb | 1203 | if (ret < 0 || (size_t)ret >= len) { |
72d0e1cb SG |
1204 | free(s); |
1205 | return false; | |
1206 | } | |
dfa7eaeb | 1207 | |
d5752559 | 1208 | ret = do_create_container_dir(s, c->lxc_conf); |
72d0e1cb | 1209 | free(s); |
dfa7eaeb | 1210 | |
72d0e1cb SG |
1211 | return ret == 0; |
1212 | } | |
1213 | ||
10bc1861 CB |
1214 | /* do_storage_create: thin wrapper around storage_create(). Like |
1215 | * storage_create(), it returns a mounted bdev on success, NULL on error. | |
72d0e1cb | 1216 | */ |
10bc1861 CB |
1217 | static struct lxc_storage *do_storage_create(struct lxc_container *c, |
1218 | const char *type, | |
1219 | struct bdev_specs *specs) | |
1897e3bc | 1220 | { |
e9e29a33 | 1221 | int ret; |
1897e3bc | 1222 | size_t len; |
e9e29a33 | 1223 | char *dest; |
10bc1861 | 1224 | struct lxc_storage *bdev; |
1897e3bc | 1225 | |
cd219ae6 | 1226 | /* rootfs.path or lxcpath/lxcname/rootfs */ |
e9e29a33 CB |
1227 | if (c->lxc_conf->rootfs.path && |
1228 | (access(c->lxc_conf->rootfs.path, F_OK) == 0)) { | |
cf465fe4 SH |
1229 | const char *rpath = c->lxc_conf->rootfs.path; |
1230 | len = strlen(rpath) + 1; | |
cd219ae6 | 1231 | dest = alloca(len); |
cf465fe4 | 1232 | ret = snprintf(dest, len, "%s", rpath); |
cd219ae6 | 1233 | } else { |
858377e4 | 1234 | const char *lxcpath = do_lxcapi_get_config_path(c); |
cd219ae6 SY |
1235 | len = strlen(c->name) + strlen(lxcpath) + 9; |
1236 | dest = alloca(len); | |
1237 | ret = snprintf(dest, len, "%s/%s/rootfs", lxcpath, c->name); | |
1238 | } | |
e9e29a33 | 1239 | if (ret < 0 || (size_t)ret >= len) |
1897e3bc SH |
1240 | return NULL; |
1241 | ||
10bc1861 | 1242 | bdev = storage_create(dest, type, c->name, specs); |
d44e88c2 | 1243 | if (!bdev) { |
e9e29a33 | 1244 | ERROR("Failed to create \"%s\" storage", type); |
1897e3bc | 1245 | return NULL; |
d44e88c2 SH |
1246 | } |
1247 | ||
7a96a068 | 1248 | if (!c->set_config_item(c, "lxc.rootfs.path", bdev->src)) { |
e9e29a33 | 1249 | ERROR("Failed to set \"lxc.rootfs.path = %s\"", bdev->src); |
f7ac4459 CB |
1250 | return NULL; |
1251 | } | |
cf3ef16d | 1252 | |
e9e29a33 CB |
1253 | /* If we are not root, chown the rootfs dir to root in the target user |
1254 | * namespace. | |
f7ac4459 | 1255 | */ |
e9e29a33 CB |
1256 | ret = geteuid(); |
1257 | if (ret != 0 || (c->lxc_conf && !lxc_list_empty(&c->lxc_conf->id_map))) { | |
1258 | ret = chown_mapped_root(bdev->dest, c->lxc_conf); | |
1259 | if (ret < 0) { | |
1260 | ERROR("Error chowning \"%s\" to container root", bdev->dest); | |
97e9cfa0 | 1261 | suggest_default_idmap(); |
10bc1861 | 1262 | storage_put(bdev); |
cf3ef16d SH |
1263 | return NULL; |
1264 | } | |
1265 | } | |
1266 | ||
1897e3bc SH |
1267 | return bdev; |
1268 | } | |
1269 | ||
96b3cb40 | 1270 | static char *lxcbasename(char *path) |
72d0e1cb | 1271 | { |
47e55887 CB |
1272 | char *p; |
1273 | ||
1274 | p = path + strlen(path) - 1; | |
96b3cb40 SH |
1275 | while (*p != '/' && p > path) |
1276 | p--; | |
47e55887 | 1277 | |
96b3cb40 SH |
1278 | return p; |
1279 | } | |
72d0e1cb | 1280 | |
47e55887 CB |
1281 | static bool create_run_template(struct lxc_container *c, char *tpath, |
1282 | bool need_null_stdfds, char *const argv[]) | |
96b3cb40 | 1283 | { |
47e55887 | 1284 | int ret; |
96b3cb40 | 1285 | pid_t pid; |
72d0e1cb | 1286 | |
72d0e1cb | 1287 | if (!tpath) |
96b3cb40 | 1288 | return true; |
72d0e1cb SG |
1289 | |
1290 | pid = fork(); | |
1291 | if (pid < 0) { | |
7e34710e | 1292 | SYSERROR("Failed to fork task for container creation template"); |
96b3cb40 | 1293 | return false; |
72d0e1cb SG |
1294 | } |
1295 | ||
1a0e70ac | 1296 | if (pid == 0) { /* child */ |
47e55887 CB |
1297 | int i, len; |
1298 | char *namearg, *patharg, *rootfsarg; | |
96b3cb40 | 1299 | char **newargv; |
47e55887 CB |
1300 | int nargs = 0; |
1301 | struct lxc_storage *bdev = NULL; | |
cf3ef16d | 1302 | struct lxc_conf *conf = c->lxc_conf; |
47e55887 | 1303 | uid_t euid; |
72d0e1cb | 1304 | |
47e55887 CB |
1305 | if (need_null_stdfds) { |
1306 | ret = null_stdfds(); | |
1307 | if (ret < 0) | |
1308 | _exit(EXIT_FAILURE); | |
dc23c1c8 | 1309 | } |
1897e3bc | 1310 | |
8a388ed4 | 1311 | bdev = storage_init(c->lxc_conf); |
1897e3bc | 1312 | if (!bdev) { |
47e55887 | 1313 | ERROR("Failed to initialize storage"); |
7e34710e | 1314 | _exit(EXIT_FAILURE); |
1897e3bc SH |
1315 | } |
1316 | ||
47e55887 CB |
1317 | euid = geteuid(); |
1318 | if (euid == 0) { | |
1319 | ret = unshare(CLONE_NEWNS); | |
1320 | if (ret < 0) { | |
1321 | ERROR("Failed to unshare CLONE_NEWNS"); | |
7e34710e | 1322 | _exit(EXIT_FAILURE); |
cf3ef16d | 1323 | } |
47e55887 CB |
1324 | |
1325 | ret = detect_shared_rootfs(); | |
1326 | if (ret == 1) { | |
1327 | ret = mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL); | |
1328 | if (ret < 0) { | |
1329 | SYSERROR("Failed to make \"/\" rslave"); | |
4de2791f SH |
1330 | ERROR("Continuing..."); |
1331 | } | |
1332 | } | |
1333 | } | |
47e55887 CB |
1334 | |
1335 | if (strcmp(bdev->type, "dir") != 0 && strcmp(bdev->type, "btrfs") != 0) { | |
1336 | if (euid != 0) { | |
1337 | ERROR("Unprivileged users can only create " | |
1338 | "btrfs and directory-backed containers"); | |
eb70aaf0 | 1339 | _exit(EXIT_FAILURE); |
4de2791f | 1340 | } |
241978fa | 1341 | |
47e55887 CB |
1342 | if (strcmp(bdev->type, "overlay") == 0 || |
1343 | strcmp(bdev->type, "overlayfs") == 0) { | |
241978fa CB |
1344 | /* If we create an overlay container we need to |
1345 | * rsync the contents into | |
1346 | * <container-path>/<container-name>/rootfs. | |
1347 | * However, the overlay mount function will | |
1348 | * mount will mount | |
1349 | * <container-path>/<container-name>/delta0 | |
1350 | * over | |
1351 | * <container-path>/<container-name>/rootfs | |
1352 | * which means we would rsync the rootfs into | |
1353 | * the delta directory. That doesn't make sense | |
1354 | * since the delta directory only exists to | |
1355 | * record the differences to | |
1356 | * <container-path>/<container-name>/rootfs. So | |
1357 | * let's simply bind-mount here and then rsync | |
1358 | * directly into | |
1359 | * <container-path>/<container-name>/rootfs. | |
1360 | */ | |
1361 | char *src; | |
1362 | ||
1363 | src = ovl_get_rootfs(bdev->src, &(size_t){0}); | |
1364 | if (!src) { | |
1365 | ERROR("Failed to get rootfs"); | |
eb70aaf0 | 1366 | _exit(EXIT_FAILURE); |
241978fa CB |
1367 | } |
1368 | ||
1369 | ret = mount(src, bdev->dest, "bind", MS_BIND | MS_REC, NULL); | |
1370 | if (ret < 0) { | |
1371 | ERROR("Failed to mount rootfs"); | |
1372 | return -1; | |
1373 | } | |
1374 | } else { | |
47e55887 CB |
1375 | ret = bdev->ops->mount(bdev); |
1376 | if (ret < 0) { | |
241978fa | 1377 | ERROR("Failed to mount rootfs"); |
eb70aaf0 | 1378 | _exit(EXIT_FAILURE); |
241978fa | 1379 | } |
cf3ef16d | 1380 | } |
1a0e70ac | 1381 | } else { /* TODO come up with a better way here! */ |
41dc7155 | 1382 | const char *src; |
f10fad2f | 1383 | free(bdev->dest); |
e9705550 CB |
1384 | src = lxc_storage_get_path(bdev->src, bdev->type); |
1385 | bdev->dest = strdup(src); | |
1897e3bc SH |
1386 | } |
1387 | ||
47e55887 CB |
1388 | /* Create our new array, pre-pend the template name and base |
1389 | * args. | |
72d0e1cb SG |
1390 | */ |
1391 | if (argv) | |
47e55887 CB |
1392 | for (nargs = 0; argv[nargs]; nargs++) { |
1393 | ; | |
1394 | } | |
1395 | /* template, path, rootfs and name args */ | |
1396 | nargs += 4; | |
cf3ef16d | 1397 | |
72d0e1cb SG |
1398 | newargv = malloc(nargs * sizeof(*newargv)); |
1399 | if (!newargv) | |
7e34710e | 1400 | _exit(EXIT_FAILURE); |
96b3cb40 | 1401 | newargv[0] = lxcbasename(tpath); |
72d0e1cb | 1402 | |
47e55887 | 1403 | /* --path */ |
2a59a681 | 1404 | len = strlen(c->config_path) + strlen(c->name) + strlen("--path=") + 2; |
72d0e1cb SG |
1405 | patharg = malloc(len); |
1406 | if (!patharg) | |
7e34710e | 1407 | _exit(EXIT_FAILURE); |
2a59a681 | 1408 | ret = snprintf(patharg, len, "--path=%s/%s", c->config_path, c->name); |
72d0e1cb | 1409 | if (ret < 0 || ret >= len) |
7e34710e | 1410 | _exit(EXIT_FAILURE); |
72d0e1cb | 1411 | newargv[1] = patharg; |
47e55887 CB |
1412 | |
1413 | /* --name */ | |
72d0e1cb SG |
1414 | len = strlen("--name=") + strlen(c->name) + 1; |
1415 | namearg = malloc(len); | |
1416 | if (!namearg) | |
7e34710e | 1417 | _exit(EXIT_FAILURE); |
72d0e1cb SG |
1418 | ret = snprintf(namearg, len, "--name=%s", c->name); |
1419 | if (ret < 0 || ret >= len) | |
7e34710e | 1420 | _exit(EXIT_FAILURE); |
72d0e1cb SG |
1421 | newargv[2] = namearg; |
1422 | ||
47e55887 | 1423 | /* --rootfs */ |
1897e3bc SH |
1424 | len = strlen("--rootfs=") + 1 + strlen(bdev->dest); |
1425 | rootfsarg = malloc(len); | |
1426 | if (!rootfsarg) | |
7e34710e | 1427 | _exit(EXIT_FAILURE); |
1897e3bc SH |
1428 | ret = snprintf(rootfsarg, len, "--rootfs=%s", bdev->dest); |
1429 | if (ret < 0 || ret >= len) | |
7e34710e | 1430 | _exit(EXIT_FAILURE); |
1897e3bc SH |
1431 | newargv[3] = rootfsarg; |
1432 | ||
72d0e1cb SG |
1433 | /* add passed-in args */ |
1434 | if (argv) | |
1897e3bc | 1435 | for (i = 4; i < nargs; i++) |
47e55887 | 1436 | newargv[i] = argv[i - 4]; |
72d0e1cb SG |
1437 | |
1438 | /* add trailing NULL */ | |
1439 | nargs++; | |
1440 | newargv = realloc(newargv, nargs * sizeof(*newargv)); | |
1441 | if (!newargv) | |
7e34710e | 1442 | _exit(EXIT_FAILURE); |
72d0e1cb SG |
1443 | newargv[nargs - 1] = NULL; |
1444 | ||
47e55887 CB |
1445 | /* If we're running the template in a mapped userns, then we |
1446 | * prepend the template command with: lxc-usernsexec <-m map1> | |
1447 | * ... <-m mapn> -- and we append "--mapped-uid x", where x is | |
1448 | * the mapped uid for our geteuid() | |
cf3ef16d | 1449 | */ |
0e6e3a41 | 1450 | if (!lxc_list_empty(&conf->id_map)) { |
47e55887 CB |
1451 | int extraargs, hostuid_mapped, hostgid_mapped; |
1452 | char **n2; | |
1453 | char txtuid[20], txtgid[20]; | |
cf3ef16d SH |
1454 | struct lxc_list *it; |
1455 | struct id_map *map; | |
47e55887 | 1456 | int n2args = 1; |
cf3ef16d | 1457 | |
47e55887 CB |
1458 | n2 = malloc(n2args * sizeof(*n2)); |
1459 | if (!n2) | |
7e34710e | 1460 | _exit(EXIT_FAILURE); |
47e55887 | 1461 | |
cf3ef16d SH |
1462 | newargv[0] = tpath; |
1463 | tpath = "lxc-usernsexec"; | |
1464 | n2[0] = "lxc-usernsexec"; | |
1465 | lxc_list_for_each(it, &conf->id_map) { | |
1466 | map = it->elem; | |
1467 | n2args += 2; | |
57d116ab | 1468 | n2 = realloc(n2, n2args * sizeof(char *)); |
cf3ef16d | 1469 | if (!n2) |
7e34710e | 1470 | _exit(EXIT_FAILURE); |
47e55887 CB |
1471 | |
1472 | n2[n2args - 2] = "-m"; | |
1473 | n2[n2args - 1] = malloc(200); | |
1474 | if (!n2[n2args - 1]) | |
7e34710e | 1475 | _exit(EXIT_FAILURE); |
47e55887 CB |
1476 | |
1477 | ret = snprintf(n2[n2args - 1], 200, "%c:%lu:%lu:%lu", | |
1478 | map->idtype == ID_TYPE_UID ? 'u' : 'g', | |
1479 | map->nsid, map->hostid, map->range); | |
cf3ef16d | 1480 | if (ret < 0 || ret >= 200) |
7e34710e | 1481 | _exit(EXIT_FAILURE); |
cf3ef16d | 1482 | } |
47e55887 CB |
1483 | |
1484 | hostuid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID); | |
1485 | extraargs = hostuid_mapped >= 0 ? 1 : 3; | |
57d116ab | 1486 | n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *)); |
cf3ef16d | 1487 | if (!n2) |
7e34710e | 1488 | _exit(EXIT_FAILURE); |
47e55887 CB |
1489 | |
1490 | if (hostuid_mapped < 0) { | |
1491 | hostuid_mapped = find_unmapped_nsid(conf, ID_TYPE_UID); | |
cf3ef16d | 1492 | n2[n2args++] = "-m"; |
47e55887 CB |
1493 | if (hostuid_mapped < 0) { |
1494 | ERROR("Failed to find free uid to map"); | |
7e34710e | 1495 | _exit(EXIT_FAILURE); |
cf3ef16d | 1496 | } |
47e55887 | 1497 | |
cf3ef16d | 1498 | n2[n2args++] = malloc(200); |
47e55887 | 1499 | if (!n2[n2args - 1]) { |
cf3ef16d | 1500 | SYSERROR("out of memory"); |
7e34710e | 1501 | _exit(EXIT_FAILURE); |
cf3ef16d | 1502 | } |
47e55887 CB |
1503 | ret = snprintf(n2[n2args - 1], 200, "u:%d:%d:1", |
1504 | hostuid_mapped, geteuid()); | |
1505 | if (ret < 0 || ret >= 200) | |
7e34710e | 1506 | _exit(EXIT_FAILURE); |
cf3ef16d | 1507 | } |
47e55887 CB |
1508 | |
1509 | hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID); | |
2133f58c SH |
1510 | extraargs = hostgid_mapped >= 0 ? 1 : 3; |
1511 | n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *)); | |
1512 | if (!n2) | |
7e34710e | 1513 | _exit(EXIT_FAILURE); |
47e55887 | 1514 | |
2133f58c | 1515 | if (hostgid_mapped < 0) { |
339efad9 | 1516 | hostgid_mapped = find_unmapped_nsid(conf, ID_TYPE_GID); |
2133f58c SH |
1517 | n2[n2args++] = "-m"; |
1518 | if (hostgid_mapped < 0) { | |
47e55887 | 1519 | ERROR("Failed to find free gid to map"); |
7e34710e | 1520 | _exit(EXIT_FAILURE); |
2133f58c | 1521 | } |
47e55887 | 1522 | |
2133f58c | 1523 | n2[n2args++] = malloc(200); |
47e55887 | 1524 | if (!n2[n2args - 1]) { |
2133f58c | 1525 | SYSERROR("out of memory"); |
7e34710e | 1526 | _exit(EXIT_FAILURE); |
2133f58c | 1527 | } |
47e55887 CB |
1528 | |
1529 | ret = snprintf(n2[n2args - 1], 200, "g:%d:%d:1", | |
1530 | hostgid_mapped, getegid()); | |
1531 | if (ret < 0 || ret >= 200) | |
7e34710e | 1532 | _exit(EXIT_FAILURE); |
2133f58c | 1533 | } |
cf3ef16d SH |
1534 | n2[n2args++] = "--"; |
1535 | for (i = 0; i < nargs; i++) | |
1536 | n2[i + n2args] = newargv[i]; | |
57d116ab | 1537 | n2args += nargs; |
47e55887 CB |
1538 | |
1539 | /* Finally add "--mapped-uid $uid" to tell template what | |
1540 | * to chown cached images to. | |
1a0e70ac | 1541 | */ |
2133f58c | 1542 | n2args += 4; |
57d116ab | 1543 | n2 = realloc(n2, n2args * sizeof(char *)); |
47e55887 | 1544 | if (!n2) |
7e34710e | 1545 | _exit(EXIT_FAILURE); |
47e55887 | 1546 | |
1a0e70ac | 1547 | /* note n2[n2args-1] is NULL */ |
47e55887 CB |
1548 | n2[n2args - 5] = "--mapped-uid"; |
1549 | snprintf(txtuid, 20, "%d", hostuid_mapped); | |
1550 | n2[n2args - 4] = txtuid; | |
1551 | n2[n2args - 3] = "--mapped-gid"; | |
2133f58c | 1552 | snprintf(txtgid, 20, "%d", hostgid_mapped); |
47e55887 CB |
1553 | n2[n2args - 2] = txtgid; |
1554 | n2[n2args - 1] = NULL; | |
cf3ef16d SH |
1555 | free(newargv); |
1556 | newargv = n2; | |
1557 | } | |
47e55887 | 1558 | |
cf3ef16d | 1559 | execvp(tpath, newargv); |
e9705550 | 1560 | SYSERROR("Failed to execute template %s", tpath); |
7e34710e | 1561 | _exit(EXIT_FAILURE); |
72d0e1cb SG |
1562 | } |
1563 | ||
47e55887 CB |
1564 | ret = wait_for_pid(pid); |
1565 | if (ret != 0) { | |
1566 | ERROR("Failed to create container from template"); | |
96b3cb40 SH |
1567 | return false; |
1568 | } | |
1569 | ||
1570 | return true; | |
1571 | } | |
1572 | ||
74a3920a | 1573 | static bool prepend_lxc_header(char *path, const char *t, char *const argv[]) |
3ce74686 | 1574 | { |
1fd9bd50 | 1575 | long flen; |
b4569e93 | 1576 | char *contents; |
3ce74686 | 1577 | FILE *f; |
025ed0f3 | 1578 | int ret = -1; |
52026772 | 1579 | #if HAVE_LIBGNUTLS |
025ed0f3 | 1580 | int i; |
3ce74686 | 1581 | unsigned char md_value[SHA_DIGEST_LENGTH]; |
b4569e93 | 1582 | char *tpath; |
52026772 | 1583 | #endif |
3ce74686 | 1584 | |
025ed0f3 | 1585 | f = fopen(path, "r"); |
025ed0f3 | 1586 | if (f == NULL) |
3ce74686 | 1587 | return false; |
025ed0f3 SH |
1588 | |
1589 | if (fseek(f, 0, SEEK_END) < 0) | |
1590 | goto out_error; | |
1591 | if ((flen = ftell(f)) < 0) | |
1592 | goto out_error; | |
1593 | if (fseek(f, 0, SEEK_SET) < 0) | |
1594 | goto out_error; | |
1595 | if ((contents = malloc(flen + 1)) == NULL) | |
1596 | goto out_error; | |
1597 | if (fread(contents, 1, flen, f) != flen) | |
1598 | goto out_free_contents; | |
1599 | ||
3ce74686 | 1600 | contents[flen] = '\0'; |
025ed0f3 | 1601 | ret = fclose(f); |
025ed0f3 SH |
1602 | f = NULL; |
1603 | if (ret < 0) | |
1604 | goto out_free_contents; | |
3ce74686 | 1605 | |
b4569e93 | 1606 | #if HAVE_LIBGNUTLS |
01efd4d3 | 1607 | tpath = get_template_path(t); |
85db5535 | 1608 | if (!tpath) { |
959aee9c | 1609 | ERROR("bad template: %s", t); |
025ed0f3 | 1610 | goto out_free_contents; |
3ce74686 SH |
1611 | } |
1612 | ||
85db5535 DE |
1613 | ret = sha1sum_file(tpath, md_value); |
1614 | if (ret < 0) { | |
1615 | ERROR("Error getting sha1sum of %s", tpath); | |
3ce74686 | 1616 | free(tpath); |
85db5535 | 1617 | goto out_free_contents; |
3ce74686 | 1618 | } |
85db5535 | 1619 | free(tpath); |
3ce74686 SH |
1620 | #endif |
1621 | ||
025ed0f3 | 1622 | f = fopen(path, "w"); |
025ed0f3 | 1623 | if (f == NULL) { |
3ce74686 SH |
1624 | SYSERROR("reopening config for writing"); |
1625 | free(contents); | |
1626 | return false; | |
1627 | } | |
1628 | fprintf(f, "# Template used to create this container: %s\n", t); | |
1629 | if (argv) { | |
1630 | fprintf(f, "# Parameters passed to the template:"); | |
1631 | while (*argv) { | |
1632 | fprintf(f, " %s", *argv); | |
1633 | argv++; | |
1634 | } | |
1635 | fprintf(f, "\n"); | |
1636 | } | |
1637 | #if HAVE_LIBGNUTLS | |
56698177 SH |
1638 | fprintf(f, "# Template script checksum (SHA-1): "); |
1639 | for (i=0; i<SHA_DIGEST_LENGTH; i++) | |
1640 | fprintf(f, "%02x", md_value[i]); | |
1641 | fprintf(f, "\n"); | |
3ce74686 | 1642 | #endif |
0520c252 | 1643 | fprintf(f, "# For additional config options, please look at lxc.container.conf(5)\n"); |
49a2ed80 SH |
1644 | fprintf(f, "\n# Uncomment the following line to support nesting containers:\n"); |
1645 | fprintf(f, "#lxc.include = " LXCTEMPLATECONFIG "/nesting.conf\n"); | |
1646 | fprintf(f, "# (Be aware this has security implications)\n\n"); | |
3ce74686 SH |
1647 | if (fwrite(contents, 1, flen, f) != flen) { |
1648 | SYSERROR("Writing original contents"); | |
1649 | free(contents); | |
1650 | fclose(f); | |
1651 | return false; | |
1652 | } | |
025ed0f3 SH |
1653 | ret = 0; |
1654 | out_free_contents: | |
3ce74686 | 1655 | free(contents); |
025ed0f3 SH |
1656 | out_error: |
1657 | if (f) { | |
1658 | int newret; | |
025ed0f3 | 1659 | newret = fclose(f); |
025ed0f3 SH |
1660 | if (ret == 0) |
1661 | ret = newret; | |
1662 | } | |
1663 | if (ret < 0) { | |
1664 | SYSERROR("Error prepending header"); | |
3ce74686 SH |
1665 | return false; |
1666 | } | |
1667 | return true; | |
1668 | } | |
1669 | ||
