]> git.proxmox.com Git - mirror_lxc.git/blame - src/lxc/lxccontainer.c
projects / mirror_lxc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
lxc-device: rewrite lxc-device.
[mirror_lxc.git] / src / lxc / lxccontainer.c
CommitLineData
72d0e1cb
SG		 1/* liblxcapi
2 *
3 * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
4 * Copyright © 2012 Canonical Ltd.
5 *
d75462e4
SH		 6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
72d0e1cb
SG		 19 */
20
9be53773 21#define _GNU_SOURCE
148a9d27 22#include <assert.h>
a0e93eeb 23#include <stdarg.h>
71454076 24#include <pthread.h>
9be53773
SH		 25#include <unistd.h>
26#include <sys/types.h>
27#include <sys/wait.h>
4de2791f 28#include <sys/mount.h>
9be53773 29#include <errno.h>
93dc5327 30#include <fcntl.h>
9be53773 31#include <sched.h>
f5dd1d53 32#include <dirent.h>
f2363e38
ÇO		 33#include <sched.h>
34#include <arpa/inet.h>
35#include <libgen.h>
d659597e 36#include <stdint.h>
c476bdce 37#include <grp.h>
5f7eba0b 38#include <sys/syscall.h>
f2363e38
ÇO		 39
40#include <lxc/lxccontainer.h>
41#include <lxc/version.h>
e58fae8f 42#include <lxc/network.h>
f2363e38 43
9be53773 44#include "config.h"
72d0e1cb
SG		 45#include "lxc.h"
46#include "state.h"
72d0e1cb 47#include "conf.h"
72d0e1cb 48#include "confile.h"
b5159817 49#include "console.h"
72d0e1cb
SG		 50#include "cgroup.h"
51#include "commands.h"
52#include "log.h"
9be53773 53#include "bdev.h"
6a44839f 54#include "utils.h"
a0e93eeb 55#include "attach.h"
f2363e38
ÇO		 56#include "monitor.h"
57#include "namespace.h"
95ee490b 58#include "lxclock.h"
735f2c6e 59#include "sync.h"
4ba0d9af
SG		 60
61#if HAVE_IFADDRS_H
9c83a661 62#include <ifaddrs.h>
4ba0d9af
SG		 63#else
64#include <../include/ifaddrs.h>
65#endif
72d0e1cb 66
a9a0ed90
ÇO		 67#define MAX_BUFFER 4096
68
c868b261
ÇO		 69#define NOT_SUPPORTED_ERROR "the requested function %s is not currently supported with unprivileged containers"
70
5f7eba0b
SG		 71/* Define faccessat() if missing from the C library */
72#ifndef HAVE_FACCESSAT
73static int faccessat(int __fd, const char *__file, int __type, int __flag)
74{
75#ifdef __NR_faccessat
76return syscall(__NR_faccessat, __fd, __file, __type, __flag);
77#else
78errno = ENOSYS;
79return -1;
80#endif
81}
82#endif
83
84
72d0e1cb
SG		 85lxc_log_define(lxc_container, lxc);
86
a41f104b
SH		 87static bool config_file_exists(const char *lxcpath, const char *cname)
88{
89 /* $lxcpath + '/' + $cname + '/config' + \0 */
90 int ret, len = strlen(lxcpath) + strlen(cname) + 9;
91 char *fname = alloca(len);
92
93 ret = snprintf(fname, len, "%s/%s/config", lxcpath, cname);
94 if (ret < 0 || ret >= len)
95 return false;
96
97 return file_exists(fname);
98}
99
3e625e2d
SH		 100/*
101 * A few functions to help detect when a container creation failed.
102 * If a container creation was killed partway through, then trying
103 * to actually start that container could harm the host. We detect
104 * this by creating a 'partial' file under the container directory,
105 * and keeping an advisory lock. When container creation completes,
106 * we remove that file. When we load or try to start a container, if
107 * we find that file, without a flock, we remove the container.