4df7f012 SH |
1670 | static void lxcapi_clear_config(struct lxc_container *c) |
1671 | { | |
f979ac15 SH |
1672 | if (c) { |
1673 | if (c->lxc_conf) { | |
1674 | lxc_conf_free(c->lxc_conf); | |
1675 | c->lxc_conf = NULL; | |
1676 | } | |
4df7f012 SH |
1677 | } |
1678 | } | |
1679 | ||
858377e4 SH |
1680 | #define do_lxcapi_clear_config(c) lxcapi_clear_config(c) |
1681 | ||
96b3cb40 SH |
1682 | /* |
1683 | * lxcapi_create: | |
1684 | * create a container with the given parameters. | |
1685 | * @c: container to be created. It has the lxcpath, name, and a starting | |
1686 | * configuration already set | |
1687 | * @t: the template to execute to instantiate the root filesystem and | |
1688 | * adjust the configuration. | |
1689 | * @bdevtype: backing store type to use. If NULL, dir will be used. | |
1690 | * @specs: additional parameters for the backing store, i.e. LVM vg to | |
1691 | * use. | |
1692 | * | |
1693 | * @argv: the arguments to pass to the template, terminated by NULL. If no | |
1694 | * arguments, you can just pass NULL. | |
1695 | */ | |
858377e4 | 1696 | static bool do_lxcapi_create(struct lxc_container *c, const char *t, |
85aec4ac CB |
1697 | const char *bdevtype, struct bdev_specs *specs, |
1698 | int flags, char *const argv[]) | |
96b3cb40 | 1699 | { |
e9e29a33 | 1700 | int partial_fd; |
96b3cb40 | 1701 | pid_t pid; |
e9e29a33 | 1702 | bool ret = false; |
85db5535 | 1703 | char *tpath = NULL; |
96b3cb40 SH |
1704 | |
1705 | if (!c) | |
1706 | return false; | |
1707 | ||
85db5535 DE |
1708 | if (t) { |
1709 | tpath = get_template_path(t); | |
1710 | if (!tpath) { | |
e9e29a33 | 1711 | ERROR("Unknown template \"%s\"", t); |
85db5535 DE |
1712 | goto out; |
1713 | } | |
96b3cb40 SH |
1714 | } |
1715 | ||
e9e29a33 CB |
1716 | /* If a template is passed in, and the rootfs already is defined in the |
1717 | * container config and exists, then the caller is trying to create an | |
1718 | * existing container. Return an error, but do NOT delete the container. | |
cf465fe4 | 1719 | */ |
858377e4 | 1720 | if (do_lxcapi_is_defined(c) && c->lxc_conf && c->lxc_conf->rootfs.path && |
cf465fe4 | 1721 | access(c->lxc_conf->rootfs.path, F_OK) == 0 && tpath) { |
e9e29a33 CB |
1722 | ERROR("Container \"%s\" already exists in \"%s\"", c->name, |
1723 | c->config_path); | |
6c6892b5 | 1724 | goto free_tpath; |
cf465fe4 SH |
1725 | } |
1726 | ||
6c6892b5 | 1727 | if (!c->lxc_conf) { |
858377e4 | 1728 | if (!do_lxcapi_load_config(c, lxc_global_config_value("lxc.default_config"))) { |
e9e29a33 CB |
1729 | ERROR("Error loading default configuration file %s", |
1730 | lxc_global_config_value("lxc.default_config")); | |
6c6892b5 DE |
1731 | goto free_tpath; |
1732 | } | |
96b3cb40 SH |
1733 | } |
1734 | ||
6c6892b5 DE |
1735 | if (!create_container_dir(c)) |
1736 | goto free_tpath; | |
1737 | ||
e9e29a33 CB |
1738 | /* If both template and rootfs.path are set, template is setup as |
1739 | * rootfs.path. The container is already created if we have a config and | |
1740 | * rootfs.path is accessible | |
0590e82c | 1741 | */ |
00370edd | 1742 | if (!c->lxc_conf->rootfs.path && !tpath) { |
e9e29a33 | 1743 | /* No template passed in and rootfs does not exist. */ |
00370edd | 1744 | if (!c->save_config(c, NULL)) { |
e9e29a33 | 1745 | ERROR("Failed to save initial config for \"%s\"", c->name); |
00370edd DW |
1746 | goto out; |
1747 | } | |
1748 | ret = true; | |
0590e82c | 1749 | goto out; |
00370edd | 1750 | } |
e9e29a33 CB |
1751 | |
1752 | /* Rootfs passed into configuration, but does not exist. */ | |
0590e82c | 1753 | if (c->lxc_conf->rootfs.path && access(c->lxc_conf->rootfs.path, F_OK) != 0) |
0590e82c | 1754 | goto out; |
e9e29a33 | 1755 | |
858377e4 | 1756 | if (do_lxcapi_is_defined(c) && c->lxc_conf->rootfs.path && !tpath) { |
e9e29a33 CB |
1757 | /* Rootfs already existed, user just wanted to save the loaded |
1758 | * configuration. | |
1759 | */ | |
0f4cdd77 | 1760 | if (!c->save_config(c, NULL)) |
e9e29a33 | 1761 | ERROR("Failed to save initial config for \"%s\"", c->name); |
0590e82c SH |
1762 | ret = true; |
1763 | goto out; | |
a69aad27 | 1764 | } |
96b3cb40 SH |
1765 | |
1766 | /* Mark that this container is being created */ | |
e9e29a33 CB |
1767 | partial_fd = create_partial(c); |
1768 | if (partial_fd < 0) | |
96b3cb40 SH |
1769 | goto out; |
1770 | ||
e9e29a33 | 1771 | /* No need to get disk lock bc we have the partial lock. */ |
96b3cb40 | 1772 | |
e9e29a33 | 1773 | /* Create the storage. |
96b3cb40 SH |
1774 | * Note we can't do this in the same task as we use to execute the |
1775 | * template because of the way zfs works. | |
1776 | * After you 'zfs create', zfs mounts the fs only in the initial | |
1777 | * namespace. | |
1778 | */ | |
1779 | pid = fork(); | |
1780 | if (pid < 0) { | |
e9e29a33 | 1781 | SYSERROR("Failed to fork task for container creation template"); |
8eb5694b SH |
1782 | goto out_unlock; |
1783 | } | |
1784 | ||
1a0e70ac | 1785 | if (pid == 0) { /* child */ |
10bc1861 | 1786 | struct lxc_storage *bdev = NULL; |
96b3cb40 | 1787 | |
10bc1861 CB |
1788 | bdev = do_storage_create(c, bdevtype, specs); |
1789 | if (!bdev) { | |
e9e29a33 CB |
1790 | ERROR("Failed to create %s storage for %s", |
1791 | bdevtype ? bdevtype : "(none)", c->name); | |
85aec4ac | 1792 | _exit(EXIT_FAILURE); |
96b3cb40 SH |
1793 | } |
1794 | ||
e9e29a33 | 1795 | /* Save config file again to store the new rootfs location. */ |
858377e4 | 1796 | if (!do_lxcapi_save_config(c, NULL)) { |
e9e29a33 CB |
1797 | ERROR("Failed to save initial config for %s", c->name); |
1798 | /* Parent task won't see the storage driver in the | |
1799 | * config so we delete it. | |
1800 | */ | |
96b3cb40 SH |
1801 | bdev->ops->umount(bdev); |
1802 | bdev->ops->destroy(bdev); | |
85aec4ac | 1803 | _exit(EXIT_FAILURE); |
96b3cb40 | 1804 | } |
85aec4ac | 1805 | _exit(EXIT_SUCCESS); |
96b3cb40 SH |
1806 | } |
1807 | if (wait_for_pid(pid) != 0) | |
a09295f8 | 1808 | goto out_unlock; |
96b3cb40 | 1809 | |
e9e29a33 | 1810 | /* Reload config to get the rootfs. */ |
a3b47c09 | 1811 | lxc_conf_free(c->lxc_conf); |
96b3cb40 SH |
1812 | c->lxc_conf = NULL; |
1813 | if (!load_config_locked(c, c->configfile)) | |
a09295f8 | 1814 | goto out_unlock; |
96b3cb40 | 1815 | |
dc23c1c8 | 1816 | if (!create_run_template(c, tpath, !!(flags & LXC_CREATE_QUIET), argv)) |
96b3cb40 SH |
1817 | goto out_unlock; |
1818 | ||
1a0e70ac CB |
1819 | /* Now clear out the lxc_conf we have, reload from the created |
1820 | * container. | |
1821 | */ | |
858377e4 | 1822 | do_lxcapi_clear_config(c); |
3ce74686 | 1823 | |
9d65a487 KY |
1824 | if (t) { |
1825 | if (!prepend_lxc_header(c->configfile, tpath, argv)) { | |
e9e29a33 | 1826 | ERROR("Failed to prepend header to config file"); |
9d65a487 KY |
1827 | goto out_unlock; |
1828 | } | |
3ce74686 | 1829 | } |
a69aad27 | 1830 | ret = load_config_locked(c, c->configfile); |
72d0e1cb SG |
1831 | |
1832 | out_unlock: | |
3e625e2d SH |
1833 | if (partial_fd >= 0) |
1834 | remove_partial(c, partial_fd); | |
72d0e1cb | 1835 | out: |
c55d4505 | 1836 | if (!ret) |
17a367d8 | 1837 | container_destroy(c, NULL); |
6c6892b5 | 1838 | free_tpath: |
f10fad2f | 1839 | free(tpath); |
a69aad27 | 1840 | return ret; |
72d0e1cb SG |
1841 | } |
1842 | ||
858377e4 | 1843 | static bool lxcapi_create(struct lxc_container *c, const char *t, |
e9e29a33 CB |
1844 | const char *bdevtype, struct bdev_specs *specs, |
1845 | int flags, char *const argv[]) | |
858377e4 SH |
1846 | { |
1847 | bool ret; | |
1848 | current_config = c ? c->lxc_conf : NULL; | |
1849 | ret = do_lxcapi_create(c, t, bdevtype, specs, flags, argv); | |
1850 | current_config = NULL; | |
1851 | return ret; | |
1852 | } | |
1853 | ||
1854 | static bool do_lxcapi_reboot(struct lxc_container *c) | |
3e625e2d SH |
1855 | { |
1856 | pid_t pid; | |
dd267776 | 1857 | int rebootsignal = SIGINT; |
3e625e2d SH |
1858 | |
1859 | if (!c) | |
1860 | return false; | |
858377e4 | 1861 | if (!do_lxcapi_is_running(c)) |
3e625e2d | 1862 | return false; |
858377e4 | 1863 | pid = do_lxcapi_init_pid(c); |
3e625e2d SH |
1864 | if (pid <= 0) |
1865 | return false; | |
dd267776 BP |
1866 | if (c->lxc_conf && c->lxc_conf->rebootsignal) |
1867 | rebootsignal = c->lxc_conf->rebootsignal; | |
591614a7 CB |
1868 | if (kill(pid, rebootsignal) < 0) { |
1869 | WARN("Could not send signal %d to pid %d.", rebootsignal, pid); | |
3e625e2d | 1870 | return false; |
591614a7 | 1871 | } |
3e625e2d SH |
1872 | return true; |
1873 | ||
1874 | } | |
1875 | ||
858377e4 SH |
1876 | WRAP_API(bool, lxcapi_reboot) |
1877 | ||
d39b10eb CB |
1878 | static bool do_lxcapi_reboot2(struct lxc_container *c, int timeout) |
1879 | { | |
1880 | int killret, ret; | |
1881 | pid_t pid; | |
1882 | int rebootsignal = SIGINT, state_client_fd = -1; | |
1883 | lxc_state_t states[MAX_STATE] = {0}; | |
1884 | ||
1885 | if (!c) | |
1886 | return false; | |
1887 | ||
1888 | if (!do_lxcapi_is_running(c)) | |
1889 | return true; | |
1890 | ||
1891 | pid = do_lxcapi_init_pid(c); | |
1892 | if (pid <= 0) | |
1893 | return true; | |
1894 | ||
1895 | if (c->lxc_conf && c->lxc_conf->rebootsignal) | |
1896 | rebootsignal = c->lxc_conf->rebootsignal; | |
1897 | ||
1898 | /* Add a new state client before sending the shutdown signal so that we | |
1899 | * don't miss a state. | |
1900 | */ | |
1901 | if (timeout != 0) { | |
1902 | states[RUNNING] = 2; | |
1903 | ret = lxc_cmd_add_state_client(c->name, c->config_path, states, | |
1904 | &state_client_fd); | |
1905 | if (ret < 0) | |
1906 | return false; | |
1907 | ||
1908 | if (state_client_fd < 0) | |
1909 | return false; | |
1910 | ||
1911 | if (ret == RUNNING) | |
1912 | return true; | |
1913 | ||
1914 | if (ret < MAX_STATE) | |
1915 | return false; | |
1916 | } | |
1917 | ||
1918 | /* Send reboot signal to container. */ | |
1919 | killret = kill(pid, rebootsignal); | |
1920 | if (killret < 0) { | |
1921 | WARN("Could not send signal %d to pid %d", rebootsignal, pid); | |
1922 | if (state_client_fd >= 0) | |
1923 | close(state_client_fd); | |
1924 | return false; | |
1925 | } | |
1926 | TRACE("Sent signal %d to pid %d", rebootsignal, pid); | |
1927 | ||
1928 | if (timeout == 0) | |
1929 | return true; | |
1930 | ||
1931 | ret = lxc_cmd_sock_rcv_state(state_client_fd, timeout); | |
1932 | close(state_client_fd); | |
1933 | if (ret < 0) | |
1934 | return false; | |
1935 | ||
1936 | TRACE("Received state \"%s\"", lxc_state2str(ret)); | |
1937 | if (ret != RUNNING) | |
1938 | return false; | |
1939 | ||
1940 | return true; | |
1941 | } | |
1942 | ||
1943 | WRAP_API_1(bool, lxcapi_reboot2, int) | |
1944 | ||
858377e4 | 1945 | static bool do_lxcapi_shutdown(struct lxc_container *c, int timeout) |
72d0e1cb | 1946 | { |
f8bdb6dc | 1947 | int killret, ret; |
72d0e1cb | 1948 | pid_t pid; |
f8bdb6dc | 1949 | int haltsignal = SIGPWR, state_client_fd = -1; |
92e35018 | 1950 | lxc_state_t states[MAX_STATE] = {0}; |
72d0e1cb SG |
1951 | |
1952 | if (!c) | |
1953 | return false; | |
1954 | ||
858377e4 | 1955 | if (!do_lxcapi_is_running(c)) |
72d0e1cb | 1956 | return true; |
f8bdb6dc | 1957 | |
858377e4 | 1958 | pid = do_lxcapi_init_pid(c); |
72d0e1cb SG |
1959 | if (pid <= 0) |
1960 | return true; | |
330ae3d3 CB |
1961 | |
1962 | /* Detect whether we should send SIGRTMIN + 3 (e.g. systemd). */ | |
1963 | if (task_blocking_signal(pid, (SIGRTMIN + 3))) | |
1964 | haltsignal = (SIGRTMIN + 3); | |
1965 | ||
b0227444 | 1966 | if (c->lxc_conf && c->lxc_conf->haltsignal) |
f0f1d8c0 | 1967 | haltsignal = c->lxc_conf->haltsignal; |
330ae3d3 | 1968 | |
92e35018 CB |
1969 | /* Add a new state client before sending the shutdown signal so that we |
1970 | * don't miss a state. | |
1971 | */ | |
f8bdb6dc CB |
1972 | if (timeout != 0) { |
1973 | states[STOPPED] = 1; | |
1974 | ret = lxc_cmd_add_state_client(c->name, c->config_path, states, | |
1975 | &state_client_fd); | |
1976 | if (ret < 0) | |
1977 | return false; | |
92e35018 | 1978 | |
f8bdb6dc CB |
1979 | if (state_client_fd < 0) |
1980 | return false; | |
1981 | ||
1982 | if (ret == STOPPED) | |
1983 | return true; | |
591614a7 | 1984 | |
f8bdb6dc | 1985 | if (ret < MAX_STATE) |
92e35018 | 1986 | return false; |
92e35018 CB |
1987 | } |
1988 | ||
f8bdb6dc CB |
1989 | /* Send shutdown signal to container. */ |
1990 | killret = kill(pid, haltsignal); | |
1991 | if (killret < 0) { | |
1992 | WARN("Could not send signal %d to pid %d", haltsignal, pid); | |
1993 | if (state_client_fd >= 0) | |
1994 | close(state_client_fd); | |
1995 | return false; | |
1996 | } | |
1997 | TRACE("Sent signal %d to pid %d", haltsignal, pid); | |
1998 | ||
1999 | if (timeout == 0) | |
2000 | return true; | |
2001 | ||
2002 | ret = lxc_cmd_sock_rcv_state(state_client_fd, timeout); | |
2003 | close(state_client_fd); | |
2004 | if (ret < 0) | |
2005 | return false; | |
2006 | ||
2007 | TRACE("Received state \"%s\"", lxc_state2str(ret)); | |
2008 | if (ret != STOPPED) | |
2009 | return false; | |
2010 | ||
2011 | return true; | |
72d0e1cb SG |
2012 | } |
2013 | ||
858377e4 SH |
2014 | WRAP_API_1(bool, lxcapi_shutdown, int) |
2015 | ||
1897e3bc | 2016 | static bool lxcapi_createl(struct lxc_container *c, const char *t, |
dc23c1c8 | 2017 | const char *bdevtype, struct bdev_specs *specs, int flags, ...) |
72d0e1cb SG |
2018 | { |
2019 | bool bret = false; | |
a0e93eeb | 2020 | char **args = NULL; |
72d0e1cb | 2021 | va_list ap; |
72d0e1cb SG |
2022 | |
2023 | if (!c) | |
2024 | return false; | |
2025 | ||
858377e4 SH |
2026 | current_config = c->lxc_conf; |
2027 | ||
72d0e1cb SG |
2028 | /* |
2029 | * since we're going to wait for create to finish, I don't think we | |
2030 | * need to get a copy of the arguments. | |
2031 | */ | |
dc23c1c8 | 2032 | va_start(ap, flags); |
a0e93eeb | 2033 | args = lxc_va_arg_list_to_argv(ap, 0, 0); |
72d0e1cb | 2034 | va_end(ap); |
a0e93eeb | 2035 | if (!args) { |
e9e29a33 | 2036 | ERROR("Failed to allocate memory"); |
a0e93eeb CS |
2037 | goto out; |
2038 | } | |
72d0e1cb | 2039 | |
858377e4 | 2040 | bret = do_lxcapi_create(c, t, bdevtype, specs, flags, args); |
72d0e1cb SG |
2041 | |
2042 | out: | |
a0e93eeb | 2043 | free(args); |
858377e4 | 2044 | current_config = NULL; |
72d0e1cb SG |
2045 | return bret; |
2046 | } | |
2047 | ||
6b0d5538 SH |
2048 | static void do_clear_unexp_config_line(struct lxc_conf *conf, const char *key) |
2049 | { | |
4222a9f4 CB |
2050 | if (!strcmp(key, "lxc.cgroup")) |
2051 | return clear_unexp_config_line(conf, key, true); | |
2052 | ||
2053 | if (!strcmp(key, "lxc.network")) | |
2054 | return clear_unexp_config_line(conf, key, true); | |
2055 | ||
2056 | if (!strcmp(key, "lxc.net")) | |
2057 | return clear_unexp_config_line(conf, key, true); | |
2058 | ||
2059 | /* Clear a network with a specific index. */ | |
2060 | if (!strncmp(key, "lxc.net.", 8)) { | |
2061 | int ret; | |
2062 | const char *idx; | |
2063 | ||
2064 | idx = key + 8; | |
2065 | ret = lxc_safe_uint(idx, &(unsigned int){0}); | |
2066 | if (!ret) | |
2067 | return clear_unexp_config_line(conf, key, true); | |
2068 | } | |
2069 | ||
2070 | if (!strcmp(key, "lxc.hook")) | |
2071 | return clear_unexp_config_line(conf, key, true); | |
2072 | ||
2073 | return clear_unexp_config_line(conf, key, false); | |
6b0d5538 SH |
2074 | } |
2075 | ||
6afd673f CB |
2076 | static bool do_lxcapi_clear_config_item(struct lxc_container *c, |
2077 | const char *key) | |
72d0e1cb | 2078 | { |
6afd673f CB |
2079 | int ret = 1; |
2080 | struct lxc_config_t *config; | |
72d0e1cb SG |
2081 | |
2082 | if (!c || !c->lxc_conf) | |
2083 | return false; | |
6afd673f | 2084 | |
5cee8c50 | 2085 | if (container_mem_lock(c)) |
72d0e1cb | 2086 | return false; |
6afd673f | 2087 | |
300df83e | 2088 | config = lxc_get_config(key); |
6afd673f CB |
2089 | /* Verify that the config key exists and that it has a callback |
2090 | * implemented. | |
2091 | */ | |
2092 | if (config && config->clr) | |
26471403 | 2093 | ret = config->clr(key, c->lxc_conf, NULL); |
6b0d5538 SH |
2094 | if (!ret) |
2095 | do_clear_unexp_config_line(c->lxc_conf, key); | |
6afd673f | 2096 | |
5cee8c50 | 2097 | container_mem_unlock(c); |
72d0e1cb SG |
2098 | return ret == 0; |
2099 | } | |
2100 | ||
858377e4 SH |
2101 | WRAP_API_1(bool, lxcapi_clear_config_item, const char *) |
2102 | ||
e0f59189 | 2103 | static inline bool enter_net_ns(struct lxc_container *c) |
51d0854c | 2104 | { |
858377e4 | 2105 | pid_t pid = do_lxcapi_init_pid(c); |
ae22a220 | 2106 | |
0e6e3a41 | 2107 | if ((geteuid() != 0 || (c->lxc_conf && !lxc_list_empty(&c->lxc_conf->id_map))) && access("/proc/self/ns/user", F_OK) == 0) { |
51d0854c DY |
2108 | if (!switch_to_ns(pid, "user")) |
2109 | return false; | |
9c83a661 | 2110 | } |
51d0854c | 2111 | return switch_to_ns(pid, "net"); |
799f29ab ÇO |
2112 | } |
2113 | ||
1a0e70ac | 2114 | /* Used by qsort and bsearch functions for comparing names. */ |
9c88ff1f ÇO |
2115 | static inline int string_cmp(char **first, char **second) |
2116 | { | |
2117 | return strcmp(*first, *second); | |
2118 | } | |
2119 | ||
1a0e70ac CB |
2120 | /* Used by qsort and bsearch functions for comparing container names. */ |
2121 | static inline int container_cmp(struct lxc_container **first, | |
2122 | struct lxc_container **second) | |
9c88ff1f ÇO |
2123 | { |
2124 | return strcmp((*first)->name, (*second)->name); | |
2125 | } | |
2126 | ||
2127 | static bool add_to_array(char ***names, char *cname, int pos) | |
2128 | { | |
2129 | char **newnames = realloc(*names, (pos+1) * sizeof(char *)); | |
2130 | if (!newnames) { | |
2131 | ERROR("Out of memory"); | |
2132 | return false; | |
2133 | } | |
2134 | ||
2135 | *names = newnames; | |
2136 | newnames[pos] = strdup(cname); | |
2137 | if (!newnames[pos]) | |
2138 | return false; | |
2139 | ||
1a0e70ac CB |
2140 | /* Sort the arrray as we will use binary search on it. */ |
2141 | qsort(newnames, pos + 1, sizeof(char *), | |
2142 | (int (*)(const void *, const void *))string_cmp); | |
9c88ff1f ÇO |
2143 | |
2144 | return true; | |
2145 | } | |
2146 | ||
1a0e70ac CB |
2147 | static bool add_to_clist(struct lxc_container ***list, struct lxc_container *c, |
2148 | int pos, bool sort) | |
9c88ff1f | 2149 | { |
1a0e70ac | 2150 | struct lxc_container **newlist = realloc(*list, (pos + 1) * sizeof(struct lxc_container *)); |
9c88ff1f ÇO |
2151 | if (!newlist) { |
2152 | ERROR("Out of memory"); | |
2153 | return false; | |
2154 | } | |
2155 | ||
2156 | *list = newlist; | |
2157 | newlist[pos] = c; | |
2158 | ||
1a0e70ac | 2159 | /* Sort the arrray as we will use binary search on it. */ |
2871830a | 2160 | if (sort) |
1a0e70ac CB |
2161 | qsort(newlist, pos + 1, sizeof(struct lxc_container *), |
2162 | (int (*)(const void *, const void *))container_cmp); | |
9c88ff1f ÇO |
2163 | |
2164 | return true; | |
2165 | } | |
2166 | ||
2167 | static char** get_from_array(char ***names, char *cname, int size) | |
2168 | { | |
2169 | return (char **)bsearch(&cname, *names, size, sizeof(char *), (int (*)(const void *, const void *))string_cmp); | |
2170 | } | |
2171 | ||
2172 | ||
2173 | static bool array_contains(char ***names, char *cname, int size) { | |
2174 | if(get_from_array(names, cname, size) != NULL) | |
2175 | return true; | |
2176 | return false; | |
2177 | } | |
2178 | ||
2179 | static bool remove_from_array(char ***names, char *cname, int size) | |
2180 | { | |
2181 | char **result = get_from_array(names, cname, size); | |
2182 | if (result != NULL) { | |
2183 | free(result); | |
2184 | return true; | |
2185 | } | |
2186 | return false; | |
2187 | } | |
2188 | ||
858377e4 | 2189 | static char ** do_lxcapi_get_interfaces(struct lxc_container *c) |
799f29ab | 2190 | { |
ae22a220 ÇO |
2191 | pid_t pid; |
2192 | int i, count = 0, pipefd[2]; | |
9c88ff1f | 2193 | char **interfaces = NULL; |
ae22a220 | 2194 | char interface[IFNAMSIZ]; |
799f29ab | 2195 | |
ae22a220 ÇO |
2196 | if(pipe(pipefd) < 0) { |
2197 | SYSERROR("pipe failed"); | |
2198 | return NULL; | |
c868b261 ÇO |
2199 | } |
2200 | ||
ae22a220 ÇO |
2201 | pid = fork(); |
2202 | if (pid < 0) { | |
959aee9c | 2203 | SYSERROR("failed to fork task to get interfaces information"); |
ae22a220 ÇO |
2204 | close(pipefd[0]); |
2205 | close(pipefd[1]); | |
2206 | return NULL; | |
2207 | } | |
799f29ab | 2208 | |
1a0e70ac | 2209 | if (pid == 0) { /* child */ |
ae22a220 ÇO |
2210 | int ret = 1, nbytes; |
2211 | struct ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL; | |
2212 | ||
2213 | /* close the read-end of the pipe */ | |
2214 | close(pipefd[0]); | |
2215 | ||
e0f59189 | 2216 | if (!enter_net_ns(c)) { |
ae22a220 ÇO |
2217 | SYSERROR("failed to enter namespace"); |
2218 | goto out; | |
2219 | } | |
2220 | ||
2221 | /* Grab the list of interfaces */ | |
2222 | if (getifaddrs(&interfaceArray)) { | |
2223 | SYSERROR("failed to get interfaces list"); | |
2224 | goto out; | |
2225 | } | |
2226 | ||
2227 | /* Iterate through the interfaces */ | |
2228 | for (tempIfAddr = interfaceArray; tempIfAddr != NULL; tempIfAddr = tempIfAddr->ifa_next) { | |
2229 | nbytes = write(pipefd[1], tempIfAddr->ifa_name, IFNAMSIZ); | |
2230 | if (nbytes < 0) { | |
2231 | ERROR("write failed"); | |
2232 | goto out; | |
2233 | } | |
2234 | count++; | |
2235 | } | |
2236 | ret = 0; | |
2237 | ||
2238 | out: | |
2239 | if (interfaceArray) | |
2240 | freeifaddrs(interfaceArray); | |
2241 | ||
2242 | /* close the write-end of the pipe, thus sending EOF to the reader */ | |
2243 | close(pipefd[1]); | |
02c611b0 | 2244 | _exit(ret); |
799f29ab ÇO |
2245 | } |
2246 | ||
ae22a220 ÇO |
2247 | /* close the write-end of the pipe */ |
2248 | close(pipefd[1]); | |
2249 | ||
358afd84 | 2250 | while (read(pipefd[0], &interface, IFNAMSIZ) == IFNAMSIZ) { |
3151d4e2 CB |
2251 | interface[IFNAMSIZ - 1] = '\0'; |
2252 | ||
ae22a220 ÇO |
2253 | if (array_contains(&interfaces, interface, count)) |
2254 | continue; | |
799f29ab | 2255 | |
ae22a220 | 2256 | if(!add_to_array(&interfaces, interface, count)) |
3151d4e2 CB |
2257 | ERROR("Failed to add \"%s\" to array", interface); |
2258 | ||
9c88ff1f ÇO |
2259 | count++; |
2260 | } | |
799f29ab | 2261 | |
ae22a220 ÇO |
2262 | if (wait_for_pid(pid) != 0) { |
2263 | for(i=0;i<count;i++) | |
2264 | free(interfaces[i]); | |
2265 | free(interfaces); | |
2266 | interfaces = NULL; | |
2267 | } | |
9c88ff1f | 2268 | |
ae22a220 ÇO |
2269 | /* close the read-end of the pipe */ |
2270 | close(pipefd[0]); | |
799f29ab | 2271 | |
9c88ff1f ÇO |
2272 | /* Append NULL to the array */ |
2273 | if(interfaces) | |
2274 | interfaces = (char **)lxc_append_null_to_array((void **)interfaces, count); | |
799f29ab | 2275 | |
9c88ff1f | 2276 | return interfaces; |
799f29ab ÇO |
2277 | } |
2278 | ||
858377e4 SH |
2279 | WRAP_API(char **, lxcapi_get_interfaces) |
2280 | ||
2281 | static char** do_lxcapi_get_ips(struct lxc_container *c, const char* interface, const char* family, int scope) | |
799f29ab | 2282 | { |
ae22a220 ÇO |
2283 | pid_t pid; |
2284 | int i, count = 0, pipefd[2]; | |
9c88ff1f | 2285 | char **addresses = NULL; |
ae22a220 | 2286 | char address[INET6_ADDRSTRLEN]; |
799f29ab | 2287 | |
ae22a220 ÇO |
2288 | if(pipe(pipefd) < 0) { |
2289 | SYSERROR("pipe failed"); | |
2290 | return NULL; | |
c868b261 ÇO |
2291 | } |
2292 | ||
ae22a220 ÇO |
2293 | pid = fork(); |
2294 | if (pid < 0) { | |
959aee9c | 2295 | SYSERROR("failed to fork task to get container ips"); |
ae22a220 ÇO |
2296 | close(pipefd[0]); |
2297 | close(pipefd[1]); | |
2298 | return NULL; | |
9c83a661 SG |
2299 | } |
2300 | ||
1a0e70ac | 2301 | if (pid == 0) { /* child */ |
ae22a220 ÇO |
2302 | int ret = 1, nbytes; |
2303 | struct ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL; | |
2304 | char addressOutputBuffer[INET6_ADDRSTRLEN]; | |
2305 | void *tempAddrPtr = NULL; | |
2306 | char *address = NULL; | |
fe218ca3 | 2307 | |
ae22a220 ÇO |
2308 | /* close the read-end of the pipe */ |
2309 | close(pipefd[0]); | |
2310 | ||
e0f59189 | 2311 | if (!enter_net_ns(c)) { |
ae22a220 ÇO |
2312 | SYSERROR("failed to enter namespace"); |
2313 | goto out; | |
9c83a661 | 2314 | } |
ae22a220 ÇO |
2315 | |
2316 | /* Grab the list of interfaces */ | |
2317 | if (getifaddrs(&interfaceArray)) { | |
2318 | SYSERROR("failed to get interfaces list"); | |
2319 | goto out; | |
2320 | } | |
2321 | ||
2322 | /* Iterate through the interfaces */ | |
2323 | for (tempIfAddr = interfaceArray; tempIfAddr != NULL; tempIfAddr = tempIfAddr->ifa_next) { | |
2324 | if (tempIfAddr->ifa_addr == NULL) | |
9c83a661 SG |
2325 | continue; |
2326 | ||
ae22a220 ÇO |
2327 | if(tempIfAddr->ifa_addr->sa_family == AF_INET) { |
2328 | if (family && strcmp(family, "inet")) | |
2329 | continue; | |
2330 | tempAddrPtr = &((struct sockaddr_in *)tempIfAddr->ifa_addr)->sin_addr; | |
2331 | } | |
2332 | else { | |
2333 | if (family && strcmp(family, "inet6")) | |
2334 | continue; | |
2335 | ||
2336 | if (((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_scope_id != scope) | |
2337 | continue; | |
2338 | ||
2339 | tempAddrPtr = &((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_addr; | |
2340 | } | |
2341 | ||
2342 | if (interface && strcmp(interface, tempIfAddr->ifa_name)) | |
2343 | continue; | |
2344 | else if (!interface && strcmp("lo", tempIfAddr->ifa_name) == 0) | |
9c83a661 SG |
2345 | continue; |
2346 | ||
ae22a220 ÇO |
2347 | address = (char *)inet_ntop(tempIfAddr->ifa_addr->sa_family, |
2348 | tempAddrPtr, | |
2349 | addressOutputBuffer, | |
2350 | sizeof(addressOutputBuffer)); | |
2351 | if (!address) | |
2352 | continue; | |
2353 | ||
2354 | nbytes = write(pipefd[1], address, INET6_ADDRSTRLEN); | |
2355 | if (nbytes < 0) { | |
2356 | ERROR("write failed"); | |
2357 | goto out; | |
2358 | } | |
2359 | count++; | |
9c83a661 | 2360 | } |
ae22a220 | 2361 | ret = 0; |
9c83a661 | 2362 | |
ae22a220 ÇO |
2363 | out: |
2364 | if(interfaceArray) | |
2365 | freeifaddrs(interfaceArray); | |
9c83a661 | 2366 | |
ae22a220 ÇO |
2367 | /* close the write-end of the pipe, thus sending EOF to the reader */ |
2368 | close(pipefd[1]); | |
fe1ce58c | 2369 | _exit(ret); |
6849cb5b | 2370 | } |
9c83a661 | 2371 | |
ae22a220 ÇO |
2372 | /* close the write-end of the pipe */ |
2373 | close(pipefd[1]); | |
2374 | ||
358afd84 | 2375 | while (read(pipefd[0], &address, INET6_ADDRSTRLEN) == INET6_ADDRSTRLEN) { |
9c88ff1f | 2376 | if(!add_to_array(&addresses, address, count)) |
ae22a220 | 2377 | ERROR("PARENT: add_to_array failed"); |
9c88ff1f | 2378 | count++; |
9c83a661 SG |
2379 | } |
2380 | ||
ae22a220 ÇO |
2381 | if (wait_for_pid(pid) != 0) { |
2382 | for(i=0;i<count;i++) | |
2383 | free(addresses[i]); | |
2384 | free(addresses); | |
2385 | addresses = NULL; | |
2386 | } | |
9c83a661 | 2387 | |
ae22a220 ÇO |
2388 | /* close the read-end of the pipe */ |
2389 | close(pipefd[0]); | |
9c83a661 SG |
2390 | |
2391 | /* Append NULL to the array */ | |
9c88ff1f ÇO |
2392 | if(addresses) |
2393 | addresses = (char **)lxc_append_null_to_array((void **)addresses, count); | |
9c83a661 SG |
2394 | |
2395 | return addresses; | |
2396 | } | |
2397 | ||
858377e4 SH |
2398 | WRAP_API_3(char **, lxcapi_get_ips, const char *, const char *, int) |
2399 | ||
2400 | static int do_lxcapi_get_config_item(struct lxc_container *c, const char *key, char *retv, int inlen) | |
72d0e1cb | 2401 | { |
fce687aa CB |
2402 | int ret = -1; |
2403 | struct lxc_config_t *config; | |
72d0e1cb SG |
2404 | |
2405 | if (!c || !c->lxc_conf) | |
2406 | return -1; | |
fce687aa | 2407 | |
5cee8c50 | 2408 | if (container_mem_lock(c)) |
72d0e1cb | 2409 | return -1; |
fce687aa | 2410 | |
300df83e | 2411 | config = lxc_get_config(key); |
fce687aa CB |
2412 | /* Verify that the config key exists and that it has a callback |
2413 | * implemented. | |
2414 | */ | |
2415 | if (config && config->get) | |
cccd2219 | 2416 | ret = config->get(key, retv, inlen, c->lxc_conf, NULL); |
fce687aa | 2417 | |
5cee8c50 | 2418 | container_mem_unlock(c); |
72d0e1cb SG |
2419 | return ret; |
2420 | } | |
2421 | ||
858377e4 SH |
2422 | WRAP_API_3(int, lxcapi_get_config_item, const char *, char *, int) |
2423 | ||
2424 | static char* do_lxcapi_get_running_config_item(struct lxc_container *c, const char *key) | |
8ac18377 ÇO |
2425 | { |
2426 | char *ret; | |
2427 | ||
2428 | if (!c || !c->lxc_conf) | |
2429 | return NULL; | |
2430 | if (container_mem_lock(c)) | |
2431 | return NULL; | |
858377e4 | 2432 | ret = lxc_cmd_get_config_item(c->name, key, do_lxcapi_get_config_path(c)); |
8ac18377 ÇO |
2433 | container_mem_unlock(c); |
2434 | return ret; | |
2435 | } | |
2436 | ||
858377e4 SH |
2437 | WRAP_API_1(char *, lxcapi_get_running_config_item, const char *) |
2438 | ||
2439 | static int do_lxcapi_get_keys(struct lxc_container *c, const char *key, char *retv, int inlen) | |
72d0e1cb | 2440 | { |
300df83e CB |
2441 | int ret = -1; |
2442 | ||
2443 | /* List all config items. */ | |
72d0e1cb | 2444 | if (!key) |
cfc67626 | 2445 | return lxc_list_config_items(retv, inlen); |
300df83e | 2446 | |
72d0e1cb SG |
2447 | if (!c || !c->lxc_conf) |
2448 | return -1; | |
300df83e | 2449 | |
5cee8c50 | 2450 | if (container_mem_lock(c)) |
72d0e1cb | 2451 | return -1; |
300df83e CB |
2452 | |
2453 | /* Support 'lxc.net.<idx>', i.e. 'lxc.net.0' | |
2454 | * This is an intelligent result to show which keys are valid given the | |
2455 | * type of nic it is. | |
2456 | */ | |
6fba98b5 | 2457 | if (strncmp(key, "lxc.net.", 8) == 0) |
01f55c40 | 2458 | ret = lxc_list_net(c->lxc_conf, key, retv, inlen); |
fe9b7349 CB |
2459 | else |
2460 | ret = lxc_list_subkeys(c->lxc_conf, key, retv, inlen); | |
300df83e | 2461 | |
5cee8c50 | 2462 | container_mem_unlock(c); |
72d0e1cb SG |
2463 | return ret; |
2464 | } | |
2465 | ||
858377e4 SH |
2466 | WRAP_API_3(int, lxcapi_get_keys, const char *, char *, int) |
2467 | ||
2468 | static bool do_lxcapi_save_config(struct lxc_container *c, const char *alt_file) | |
72d0e1cb | 2469 | { |
0e1a60b0 | 2470 | int fd, lret; |
39dc698c | 2471 | bool ret = false, need_disklock = false; |
39dc698c | 2472 | |
72d0e1cb SG |
2473 | if (!alt_file) |
2474 | alt_file = c->configfile; | |
2475 | if (!alt_file) | |
1a0e70ac | 2476 | return false; |
39dc698c | 2477 | |
1a0e70ac | 2478 | /* If we haven't yet loaded a config, load the stock config. */ |
39dc698c | 2479 | if (!c->lxc_conf) { |
858377e4 | 2480 | if (!do_lxcapi_load_config(c, lxc_global_config_value("lxc.default_config"))) { |
0e1a60b0 CB |
2481 | ERROR("Error loading default configuration file %s " |
2482 | "while saving %s", | |
2483 | lxc_global_config_value("lxc.default_config"), | |
2484 | c->name); | |
72d0e1cb SG |
2485 | return false; |
2486 | } | |
39dc698c | 2487 | } |
72d0e1cb | 2488 | |
5a3d2e1e SG |
2489 | if (!create_container_dir(c)) |
2490 | return false; | |
2491 | ||
1a0e70ac CB |
2492 | /* If we're writing to the container's config file, take the disk lock. |
2493 | * Otherwise just take the memlock to protect the struct lxc_container | |
2494 | * while we're traversing it. | |
39dc698c SH |
2495 | */ |
2496 | if (strcmp(c->configfile, alt_file) == 0) | |
2497 | need_disklock = true; | |
2498 | ||
2499 | if (need_disklock) | |
2500 | lret = container_disk_lock(c); | |
2501 | else | |
2502 | lret = container_mem_lock(c); | |
2503 | ||
2504 | if (lret) | |
72d0e1cb | 2505 | return false; |
39dc698c | 2506 | |
0e1a60b0 CB |
2507 | fd = open(alt_file, O_WRONLY | O_CREAT | O_CLOEXEC, |
2508 | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH); | |
2509 | if (fd < 0) | |
2510 | goto on_error; | |
2511 | ||
2512 | lret = write_config(fd, c->lxc_conf); | |
2513 | close(fd); | |
2514 | if (lret < 0) | |
2515 | goto on_error; | |
2516 | ||
39dc698c SH |
2517 | ret = true; |
2518 | ||
0e1a60b0 | 2519 | on_error: |
39dc698c SH |
2520 | if (need_disklock) |
2521 | container_disk_unlock(c); | |
2522 | else | |
2523 | container_mem_unlock(c); | |
0e1a60b0 | 2524 | |
39dc698c | 2525 | return ret; |
72d0e1cb SG |
2526 | } |
2527 | ||
858377e4 SH |
2528 | WRAP_API_1(bool, lxcapi_save_config, const char *) |
2529 | ||
0ea055b3 CB |
2530 | |
2531 | static bool mod_rdep(struct lxc_container *c0, struct lxc_container *c, bool inc) | |
dfb31b25 | 2532 | { |
0ea055b3 CB |
2533 | FILE *f1; |
2534 | struct stat fbuf; | |
42342bed CB |
2535 | void *buf = NULL; |
2536 | char *del = NULL; | |
dfb31b25 | 2537 | char path[MAXPATHLEN]; |
0ea055b3 CB |
2538 | char newpath[MAXPATHLEN]; |
2539 | int fd, ret, n = 0, v = 0; | |
dfb31b25 | 2540 | bool bret = false; |
42342bed | 2541 | size_t len = 0, bytes = 0; |
dfb31b25 | 2542 | |
0ea055b3 | 2543 | if (container_disk_lock(c0)) |
dfb31b25 | 2544 | return false; |
0ea055b3 CB |
2545 | |
2546 | ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_snapshots", c0->config_path, c0->name); | |
dfb31b25 SH |
2547 | if (ret < 0 || ret > MAXPATHLEN) |
2548 | goto out; | |
0ea055b3 CB |
2549 | ret = snprintf(newpath, MAXPATHLEN, "%s\n%s\n", c->config_path, c->name); |
2550 | if (ret < 0 || ret > MAXPATHLEN) | |
dfb31b25 | 2551 | goto out; |
0ea055b3 CB |
2552 | |
2553 | /* If we find an lxc-snapshot file using the old format only listing the | |
2554 | * number of snapshots we will keep using it. */ | |
2555 | f1 = fopen(path, "r"); | |
2556 | if (f1) { | |
2557 | n = fscanf(f1, "%d", &v); | |
2558 | fclose(f1); | |
2559 | if (n == 1 && v == 0) { | |
2560 | remove(path); | |
2561 | n = 0; | |
2562 | } | |
dfb31b25 | 2563 | } |
0ea055b3 CB |
2564 | if (n == 1) { |
2565 | v += inc ? 1 : -1; | |
2566 | f1 = fopen(path, "w"); | |
2567 | if (!f1) | |
2568 | goto out; | |
2569 | if (fprintf(f1, "%d\n", v) < 0) { | |
2570 | ERROR("Error writing new snapshots value"); | |
2571 | fclose(f1); | |
2572 | goto out; | |
2573 | } | |
2574 | ret = fclose(f1); | |
2575 | if (ret != 0) { | |
2576 | SYSERROR("Error writing to or closing snapshots file"); | |
2577 | goto out; | |
2578 | } | |
2579 | } else { | |
2580 | /* Here we know that we have or can use an lxc-snapshot file | |
2581 | * using the new format. */ | |
2582 | if (inc) { | |
2583 | f1 = fopen(path, "a"); | |
2584 | if (!f1) | |
2585 | goto out; | |
2586 | ||
2587 | if (fprintf(f1, "%s", newpath) < 0) { | |
2588 | ERROR("Error writing new snapshots entry"); | |
2589 | ret = fclose(f1); | |
2590 | if (ret != 0) | |
2591 | SYSERROR("Error writing to or closing snapshots file"); | |
2592 | goto out; | |
2593 | } | |
2594 | ||
2595 | ret = fclose(f1); | |
2596 | if (ret != 0) { | |
2597 | SYSERROR("Error writing to or closing snapshots file"); | |
2598 | goto out; | |
2599 | } | |
2600 | } else if (!inc) { | |
d028235d SG |
2601 | if ((fd = open(path, O_RDWR | O_CLOEXEC)) < 0) |
2602 | goto out; | |
2603 | ||
2604 | if (fstat(fd, &fbuf) < 0) { | |
2605 | close(fd); | |
2606 | goto out; | |
2607 | } | |
2608 | ||
2609 | if (fbuf.st_size != 0) { | |
d028235d | 2610 | |
25086a5f | 2611 | buf = lxc_strmmap(NULL, fbuf.st_size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); |
d028235d SG |
2612 | if (buf == MAP_FAILED) { |
2613 | SYSERROR("Failed to create mapping %s", path); | |
2614 | close(fd); | |
2615 | goto out; | |
2616 | } | |
2617 | ||
2618 | len = strlen(newpath); | |
2619 | while ((del = strstr((char *)buf, newpath))) { | |
2620 | memmove(del, del + len, strlen(del) - len + 1); | |
2621 | bytes += len; | |
2622 | } | |
2623 | ||
25086a5f | 2624 | lxc_strmunmap(buf, fbuf.st_size); |
d028235d SG |
2625 | if (ftruncate(fd, fbuf.st_size - bytes) < 0) { |
2626 | SYSERROR("Failed to truncate file %s", path); | |
2627 | close(fd); | |
2628 | goto out; | |
2629 | } | |
2630 | } | |
2631 | close(fd); | |
2632 | } | |
0ea055b3 CB |
2633 | |
2634 | /* If the lxc-snapshot file is empty, remove it. */ | |
2635 | if (stat(path, &fbuf) < 0) | |
2636 | goto out; | |
d028235d SG |
2637 | if (!fbuf.st_size) { |
2638 | remove(path); | |
0ea055b3 | 2639 | } |
dfb31b25 SH |
2640 | } |
2641 | ||
2642 | bret = true; | |
2643 | ||
2644 | out: | |
0ea055b3 | 2645 | container_disk_unlock(c0); |
dfb31b25 SH |
2646 | return bret; |
2647 | } | |
2648 | ||
2649 | static void strip_newline(char *p) | |
2650 | { | |
2651 | size_t len = strlen(p); | |
2652 | if (len < 1) | |
2653 | return; | |
2654 | if (p[len-1] == '\n') | |