108 */
74a3920a 109static int ongoing_create(struct lxc_container *c)
3e625e2d
SH		 110{
111 int len = strlen(c->config_path) + strlen(c->name) + 10;
112 char *path = alloca(len);
113 int fd, ret;
93dc5327
SH		 114 struct flock lk;
115
3e625e2d
SH		 116 ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name);
117 if (ret < 0 || ret >= len) {
118 ERROR("Error writing partial pathname");
119 return -1;
120 }
121
122 if (!file_exists(path))
123 return 0;
025ed0f3 124 fd = open(path, O_RDWR);
025ed0f3 125 if (fd < 0) {
3e625e2d
SH		 126 // give benefit of the doubt
127 SYSERROR("Error opening partial file");
3e625e2d
SH		 128 return 0;
129 }
93dc5327
SH		 130 lk.l_type = F_WRLCK;
131 lk.l_whence = SEEK_SET;
132 lk.l_start = 0;
133 lk.l_len = 0;
134 lk.l_pid = -1;
135 if (fcntl(fd, F_GETLK, &lk) == 0 && lk.l_pid != -1) {
3e625e2d
SH		 136 // create is still ongoing
137 close(fd);
3e625e2d
SH		 138 return 1;
139 }
140 // create completed but partial is still there.
141 close(fd);
3e625e2d
SH		 142 return 2;
143}
144
74a3920a 145static int create_partial(struct lxc_container *c)
3e625e2d
SH		 146{
147 // $lxcpath + '/' + $name + '/partial' + \0
148 int len = strlen(c->config_path) + strlen(c->name) + 10;
149 char *path = alloca(len);
150 int fd, ret;
93dc5327
SH		 151 struct flock lk;
152
3e625e2d
SH		 153 ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name);
154 if (ret < 0 || ret >= len) {
155 ERROR("Error writing partial pathname");
156 return -1;
157 }
93dc5327 158 if ((fd=open(path, O_RDWR | O_CREAT | O_EXCL, 0755)) < 0) {
3e625e2d 159 SYSERROR("Erorr creating partial file");
3e625e2d
SH		 160 return -1;
161 }
93dc5327
SH		 162 lk.l_type = F_WRLCK;
163 lk.l_whence = SEEK_SET;
164 lk.l_start = 0;
165 lk.l_len = 0;
166 if (fcntl(fd, F_SETLKW, &lk) < 0) {
3e625e2d
SH		 167 SYSERROR("Error locking partial file %s", path);
168 close(fd);
3e625e2d
SH		 169 return -1;
170 }
3e625e2d
SH		 171
172 return fd;
173}
174
74a3920a 175static void remove_partial(struct lxc_container *c, int fd)
3e625e2d
SH		 176{
177 // $lxcpath + '/' + $name + '/partial' + \0
178 int len = strlen(c->config_path) + strlen(c->name) + 10;
179 char *path = alloca(len);
180 int ret;
181
182 close(fd);
183 ret = snprintf(path, len, "%s/%s/partial", c->config_path, c->name);
184 if (ret < 0 || ret >= len) {
185 ERROR("Error writing partial pathname");
186 return;
187 }
3e625e2d
SH		 188 if (unlink(path) < 0)
189 SYSERROR("Error unlink partial file %s", path);
3e625e2d
SH		 190}
191
72d0e1cb 192/* LOCKING
3bc449ed
SH		 193 * 1. container_mem_lock(c) protects the struct lxc_container from multiple threads.
194 * 2. container_disk_lock(c) protects the on-disk container data - in particular the
195 * container configuration file.
196 * The container_disk_lock also takes the container_mem_lock.
197 * 3. thread_mutex protects process data (ex: fd table) from multiple threads.
72d0e1cb
SG		 198 * NOTHING mutexes two independent programs with their own struct
199 * lxc_container for the same c->name, between API calls. For instance,
200 * c->config_read(); c->start(); Between those calls, data on disk
201 * could change (which shouldn't bother the caller unless for instance
202 * the rootfs get moved). c->config_read(); update; c->config_write();
203 * Two such updaters could race. The callers should therefore check their
204 * results. Trying to prevent that would necessarily expose us to deadlocks
205 * due to hung callers. So I prefer to keep the locks only within our own
206 * functions, not across functions.
207 *
3bc449ed 208 * If you're going to clone while holding a lxccontainer, increment
72d0e1cb
SG		 209 * c->numthreads (under privlock) before forking. When deleting,
210 * decrement numthreads under privlock, then if it hits 0 you can delete.