2655 | p[len-1] = '\0'; | |
2656 | } | |
2657 | ||
d825fff3 | 2658 | void mod_all_rdeps(struct lxc_container *c, bool inc) |
dfb31b25 SH |
2659 | { |
2660 | struct lxc_container *p; | |
2661 | char *lxcpath = NULL, *lxcname = NULL, path[MAXPATHLEN]; | |
2662 | size_t pathlen = 0, namelen = 0; | |
2663 | FILE *f; | |
2664 | int ret; | |
2665 | ||
2666 | ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_rdepends", | |
2667 | c->config_path, c->name); | |
2668 | if (ret < 0 || ret >= MAXPATHLEN) { | |
2669 | ERROR("Path name too long"); | |
2670 | return; | |
2671 | } | |
025ed0f3 | 2672 | f = fopen(path, "r"); |
025ed0f3 | 2673 | if (f == NULL) |
dfb31b25 SH |
2674 | return; |
2675 | while (getline(&lxcpath, &pathlen, f) != -1) { | |
2676 | if (getline(&lxcname, &namelen, f) == -1) { | |
959aee9c | 2677 | ERROR("badly formatted file %s", path); |
dfb31b25 SH |
2678 | goto out; |
2679 | } | |
2680 | strip_newline(lxcpath); | |
2681 | strip_newline(lxcname); | |
2682 | if ((p = lxc_container_new(lxcname, lxcpath)) == NULL) { | |
2683 | ERROR("Unable to find dependent container %s:%s", | |
2684 | lxcpath, lxcname); | |
2685 | continue; | |
2686 | } | |
0ea055b3 CB |
2687 | if (!mod_rdep(p, c, inc)) |
2688 | ERROR("Failed to update snapshots file for %s:%s", | |
dfb31b25 SH |
2689 | lxcpath, lxcname); |
2690 | lxc_container_put(p); | |
2691 | } | |
2692 | out: | |
f10fad2f ME |
2693 | free(lxcpath); |
2694 | free(lxcname); | |
dfb31b25 SH |
2695 | fclose(f); |
2696 | } | |
2697 | ||
18aa217b | 2698 | static bool has_fs_snapshots(struct lxc_container *c) |
dfb31b25 | 2699 | { |
0ea055b3 | 2700 | FILE *f; |
dfb31b25 SH |
2701 | char path[MAXPATHLEN]; |
2702 | int ret, v; | |
0ea055b3 | 2703 | struct stat fbuf; |
dfb31b25 SH |
2704 | bool bret = false; |
2705 | ||
2706 | ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_snapshots", c->config_path, | |
2707 | c->name); | |
2708 | if (ret < 0 || ret > MAXPATHLEN) | |
2709 | goto out; | |
0ea055b3 CB |
2710 | /* If the file doesn't exist there are no snapshots. */ |
2711 | if (stat(path, &fbuf) < 0) | |
dfb31b25 | 2712 | goto out; |
0ea055b3 CB |
2713 | v = fbuf.st_size; |
2714 | if (v != 0) { | |
2715 | f = fopen(path, "r"); | |
2716 | if (!f) | |
2717 | goto out; | |
2718 | ret = fscanf(f, "%d", &v); | |
2719 | fclose(f); | |
1a0e70ac | 2720 | /* TODO: Figure out what to do with the return value of fscanf. */ |
0ea055b3 CB |
2721 | if (ret != 1) |
2722 | INFO("Container uses new lxc-snapshots format %s", path); | |
2723 | } | |
dfb31b25 SH |
2724 | bret = v != 0; |
2725 | ||
2726 | out: | |
2727 | return bret; | |
2728 | } | |
2729 | ||
18aa217b SH |
2730 | static bool has_snapshots(struct lxc_container *c) |
2731 | { | |
2732 | char path[MAXPATHLEN]; | |
74f96976 | 2733 | struct dirent *direntp; |
18aa217b SH |
2734 | int count=0; |
2735 | DIR *dir; | |
2736 | ||
2737 | if (!get_snappath_dir(c, path)) | |
2738 | return false; | |
2739 | dir = opendir(path); | |
2740 | if (!dir) | |
2741 | return false; | |
74f96976 | 2742 | while ((direntp = readdir(dir))) { |
18aa217b SH |
2743 | if (!direntp) |
2744 | break; | |
2745 | ||
2746 | if (!strcmp(direntp->d_name, ".")) | |
2747 | continue; | |
2748 | ||
2749 | if (!strcmp(direntp->d_name, "..")) | |
2750 | continue; | |
2751 | count++; | |
2752 | break; | |
2753 | } | |
2754 | closedir(dir); | |
2755 | return count > 0; | |
2756 | } | |
2757 | ||
297c2d58 | 2758 | static bool do_destroy_container(struct lxc_conf *conf) { |
ee484f7f CB |
2759 | int ret; |
2760 | ||
e0010464 | 2761 | if (am_guest_unpriv()) { |
ee484f7f CB |
2762 | ret = userns_exec_full(conf, storage_destroy_wrapper, conf, |
2763 | "storage_destroy_wrapper"); | |
2764 | if (ret < 0) | |
d028235d | 2765 | return false; |
ee484f7f | 2766 | |
d028235d SG |
2767 | return true; |
2768 | } | |
ee484f7f | 2769 | |
10bc1861 | 2770 | return storage_destroy(conf); |
297c2d58 CB |
2771 | } |
2772 | ||
4355ab5f SH |
2773 | static int lxc_rmdir_onedev_wrapper(void *data) |
2774 | { | |
2775 | char *arg = (char *) data; | |
18aa217b | 2776 | return lxc_rmdir_onedev(arg, "snaps"); |
4355ab5f SH |
2777 | } |
2778 | ||
17a367d8 | 2779 | static int lxc_unlink_exec_wrapper(void *data) |
72d0e1cb | 2780 | { |
17a367d8 CB |
2781 | char *arg = data; |
2782 | return unlink(arg); | |
2783 | } | |
2784 | ||
2785 | static bool container_destroy(struct lxc_container *c, | |
2786 | struct lxc_storage *storage) | |
2787 | { | |
2788 | const char *p1; | |
2789 | size_t len; | |
2790 | struct lxc_conf *conf; | |
2791 | char *path = NULL; | |
c868b261 | 2792 | bool bret = false; |
297c2d58 | 2793 | int ret = 0; |
72d0e1cb | 2794 | |
858377e4 | 2795 | if (!c || !do_lxcapi_is_defined(c)) |
5a3d2e1e SG |
2796 | return false; |
2797 | ||
a70a69e8 | 2798 | conf = c->lxc_conf; |
3bc449ed | 2799 | if (container_disk_lock(c)) |
72d0e1cb | 2800 | return false; |
72d0e1cb | 2801 | |
39dc698c | 2802 | if (!is_stopped(c)) { |
1a0e70ac | 2803 | /* We should queue some sort of error - in c->error_string? */ |
60bf62d4 SH |
2804 | ERROR("container %s is not stopped", c->name); |
2805 | goto out; | |
72d0e1cb SG |
2806 | } |
2807 | ||
a70a69e8 | 2808 | if (conf && !lxc_list_empty(&conf->hooks[LXCHOOK_DESTROY])) { |
37cf711b | 2809 | /* Start of environment variable setup for hooks */ |
cb8ff4d0 | 2810 | if (setenv("LXC_NAME", c->name, 1)) |
17a367d8 CB |
2811 | SYSERROR("Failed to set environment variable for container name"); |
2812 | ||
2813 | if (conf->rcfile && setenv("LXC_CONFIG_FILE", conf->rcfile, 1)) | |
2814 | SYSERROR("Failed to set environment variable for config path"); | |
2815 | ||
2816 | if (conf->rootfs.mount && setenv("LXC_ROOTFS_MOUNT", conf->rootfs.mount, 1)) | |
2817 | SYSERROR("Failed to set environment variable for rootfs mount"); | |
2818 | ||
2819 | if (conf->rootfs.path && setenv("LXC_ROOTFS_PATH", conf->rootfs.path, 1)) | |
2820 | SYSERROR("Failed to set environment variable for rootfs mount"); | |
2821 | ||
2822 | if (conf->console.path && setenv("LXC_CONSOLE", conf->console.path, 1)) | |
2823 | SYSERROR("Failed to set environment variable for console path"); | |
2824 | ||
2825 | if (conf->console.log_path && setenv("LXC_CONSOLE_LOGPATH", conf->console.log_path, 1)) | |
2826 | SYSERROR("Failed to set environment variable for console log"); | |
37cf711b SY |
2827 | /* End of environment variable setup for hooks */ |
2828 | ||
14a7b0f9 | 2829 | if (run_lxc_hooks(c->name, "destroy", conf, NULL)) { |
17a367d8 | 2830 | ERROR("Failed to execute clone hook for \"%s\"", c->name); |
37cf711b SY |
2831 | goto out; |
2832 | } | |
2833 | } | |
2834 | ||
2835 | if (current_config && conf == current_config) { | |
858377e4 | 2836 | current_config = NULL; |
37cf711b SY |
2837 | if (conf->logfd != -1) { |
2838 | close(conf->logfd); | |
2839 | conf->logfd = -1; | |
858377e4 SH |
2840 | } |
2841 | } | |
2842 | ||
d028235d SG |
2843 | if (conf && conf->rootfs.path && conf->rootfs.mount) { |
2844 | if (!do_destroy_container(conf)) { | |
2845 | ERROR("Error destroying rootfs for %s", c->name); | |
2846 | goto out; | |
2847 | } | |
2848 | INFO("Destroyed rootfs for %s", c->name); | |
2849 | } | |
60bf62d4 | 2850 | |
dfb31b25 SH |
2851 | mod_all_rdeps(c, false); |
2852 | ||
17a367d8 CB |
2853 | p1 = do_lxcapi_get_config_path(c); |
2854 | /* strlen(p1) | |
2855 | * + | |
2856 | * / | |
2857 | * + | |
2858 | * strlen(c->name) | |
2859 | * + | |
2860 | * / | |
2861 | * + | |
2862 | * strlen("config") = 6 | |
2863 | * + | |
2864 | * \0 | |
2865 | */ | |
2866 | len = strlen(p1) + 1 + strlen(c->name) + 1 + 6 + 1; | |
2867 | path = malloc(len); | |
2868 | if (!path) { | |
2869 | ERROR("Failed to allocate memory"); | |
2870 | goto out; | |
2871 | } | |
2872 | ||
2873 | /* For an overlay container the rootfs is considered immutable and | |
2874 | * cannot be removed when restoring from a snapshot. | |
2875 | */ | |
2876 | if (storage && (!strcmp(storage->type, "overlay") || | |
2877 | !strcmp(storage->type, "overlayfs")) && | |
2878 | (storage->flags & LXC_STORAGE_INTERNAL_OVERLAY_RESTORE)) { | |
2879 | ret = snprintf(path, len, "%s/%s/config", p1, c->name); | |
2880 | if (ret < 0 || (size_t)ret >= len) | |
2881 | goto out; | |
2882 | ||
e0010464 | 2883 | if (am_guest_unpriv()) |
17a367d8 CB |
2884 | ret = userns_exec_1(conf, lxc_unlink_exec_wrapper, path, |
2885 | "lxc_unlink_exec_wrapper"); | |
2886 | else | |
2887 | ret = unlink(path); | |
2888 | if (ret < 0) { | |
2889 | SYSERROR("Failed to destroy config file \"%s\" for \"%s\"", | |
2890 | path, c->name); | |
2891 | goto out; | |
2892 | } | |
2893 | INFO("Destroyed config file \"%s\" for \"%s\"", path, c->name); | |
2894 | ||
2895 | bret = true; | |
2896 | goto out; | |
2897 | } | |
2898 | ||
2899 | ret = snprintf(path, len, "%s/%s", p1, c->name); | |
2900 | if (ret < 0 || (size_t)ret >= len) | |
2901 | goto out; | |
e0010464 | 2902 | if (am_guest_unpriv()) |
ee484f7f CB |
2903 | ret = userns_exec_full(conf, lxc_rmdir_onedev_wrapper, path, |
2904 | "lxc_rmdir_onedev_wrapper"); | |
4355ab5f | 2905 | else |
18aa217b | 2906 | ret = lxc_rmdir_onedev(path, "snaps"); |
4355ab5f | 2907 | if (ret < 0) { |
17a367d8 CB |
2908 | ERROR("Failed to destroy directory \"%s\" for \"%s\"", path, |
2909 | c->name); | |
60bf62d4 SH |
2910 | goto out; |
2911 | } | |
17a367d8 | 2912 | INFO("Destroyed directory \"%s\" for \"%s\"", path, c->name); |
297c2d58 | 2913 | |
fef48dc9 | 2914 | bret = true; |
60bf62d4 SH |
2915 | |
2916 | out: | |
17a367d8 CB |
2917 | if (path) |
2918 | free(path); | |
3bc449ed | 2919 | container_disk_unlock(c); |
fef48dc9 | 2920 | return bret; |
72d0e1cb SG |
2921 | } |
2922 | ||
858377e4 | 2923 | static bool do_lxcapi_destroy(struct lxc_container *c) |
18aa217b SH |
2924 | { |
2925 | if (!c || !lxcapi_is_defined(c)) | |
2926 | return false; | |
2927 | if (has_snapshots(c)) { | |
2928 | ERROR("Container %s has snapshots; not removing", c->name); | |
2929 | return false; | |
2930 | } | |
2931 | ||
2932 | if (has_fs_snapshots(c)) { | |
2933 | ERROR("container %s has snapshots on its rootfs", c->name); | |
2934 | return false; | |
2935 | } | |
2936 | ||
17a367d8 | 2937 | return container_destroy(c, NULL); |
18aa217b SH |
2938 | } |
2939 | ||
858377e4 | 2940 | WRAP_API(bool, lxcapi_destroy) |
18aa217b | 2941 | |
858377e4 | 2942 | static bool do_lxcapi_destroy_with_snapshots(struct lxc_container *c) |
18aa217b SH |
2943 | { |
2944 | if (!c || !lxcapi_is_defined(c)) | |
2945 | return false; | |
2946 | if (!lxcapi_snapshot_destroy_all(c)) { | |
2947 | ERROR("Error deleting all snapshots"); | |
2948 | return false; | |
2949 | } | |
2950 | return lxcapi_destroy(c); | |
2951 | } | |
2952 | ||
858377e4 SH |
2953 | WRAP_API(bool, lxcapi_destroy_with_snapshots) |
2954 | ||
0d9cd9c3 CB |
2955 | int lxc_set_config_item_locked(struct lxc_conf *conf, const char *key, |
2956 | const char *v) | |
96532523 | 2957 | { |
0d9cd9c3 | 2958 | int ret; |
96532523 | 2959 | struct lxc_config_t *config; |
0d9cd9c3 CB |
2960 | bool bret = true; |
2961 | ||
2962 | config = lxc_get_config(key); | |
2963 | if (!config) | |
2964 | return -EINVAL; | |
2965 | ||
2966 | ret = config->set(key, v, conf, NULL); | |
2967 | if (ret < 0) | |
2968 | return -EINVAL; | |
2969 | ||
2970 | if (lxc_config_value_empty(v)) | |
2971 | do_clear_unexp_config_line(conf, key); | |
2972 | else | |
2973 | bret = do_append_unexp_config_line(conf, key, v); | |
2974 | if (!bret) | |
2975 | return -ENOMEM; | |
2976 | ||
2977 | return 0; | |
2978 | } | |
2979 | ||
2980 | static bool do_set_config_item_locked(struct lxc_container *c, const char *key, | |
2981 | const char *v) | |
2982 | { | |
2983 | int ret; | |
96532523 SH |
2984 | |
2985 | if (!c->lxc_conf) | |
2986 | c->lxc_conf = lxc_conf_init(); | |
4222a9f4 | 2987 | |
6b0d5538 | 2988 | if (!c->lxc_conf) |
96532523 | 2989 | return false; |
4222a9f4 | 2990 | |
0d9cd9c3 CB |
2991 | ret = lxc_set_config_item_locked(c->lxc_conf, key, v); |
2992 | if (ret < 0) | |
f979ac15 | 2993 | return false; |
4222a9f4 | 2994 | |
0d9cd9c3 | 2995 | return true; |
96532523 SH |
2996 | } |
2997 | ||
858377e4 | 2998 | static bool do_lxcapi_set_config_item(struct lxc_container *c, const char *key, const char *v) |
72d0e1cb | 2999 | { |
72d0e1cb | 3000 | bool b = false; |
72d0e1cb SG |
3001 | |
3002 | if (!c) | |
3003 | return false; | |
3004 | ||
5cee8c50 | 3005 | if (container_mem_lock(c)) |
72d0e1cb SG |
3006 | return false; |
3007 | ||
0d9cd9c3 | 3008 | b = do_set_config_item_locked(c, key, v); |
72d0e1cb | 3009 | |
5cee8c50 | 3010 | container_mem_unlock(c); |
72d0e1cb SG |
3011 | return b; |
3012 | } | |
3013 | ||
858377e4 SH |
3014 | WRAP_API_2(bool, lxcapi_set_config_item, const char *, const char *) |
3015 | ||
72d0e1cb SG |
3016 | static char *lxcapi_config_file_name(struct lxc_container *c) |
3017 | { | |
3018 | if (!c || !c->configfile) | |
3019 | return NULL; | |
3020 | return strdup(c->configfile); | |
3021 | } | |
3022 | ||
2a59a681 SH |
3023 | static const char *lxcapi_get_config_path(struct lxc_container *c) |
3024 | { | |
3025 | if (!c || !c->config_path) | |
3026 | return NULL; | |
3027 | return (const char *)(c->config_path); | |
3028 | } | |
3029 | ||
afeecbba SH |
3030 | /* |
3031 | * not for export | |
3032 | * Just recalculate the c->configfile based on the | |
3033 | * c->config_path, which must be set. | |
3034 | * The lxc_container must be locked or not yet public. | |
3035 | */ | |
3036 | static bool set_config_filename(struct lxc_container *c) | |
3037 | { | |
3038 | char *newpath; | |
3039 | int len, ret; | |
3040 | ||
3041 | if (!c->config_path) | |
3042 | return false; | |
3043 | ||
3044 | /* $lxc_path + "/" + c->name + "/" + "config" + '\0' */ | |
3045 | len = strlen(c->config_path) + strlen(c->name) + strlen("config") + 3; | |
3046 | newpath = malloc(len); | |
3047 | if (!newpath) | |
3048 | return false; | |
3049 | ||
3050 | ret = snprintf(newpath, len, "%s/%s/config", c->config_path, c->name); | |
3051 | if (ret < 0 || ret >= len) { | |
3052 | fprintf(stderr, "Error printing out config file name\n"); | |
3053 | free(newpath); | |
3054 | return false; | |
3055 | } | |
3056 | ||
f10fad2f | 3057 | free(c->configfile); |
afeecbba SH |
3058 | c->configfile = newpath; |
3059 | ||
3060 | return true; | |
3061 | } | |
3062 | ||
858377e4 | 3063 | static bool do_lxcapi_set_config_path(struct lxc_container *c, const char *path) |
2a59a681 SH |
3064 | { |
3065 | char *p; | |
3066 | bool b = false; | |
afeecbba | 3067 | char *oldpath = NULL; |
2a59a681 SH |
3068 | |
3069 | if (!c) | |
3070 | return b; | |
3071 | ||
5cee8c50 | 3072 | if (container_mem_lock(c)) |
2a59a681 SH |
3073 | return b; |
3074 | ||
3075 | p = strdup(path); | |
afeecbba SH |
3076 | if (!p) { |
3077 | ERROR("Out of memory setting new lxc path"); | |
2a59a681 | 3078 | goto err; |
afeecbba SH |
3079 | } |
3080 | ||
2a59a681 SH |
3081 | b = true; |
3082 | if (c->config_path) | |
afeecbba | 3083 | oldpath = c->config_path; |
2a59a681 | 3084 | c->config_path = p; |
afeecbba SH |
3085 | |
3086 | /* Since we've changed the config path, we have to change the | |
3087 | * config file name too */ | |
3088 | if (!set_config_filename(c)) { | |
3089 | ERROR("Out of memory setting new config filename"); | |
3090 | b = false; | |
3091 | free(c->config_path); | |
3092 | c->config_path = oldpath; | |
3093 | oldpath = NULL; | |
3094 | } | |
2a59a681 | 3095 | err: |
f10fad2f | 3096 | free(oldpath); |
5cee8c50 | 3097 | container_mem_unlock(c); |
2a59a681 SH |
3098 | return b; |
3099 | } | |
3100 | ||
858377e4 | 3101 | WRAP_API_1(bool, lxcapi_set_config_path, const char *) |
2a59a681 | 3102 | |
858377e4 | 3103 | static bool do_lxcapi_set_cgroup_item(struct lxc_container *c, const char *subsys, const char *value) |
794dd120 SH |
3104 | { |
3105 | int ret; | |
794dd120 SH |
3106 | |
3107 | if (!c) | |
3108 | return false; | |
3109 | ||
3bc449ed | 3110 | if (is_stopped(c)) |
794dd120 SH |
3111 | return false; |
3112 | ||
3bc449ed SH |
3113 | if (container_disk_lock(c)) |
3114 | return false; | |
794dd120 | 3115 | |
33ad9f1a | 3116 | ret = lxc_cgroup_set(subsys, value, c->name, c->config_path); |
3bc449ed SH |
3117 | |
3118 | container_disk_unlock(c); | |
3119 | return ret == 0; | |
794dd120 SH |
3120 | } |
3121 | ||
858377e4 SH |
3122 | WRAP_API_2(bool, lxcapi_set_cgroup_item, const char *, const char *) |
3123 | ||
3124 | static int do_lxcapi_get_cgroup_item(struct lxc_container *c, const char *subsys, char *retv, int inlen) | |
794dd120 | 3125 | { |
3bc449ed | 3126 | int ret; |
794dd120 | 3127 | |
6502006a | 3128 | if (!c) |
794dd120 SH |
3129 | return -1; |
3130 | ||
3bc449ed | 3131 | if (is_stopped(c)) |
794dd120 SH |
3132 | return -1; |
3133 | ||
3bc449ed SH |
3134 | if (container_disk_lock(c)) |
3135 | return -1; | |
794dd120 | 3136 | |
33ad9f1a | 3137 | ret = lxc_cgroup_get(subsys, retv, inlen, c->name, c->config_path); |
794dd120 | 3138 | |
3bc449ed | 3139 | container_disk_unlock(c); |
794dd120 SH |
3140 | return ret; |
3141 | } | |
3142 | ||
858377e4 SH |
3143 | WRAP_API_3(int, lxcapi_get_cgroup_item, const char *, char *, int) |
3144 | ||
593e8478 | 3145 | const char *lxc_get_global_config_item(const char *key) |
83c98d82 | 3146 | { |
593e8478 | 3147 | return lxc_global_config_value(key); |
a8428dfa SH |
3148 | } |
3149 | ||
b6b918a1 SG |
3150 | const char *lxc_get_version(void) |
3151 | { | |
95ee490b | 3152 | return LXC_VERSION; |
b6b918a1 SG |
3153 | } |
3154 | ||
f0ca2726 | 3155 | static int copy_file(const char *old, const char *new) |
9be53773 SH |
3156 | { |
3157 | int in, out; | |
3158 | ssize_t len, ret; | |
3159 | char buf[8096]; | |
3160 | struct stat sbuf; | |
3161 | ||
3162 | if (file_exists(new)) { | |
3163 | ERROR("copy destination %s exists", new); | |
3164 | return -1; | |
3165 | } | |
3166 | ret = stat(old, &sbuf); | |
3167 | if (ret < 0) { | |
dfb31b25 | 3168 | INFO("Error stat'ing %s", old); |
9be53773 SH |
3169 | return -1; |
3170 | } | |
3171 | ||
3172 | in = open(old, O_RDONLY); | |
3173 | if (in < 0) { | |
dfb31b25 | 3174 | SYSERROR("Error opening original file %s", old); |
9be53773 SH |
3175 | return -1; |
3176 | } | |
3177 | out = open(new, O_CREAT | O_EXCL | O_WRONLY, 0644); | |
3178 | if (out < 0) { | |
dfb31b25 | 3179 | SYSERROR("Error opening new file %s", new); |
9be53773 SH |
3180 | close(in); |
3181 | return -1; | |
3182 | } | |
3183 | ||
3184 | while (1) { | |
3185 | len = read(in, buf, 8096); | |
3186 | if (len < 0) { | |
dfb31b25 | 3187 | SYSERROR("Error reading old file %s", old); |
9be53773 SH |
3188 | goto err; |
3189 | } | |
3190 | if (len == 0) | |
3191 | break; | |
3192 | ret = write(out, buf, len); | |
1a0e70ac | 3193 | if (ret < len) { /* should we retry? */ |
dfb31b25 | 3194 | SYSERROR("Error: write to new file %s was interrupted", new); |
9be53773 SH |
3195 | goto err; |
3196 | } | |
3197 | } | |
3198 | close(in); | |
3199 | close(out); | |
3200 | ||
1a0e70ac | 3201 | /* We set mode, but not owner/group. */ |
9be53773 SH |
3202 | ret = chmod(new, sbuf.st_mode); |
3203 | if (ret) { | |
dfb31b25 | 3204 | SYSERROR("Error setting mode on %s", new); |
9be53773 SH |
3205 | return -1; |
3206 | } | |
3207 | ||
3208 | return 0; | |
3209 | ||
3210 | err: | |
3211 | close(in); | |
3212 | close(out); | |
3213 | return -1; | |
3214 | } | |
3215 | ||
9be53773 SH |
3216 | static int copyhooks(struct lxc_container *oldc, struct lxc_container *c) |
3217 | { | |
619256b5 | 3218 | int i, len, ret; |
9be53773 | 3219 | struct lxc_list *it; |
619256b5 ÇO |
3220 | char *cpath; |
3221 | ||
3222 | len = strlen(oldc->config_path) + strlen(oldc->name) + 3; | |
3223 | cpath = alloca(len); | |
3224 | ret = snprintf(cpath, len, "%s/%s/", oldc->config_path, oldc->name); | |
3225 | if (ret < 0 || ret >= len) | |
3226 | return -1; | |
9be53773 SH |
3227 | |
3228 | for (i=0; i<NUM_LXC_HOOKS; i++) { | |
3229 | lxc_list_for_each(it, &c->lxc_conf->hooks[i]) { | |
3230 | char *hookname = it->elem; | |
c32981c3 | 3231 | char *fname = strrchr(hookname, '/'); |
9be53773 | 3232 | char tmppath[MAXPATHLEN]; |
1a0e70ac | 3233 | if (!fname) /* relative path - we don't support, but maybe we should */ |
9be53773 | 3234 | return 0; |
619256b5 | 3235 | if (strncmp(hookname, cpath, len - 1) != 0) { |
1a0e70ac | 3236 | /* this hook is public - ignore */ |
619256b5 ÇO |
3237 | continue; |
3238 | } | |
1a0e70ac | 3239 | /* copy the script, and change the entry in confile */ |
9be53773 SH |
3240 | ret = snprintf(tmppath, MAXPATHLEN, "%s/%s/%s", |
3241 | c->config_path, c->name, fname+1); | |
3242 | if (ret < 0 || ret >= MAXPATHLEN) | |
3243 | return -1; | |
3244 | ret = copy_file(it->elem, tmppath); | |
3245 | if (ret < 0) | |
3246 | return -1; | |
3247 | free(it->elem); | |
3248 | it->elem = strdup(tmppath); | |
3249 | if (!it->elem) { | |
3250 | ERROR("out of memory copying hook path"); | |
3251 | return -1; | |
3252 | } | |
9be53773 SH |
3253 | } |
3254 | } | |
3255 | ||
67702c21 SH |
3256 | if (!clone_update_unexp_hooks(c->lxc_conf, oldc->config_path, |
3257 | c->config_path, oldc->name, c->name)) { | |
6b0d5538 SH |
3258 | ERROR("Error saving new hooks in clone"); |
3259 | return -1; | |
3260 | } | |
858377e4 | 3261 | do_lxcapi_save_config(c, NULL); |
9be53773 SH |
3262 | return 0; |
3263 | } | |
3264 | ||
9be53773 SH |
3265 | |
3266 | static int copy_fstab(struct lxc_container *oldc, struct lxc_container *c) | |
3267 | { | |
3268 | char newpath[MAXPATHLEN]; | |
3269 | char *oldpath = oldc->lxc_conf->fstab; | |
3270 | int ret; | |
3271 | ||
3272 | if (!oldpath) | |
3273 | return 0; | |
3274 | ||
47148e96 CB |
3275 | clear_unexp_config_line(c->lxc_conf, "lxc.mount.fstab", false); |
3276 | ||
c32981c3 | 3277 | char *p = strrchr(oldpath, '/'); |
9be53773 SH |
3278 | if (!p) |
3279 | return -1; | |
3280 | ret = snprintf(newpath, MAXPATHLEN, "%s/%s%s", | |
3281 | c->config_path, c->name, p); | |
3282 | if (ret < 0 || ret >= MAXPATHLEN) { | |
3283 | ERROR("error printing new path for %s", oldpath); | |
3284 | return -1; | |
3285 | } | |
3286 | if (file_exists(newpath)) { | |
3287 | ERROR("error: fstab file %s exists", newpath); | |
3288 | return -1; | |
3289 | } | |
3290 | ||
3291 | if (copy_file(oldpath, newpath) < 0) { | |
3292 | ERROR("error: copying %s to %s", oldpath, newpath); | |
3293 | return -1; | |
3294 | } | |
3295 | free(c->lxc_conf->fstab); | |
3296 | c->lxc_conf->fstab = strdup(newpath); | |
3297 | if (!c->lxc_conf->fstab) { | |
3298 | ERROR("error: allocating pathname"); | |
3299 | return -1; | |
3300 | } | |
47148e96 | 3301 | if (!do_append_unexp_config_line(c->lxc_conf, "lxc.mount.fstab", newpath)) { |
6b0d5538 SH |
3302 | ERROR("error saving new lxctab"); |
3303 | return -1; | |
3304 | } | |
9be53773 SH |
3305 | |
3306 | return 0; | |
3307 | } | |
3308 | ||
dfb31b25 SH |
3309 | static void copy_rdepends(struct lxc_container *c, struct lxc_container *c0) |
3310 | { | |
3311 | char path0[MAXPATHLEN], path1[MAXPATHLEN]; | |
3312 | int ret; | |
3313 | ||
3314 | ret = snprintf(path0, MAXPATHLEN, "%s/%s/lxc_rdepends", c0->config_path, | |
3315 | c0->name); | |
3316 | if (ret < 0 || ret >= MAXPATHLEN) { | |
3317 | WARN("Error copying reverse dependencies"); | |
3318 | return; | |
3319 | } | |
3320 | ret = snprintf(path1, MAXPATHLEN, "%s/%s/lxc_rdepends", c->config_path, | |
3321 | c->name); | |
3322 | if (ret < 0 || ret >= MAXPATHLEN) { | |
3323 | WARN("Error copying reverse dependencies"); | |
3324 | return; | |
3325 | } | |
3326 | if (copy_file(path0, path1) < 0) { | |
3327 | INFO("Error copying reverse dependencies"); | |
3328 | return; | |
3329 | } | |
3330 | } | |
3331 | ||
3332 | static bool add_rdepends(struct lxc_container *c, struct lxc_container *c0) | |
3333 | { | |
3334 | int ret; | |
3335 | char path[MAXPATHLEN]; | |
3336 | FILE *f; | |
3337 | bool bret; | |
3338 | ||
3339 | ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_rdepends", c->config_path, | |
3340 | c->name); | |
3341 | if (ret < 0 || ret >= MAXPATHLEN) | |
3342 | return false; | |
3343 | f = fopen(path, "a"); | |
3344 | if (!f) | |
3345 | return false; | |
3346 | bret = true; | |
1a0e70ac | 3347 | /* If anything goes wrong, just return an error. */ |
dfb31b25 SH |
3348 | if (fprintf(f, "%s\n%s\n", c0->config_path, c0->name) < 0) |
3349 | bret = false; | |
3350 | if (fclose(f) != 0) | |
3351 | bret = false; | |
3352 | return bret; | |
3353 | } | |
3354 | ||
15a90a10 SH |
3355 | /* |
3356 | * If the fs natively supports snapshot clones with no penalty, | |
3357 | * then default to those even if not requested. | |
3358 | * Currently we only do this for btrfs. | |
3359 | */ | |
3360 | bool should_default_to_snapshot(struct lxc_container *c0, | |
3361 | struct lxc_container *c1) | |
3362 | { | |
3363 | size_t l0 = strlen(c0->config_path) + strlen(c0->name) + 2; | |
3364 | size_t l1 = strlen(c1->config_path) + strlen(c1->name) + 2; | |
3365 | char *p0 = alloca(l0 + 1); | |
3366 | char *p1 = alloca(l1 + 1); | |
6e0fa6a0 | 3367 | char *rootfs = c0->lxc_conf->rootfs.path; |
15a90a10 SH |
3368 | |
3369 | snprintf(p0, l0, "%s/%s", c0->config_path, c0->name); | |
3370 | snprintf(p1, l1, "%s/%s", c1->config_path, c1->name); | |
9a09badc CB |
3371 | |
3372 | if (!is_btrfs_fs(p0) || !is_btrfs_fs(p1)) | |
3373 | return false; | |
3374 | ||
6e0fa6a0 CB |
3375 | if (is_btrfs_subvol(rootfs) <= 0) |
3376 | return false; | |
3377 | ||
15a90a10 SH |
3378 | return btrfs_same_fs(p0, p1) == 0; |
3379 | } | |
3380 | ||
9be53773 | 3381 | static int copy_storage(struct lxc_container *c0, struct lxc_container *c, |
763429b6 CB |
3382 | const char *newtype, int flags, const char *bdevdata, |
3383 | uint64_t newsize) | |
9be53773 | 3384 | { |
10bc1861 | 3385 | struct lxc_storage *bdev; |
07db51a2 | 3386 | bool need_rdep; |
9be53773 | 3387 | |
15a90a10 SH |
3388 | if (should_default_to_snapshot(c0, c)) |
3389 | flags |= LXC_CLONE_SNAPSHOT; | |
3390 | ||
10bc1861 CB |
3391 | bdev = storage_copy(c0, c->name, c->config_path, newtype, flags, |
3392 | bdevdata, newsize, &need_rdep); | |
9be53773 | 3393 | if (!bdev) { |
763429b6 | 3394 | ERROR("Error copying storage."); |
9be53773 SH |
3395 | return -1; |
3396 | } | |
763429b6 CB |
3397 | |
3398 | /* Set new rootfs. */ | |
9be53773 SH |
3399 | free(c->lxc_conf->rootfs.path); |
3400 | c->lxc_conf->rootfs.path = strdup(bdev->src); | |
10bc1861 | 3401 | storage_put(bdev); |
763429b6 | 3402 | |
dfb31b25 | 3403 | if (!c->lxc_conf->rootfs.path) { |
763429b6 CB |
3404 | ERROR("Out of memory while setting storage path."); |
3405 | return -1; | |
3406 | } | |
763429b6 | 3407 | |
7a96a068 CB |
3408 | /* Append a new lxc.rootfs.path entry to the unexpanded config. */ |
3409 | clear_unexp_config_line(c->lxc_conf, "lxc.rootfs.path", false); | |
3410 | if (!do_append_unexp_config_line(c->lxc_conf, "lxc.rootfs.path", | |
763429b6 CB |
3411 | c->lxc_conf->rootfs.path)) { |
3412 | ERROR("Error saving new rootfs to cloned config."); | |
d0218321 SH |
3413 | return -1; |
3414 | } | |
763429b6 | 3415 | |
eee59f94 SH |
3416 | if (flags & LXC_CLONE_SNAPSHOT) |
3417 | copy_rdepends(c, c0); | |
dfb31b25 SH |
3418 | if (need_rdep) { |
3419 | if (!add_rdepends(c, c0)) | |
3420 | WARN("Error adding reverse dependency from %s to %s", | |
763429b6 | 3421 | c->name, c0->name); |
dfb31b25 SH |
3422 | } |
3423 | ||
3424 | mod_all_rdeps(c, true); | |
3425 | ||
9be53773 SH |
3426 | return 0; |
3427 | } | |
3428 | ||
1354955b SH |
3429 | struct clone_update_data { |
3430 | struct lxc_container *c0; | |
3431 | struct lxc_container *c1; | |
3432 | int flags; | |
3433 | char **hookargs; | |
3434 | }; | |
3435 | ||
3436 | static int clone_update_rootfs(struct clone_update_data *data) | |
9be53773 | 3437 | { |
1354955b SH |
3438 | struct lxc_container *c0 = data->c0; |
3439 | struct lxc_container *c = data->c1; | |
3440 | int flags = data->flags; | |
3441 | char **hookargs = data->hookargs; | |
9be53773 SH |
3442 | int ret = -1; |
3443 | char path[MAXPATHLEN]; | |
10bc1861 | 3444 | struct lxc_storage *bdev; |
9be53773 | 3445 | FILE *fout; |
148e91f5 | 3446 | struct lxc_conf *conf = c->lxc_conf; |
9be53773 SH |
3447 | |
3448 | /* update hostname in rootfs */ | |
3449 | /* we're going to mount, so run in a clean namespace to simplify cleanup */ | |
3450 | ||
1354955b SH |
3451 | if (setgid(0) < 0) { |
3452 | ERROR("Failed to setgid to 0"); | |
3453 | return -1; | |
3454 | } | |
3455 | if (setuid(0) < 0) { | |
3456 | ERROR("Failed to setuid to 0"); | |
9be53773 | 3457 | return -1; |
1354955b | 3458 | } |
c476bdce SH |
3459 | if (setgroups(0, NULL) < 0) |
3460 | WARN("Failed to clear groups"); | |
9be53773 | 3461 | |
1354955b SH |
3462 | if (unshare(CLONE_NEWNS) < 0) |
3463 | return -1; | |
8a388ed4 | 3464 | bdev = storage_init(c->lxc_conf); |
9be53773 | 3465 | if (!bdev) |
1354955b | 3466 | return -1; |
cf3ef16d SH |
3467 | if (strcmp(bdev->type, "dir") != 0) { |
3468 | if (unshare(CLONE_NEWNS) < 0) { | |
3469 | ERROR("error unsharing mounts"); | |
10bc1861 | 3470 | storage_put(bdev); |
1354955b | 3471 | return -1; |
cf3ef16d | 3472 | } |
2c6f3fc9 SH |
3473 | if (detect_shared_rootfs()) { |
3474 | if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) { | |
3475 | SYSERROR("Failed to make / rslave"); | |
3476 | ERROR("Continuing..."); | |
3477 | } | |
3478 | } | |
e7de366c | 3479 | if (bdev->ops->mount(bdev) < 0) { |
10bc1861 | 3480 | storage_put(bdev); |
1354955b | 3481 | return -1; |
e7de366c | 3482 | } |
1a0e70ac | 3483 | } else { /* TODO come up with a better way */ |
f10fad2f | 3484 | free(bdev->dest); |
cf3ef16d SH |
3485 | bdev->dest = strdup(bdev->src); |
3486 | } | |
148e91f5 SH |
3487 | |
3488 | if (!lxc_list_empty(&conf->hooks[LXCHOOK_CLONE])) { | |
3489 | /* Start of environment variable setup for hooks */ | |
ab7efcf5 | 3490 | if (c0->name && setenv("LXC_SRC_NAME", c0->name, 1)) { |
1143ed39 DE |
3491 | SYSERROR("failed to set environment variable for source container name"); |
3492 | } | |
cb8ff4d0 | 3493 | if (setenv("LXC_NAME", c->name, 1)) { |
148e91f5 SH |
3494 | SYSERROR("failed to set environment variable for container name"); |
3495 | } | |
ab7efcf5 | 3496 | if (conf->rcfile && setenv("LXC_CONFIG_FILE", conf->rcfile, 1)) { |
148e91f5 SH |
3497 | SYSERROR("failed to set environment variable for config path"); |
3498 | } | |
ab7efcf5 | 3499 | if (bdev->dest && setenv("LXC_ROOTFS_MOUNT", bdev->dest, 1)) { |
148e91f5 SH |
3500 | SYSERROR("failed to set environment variable for rootfs mount"); |
3501 | } | |
ab7efcf5 | 3502 | if (conf->rootfs.path && setenv("LXC_ROOTFS_PATH", conf->rootfs.path, 1)) { |
148e91f5 SH |
3503 | SYSERROR("failed to set environment variable for rootfs mount"); |
3504 | } | |
3505 | ||
14a7b0f9 | 3506 | if (run_lxc_hooks(c->name, "clone", conf, hookargs)) { |
148e91f5 | 3507 | ERROR("Error executing clone hook for %s", c->name); |
10bc1861 | 3508 | storage_put(bdev); |
1354955b | 3509 | return -1; |
148e91f5 SH |
3510 | } |
3511 | } | |
3512 | ||
3513 | if (!(flags & LXC_CLONE_KEEPNAME)) { | |
3514 | ret = snprintf(path, MAXPATHLEN, "%s/etc/hostname", bdev->dest); | |
10bc1861 | 3515 | storage_put(bdev); |
e7de366c | 3516 | |
148e91f5 | 3517 | if (ret < 0 || ret >= MAXPATHLEN) |
1354955b | 3518 | return -1; |
8058be39 | 3519 | if (!file_exists(path)) |
1354955b | 3520 | return 0; |
148e91f5 | 3521 | if (!(fout = fopen(path, "w"))) { |
959aee9c | 3522 | SYSERROR("unable to open %s: ignoring", path); |
1354955b | 3523 | return 0; |
148e91f5 | 3524 | } |
a684f0b7 ÇO |
3525 | if (fprintf(fout, "%s", c->name) < 0) { |
3526 | fclose(fout); | |
1354955b | 3527 | return -1; |
6849cb5b | 3528 | } |
148e91f5 | 3529 | if (fclose(fout) < 0) |
1354955b | 3530 | return -1; |
10bc1861 CB |
3531 | } else { |
3532 | storage_put(bdev); | |
9be53773 | 3533 | } |
e7de366c | 3534 | |
1354955b SH |
3535 | return 0; |
3536 | } | |
3537 | ||
3538 | static int clone_update_rootfs_wrapper(void *data) | |
3539 | { | |
3540 | struct clone_update_data *arg = (struct clone_update_data *) data; | |
3541 | return clone_update_rootfs(arg); | |
9be53773 SH |
3542 | } |
3543 | ||
3544 | /* | |
3545 | * We want to support: | |
3546 | sudo lxc-clone -o o1 -n n1 -s -L|-fssize fssize -v|--vgname vgname \ | |
3547 | -p|--lvprefix lvprefix -t|--fstype fstype -B backingstore | |
3548 | ||
ba115175 CB |
3549 | -s [ implies overlay] |
3550 | -s -B overlay | |
9be53773 SH |
3551 | |
3552 | only rootfs gets converted (copied/snapshotted) on clone. | |
3553 | */ | |
3554 | ||
d5752559 | 3555 | static int create_file_dirname(char *path, struct lxc_conf *conf) |
9be53773 | 3556 | { |
c32981c3 | 3557 | char *p = strrchr(path, '/'); |
d5752559 | 3558 | int ret = -1; |
9be53773 SH |
3559 | |
3560 | if (!p) | |
3561 | return -1; | |
3562 | *p = '\0'; | |
d028235d | 3563 | ret = do_create_container_dir(path, conf); |
9be53773 SH |
3564 | *p = '/'; |
3565 | return ret; | |
3566 | } | |
3567 | ||
858377e4 | 3568 | static struct lxc_container *do_lxcapi_clone(struct lxc_container *c, const char *newname, |
9be53773 | 3569 | const char *lxcpath, int flags, |
d659597e | 3570 | const char *bdevtype, const char *bdevdata, uint64_t newsize, |
148e91f5 | 3571 | char **hookargs) |
9be53773 | 3572 | { |
9be53773 | 3573 | char newpath[MAXPATHLEN]; |
0e1a60b0 | 3574 | int fd, ret; |
1354955b | 3575 | struct clone_update_data data; |
3b392519 | 3576 | size_t saved_unexp_len; |
1354955b | 3577 | pid_t pid; |
17a367d8 CB |
3578 | int storage_copied = 0; |
3579 | char *origroot = NULL, *saved_unexp_conf = NULL; | |
3580 | struct lxc_container *c2 = NULL; | |
9be53773 | 3581 | |
858377e4 | 3582 | if (!c || !do_lxcapi_is_defined(c)) |
9be53773 SH |
3583 | return NULL; |
3584 | ||
5cee8c50 | 3585 | if (container_mem_lock(c)) |
9be53773 SH |
3586 | return NULL; |
3587 | ||
39dc698c | 3588 | if (!is_stopped(c)) { |
9be53773 SH |
3589 | ERROR("error: Original container (%s) is running", c->name); |
3590 | goto out; | |
3591 | } | |
3592 | ||
1a0e70ac | 3593 | /* Make sure the container doesn't yet exist. */ |
05d53f4c SH |
3594 | if (!newname) |
3595 | newname = c->name; | |
3596 | if (!lxcpath) | |
858377e4 | 3597 | lxcpath = do_lxcapi_get_config_path(c); |
05d53f4c | 3598 | ret = snprintf(newpath, MAXPATHLEN, "%s/%s/config", lxcpath, newname); |
6849cb5b | 3599 | if (ret < 0 || ret >= MAXPATHLEN) { |
9be53773 SH |
3600 | SYSERROR("clone: failed making config pathname"); |
3601 | goto out; | |
3602 | } | |
17a367d8 | 3603 | |
9be53773 SH |
3604 | if (file_exists(newpath)) { |
3605 | ERROR("error: clone: %s exists", newpath); | |
3606 | goto out; | |
3607 | } | |
3608 | ||
d5752559 | 3609 | ret = create_file_dirname(newpath, c->lxc_conf); |
96532523 | 3610 | if (ret < 0 && errno != EEXIST) { |
9be53773 SH |
3611 | ERROR("Error creating container dir for %s", newpath); |
3612 | goto out; | |
3613 | } | |
3614 | ||
1a0e70ac | 3615 | /* Copy the configuration. Tweak it as needed. */ |
8d2efe40 SH |
3616 | if (c->lxc_conf->rootfs.path) { |
3617 | origroot = c->lxc_conf->rootfs.path; | |
3618 | c->lxc_conf->rootfs.path = NULL; | |
3619 | } | |
0e1a60b0 CB |
3620 | |
3621 | fd = open(newpath, O_WRONLY | O_CREAT | O_CLOEXEC, | |
3622 | S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH); | |
3623 | if (fd < 0) { | |
3624 | SYSERROR("Failed to open \"%s\"", newpath); | |
9be53773 SH |
3625 | goto out; |
3626 | } | |
5eea90e8 SH |
3627 | |
3628 | saved_unexp_conf = c->lxc_conf->unexpanded_config; | |
3b392519 | 3629 | saved_unexp_len = c->lxc_conf->unexpanded_len; |
5eea90e8 SH |
3630 | c->lxc_conf->unexpanded_config = strdup(saved_unexp_conf); |
3631 | if (!c->lxc_conf->unexpanded_config) { | |
0e1a60b0 | 3632 | close(fd); |
5eea90e8 SH |
3633 | goto out; |
3634 | } | |
7a96a068 | 3635 | |
7a96a068 | 3636 | clear_unexp_config_line(c->lxc_conf, "lxc.rootfs.path", false); |
0e1a60b0 CB |
3637 | write_config(fd, c->lxc_conf); |
3638 | close(fd); | |
8d2efe40 | 3639 | c->lxc_conf->rootfs.path = origroot; |
5eea90e8 SH |
3640 | free(c->lxc_conf->unexpanded_config); |
3641 | c->lxc_conf->unexpanded_config = saved_unexp_conf; | |
3642 | saved_unexp_conf = NULL; | |
3b392519 | 3643 | c->lxc_conf->unexpanded_len = saved_unexp_len; |
9be53773 | 3644 | |
90b366fc CB |