211 * Do not ever use a lxccontainer whose numthreads you did not bump.
212 */
213
214static void lxc_container_free(struct lxc_container *c)
215{
216 if (!c)
217 return;
218
219 if (c->configfile) {
220 free(c->configfile);
221 c->configfile = NULL;
222 }
223 if (c->error_string) {
224 free(c->error_string);
225 c->error_string = NULL;
226 }
d95db067 227 if (c->slock) {
df271a59 228 lxc_putlock(c->slock);
d95db067
DE		 229 c->slock = NULL;
230 }
72d0e1cb 231 if (c->privlock) {
df271a59 232 lxc_putlock(c->privlock);
72d0e1cb
SG		 233 c->privlock = NULL;
234 }
235 if (c->name) {
236 free(c->name);
237 c->name = NULL;
238 }
d95db067
DE		 239 if (c->lxc_conf) {
240 lxc_conf_free(c->lxc_conf);
241 c->lxc_conf = NULL;
242 }
2a59a681
SH		 243 if (c->config_path) {
244 free(c->config_path);
245 c->config_path = NULL;
246 }
72cf75fa 247
72d0e1cb
SG		 248 free(c);
249}
250
43d1aa34
SH		 251/*
252 * Consider the following case:
253freer | racing get()er
254==================================================================
255lxc_container_put() | lxc_container_get()
256\ lxclock(c->privlock) | c->numthreads < 1? (no)
257\ c->numthreads = 0 | \ lxclock(c->privlock) -> waits
258\ lxcunlock() | \
259\ lxc_container_free() | \ lxclock() returns
260 | \ c->numthreads < 1 -> return 0
261\ \ (free stuff) |
262\ \ sem_destroy(privlock) |
263
264 * When the get()er checks numthreads the first time, one of the following
265 * is true:
266 * 1. freer has set numthreads = 0. get() returns 0
267 * 2. freer is between lxclock and setting numthreads to 0. get()er will
268 * sem_wait on privlock, get lxclock after freer() drops it, then see
269 * numthreads is 0 and exit without touching lxclock again..
270 * 3. freer has not yet locked privlock. If get()er runs first, then put()er
271 * will see --numthreads = 1 and not call lxc_container_free().
272*/
273
72d0e1cb
SG		 274int lxc_container_get(struct lxc_container *c)
275{
276 if (!c)
277 return 0;
278
43d1aa34
SH		 279 // if someone else has already started freeing the container, don't
280 // try to take the lock, which may be invalid
281 if (c->numthreads < 1)
282 return 0;
283
5cee8c50 284 if (container_mem_lock(c))
72d0e1cb
SG		 285 return 0;
286 if (c->numthreads < 1) {
287 // bail without trying to unlock, bc the privlock is now probably
288 // in freed memory
289 return 0;
290 }
291 c->numthreads++;
5cee8c50 292 container_mem_unlock(c);
72d0e1cb
SG		 293 return 1;
294}
295
296int lxc_container_put(struct lxc_container *c)
297{
298 if (!c)
299 return -1;
5cee8c50 300 if (container_mem_lock(c))
72d0e1cb
SG		 301 return -1;
302 if (--c->numthreads < 1) {
5cee8c50 303 container_mem_unlock(c);
72d0e1cb
SG		 304 lxc_container_free(c);
305 return 1;
306 }
5cee8c50 307 container_mem_unlock(c);
72d0e1cb
SG		 308 return 0;
309}
310
72d0e1cb
SG		 311static bool lxcapi_is_defined(struct lxc_container *c)
312{
313 struct stat statbuf;
314 bool ret = false;
315 int statret;
316
317 if (!c)
318 return false;
319
5cee8c50 320 if (container_mem_lock(c))
72d0e1cb