3645 | ret = snprintf(newpath, MAXPATHLEN, "%s/%s/rootfs", lxcpath, newname); |
3646 | if (ret < 0 || ret >= MAXPATHLEN) { | |
3647 | SYSERROR("clone: failed making rootfs pathname"); | |
3648 | goto out; | |
3649 | } | |
17a367d8 CB |
3650 | |
3651 | ret = mkdir(newpath, 0755); | |
3652 | if (ret < 0) { | |
3653 | /* For an overlay container the rootfs is considered immutable | |
3654 | * and will not have been removed when restoring from a | |
3655 | * snapshot. | |
3656 | */ | |
3657 | if (errno != ENOENT && | |
3658 | !(flags & LXC_STORAGE_INTERNAL_OVERLAY_RESTORE)) { | |
3659 | SYSERROR("Failed to create directory \"%s\"", newpath); | |
3660 | goto out; | |
3661 | } | |
9be53773 SH |
3662 | } |
3663 | ||
e0010464 | 3664 | if (am_guest_unpriv()) { |
1354955b | 3665 | if (chown_mapped_root(newpath, c->lxc_conf) < 0) { |
959aee9c | 3666 | ERROR("Error chowning %s to container root", newpath); |
1354955b SH |
3667 | goto out; |
3668 | } | |
3669 | } | |
3670 | ||
05d53f4c | 3671 | c2 = lxc_container_new(newname, lxcpath); |
375c2258 | 3672 | if (!c2) { |
05d53f4c SH |
3673 | ERROR("clone: failed to create new container (%s %s)", newname, |
3674 | lxcpath); | |
9be53773 SH |
3675 | goto out; |
3676 | } | |
8d2efe40 | 3677 | |
1a0e70ac | 3678 | /* copy/snapshot rootfs's */ |
8d2efe40 SH |
3679 | ret = copy_storage(c, c2, bdevtype, flags, bdevdata, newsize); |
3680 | if (ret < 0) | |
3681 | goto out; | |
9be53773 | 3682 | |
6b0d5538 | 3683 | |
1a0e70ac | 3684 | /* update utsname */ |
3d7ad474 CB |
3685 | if (!(flags & LXC_CLONE_KEEPNAME)) { |
3686 | clear_unexp_config_line(c2->lxc_conf, "lxc.utsname", false); | |
b67771bc | 3687 | clear_unexp_config_line(c2->lxc_conf, "lxc.uts.name", false); |
3d7ad474 | 3688 | |
0d9cd9c3 | 3689 | if (!do_set_config_item_locked(c2, "lxc.uts.name", newname)) { |
3d7ad474 CB |
3690 | ERROR("Error setting new hostname"); |
3691 | goto out; | |
3692 | } | |
96532523 SH |
3693 | } |
3694 | ||
1a0e70ac | 3695 | /* copy hooks */ |
619256b5 ÇO |
3696 | ret = copyhooks(c, c2); |
3697 | if (ret < 0) { | |
3698 | ERROR("error copying hooks"); | |
3699 | goto out; | |
9be53773 SH |
3700 | } |
3701 | ||
3702 | if (copy_fstab(c, c2) < 0) { | |
3703 | ERROR("error copying fstab"); | |
9be53773 SH |
3704 | goto out; |
3705 | } | |
3706 | ||
1a0e70ac | 3707 | /* update macaddrs */ |
6b0d5538 | 3708 | if (!(flags & LXC_CLONE_KEEPMACADDR)) { |
67702c21 SH |
3709 | if (!network_new_hwaddrs(c2->lxc_conf)) { |
3710 | ERROR("Error updating mac addresses"); | |
6b0d5538 SH |
3711 | goto out; |
3712 | } | |
3713 | } | |
9be53773 | 3714 | |
1a0e70ac | 3715 | /* Update absolute paths for overlay mount directories. */ |
83e79752 | 3716 | if (ovl_update_abs_paths(c2->lxc_conf, c->config_path, c->name, lxcpath, newname) < 0) |
030ce9a9 CB |
3717 | goto out; |
3718 | ||
1a0e70ac CB |
3719 | /* We've now successfully created c2's storage, so clear it out if we |
3720 | * fail after this. | |
3721 | */ | |
176d9acb SH |
3722 | storage_copied = 1; |
3723 | ||
375c2258 | 3724 | if (!c2->save_config(c2, NULL)) |
9be53773 | 3725 | goto out; |
9be53773 | 3726 | |
1354955b SH |
3727 | if ((pid = fork()) < 0) { |
3728 | SYSERROR("fork"); | |
9be53773 | 3729 | goto out; |
1354955b SH |
3730 | } |
3731 | if (pid > 0) { | |
3732 | ret = wait_for_pid(pid); | |
3733 | if (ret) | |
3734 | goto out; | |
3735 | container_mem_unlock(c); | |
3736 | return c2; | |
3737 | } | |
3738 | data.c0 = c; | |
3739 | data.c1 = c2; | |
3740 | data.flags = flags; | |
3741 | data.hookargs = hookargs; | |
e0010464 | 3742 | if (am_guest_unpriv()) |
ee484f7f CB |
3743 | ret = userns_exec_full(c->lxc_conf, clone_update_rootfs_wrapper, |
3744 | &data, "clone_update_rootfs_wrapper"); | |
1354955b SH |
3745 | else |
3746 | ret = clone_update_rootfs(&data); | |
3747 | if (ret < 0) | |
d8480a31 | 3748 | _exit(EXIT_FAILURE); |
9be53773 | 3749 | |
5cee8c50 | 3750 | container_mem_unlock(c); |
d8480a31 | 3751 | _exit(EXIT_SUCCESS); |
9be53773 SH |
3752 | |
3753 | out: | |
5cee8c50 | 3754 | container_mem_unlock(c); |
375c2258 | 3755 | if (c2) { |
176d9acb SH |
3756 | if (!storage_copied) |
3757 | c2->lxc_conf->rootfs.path = NULL; | |
375c2258 | 3758 | c2->destroy(c2); |
9be53773 | 3759 | lxc_container_put(c2); |
375c2258 | 3760 | } |
9be53773 SH |
3761 | |
3762 | return NULL; | |
3763 | } | |
3764 | ||
858377e4 SH |
3765 | static struct lxc_container *lxcapi_clone(struct lxc_container *c, const char *newname, |
3766 | const char *lxcpath, int flags, | |
3767 | const char *bdevtype, const char *bdevdata, uint64_t newsize, | |
3768 | char **hookargs) | |
3769 | { | |
3770 | struct lxc_container * ret; | |
3771 | current_config = c ? c->lxc_conf : NULL; | |
3772 | ret = do_lxcapi_clone(c, newname, lxcpath, flags, bdevtype, bdevdata, newsize, hookargs); | |
3773 | current_config = NULL; | |
3774 | return ret; | |
3775 | } | |
3776 | ||
3777 | static bool do_lxcapi_rename(struct lxc_container *c, const char *newname) | |
06e5650e | 3778 | { |
10bc1861 | 3779 | struct lxc_storage *bdev; |
06e5650e | 3780 | struct lxc_container *newc; |
06e5650e | 3781 | |
d693cf93 | 3782 | if (!c || !c->name || !c->config_path || !c->lxc_conf) |
06e5650e ÇO |
3783 | return false; |
3784 | ||
18aa217b SH |
3785 | if (has_fs_snapshots(c) || has_snapshots(c)) { |
3786 | ERROR("Renaming a container with snapshots is not supported"); | |
3787 | return false; | |
3788 | } | |
8a388ed4 | 3789 | bdev = storage_init(c->lxc_conf); |
06e5650e ÇO |
3790 | if (!bdev) { |
3791 | ERROR("Failed to find original backing store type"); | |
3792 | return false; | |
3793 | } | |
3794 | ||
619256b5 | 3795 | newc = lxcapi_clone(c, newname, c->config_path, LXC_CLONE_KEEPMACADDR, NULL, bdev->type, 0, NULL); |
10bc1861 | 3796 | storage_put(bdev); |
06e5650e ÇO |
3797 | if (!newc) { |
3798 | lxc_container_put(newc); | |
3799 | return false; | |
3800 | } | |
3801 | ||
3802 | if (newc && lxcapi_is_defined(newc)) | |
3803 | lxc_container_put(newc); | |
3804 | ||
17a367d8 | 3805 | if (!container_destroy(c, NULL)) { |
06e5650e ÇO |
3806 | ERROR("Could not destroy existing container %s", c->name); |
3807 | return false; | |
3808 | } | |
3809 | return true; | |
3810 | } | |
3811 | ||
858377e4 SH |
3812 | WRAP_API_1(bool, lxcapi_rename, const char *) |
3813 | ||
a0e93eeb CS |
3814 | static int lxcapi_attach(struct lxc_container *c, lxc_attach_exec_t exec_function, void *exec_payload, lxc_attach_options_t *options, pid_t *attached_process) |
3815 | { | |
858377e4 SH |
3816 | int ret; |
3817 | ||
a0e93eeb CS |
3818 | if (!c) |
3819 | return -1; | |
3820 | ||
858377e4 SH |
3821 | current_config = c->lxc_conf; |
3822 | ||
3823 | ret = lxc_attach(c->name, c->config_path, exec_function, exec_payload, options, attached_process); | |
3824 | current_config = NULL; | |
3825 | return ret; | |
a0e93eeb CS |
3826 | } |
3827 | ||
858377e4 | 3828 | static int do_lxcapi_attach_run_wait(struct lxc_container *c, lxc_attach_options_t *options, const char *program, const char * const argv[]) |
a0e93eeb CS |
3829 | { |
3830 | lxc_attach_command_t command; | |
3831 | pid_t pid; | |
3832 | int r; | |
3833 | ||
3834 | if (!c) | |
3835 | return -1; | |
3836 | ||
3837 | command.program = (char*)program; | |
3838 | command.argv = (char**)argv; | |
3839 | r = lxc_attach(c->name, c->config_path, lxc_attach_run_command, &command, options, &pid); | |
3840 | if (r < 0) { | |
3841 | ERROR("ups"); | |
3842 | return r; | |
3843 | } | |
3844 | return lxc_wait_for_pid_status(pid); | |
3845 | } | |
3846 | ||
858377e4 SH |
3847 | static int lxcapi_attach_run_wait(struct lxc_container *c, lxc_attach_options_t *options, const char *program, const char * const argv[]) |
3848 | { | |
3849 | int ret; | |
3850 | current_config = c ? c->lxc_conf : NULL; | |
3851 | ret = do_lxcapi_attach_run_wait(c, options, program, argv); | |
3852 | current_config = NULL; | |
3853 | return ret; | |
3854 | } | |
3855 | ||
74a3920a | 3856 | static int get_next_index(const char *lxcpath, char *cname) |
f5dd1d53 SH |
3857 | { |
3858 | char *fname; | |
3859 | struct stat sb; | |
3860 | int i = 0, ret; | |
3861 | ||
3862 | fname = alloca(strlen(lxcpath) + 20); | |
3863 | while (1) { | |
3864 | sprintf(fname, "%s/snap%d", lxcpath, i); | |
3865 | ret = stat(fname, &sb); | |
3866 | if (ret != 0) | |
3867 | return i; | |
3868 | i++; | |
3869 | } | |
3870 | } | |
3871 | ||
18aa217b SH |
3872 | static bool get_snappath_dir(struct lxc_container *c, char *snappath) |
3873 | { | |
3874 | int ret; | |
3875 | /* | |
3876 | * If the old style snapshot path exists, use it | |
3877 | * /var/lib/lxc -> /var/lib/lxcsnaps | |
3878 | */ | |
3879 | ret = snprintf(snappath, MAXPATHLEN, "%ssnaps", c->config_path); | |
3880 | if (ret < 0 || ret >= MAXPATHLEN) | |
3881 | return false; | |
3882 | if (dir_exists(snappath)) { | |
3883 | ret = snprintf(snappath, MAXPATHLEN, "%ssnaps/%s", c->config_path, c->name); | |
3884 | if (ret < 0 || ret >= MAXPATHLEN) | |
3885 | return false; | |
3886 | return true; | |
3887 | } | |
3888 | ||
3889 | /* | |
3890 | * Use the new style path | |
3891 | * /var/lib/lxc -> /var/lib/lxc + c->name + /snaps + \0 | |
3892 | */ | |
3893 | ret = snprintf(snappath, MAXPATHLEN, "%s/%s/snaps", c->config_path, c->name); | |
3894 | if (ret < 0 || ret >= MAXPATHLEN) | |
3895 | return false; | |
3896 | return true; | |
3897 | } | |
3898 | ||
858377e4 | 3899 | static int do_lxcapi_snapshot(struct lxc_container *c, const char *commentfile) |
f5dd1d53 SH |
3900 | { |
3901 | int i, flags, ret; | |
3902 | struct lxc_container *c2; | |
3903 | char snappath[MAXPATHLEN], newname[20]; | |
3904 | ||
840f05df SH |
3905 | if (!c || !lxcapi_is_defined(c)) |
3906 | return -1; | |
3907 | ||
10bc1861 | 3908 | if (!storage_can_backup(c->lxc_conf)) { |
cdd01be2 SH |
3909 | ERROR("%s's backing store cannot be backed up.", c->name); |
3910 | ERROR("Your container must use another backing store type."); | |
3911 | return -1; | |
3912 | } | |
3913 | ||
18aa217b | 3914 | if (!get_snappath_dir(c, snappath)) |
f5dd1d53 | 3915 | return -1; |
18aa217b | 3916 | |
f5dd1d53 SH |
3917 | i = get_next_index(snappath, c->name); |
3918 | ||
3919 | if (mkdir_p(snappath, 0755) < 0) { | |
3920 | ERROR("Failed to create snapshot directory %s", snappath); | |
3921 | return -1; | |
3922 | } | |
3923 | ||
3924 | ret = snprintf(newname, 20, "snap%d", i); | |
3925 | if (ret < 0 || ret >= 20) | |
3926 | return -1; | |
3927 | ||
0a83cbbb SH |
3928 | /* |
3929 | * We pass LXC_CLONE_SNAPSHOT to make sure that a rdepends file entry is | |
3930 | * created in the original container | |
3931 | */ | |
3932 | flags = LXC_CLONE_SNAPSHOT | LXC_CLONE_KEEPMACADDR | LXC_CLONE_KEEPNAME | | |
3933 | LXC_CLONE_KEEPBDEVTYPE | LXC_CLONE_MAYBE_SNAPSHOT; | |
068aa488 | 3934 | if (storage_is_dir(c->lxc_conf)) { |
8c39f7a4 SH |
3935 | ERROR("Snapshot of directory-backed container requested."); |
3936 | ERROR("Making a copy-clone. If you do want snapshots, then"); | |
12e6ab5d | 3937 | ERROR("please create overlay clone first, snapshot that"); |
8c39f7a4 SH |
3938 | ERROR("and keep the original container pristine."); |
3939 | flags &= ~LXC_CLONE_SNAPSHOT | LXC_CLONE_MAYBE_SNAPSHOT; | |
3940 | } | |
858377e4 | 3941 | c2 = do_lxcapi_clone(c, newname, snappath, flags, NULL, NULL, 0, NULL); |
f5dd1d53 | 3942 | if (!c2) { |
959aee9c | 3943 | ERROR("clone of %s:%s failed", c->config_path, c->name); |
f5dd1d53 SH |
3944 | return -1; |
3945 | } | |
3946 | ||
3947 | lxc_container_put(c2); | |
3948 | ||
1a0e70ac | 3949 | /* Now write down the creation time. */ |
f5dd1d53 SH |
3950 | time_t timer; |
3951 | char buffer[25]; | |
3952 | struct tm* tm_info; | |
025ed0f3 | 3953 | FILE *f; |
f5dd1d53 SH |
3954 | |
3955 | time(&timer); | |
3956 | tm_info = localtime(&timer); | |
3957 | ||
3958 | strftime(buffer, 25, "%Y:%m:%d %H:%M:%S", tm_info); | |
3959 | ||
3960 | char *dfnam = alloca(strlen(snappath) + strlen(newname) + 5); | |
3961 | sprintf(dfnam, "%s/%s/ts", snappath, newname); | |
025ed0f3 | 3962 | f = fopen(dfnam, "w"); |
f5dd1d53 | 3963 | if (!f) { |
959aee9c | 3964 | ERROR("Failed to open %s", dfnam); |
f5dd1d53 SH |
3965 | return -1; |
3966 | } | |
3967 | if (fprintf(f, "%s", buffer) < 0) { | |
3968 | SYSERROR("Writing timestamp"); | |
3969 | fclose(f); | |
3970 | return -1; | |
3971 | } | |
025ed0f3 | 3972 | ret = fclose(f); |
025ed0f3 | 3973 | if (ret != 0) { |
f5dd1d53 SH |
3974 | SYSERROR("Writing timestamp"); |
3975 | return -1; | |
3976 | } | |
3977 | ||
3978 | if (commentfile) { | |
1a0e70ac | 3979 | /* $p / $name / comment \0 */ |
f5dd1d53 SH |
3980 | int len = strlen(snappath) + strlen(newname) + 10; |
3981 | char *path = alloca(len); | |
3982 | sprintf(path, "%s/%s/comment", snappath, newname); | |
3983 | return copy_file(commentfile, path) < 0 ? -1 : i; | |
3984 | } | |
3985 | ||
3986 | return i; | |
3987 | } | |
3988 | ||
858377e4 SH |
3989 | WRAP_API_1(int, lxcapi_snapshot, const char *) |
3990 | ||
f5dd1d53 SH |
3991 | static void lxcsnap_free(struct lxc_snapshot *s) |
3992 | { | |
f10fad2f ME |
3993 | free(s->name); |
3994 | free(s->comment_pathname); | |
3995 | free(s->timestamp); | |
3996 | free(s->lxcpath); | |
f5dd1d53 SH |
3997 | } |
3998 | ||
3999 | static char *get_snapcomment_path(char* snappath, char *name) | |
4000 | { | |
1a0e70ac | 4001 | /* $snappath/$name/comment */ |
f5dd1d53 SH |
4002 | int ret, len = strlen(snappath) + strlen(name) + 10; |
4003 | char *s = malloc(len); | |
4004 | ||
4005 | if (s) { | |
4006 | ret = snprintf(s, len, "%s/%s/comment", snappath, name); | |
4007 | if (ret < 0 || ret >= len) { | |
4008 | free(s); | |
4009 | s = NULL; | |
4010 | } | |
4011 | } | |
4012 | return s; | |
4013 | } | |
4014 | ||
4015 | static char *get_timestamp(char* snappath, char *name) | |
4016 | { | |
4017 | char path[MAXPATHLEN], *s = NULL; | |
4018 | int ret, len; | |
4019 | FILE *fin; | |
4020 | ||
4021 | ret = snprintf(path, MAXPATHLEN, "%s/%s/ts", snappath, name); | |
4022 | if (ret < 0 || ret >= MAXPATHLEN) | |
4023 | return NULL; | |
025ed0f3 | 4024 | fin = fopen(path, "r"); |
025ed0f3 | 4025 | if (!fin) |
f5dd1d53 SH |
4026 | return NULL; |
4027 | (void) fseek(fin, 0, SEEK_END); | |
4028 | len = ftell(fin); | |
4029 | (void) fseek(fin, 0, SEEK_SET); | |
4030 | if (len > 0) { | |
4031 | s = malloc(len+1); | |
4032 | if (s) { | |
4033 | s[len] = '\0'; | |
4034 | if (fread(s, 1, len, fin) != len) { | |
4035 | SYSERROR("reading timestamp"); | |
4036 | free(s); | |
4037 | s = NULL; | |
4038 | } | |
4039 | } | |
4040 | } | |
4041 | fclose(fin); | |
4042 | return s; | |
4043 | } | |
4044 | ||
858377e4 | 4045 | static int do_lxcapi_snapshot_list(struct lxc_container *c, struct lxc_snapshot **ret_snaps) |
f5dd1d53 SH |
4046 | { |
4047 | char snappath[MAXPATHLEN], path2[MAXPATHLEN]; | |
18aa217b | 4048 | int count = 0, ret; |
74f96976 | 4049 | struct dirent *direntp; |
f5dd1d53 SH |
4050 | struct lxc_snapshot *snaps =NULL, *nsnaps; |
4051 | DIR *dir; | |
4052 | ||
4053 | if (!c || !lxcapi_is_defined(c)) | |
4054 | return -1; | |
c868b261 | 4055 | |
18aa217b | 4056 | if (!get_snappath_dir(c, snappath)) { |
f5dd1d53 SH |
4057 | ERROR("path name too long"); |
4058 | return -1; | |
4059 | } | |
025ed0f3 | 4060 | dir = opendir(snappath); |
025ed0f3 | 4061 | if (!dir) { |
f5dd1d53 SH |
4062 | INFO("failed to open %s - assuming no snapshots", snappath); |
4063 | return 0; | |
4064 | } | |
4065 | ||
74f96976 | 4066 | while ((direntp = readdir(dir))) { |
f5dd1d53 SH |
4067 | if (!direntp) |
4068 | break; | |
4069 | ||
4070 | if (!strcmp(direntp->d_name, ".")) | |
4071 | continue; | |
4072 | ||
4073 | if (!strcmp(direntp->d_name, "..")) | |
4074 | continue; | |
4075 | ||
4076 | ret = snprintf(path2, MAXPATHLEN, "%s/%s/config", snappath, direntp->d_name); | |
4077 | if (ret < 0 || ret >= MAXPATHLEN) { | |
4078 | ERROR("pathname too long"); | |
4079 | goto out_free; | |
4080 | } | |
4081 | if (!file_exists(path2)) | |
4082 | continue; | |
4083 | nsnaps = realloc(snaps, (count + 1)*sizeof(*snaps)); | |
4084 | if (!nsnaps) { | |
4085 | SYSERROR("Out of memory"); | |
4086 | goto out_free; | |
4087 | } | |
4088 | snaps = nsnaps; | |
4089 | snaps[count].free = lxcsnap_free; | |
4090 | snaps[count].name = strdup(direntp->d_name); | |
4091 | if (!snaps[count].name) | |
4092 | goto out_free; | |
4093 | snaps[count].lxcpath = strdup(snappath); | |
4094 | if (!snaps[count].lxcpath) { | |
4095 | free(snaps[count].name); | |
4096 | goto out_free; | |
4097 | } | |
4098 | snaps[count].comment_pathname = get_snapcomment_path(snappath, direntp->d_name); | |
4099 | snaps[count].timestamp = get_timestamp(snappath, direntp->d_name); | |
4100 | count++; | |
4101 | } | |
4102 | ||
4103 | if (closedir(dir)) | |
4104 | WARN("failed to close directory"); | |
4105 | ||
4106 | *ret_snaps = snaps; | |
4107 | return count; | |
4108 | ||
4109 | out_free: | |
4110 | if (snaps) { | |
4111 | int i; | |
4112 | for (i=0; i<count; i++) | |
4113 | lxcsnap_free(&snaps[i]); | |
4114 | free(snaps); | |
4115 | } | |
9baa57bd SH |
4116 | if (closedir(dir)) |
4117 | WARN("failed to close directory"); | |
f5dd1d53 SH |
4118 | return -1; |
4119 | } | |
4120 | ||
858377e4 SH |
4121 | WRAP_API_1(int, lxcapi_snapshot_list, struct lxc_snapshot **) |
4122 | ||
4123 | static bool do_lxcapi_snapshot_restore(struct lxc_container *c, const char *snapname, const char *newname) | |
f5dd1d53 SH |
4124 | { |
4125 | char clonelxcpath[MAXPATHLEN]; | |
18aa217b | 4126 | int flags = 0; |
f5dd1d53 | 4127 | struct lxc_container *snap, *rest; |
10bc1861 | 4128 | struct lxc_storage *bdev; |
f5dd1d53 SH |
4129 | bool b = false; |
4130 | ||
4131 | if (!c || !c->name || !c->config_path) | |
4132 | return false; | |
4133 | ||
18aa217b SH |
4134 | if (has_fs_snapshots(c)) { |
4135 | ERROR("container rootfs has dependent snapshots"); | |
4136 | return false; | |
4137 | } | |
4138 | ||
8a388ed4 | 4139 | bdev = storage_init(c->lxc_conf); |
f5dd1d53 SH |
4140 | if (!bdev) { |
4141 | ERROR("Failed to find original backing store type"); | |
4142 | return false; | |
4143 | } | |
4144 | ||
17a367d8 CB |
4145 | /* For an overlay container the rootfs is considered immutable |
4146 | * and cannot be removed when restoring from a snapshot. We pass this | |
4147 | * internal flag along to communicate this to various parts of the | |
4148 | * codebase. | |
4149 | */ | |
4150 | if (!strcmp(bdev->type, "overlay") || !strcmp(bdev->type, "overlayfs")) | |
4151 | bdev->flags |= LXC_STORAGE_INTERNAL_OVERLAY_RESTORE; | |
4152 | ||
f5dd1d53 SH |
4153 | if (!newname) |
4154 | newname = c->name; | |
7e36f87e | 4155 | |
18aa217b | 4156 | if (!get_snappath_dir(c, clonelxcpath)) { |
10bc1861 | 4157 | storage_put(bdev); |
f5dd1d53 SH |
4158 | return false; |
4159 | } | |
1a0e70ac | 4160 | /* how should we lock this? */ |
f5dd1d53 SH |
4161 | |
4162 | snap = lxc_container_new(snapname, clonelxcpath); | |
4163 | if (!snap || !lxcapi_is_defined(snap)) { | |
4164 | ERROR("Could not open snapshot %s", snapname); | |
17a367d8 CB |
4165 | if (snap) |
4166 | lxc_container_put(snap); | |
10bc1861 | 4167 | storage_put(bdev); |
f5dd1d53 SH |
4168 | return false; |
4169 | } | |
4170 | ||
17a367d8 CB |
4171 | if (!strcmp(c->name, newname)) { |
4172 | if (!container_destroy(c, bdev)) { | |
7e36f87e ÇO |
4173 | ERROR("Could not destroy existing container %s", newname); |
4174 | lxc_container_put(snap); | |
10bc1861 | 4175 | storage_put(bdev); |
7e36f87e ÇO |
4176 | return false; |
4177 | } | |
4178 | } | |
4179 | ||
de269ee8 SH |
4180 | if (strcmp(bdev->type, "dir") != 0 && strcmp(bdev->type, "loop") != 0) |
4181 | flags = LXC_CLONE_SNAPSHOT | LXC_CLONE_MAYBE_SNAPSHOT; | |
17a367d8 CB |
4182 | |
4183 | if (!strcmp(bdev->type, "overlay") || !strcmp(bdev->type, "overlayfs")) | |
4184 | flags |= LXC_STORAGE_INTERNAL_OVERLAY_RESTORE; | |
09f6f8c4 CB |
4185 | rest = lxcapi_clone(snap, newname, c->config_path, flags, bdev->type, |
4186 | NULL, 0, NULL); | |
10bc1861 | 4187 | storage_put(bdev); |
f5dd1d53 SH |
4188 | if (rest && lxcapi_is_defined(rest)) |
4189 | b = true; | |
4190 | if (rest) | |
4191 | lxc_container_put(rest); | |
17a367d8 | 4192 | |
f5dd1d53 SH |
4193 | lxc_container_put(snap); |
4194 | return b; | |
4195 | } | |
4196 | ||
858377e4 SH |
4197 | WRAP_API_2(bool, lxcapi_snapshot_restore, const char *, const char *) |
4198 | ||
18aa217b | 4199 | static bool do_snapshot_destroy(const char *snapname, const char *clonelxcpath) |
771d96b3 | 4200 | { |
771d96b3 | 4201 | struct lxc_container *snap = NULL; |
18aa217b | 4202 | bool bret = false; |
771d96b3 ÇO |
4203 | |
4204 | snap = lxc_container_new(snapname, clonelxcpath); | |
18aa217b | 4205 | if (!snap) { |
771d96b3 ÇO |
4206 | ERROR("Could not find snapshot %s", snapname); |
4207 | goto err; | |
4208 | } | |
4209 | ||
858377e4 | 4210 | if (!do_lxcapi_destroy(snap)) { |
771d96b3 ÇO |
4211 | ERROR("Could not destroy snapshot %s", snapname); |
4212 | goto err; | |
4213 | } | |
18aa217b | 4214 | bret = true; |
771d96b3 | 4215 | |
771d96b3 ÇO |
4216 | err: |
4217 | if (snap) | |
4218 | lxc_container_put(snap); | |
18aa217b SH |
4219 | return bret; |
4220 | } | |
4221 | ||
4222 | static bool remove_all_snapshots(const char *path) | |
4223 | { | |
4224 | DIR *dir; | |
74f96976 | 4225 | struct dirent *direntp; |
18aa217b SH |
4226 | bool bret = true; |
4227 | ||
4228 | dir = opendir(path); | |
4229 | if (!dir) { | |
4230 | SYSERROR("opendir on snapshot path %s", path); | |
4231 | return false; | |
4232 | } | |
74f96976 | 4233 | while ((direntp = readdir(dir))) { |
18aa217b SH |
4234 | if (!strcmp(direntp->d_name, ".")) |
4235 | continue; | |
4236 | if (!strcmp(direntp->d_name, "..")) | |
4237 | continue; | |
4238 | if (!do_snapshot_destroy(direntp->d_name, path)) { | |
4239 | bret = false; | |
4240 | continue; | |
4241 | } | |
4242 | } | |
4243 | ||
4244 | closedir(dir); | |
4245 | ||
4246 | if (rmdir(path)) | |
4247 | SYSERROR("Error removing directory %s", path); | |
4248 | ||
4249 | return bret; | |
4250 | } | |
4251 | ||
858377e4 | 4252 | static bool do_lxcapi_snapshot_destroy(struct lxc_container *c, const char *snapname) |
18aa217b SH |
4253 | { |
4254 | char clonelxcpath[MAXPATHLEN]; | |
4255 | ||
4256 | if (!c || !c->name || !c->config_path || !snapname) | |
4257 | return false; | |
4258 | ||
4259 | if (!get_snappath_dir(c, clonelxcpath)) | |
4260 | return false; | |
4261 | ||
4262 | return do_snapshot_destroy(snapname, clonelxcpath); | |
4263 | } | |
4264 | ||
858377e4 SH |
4265 | WRAP_API_1(bool, lxcapi_snapshot_destroy, const char *) |
4266 | ||
4267 | static bool do_lxcapi_snapshot_destroy_all(struct lxc_container *c) | |
18aa217b SH |
4268 | { |
4269 | char clonelxcpath[MAXPATHLEN]; | |
4270 | ||
4271 | if (!c || !c->name || !c->config_path) | |
4272 | return false; | |
4273 | ||
4274 | if (!get_snappath_dir(c, clonelxcpath)) | |
4275 | return false; | |
4276 | ||
4277 | return remove_all_snapshots(clonelxcpath); | |
771d96b3 ÇO |
4278 | } |
4279 | ||
858377e4 SH |
4280 | WRAP_API(bool, lxcapi_snapshot_destroy_all) |
4281 | ||
4282 | static bool do_lxcapi_may_control(struct lxc_container *c) | |
b494d2dd SH |
4283 | { |
4284 | return lxc_try_cmd(c->name, c->config_path) == 0; | |
4285 | } | |
4286 | ||
858377e4 SH |
4287 | WRAP_API(bool, lxcapi_may_control) |
4288 | ||
d5aa23e6 | 4289 | static bool do_add_remove_node(pid_t init_pid, const char *path, bool add, |
b69dfc9f | 4290 | struct stat *st) |
d5aa23e6 | 4291 | { |
b69dfc9f CB |
4292 | int ret; |
4293 | char *tmp; | |
4294 | pid_t pid; | |
d5aa23e6 SH |
4295 | char chrootpath[MAXPATHLEN]; |
4296 | char *directory_path = NULL; | |
d5aa23e6 | 4297 | |
b69dfc9f CB |
4298 | pid = fork(); |
4299 | if (pid < 0) { | |
4300 | SYSERROR("Failed to fork()"); | |
d5aa23e6 SH |
4301 | return false; |
4302 | } | |
b69dfc9f | 4303 | |
d5aa23e6 | 4304 | if (pid) { |
b69dfc9f CB |
4305 | ret = wait_for_pid(pid); |
4306 | if (ret != 0) { | |
4307 | ERROR("Failed to create device node"); | |
d5aa23e6 SH |
4308 | return false; |
4309 | } | |
b69dfc9f | 4310 | |
d5aa23e6 SH |
4311 | return true; |
4312 | } | |
4313 | ||
4314 | /* prepare the path */ | |
4315 | ret = snprintf(chrootpath, MAXPATHLEN, "/proc/%d/root", init_pid); | |
4316 | if (ret < 0 || ret >= MAXPATHLEN) | |
4317 | return false; | |
4318 | ||
b69dfc9f CB |
4319 | ret = chroot(chrootpath); |
4320 | if (ret < 0) | |
a7764ce7 | 4321 | _exit(EXIT_FAILURE); |
b69dfc9f CB |
4322 | |
4323 | ret = chdir("/"); | |
4324 | if (ret < 0) | |
a7764ce7 | 4325 | _exit(EXIT_FAILURE); |
b69dfc9f | 4326 | |
d5aa23e6 | 4327 | /* remove path if it exists */ |
b69dfc9f CB |
4328 | ret = faccessat(AT_FDCWD, path, F_OK, AT_SYMLINK_NOFOLLOW); |
4329 | if(ret == 0) { | |
4330 | ret = unlink(path); | |
c7d76c09 CB |
4331 | if (ret < 0) { |
4332 | ERROR("%s - Failed to remove \"%s\"", strerror(errno), path); | |
a7764ce7 | 4333 | _exit(EXIT_FAILURE); |
c7d76c09 | 4334 | } |
d5aa23e6 | 4335 | } |
b69dfc9f | 4336 | |
d5aa23e6 | 4337 | if (!add) |
a7764ce7 | 4338 | _exit(EXIT_SUCCESS); |
d5aa23e6 SH |
4339 | |
4340 | /* create any missing directories */ | |
b69dfc9f CB |
4341 | tmp = strdup(path); |
4342 | if (!tmp) | |
a7764ce7 | 4343 | _exit(EXIT_FAILURE); |
b69dfc9f CB |
4344 | |
4345 | directory_path = dirname(tmp); | |
4346 | ret = mkdir_p(directory_path, 0755); | |
4347 | if (ret < 0 && errno != EEXIST) { | |
c7d76c09 | 4348 | ERROR("%s - Failed to create path \"%s\"", strerror(errno), directory_path); |
b69dfc9f | 4349 | free(tmp); |
a7764ce7 | 4350 | _exit(EXIT_FAILURE); |
d5aa23e6 SH |
4351 | } |
4352 | ||
4353 | /* create the device node */ | |
b69dfc9f CB |
4354 | ret = mknod(path, st->st_mode, st->st_rdev); |
4355 | free(tmp); | |
c7d76c09 CB |
4356 | if (ret < 0) { |
4357 | ERROR("%s - Failed to create device node at \"%s\"", strerror(errno), path); | |
a7764ce7 | 4358 | _exit(EXIT_FAILURE); |
c7d76c09 | 4359 | } |
d5aa23e6 | 4360 | |
a7764ce7 | 4361 | _exit(EXIT_SUCCESS); |
d5aa23e6 SH |
4362 | } |
4363 | ||
f0ca2726 | 4364 | static bool add_remove_device_node(struct lxc_container *c, const char *src_path, const char *dest_path, bool add) |
a9a0ed90 ÇO |
4365 | { |
4366 | int ret; | |
4367 | struct stat st; | |
238b3e5e | 4368 | char value[LXC_MAX_BUFFER]; |
f0ca2726 | 4369 | const char *p; |
a9a0ed90 ÇO |
4370 | |
4371 | /* make sure container is running */ | |
858377e4 | 4372 | if (!do_lxcapi_is_running(c)) { |
a9a0ed90 | 4373 | ERROR("container is not running"); |
d5aa23e6 | 4374 | return false; |
a9a0ed90 ÇO |
4375 | } |
4376 | ||
4377 | /* use src_path if dest_path is NULL otherwise use dest_path */ | |
4378 | p = dest_path ? dest_path : src_path; | |
4379 | ||
a9a0ed90 ÇO |
4380 | /* make sure we can access p */ |
4381 | if(access(p, F_OK) < 0 || stat(p, &st) < 0) | |
d5aa23e6 | 4382 | return false; |
a9a0ed90 ÇO |
4383 | |
4384 | /* continue if path is character device or block device */ | |
c6a9b0d7 | 4385 | if (S_ISCHR(st.st_mode)) |
238b3e5e | 4386 | ret = snprintf(value, LXC_MAX_BUFFER, "c %d:%d rwm", major(st.st_rdev), minor(st.st_rdev)); |
c6a9b0d7 | 4387 | else if (S_ISBLK(st.st_mode)) |
238b3e5e | 4388 | ret = snprintf(value, LXC_MAX_BUFFER, "b %d:%d rwm", major(st.st_rdev), minor(st.st_rdev)); |
a9a0ed90 | 4389 | else |
d5aa23e6 | 4390 | return false; |
a9a0ed90 ÇO |
4391 | |
4392 | /* check snprintf return code */ | |
238b3e5e | 4393 | if (ret < 0 || ret >= LXC_MAX_BUFFER) |
d5aa23e6 | 4394 | return false; |
a9a0ed90 | 4395 | |
858377e4 | 4396 | if (!do_add_remove_node(do_lxcapi_init_pid(c), p, add, &st)) |
d5aa23e6 | 4397 | return false; |
a9a0ed90 | 4398 | |
d5aa23e6 | 4399 | /* add or remove device to/from cgroup access list */ |
a9a0ed90 | 4400 | if (add) { |
858377e4 | 4401 | if (!do_lxcapi_set_cgroup_item(c, "devices.allow", value)) { |
a9a0ed90 | 4402 | ERROR("set_cgroup_item failed while adding the device node"); |
d5aa23e6 | 4403 | return false; |
a9a0ed90 ÇO |
4404 | } |
4405 | } else { | |
858377e4 | 4406 | if (!do_lxcapi_set_cgroup_item(c, "devices.deny", value)) { |
a9a0ed90 | 4407 | ERROR("set_cgroup_item failed while removing the device node"); |
d5aa23e6 | 4408 | return false; |
a9a0ed90 ÇO |
4409 | } |
4410 | } | |
d5aa23e6 | 4411 | |
a9a0ed90 | 4412 | return true; |
a9a0ed90 ÇO |
4413 | } |
4414 | ||
858377e4 | 4415 | static bool do_lxcapi_add_device_node(struct lxc_container *c, const char *src_path, const char *dest_path) |
a9a0ed90 | 4416 | { |
e0010464 | 4417 | // cannot mknod if we're not privileged wrt init_user_ns |
5384e99d | 4418 | if (am_host_unpriv()) { |
238b3e5e | 4419 | ERROR(LXC_UNPRIV_EOPNOTSUPP, __FUNCTION__); |
c868b261 ÇO |
4420 | return false; |
4421 | } | |
a9a0ed90 ÇO |
4422 | return add_remove_device_node(c, src_path, dest_path, true); |
4423 | } | |
4424 | ||
858377e4 SH |
4425 | WRAP_API_2(bool, lxcapi_add_device_node, const char *, const char *) |
4426 | ||
4427 | static bool do_lxcapi_remove_device_node(struct lxc_container *c, const char *src_path, const char *dest_path) | |
a9a0ed90 | 4428 | { |
e0010464 | 4429 | if (am_guest_unpriv()) { |
238b3e5e | 4430 | ERROR(LXC_UNPRIV_EOPNOTSUPP, __FUNCTION__); |
c868b261 ÇO |
4431 | return false; |
4432 | } | |
a9a0ed90 ÇO |
4433 | return add_remove_device_node(c, src_path, dest_path, false); |
4434 | } | |
4435 | ||
858377e4 SH |
4436 | WRAP_API_2(bool, lxcapi_remove_device_node, const char *, const char *) |
4437 | ||
c7d76c09 CB |
4438 | static bool do_lxcapi_attach_interface(struct lxc_container *c, |
4439 | const char *ifname, | |
4440 | const char *dst_ifname) | |
e58fae8f | 4441 | { |
c7d76c09 | 4442 | pid_t init_pid; |
e58fae8f | 4443 | int ret = 0; |
c7d76c09 | 4444 | |
e0010464 | 4445 | if (am_guest_unpriv()) { |
238b3e5e | 4446 | ERROR(LXC_UNPRIV_EOPNOTSUPP, __FUNCTION__); |
e58fae8f DY |
4447 | return false; |
4448 | } | |
4449 | ||
4450 | if (!ifname) { | |
4451 | ERROR("No source interface name given"); | |
4452 | return false; | |
4453 | } | |
4454 | ||
4455 | ret = lxc_netdev_isup(ifname); | |
e5848d39 SH |
4456 | if (ret > 0) { |
4457 | /* netdev of ifname is up. */ | |
e58fae8f DY |
4458 | ret = lxc_netdev_down(ifname); |
4459 | if (ret) | |
4460 | goto err; | |
4461 | } | |
4462 | ||
c7d76c09 CB |
4463 | init_pid = do_lxcapi_init_pid(c); |
4464 | ret = lxc_netdev_move_by_name(ifname, init_pid, dst_ifname); | |
e58fae8f DY |
4465 | if (ret) |
4466 | goto err; | |
4467 | ||
c7d76c09 | 4468 | INFO("Moved network device \"%s\" to network namespace of %d", ifname, init_pid); |
e58fae8f | 4469 | return true; |
e5848d39 | 4470 | |
e58fae8f | 4471 | err: |
e58fae8f DY |
4472 | return false; |
4473 | } | |
4474 | ||
858377e4 SH |
4475 | WRAP_API_2(bool, lxcapi_attach_interface, const char *, const char *) |
4476 | ||
c7d76c09 CB |
4477 | static bool do_lxcapi_detach_interface(struct lxc_container *c, |
4478 | const char *ifname, | |
4479 | const char *dst_ifname) | |
e58fae8f | 4480 | { |
c7d76c09 | 4481 | int ret; |
e58fae8f DY |
4482 | pid_t pid, pid_outside; |
4483 | ||
e0010464 SH |
4484 | /* |
4485 | * TODO - if this is a physical device, then we need am_host_unpriv. | |
4486 | * But for other types guest privilege suffices. | |
4487 | */ | |
4488 | if (am_guest_unpriv()) { | |
238b3e5e | 4489 | ERROR(LXC_UNPRIV_EOPNOTSUPP, __FUNCTION__); |
e58fae8f DY |
4490 | return false; |
4491 | } | |
4492 | ||
4493 | if (!ifname) { | |
4494 | ERROR("No source interface name given"); | |
4495 | return false; | |
4496 | } | |
4497 | ||
0059379f | 4498 | pid_outside = lxc_raw_getpid(); |
e58fae8f DY |
4499 | pid = fork(); |
4500 | if (pid < 0) { | |
c7d76c09 | 4501 | ERROR("Failed to fork"); |
e58fae8f DY |
4502 | return false; |
4503 | } | |
4504 | ||
1a0e70ac | 4505 | if (pid == 0) { /* child */ |
acbfeda8 CB |
4506 | pid_t init_pid; |
4507 | ||
4508 | init_pid = do_lxcapi_init_pid(c); | |
4509 | if (!switch_to_ns(init_pid, "net")) { | |
4510 | ERROR("Failed to enter network namespace"); | |
8d7b6c25 | 4511 | _exit(EXIT_FAILURE); |
e58fae8f DY |
4512 | } |
4513 | ||
4514 | ret = lxc_netdev_isup(ifname); | |
c7d76c09 CB |
4515 | if (ret < 0) { |
4516 | ERROR("Failed to determine whether network device \"%s\" is up", ifname); | |
8d7b6c25 | 4517 | _exit(EXIT_FAILURE); |
c7d76c09 | 4518 | } |
e58fae8f DY |
4519 | |
4520 | /* netdev of ifname is up. */ | |
4521 | if (ret) { | |
4522 | ret = lxc_netdev_down(ifname); | |
c7d76c09 CB |
4523 | if (ret) { |
4524 | ERROR("Failed to set network device \"%s\" down", ifname); | |
8d7b6c25 | 4525 | _exit(EXIT_FAILURE); |
c7d76c09 | 4526 | } |
e58fae8f DY |
4527 | } |
4528 | ||
4529 | ret = lxc_netdev_move_by_name(ifname, pid_outside, dst_ifname); | |
c7d76c09 CB |
4530 | /* -EINVAL means there is no netdev named as ifname. */ |
4531 | if (ret < 0) { | |
4532 | if (ret == -EINVAL) | |
4533 | ERROR("Network device \"%s\" not found", ifname); | |
4534 | else | |
4535 | ERROR("Failed to remove network device \"%s\"", ifname); | |
8d7b6c25 | 4536 | _exit(EXIT_FAILURE); |
e58fae8f | 4537 | } |
c7d76c09 | 4538 | |
8d7b6c25 | 4539 | _exit(EXIT_SUCCESS); |
e58fae8f DY |
4540 | } |
4541 | ||
c7d76c09 CB |
4542 | ret = wait_for_pid(pid); |
4543 | if (ret != 0) | |
e58fae8f DY |
4544 | return false; |
4545 | ||
c7d76c09 | 4546 | INFO("Moved network device \"%s\" to network namespace of %d", ifname, pid_outside); |
e58fae8f DY |
4547 | return true; |
4548 | } | |
4549 | ||
858377e4 SH |
4550 | WRAP_API_2(bool, lxcapi_detach_interface, const char *, const char *) |
4551 | ||
aef3d51e TA |
4552 | static int do_lxcapi_migrate(struct lxc_container *c, unsigned int cmd, |
4553 | struct migrate_opts *opts, unsigned int size) | |
bbd4e13e | 4554 | { |
6b9be523 | 4555 | int ret = -1; |
2cb80427 | 4556 | struct migrate_opts *valid_opts = opts; |
b5b12b9e | 4557 | uint64_t features_to_check = 0; |
85c50991 | 4558 | |
aef3d51e TA |
4559 | /* If the caller has a bigger (newer) struct migrate_opts, let's make |
4560 | * sure that the stuff on the end is zero, i.e. that they didn't ask us | |
4561 | * to do anything special. | |
4562 | */ | |
4563 | if (size > sizeof(*opts)) { | |
4564 | unsigned char *addr; | |
4565 | unsigned char *end; | |
4566 | ||
4567 | addr = (void *)opts + sizeof(*opts); | |
4568 | end = (void *)opts + size; | |
4569 | for (; addr < end; addr++) { | |
4570 | if (*addr) { | |
4571 | return -E2BIG; | |
4572 | } | |
4573 | } | |
85c50991 TA |
4574 | } |
4575 | ||
2cb80427 TA |
4576 | /* If the caller has a smaller struct, let's zero out the end for them |
4577 | * so we don't accidentally use bits of it that they didn't know about | |
4578 | * to initialize. | |
4579 | */ | |
4580 | if (size < sizeof(*opts)) { | |
4581 | valid_opts = malloc(sizeof(*opts)); | |
4582 | if (!valid_opts) | |
4583 | return -ENOMEM; | |
4584 | ||
4585 | memset(valid_opts, 0, sizeof(*opts)); | |
4586 | memcpy(valid_opts, opts, size); | |
4587 | } | |
4588 | ||
aef3d51e TA |
4589 | switch (cmd) { |
4590 | case MIGRATE_PRE_DUMP: | |
7ad13c91 TA |
4591 | if (!do_lxcapi_is_running(c)) { |
4592 | ERROR("container is not running"); | |
6b9be523 | 4593 | goto on_error; |
7ad13c91 | 4594 | } |
2cb80427 | 4595 | ret = !__criu_pre_dump(c, valid_opts); |
aef3d51e TA |
4596 | break; |
4597 | case MIGRATE_DUMP: | |
7ad13c91 TA |
4598 | if (!do_lxcapi_is_running(c)) { |
4599 | ERROR("container is not running"); | |
6b9be523 | 4600 | goto on_error; |
7ad13c91 | 4601 | } |
2cb80427 | 4602 | ret = !__criu_dump(c, valid_opts); |
aef3d51e TA |
4603 | break; |
4604 | case MIGRATE_RESTORE: | |
7ad13c91 TA |
4605 | if (do_lxcapi_is_running(c)) { |
4606 | ERROR("container is already running"); | |
6b9be523 | 4607 | goto on_error; |
7ad13c91 | 4608 | } |
2cb80427 | 4609 | ret = !__criu_restore(c, valid_opts); |
aef3d51e | 4610 | break; |
b5b12b9e AR |
4611 | case MIGRATE_FEATURE_CHECK: |
4612 | features_to_check = valid_opts->features_to_check; | |
4613 | ret = !__criu_check_feature(&features_to_check); | |
4614 | if (ret) { | |
4615 | /* Something went wrong. Let's let the caller | |
4616 | * know which feature checks failed. */ | |
4617 | valid_opts->features_to_check = features_to_check; | |
4618 | } | |
4619 | break; | |
aef3d51e TA |
4620 | default: |
4621 | ERROR("invalid migrate command %u", cmd); | |
4622 | ret = -EINVAL; | |