SG		 321 return false;
322 if (!c->configfile)
323 goto out;
324 statret = stat(c->configfile, &statbuf);
325 if (statret != 0)
326 goto out;
327 ret = true;
328
329out:
5cee8c50 330 container_mem_unlock(c);
72d0e1cb
SG		 331 return ret;
332}
333
334static const char *lxcapi_state(struct lxc_container *c)
335{
72d0e1cb
SG		 336 lxc_state_t s;
337
338 if (!c)
339 return NULL;
13f5be62 340 s = lxc_getstate(c->name, c->config_path);
39dc698c 341 return lxc_state2str(s);
72d0e1cb
SG		 342}
343
39dc698c 344static bool is_stopped(struct lxc_container *c)
794dd120
SH		 345{
346 lxc_state_t s;
13f5be62 347 s = lxc_getstate(c->name, c->config_path);
794dd120
SH		 348 return (s == STOPPED);
349}
350
72d0e1cb
SG		 351static bool lxcapi_is_running(struct lxc_container *c)
352{
353 const char *s;
354
355 if (!c)
356 return false;
357 s = lxcapi_state(c);
358 if (!s || strcmp(s, "STOPPED") == 0)
359 return false;
360 return true;
361}
362
363static bool lxcapi_freeze(struct lxc_container *c)
364{
365 int ret;
366 if (!c)
367 return false;
368
9123e471 369 ret = lxc_freeze(c->name, c->config_path);
72d0e1cb
SG		 370 if (ret)
371 return false;
372 return true;
373}
374
375static bool lxcapi_unfreeze(struct lxc_container *c)
376{
377 int ret;
378 if (!c)
379 return false;
380
9123e471 381 ret = lxc_unfreeze(c->name, c->config_path);
72d0e1cb
SG		 382 if (ret)
383 return false;
384 return true;
385}
386
b5159817 387static int lxcapi_console_getfd(struct lxc_container *c, int *ttynum, int *masterfd)
0115f8fd
DE		 388{
389 int ttyfd;
390 if (!c)
391 return -1;
392
b5159817 393 ttyfd = lxc_console_getfd(c, ttynum, masterfd);
0115f8fd
DE		 394 return ttyfd;
395}
396
b5159817
DE		 397static int lxcapi_console(struct lxc_container *c, int ttynum, int stdinfd,
398 int stdoutfd, int stderrfd, int escape)
399{
400 return lxc_console(c, ttynum, stdinfd, stdoutfd, stderrfd, escape);
401}
402
72d0e1cb
SG		 403static pid_t lxcapi_init_pid(struct lxc_container *c)
404{
72d0e1cb
SG		 405 if (!c)
406 return -1;
407
5cee8c50 408 return lxc_cmd_get_init_pid(c->name, c->config_path);
72d0e1cb
SG		 409}
410
12a50cc6 411static bool load_config_locked(struct lxc_container *c, const char *fname)
8eb5694b
SH		 412{
413 if (!c->lxc_conf)
414 c->lxc_conf = lxc_conf_init();
6b0d5538
SH		 415 if (!c->lxc_conf)
416 return false;
d08779d4
SH		 417 if (lxc_config_read(fname, c->lxc_conf, false) != 0)
418 return false;
d08779d4 419 return true;
8eb5694b
SH		 420}
421
12a50cc6 422static bool lxcapi_load_config(struct lxc_container *c, const char *alt_file)
72d0e1cb 423{
39dc698c
SH		 424 bool ret = false, need_disklock = false;
425 int lret;
12a50cc6 426 const char *fname;
72d0e1cb
SG		 427 if (!c)
428 return false;
429
430 fname = c->configfile;
431 if (alt_file)
432 fname = alt_file;
433 if (!fname)
434 return false;
39dc698c
SH		 435 /*
436 * If we're reading something other than the container's config,
437 * we only need to lock the in-memory container. If loading the
438 * container's config file, take the disk lock.