4623 | } | |
735f2c6e | 4624 | |
6b9be523 | 4625 | on_error: |
f686506d TA |
4626 | if (size < sizeof(*opts)) |
4627 | free(valid_opts); | |
4628 | ||
aef3d51e TA |
4629 | return ret; |
4630 | } | |
735f2c6e | 4631 | |
aef3d51e | 4632 | WRAP_API_3(int, lxcapi_migrate, unsigned int, struct migrate_opts *, unsigned int) |
735f2c6e | 4633 | |
aef3d51e TA |
4634 | static bool do_lxcapi_checkpoint(struct lxc_container *c, char *directory, bool stop, bool verbose) |
4635 | { | |
ebb088e1 AR |
4636 | struct migrate_opts opts; |
4637 | ||
4638 | memset(&opts, 0, sizeof(opts)); | |
4639 | ||
4640 | opts.directory = directory; | |
4641 | opts.stop = stop; | |
4642 | opts.verbose = verbose; | |
735f2c6e | 4643 | |
aef3d51e | 4644 | return !do_lxcapi_migrate(c, MIGRATE_DUMP, &opts, sizeof(opts)); |
735f2c6e TA |
4645 | } |
4646 | ||
858377e4 SH |
4647 | WRAP_API_3(bool, lxcapi_checkpoint, char *, bool, bool) |
4648 | ||
4649 | static bool do_lxcapi_restore(struct lxc_container *c, char *directory, bool verbose) | |
c9d8f2ee | 4650 | { |
ebb088e1 AR |
4651 | struct migrate_opts opts; |
4652 | ||
4653 | memset(&opts, 0, sizeof(opts)); | |
4654 | ||
4655 | opts.directory = directory; | |
4656 | opts.verbose = verbose; | |
c9d8f2ee | 4657 | |
aef3d51e | 4658 | return !do_lxcapi_migrate(c, MIGRATE_RESTORE, &opts, sizeof(opts)); |
735f2c6e TA |
4659 | } |
4660 | ||
858377e4 SH |
4661 | WRAP_API_2(bool, lxcapi_restore, char *, bool) |
4662 | ||
a0e93eeb CS |
4663 | static int lxcapi_attach_run_waitl(struct lxc_container *c, lxc_attach_options_t *options, const char *program, const char *arg, ...) |
4664 | { | |
4665 | va_list ap; | |
4666 | const char **argv; | |
4667 | int ret; | |
4668 | ||
4669 | if (!c) | |
4670 | return -1; | |
4671 | ||
858377e4 SH |
4672 | current_config = c->lxc_conf; |
4673 | ||
a0e93eeb CS |
4674 | va_start(ap, arg); |
4675 | argv = lxc_va_arg_list_to_argv_const(ap, 1); | |
4676 | va_end(ap); | |
4677 | ||
4678 | if (!argv) { | |
4679 | ERROR("Memory allocation error."); | |
858377e4 SH |
4680 | ret = -1; |
4681 | goto out; | |
a0e93eeb CS |
4682 | } |
4683 | argv[0] = arg; | |
4684 | ||
858377e4 | 4685 | ret = do_lxcapi_attach_run_wait(c, options, program, (const char * const *)argv); |
a0e93eeb | 4686 | free((void*)argv); |
858377e4 SH |
4687 | out: |
4688 | current_config = NULL; | |
a0e93eeb CS |
4689 | return ret; |
4690 | } | |
4691 | ||
afeecbba | 4692 | struct lxc_container *lxc_container_new(const char *name, const char *configpath) |
72d0e1cb SG |
4693 | { |
4694 | struct lxc_container *c; | |
72d0e1cb | 4695 | |
18aa217b SH |
4696 | if (!name) |
4697 | return NULL; | |
4698 | ||
72d0e1cb SG |
4699 | c = malloc(sizeof(*c)); |
4700 | if (!c) { | |
e9e29a33 | 4701 | fprintf(stderr, "Failed to allocate memory for %s\n", name); |
72d0e1cb SG |
4702 | return NULL; |
4703 | } | |
4704 | memset(c, 0, sizeof(*c)); | |
4705 | ||
afeecbba SH |
4706 | if (configpath) |
4707 | c->config_path = strdup(configpath); | |
4708 | else | |
593e8478 | 4709 | c->config_path = strdup(lxc_global_config_value("lxc.lxcpath")); |
afeecbba | 4710 | |
2a59a681 | 4711 | if (!c->config_path) { |
e9e29a33 | 4712 | fprintf(stderr, "Failed to allocate memory for %s\n", name); |
2a59a681 SH |
4713 | goto err; |
4714 | } | |
4715 | ||
f5dd1d53 | 4716 | remove_trailing_slashes(c->config_path); |
72d0e1cb SG |
4717 | c->name = malloc(strlen(name)+1); |
4718 | if (!c->name) { | |
e9e29a33 | 4719 | fprintf(stderr, "Failed to allocate memory for %s\n", name); |
72d0e1cb SG |
4720 | goto err; |
4721 | } | |
4722 | strcpy(c->name, name); | |
4723 | ||
4724 | c->numthreads = 1; | |
e9e29a33 CB |
4725 | c->slock = lxc_newlock(c->config_path, name); |
4726 | if (!c->slock) { | |
4727 | fprintf(stderr, "Failed to create lock for %s\n", name); | |
72d0e1cb SG |
4728 | goto err; |
4729 | } | |
4730 | ||
e9e29a33 CB |
4731 | c->privlock = lxc_newlock(NULL, NULL); |
4732 | if (!c->privlock) { | |
4733 | fprintf(stderr, "Failed to create private lock for %s\n", name); | |
72d0e1cb SG |
4734 | goto err; |
4735 | } | |
4736 | ||
afeecbba | 4737 | if (!set_config_filename(c)) { |
e9e29a33 | 4738 | fprintf(stderr, "Failed to create config file name for %s\n", name); |
72d0e1cb SG |
4739 | goto err; |
4740 | } | |
72d0e1cb | 4741 | |
e9e29a33 CB |
4742 | if (file_exists(c->configfile) && !lxcapi_load_config(c, NULL)) { |
4743 | fprintf(stderr, "Failed to load config for %s\n", name); | |
bac806d1 | 4744 | goto err; |
e9e29a33 | 4745 | } |
72d0e1cb | 4746 | |
3e625e2d | 4747 | if (ongoing_create(c) == 2) { |
e9e29a33 | 4748 | ERROR("Failed to complete container creation for %s", c->name); |
17a367d8 | 4749 | container_destroy(c, NULL); |
4df7f012 | 4750 | lxcapi_clear_config(c); |
3e625e2d | 4751 | } |
a2739df5 | 4752 | c->daemonize = true; |
72cf75fa | 4753 | c->pidfile = NULL; |
3e625e2d | 4754 | |
1a0e70ac | 4755 | /* Assign the member functions. */ |
72d0e1cb SG |
4756 | c->is_defined = lxcapi_is_defined; |
4757 | c->state = lxcapi_state; | |
4758 | c->is_running = lxcapi_is_running; | |
4759 | c->freeze = lxcapi_freeze; | |
4760 | c->unfreeze = lxcapi_unfreeze; | |
0115f8fd | 4761 | c->console = lxcapi_console; |
b5159817 | 4762 | c->console_getfd = lxcapi_console_getfd; |
72d0e1cb SG |
4763 | c->init_pid = lxcapi_init_pid; |
4764 | c->load_config = lxcapi_load_config; | |
4765 | c->want_daemonize = lxcapi_want_daemonize; | |
130a1888 | 4766 | c->want_close_all_fds = lxcapi_want_close_all_fds; |
72d0e1cb SG |
4767 | c->start = lxcapi_start; |
4768 | c->startl = lxcapi_startl; | |
4769 | c->stop = lxcapi_stop; | |
4770 | c->config_file_name = lxcapi_config_file_name; | |
4771 | c->wait = lxcapi_wait; | |
4772 | c->set_config_item = lxcapi_set_config_item; | |
4773 | c->destroy = lxcapi_destroy; | |
18aa217b | 4774 | c->destroy_with_snapshots = lxcapi_destroy_with_snapshots; |
06e5650e | 4775 | c->rename = lxcapi_rename; |
72d0e1cb SG |
4776 | c->save_config = lxcapi_save_config; |
4777 | c->get_keys = lxcapi_get_keys; | |
4778 | c->create = lxcapi_create; | |
4779 | c->createl = lxcapi_createl; | |
4780 | c->shutdown = lxcapi_shutdown; | |
3e625e2d | 4781 | c->reboot = lxcapi_reboot; |
d39b10eb | 4782 | c->reboot2 = lxcapi_reboot2; |
4df7f012 | 4783 | c->clear_config = lxcapi_clear_config; |
72d0e1cb SG |
4784 | c->clear_config_item = lxcapi_clear_config_item; |
4785 | c->get_config_item = lxcapi_get_config_item; | |
8ac18377 | 4786 | c->get_running_config_item = lxcapi_get_running_config_item; |
794dd120 SH |
4787 | c->get_cgroup_item = lxcapi_get_cgroup_item; |
4788 | c->set_cgroup_item = lxcapi_set_cgroup_item; | |
2a59a681 SH |
4789 | c->get_config_path = lxcapi_get_config_path; |
4790 | c->set_config_path = lxcapi_set_config_path; | |
9be53773 | 4791 | c->clone = lxcapi_clone; |
799f29ab | 4792 | c->get_interfaces = lxcapi_get_interfaces; |
9c83a661 | 4793 | c->get_ips = lxcapi_get_ips; |
a0e93eeb CS |
4794 | c->attach = lxcapi_attach; |
4795 | c->attach_run_wait = lxcapi_attach_run_wait; | |
4796 | c->attach_run_waitl = lxcapi_attach_run_waitl; | |
f5dd1d53 SH |
4797 | c->snapshot = lxcapi_snapshot; |
4798 | c->snapshot_list = lxcapi_snapshot_list; | |
4799 | c->snapshot_restore = lxcapi_snapshot_restore; | |
771d96b3 | 4800 | c->snapshot_destroy = lxcapi_snapshot_destroy; |
18aa217b | 4801 | c->snapshot_destroy_all = lxcapi_snapshot_destroy_all; |
b494d2dd | 4802 | c->may_control = lxcapi_may_control; |
a9a0ed90 ÇO |
4803 | c->add_device_node = lxcapi_add_device_node; |
4804 | c->remove_device_node = lxcapi_remove_device_node; | |
e58fae8f DY |
4805 | c->attach_interface = lxcapi_attach_interface; |
4806 | c->detach_interface = lxcapi_detach_interface; | |
735f2c6e TA |
4807 | c->checkpoint = lxcapi_checkpoint; |
4808 | c->restore = lxcapi_restore; | |
aef3d51e | 4809 | c->migrate = lxcapi_migrate; |
191d43cc | 4810 | c->console_log = lxcapi_console_log; |
72d0e1cb | 4811 | |
72d0e1cb SG |
4812 | return c; |
4813 | ||
4814 | err: | |
4815 | lxc_container_free(c); | |
4816 | return NULL; | |
4817 | } | |
4818 | ||
4a7c7daa | 4819 | int lxc_get_wait_states(const char **states) |
72d0e1cb SG |
4820 | { |
4821 | int i; | |
4822 | ||
4823 | if (states) | |
4824 | for (i=0; i<MAX_STATE; i++) | |
4825 | states[i] = lxc_state2str(i); | |
4826 | return MAX_STATE; | |
4827 | } | |
a41f104b | 4828 | |
a41f104b SH |
4829 | /* |
4830 | * These next two could probably be done smarter with reusing a common function | |
4831 | * with different iterators and tests... | |
4832 | */ | |
4833 | int list_defined_containers(const char *lxcpath, char ***names, struct lxc_container ***cret) | |
4834 | { | |
4835 | DIR *dir; | |
4836 | int i, cfound = 0, nfound = 0; | |
74f96976 | 4837 | struct dirent *direntp; |
a41f104b SH |
4838 | struct lxc_container *c; |
4839 | ||
4840 | if (!lxcpath) | |
593e8478 | 4841 | lxcpath = lxc_global_config_value("lxc.lxcpath"); |
a41f104b | 4842 | |
a41f104b | 4843 | dir = opendir(lxcpath); |
a41f104b SH |
4844 | if (!dir) { |
4845 | SYSERROR("opendir on lxcpath"); | |
4846 | return -1; | |
4847 | } | |
4848 | ||
4849 | if (cret) | |
4850 | *cret = NULL; | |
4851 | if (names) | |
4852 | *names = NULL; | |
4853 | ||
74f96976 | 4854 | while ((direntp = readdir(dir))) { |
a41f104b SH |
4855 | if (!direntp) |
4856 | break; | |
e4ebeab1 | 4857 | |
1a0e70ac | 4858 | /* Ignore '.', '..' and any hidden directory. */ |
e4ebeab1 | 4859 | if (!strncmp(direntp->d_name, ".", 1)) |
a41f104b SH |
4860 | continue; |
4861 | ||
4862 | if (!config_file_exists(lxcpath, direntp->d_name)) | |
4863 | continue; | |
4864 | ||
4865 | if (names) { | |
9c88ff1f | 4866 | if (!add_to_array(names, direntp->d_name, cfound)) |
a41f104b SH |
4867 | goto free_bad; |
4868 | } | |
4869 | cfound++; | |
4870 | ||
4871 | if (!cret) { | |
4872 | nfound++; | |
4873 | continue; | |
4874 | } | |
4875 | ||
4876 | c = lxc_container_new(direntp->d_name, lxcpath); | |
4877 | if (!c) { | |
4878 | INFO("Container %s:%s has a config but could not be loaded", | |
4879 | lxcpath, direntp->d_name); | |
4880 | if (names) | |
9c88ff1f ÇO |
4881 | if(!remove_from_array(names, direntp->d_name, cfound--)) |
4882 | goto free_bad; | |
a41f104b SH |
4883 | continue; |
4884 | } | |
858377e4 | 4885 | if (!do_lxcapi_is_defined(c)) { |
a41f104b SH |
4886 | INFO("Container %s:%s has a config but is not defined", |
4887 | lxcpath, direntp->d_name); | |
4888 | if (names) | |
9c88ff1f ÇO |
4889 | if(!remove_from_array(names, direntp->d_name, cfound--)) |
4890 | goto free_bad; | |
a41f104b SH |
4891 | lxc_container_put(c); |
4892 | continue; | |
4893 | } | |
4894 | ||
2871830a | 4895 | if (!add_to_clist(cret, c, nfound, true)) { |
a41f104b SH |
4896 | lxc_container_put(c); |
4897 | goto free_bad; | |
4898 | } | |
4899 | nfound++; | |
4900 | } | |
4901 | ||
a41f104b | 4902 | closedir(dir); |
a41f104b SH |
4903 | return nfound; |
4904 | ||
4905 | free_bad: | |
4906 | if (names && *names) { | |
4907 | for (i=0; i<cfound; i++) | |
4908 | free((*names)[i]); | |
4909 | free(*names); | |
4910 | } | |
4911 | if (cret && *cret) { | |
4912 | for (i=0; i<nfound; i++) | |
4913 | lxc_container_put((*cret)[i]); | |
4914 | free(*cret); | |
4915 | } | |
a41f104b | 4916 | closedir(dir); |
a41f104b SH |
4917 | return -1; |
4918 | } | |
4919 | ||
148a9d27 DE |
4920 | int list_active_containers(const char *lxcpath, char ***nret, |
4921 | struct lxc_container ***cret) | |
a41f104b | 4922 | { |
148a9d27 | 4923 | int i, ret = -1, cret_cnt = 0, ct_name_cnt = 0; |
a41f104b SH |
4924 | int lxcpath_len; |
4925 | char *line = NULL; | |
148a9d27 | 4926 | char **ct_name = NULL; |
a41f104b | 4927 | size_t len = 0; |
97bc2422 | 4928 | struct lxc_container *c = NULL; |
88556fd7 | 4929 | bool is_hashed; |
a41f104b SH |
4930 | |
4931 | if (!lxcpath) | |
593e8478 | 4932 | lxcpath = lxc_global_config_value("lxc.lxcpath"); |
a41f104b SH |
4933 | lxcpath_len = strlen(lxcpath); |
4934 | ||
4935 | if (cret) | |
4936 | *cret = NULL; | |
148a9d27 DE |
4937 | if (nret) |
4938 | *nret = NULL; | |
a41f104b | 4939 | |
a41f104b | 4940 | FILE *f = fopen("/proc/net/unix", "r"); |
a41f104b SH |
4941 | if (!f) |
4942 | return -1; | |
4943 | ||
4944 | while (getline(&line, &len, f) != -1) { | |
88556fd7 | 4945 | |
0f8f9c8a | 4946 | char *p = strrchr(line, ' '), *p2; |
a41f104b SH |
4947 | if (!p) |
4948 | continue; | |
4949 | p++; | |
4950 | if (*p != 0x40) | |
4951 | continue; | |
4952 | p++; | |
88556fd7 ÇO |
4953 | |
4954 | is_hashed = false; | |
4955 | if (strncmp(p, lxcpath, lxcpath_len) == 0) { | |
4956 | p += lxcpath_len; | |
4957 | } else if (strncmp(p, "lxc/", 4) == 0) { | |
4958 | p += 4; | |
4959 | is_hashed = true; | |
4960 | } else { | |
a41f104b | 4961 | continue; |
88556fd7 ÇO |
4962 | } |
4963 | ||
a41f104b SH |
4964 | while (*p == '/') |
4965 | p++; | |
4966 | ||
1a0e70ac | 4967 | /* Now p is the start of lxc_name. */ |
46cd2845 | 4968 | p2 = strchr(p, '/'); |
a41f104b SH |
4969 | if (!p2 || strncmp(p2, "/command", 8) != 0) |
4970 | continue; | |
4971 | *p2 = '\0'; | |
4972 | ||
88556fd7 | 4973 | if (is_hashed) { |
899a9f55 CB |
4974 | char *recvpath = lxc_cmd_get_lxcpath(p); |
4975 | if (!recvpath) | |
4976 | continue; | |
4977 | if (strncmp(lxcpath, recvpath, lxcpath_len) != 0) | |
88556fd7 ÇO |
4978 | continue; |
4979 | p = lxc_cmd_get_name(p); | |
ee2d7093 L |
4980 | if (!p) |
4981 | continue; | |
88556fd7 ÇO |
4982 | } |
4983 | ||
148a9d27 | 4984 | if (array_contains(&ct_name, p, ct_name_cnt)) |
9c88ff1f ÇO |
4985 | continue; |
4986 | ||
148a9d27 DE |
4987 | if (!add_to_array(&ct_name, p, ct_name_cnt)) |
4988 | goto free_cret_list; | |
9c88ff1f | 4989 | |
148a9d27 | 4990 | ct_name_cnt++; |
a41f104b | 4991 | |
148a9d27 | 4992 | if (!cret) |
a41f104b | 4993 | continue; |
a41f104b SH |
4994 | |
4995 | c = lxc_container_new(p, lxcpath); | |
4996 | if (!c) { | |
4997 | INFO("Container %s:%s is running but could not be loaded", | |
4998 | lxcpath, p); | |
148a9d27 | 4999 | remove_from_array(&ct_name, p, ct_name_cnt--); |
a41f104b SH |
5000 | continue; |
5001 | } | |
5002 | ||
5003 | /* | |
5004 | * If this is an anonymous container, then is_defined *can* | |
5005 | * return false. So we don't do that check. Count on the | |
5006 | * fact that the command socket exists. | |
5007 | */ | |
5008 | ||
148a9d27 | 5009 | if (!add_to_clist(cret, c, cret_cnt, true)) { |
a41f104b | 5010 | lxc_container_put(c); |
148a9d27 | 5011 | goto free_cret_list; |
a41f104b | 5012 | } |
148a9d27 | 5013 | cret_cnt++; |
a41f104b SH |
5014 | } |
5015 | ||
97bc2422 CB |
5016 | if (nret && cret && cret_cnt != ct_name_cnt) { |
5017 | if (c) | |
5018 | lxc_container_put(c); | |
5019 | goto free_cret_list; | |
5020 | } | |
5021 | ||
148a9d27 DE |
5022 | ret = ct_name_cnt; |
5023 | if (nret) | |
5024 | *nret = ct_name; | |
5025 | else | |
5026 | goto free_ct_name; | |
5027 | goto out; | |
a41f104b | 5028 | |
148a9d27 | 5029 | free_cret_list: |
a41f104b | 5030 | if (cret && *cret) { |
148a9d27 | 5031 | for (i = 0; i < cret_cnt; i++) |
a41f104b SH |
5032 | lxc_container_put((*cret)[i]); |
5033 | free(*cret); | |
5034 | } | |
148a9d27 DE |
5035 | |
5036 | free_ct_name: | |
5037 | if (ct_name) { | |
5038 | for (i = 0; i < ct_name_cnt; i++) | |
5039 | free(ct_name[i]); | |
5040 | free(ct_name); | |
5041 | } | |
5042 | ||
5043 | out: | |
f10fad2f | 5044 | free(line); |
e853a32d | 5045 | |
a41f104b | 5046 | fclose(f); |
148a9d27 | 5047 | return ret; |
a41f104b | 5048 | } |
2871830a DE |
5049 | |
5050 | int list_all_containers(const char *lxcpath, char ***nret, | |
5051 | struct lxc_container ***cret) | |
5052 | { | |
5053 | int i, ret, active_cnt, ct_cnt, ct_list_cnt; | |
5054 | char **active_name; | |
5055 | char **ct_name; | |
5056 | struct lxc_container **ct_list = NULL; | |
5057 | ||
5058 | ct_cnt = list_defined_containers(lxcpath, &ct_name, NULL); | |
5059 | if (ct_cnt < 0) | |
5060 | return ct_cnt; | |
5061 | ||
5062 | active_cnt = list_active_containers(lxcpath, &active_name, NULL); | |
5063 | if (active_cnt < 0) { | |
5064 | ret = active_cnt; | |
5065 | goto free_ct_name; | |
5066 | } | |
5067 | ||
5068 | for (i = 0; i < active_cnt; i++) { | |
5069 | if (!array_contains(&ct_name, active_name[i], ct_cnt)) { | |
5070 | if (!add_to_array(&ct_name, active_name[i], ct_cnt)) { | |
5071 | ret = -1; | |
5072 | goto free_active_name; | |
5073 | } | |
5074 | ct_cnt++; | |
5075 | } | |
5076 | free(active_name[i]); | |
5077 | active_name[i] = NULL; | |
5078 | } | |
5079 | free(active_name); | |
5080 | active_name = NULL; | |
5081 | active_cnt = 0; | |
5082 | ||
5083 | for (i = 0, ct_list_cnt = 0; i < ct_cnt && cret; i++) { | |
5084 | struct lxc_container *c; | |
5085 | ||
5086 | c = lxc_container_new(ct_name[i], lxcpath); | |
5087 | if (!c) { | |
5088 | WARN("Container %s:%s could not be loaded", lxcpath, ct_name[i]); | |
5089 | remove_from_array(&ct_name, ct_name[i], ct_cnt--); | |
5090 | continue; | |
5091 | } | |
5092 | ||
5093 | if (!add_to_clist(&ct_list, c, ct_list_cnt, false)) { | |
5094 | lxc_container_put(c); | |
5095 | ret = -1; | |
5096 | goto free_ct_list; | |
5097 | } | |
5098 | ct_list_cnt++; | |
5099 | } | |
5100 | ||
5101 | if (cret) | |
5102 | *cret = ct_list; | |
5103 | ||
5104 | if (nret) | |
5105 | *nret = ct_name; | |
5106 | else { | |
5107 | ret = ct_cnt; | |
5108 | goto free_ct_name; | |
5109 | } | |
5110 | return ct_cnt; | |
5111 | ||
5112 | free_ct_list: | |
5113 | for (i = 0; i < ct_list_cnt; i++) { | |
5114 | lxc_container_put(ct_list[i]); | |
5115 | } | |
f10fad2f | 5116 | free(ct_list); |
2871830a DE |
5117 | |
5118 | free_active_name: | |
5119 | for (i = 0; i < active_cnt; i++) { | |
f10fad2f | 5120 | free(active_name[i]); |
2871830a | 5121 | } |
f10fad2f | 5122 | free(active_name); |
2871830a DE |
5123 | |
5124 | free_ct_name: | |
5125 | for (i = 0; i < ct_cnt; i++) { | |
5126 | free(ct_name[i]); | |
5127 | } | |
5128 | free(ct_name); | |
5129 | return ret; | |
5130 | } | |
12461428 CB |
5131 | |
5132 | bool lxc_config_item_is_supported(const char *key) | |
5133 | { | |
300df83e | 5134 | return !!lxc_get_config(key); |
12461428 | 5135 | } |