439 */
440 if (strcmp(fname, c->configfile) == 0)
441 need_disklock = true;
442
443 if (need_disklock)
444 lret = container_disk_lock(c);
445 else
446 lret = container_mem_lock(c);
447 if (lret)
72d0e1cb 448 return false;
39dc698c 449
8eb5694b 450 ret = load_config_locked(c, fname);
39dc698c
SH		 451
452 if (need_disklock)
453 container_disk_unlock(c);
454 else
455 container_mem_unlock(c);
72d0e1cb
SG		 456 return ret;
457}
458
540f932a 459static bool lxcapi_want_daemonize(struct lxc_container *c, bool state)
72d0e1cb 460{
497a2995 461 if (!c || !c->lxc_conf)
540f932a 462 return false;
f02abefe 463 if (container_mem_lock(c)) {
3bc449ed 464 ERROR("Error getting mem lock");
540f932a 465 return false;
3bc449ed 466 }
540f932a 467 c->daemonize = state;
83758ed0 468 /* daemonize implies close_all_fds so set it */
540f932a
SG		 469 if (state == 1)
470 c->lxc_conf->close_all_fds = 1;
3bc449ed 471 container_mem_unlock(c);
540f932a 472 return true;
72d0e1cb
SG		 473}
474
540f932a 475static bool lxcapi_want_close_all_fds(struct lxc_container *c, bool state)
130a1888
ÇO		 476{
477 if (!c || !c->lxc_conf)
49badbbe 478 return false;
130a1888
ÇO		 479 if (container_mem_lock(c)) {
480 ERROR("Error getting mem lock");
49badbbe 481 return false;
130a1888 482 }
540f932a 483 c->lxc_conf->close_all_fds = state;
130a1888 484 container_mem_unlock(c);
49badbbe 485 return true;
130a1888
ÇO		 486}
487
12a50cc6 488static bool lxcapi_wait(struct lxc_container *c, const char *state, int timeout)
7a44c8b4
SG		 489{
490 int ret;
491
492 if (!c)
493 return false;
494
67e571de 495 ret = lxc_wait(c->name, state, timeout, c->config_path);
7a44c8b4
SG		 496 return ret == 0;
497}
498
499
03f064ff 500static bool wait_on_daemonized_start(struct lxc_container *c, int pid)
7a44c8b4
SG		 501{
502 /* we'll probably want to make this timeout configurable? */
697fa639 503 int timeout = 5, ret, status;
7a44c8b4 504
697fa639
SH		 505 /*
506 * our child is going to fork again, then exit. reap the
507 * child
508 */
03f064ff 509 ret = waitpid(pid, &status, 0);
697fa639
SH		 510 if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0)
511 DEBUG("failed waiting for first dual-fork child");
7a44c8b4
SG		 512 return lxcapi_wait(c, "RUNNING", timeout);
513}
514
2d834aa8
SH		 515static bool am_single_threaded(void)
516{
517 struct dirent dirent, *direntp;
518 DIR *dir;
519 int count=0;
520
2d834aa8 521 dir = opendir("/proc/self/task");
2d834aa8
SH		 522 if (!dir) {
523 INFO("failed to open /proc/self/task");
524 return false;
525 }
526
527 while (!readdir_r(dir, &dirent, &direntp)) {
528 if (!direntp)
529 break;
530
531 if (!strcmp(direntp->d_name, "."))
532 continue;
533
534 if (!strcmp(direntp->d_name, ".."))
535 continue;
536 if (++count > 1)
537 break;
538 }
2d834aa8 539 closedir(dir);
2d834aa8
SH		 540 return count == 1;
541}
542
72d0e1cb
SG		 543/*
544 * I can't decide if it'd be more convenient for callers if we accept '...',
545 * or a null-terminated array (i.e. execl vs execv)
546 */
12a50cc6 547static bool lxcapi_start(struct lxc_container *c, int useinit, char * const argv[])
72d0e1cb
SG		 548{
549 int ret;
550 struct lxc_conf *conf;
540f932a 551 bool daemonize = false;
6eaac303 552 FILE *pid_fp = NULL;
72d0e1cb
SG		 553 char *default_args[] = {
554 "/sbin/init",
13aad0ae 555 NULL,
72d0e1cb
SG		 556 };
557
558 /* container exists */
559 if (!c)
560 return false;
561 /* container has been setup */
562 if (!c->lxc_conf)
563 return false;
564
3e625e2d
SH		 565 if ((ret = ongoing_create(c)) < 0) {
566 ERROR("Error checking for incomplete creation");
567 return false;
568 }
569 if (ret == 2) {
570 ERROR("Error: %s creation was not completed", c->name);
571 c->destroy(c);
572 return false;
573 } else if (ret == 1) {
574 ERROR("Error: creation of %s is ongoing", c->name);
575 return false;
576 }
577
72d0e1cb
SG		 578 /* is this app meant to be run through lxcinit, as in lxc-execute? */
579 if (useinit && !argv)
580 return false;
581
5cee8c50 582 if (container_mem_lock(c))
72d0e1cb
SG		 583 return false;
584 conf = c->lxc_conf;
585 daemonize = c->daemonize;
5cee8c50 586 container_mem_unlock(c);
72d0e1cb
SG		 587
588 if (useinit) {
13f5be62 589 ret = lxc_execute(c->name, argv, 1, conf, c->config_path);
72d0e1cb
SG		 590 return ret == 0 ? true : false;
591 }
592
593 if (!argv)
594 argv = default_args;
595
596 /*
597 * say, I'm not sure - what locks do we want here? Any?
598 * Is liblxc's locking enough here to protect the on disk
599 * container? We don't want to exclude things like lxc_info
600 * while container is running...
601 */
602 if (daemonize) {
e51d4895 603 lxc_monitord_spawn(c->config_path);
71454076 604
72d0e1cb 605 pid_t pid = fork();
844f7a38 606 if (pid < 0)
72d0e1cb 607 return false;
6eaac303
QH		 608
609 if (pid != 0) {
610 /* Set to NULL because we don't want father unlink
611 * the PID file, child will do the free and unlink.
612 */
613 c->pidfile = NULL;
03f064ff 614 return wait_on_daemonized_start(c, pid);
6eaac303 615 }
025ed0f3 616
697fa639
SH		 617 /* second fork to be reparented by init */
618 pid = fork();
619 if (pid < 0) {
620 SYSERROR("Error doing dual-fork");
621 return false;
622 }
623 if (pid != 0)
624 exit(0);
72d0e1cb 625 /* like daemon(), chdir to / and redirect 0,1,2 to /dev/null */
c278cef2
SH		 626 if (chdir("/")) {
627 SYSERROR("Error chdir()ing to /.");
628 return false;
629 }
9581b4b7 630 lxc_check_inherited(conf, -1);
72d0e1cb
SG		 631 close(0);
632 close(1);
633 close(2);
eddaaafd 634 open("/dev/zero", O_RDONLY);
72d0e1cb
SG		 635 open("/dev/null", O_RDWR);
636 open("/dev/null", O_RDWR);
637 setsid();
2d834aa8
SH		 638 } else {
639 if (!am_single_threaded()) {
640 ERROR("Cannot start non-daemonized container when threaded");
641 return false;
642 }
72d0e1cb
SG		 643 }
644
6eaac303
QH		 645 /* We need to write PID file after daeminize, so we always
646 * write the right PID.
647 */
648 if (c->pidfile) {
649 pid_fp = fopen(c->pidfile, "w");
650 if (pid_fp == NULL) {
651 SYSERROR("Failed to create pidfile '%s' for '%s'",
652 c->pidfile, c->name);
653 return false;
654 }
655
656 if (fprintf(pid_fp, "%d\n", getpid()) < 0) {
657 SYSERROR("Failed to write '%s'", c->pidfile);
658 fclose(pid_fp);
659 pid_fp = NULL;
660 return false;
661 }
662
663 fclose(pid_fp);
664 pid_fp = NULL;
665 }
666
72d0e1cb
SG		 667reboot:
668 conf->reboot = 0;
13f5be62 669 ret = lxc_start(c->name, argv, conf, c->config_path);
d4ef230c 670 c->error_num = ret;
72d0e1cb
SG		 671
672 if (conf->reboot) {
673 INFO("container requested reboot");
674 conf->reboot = 0;
72d0e1cb
SG		 675 goto reboot;
676 }
677
487d8008
QH		 678 if (c->pidfile) {
679 unlink(c->pidfile);
680 free(c->pidfile);
681 c->pidfile = NULL;
682 }
683
844f7a38 684 if (daemonize)
05e5d7dc 685 exit (ret == 0 ? true : false);
844f7a38 686 else
05e5d7dc 687 return (ret == 0 ? true : false);
72d0e1cb
SG		 688}
689
690/*
691 * note there MUST be an ending NULL
692 */
693static bool lxcapi_startl(struct lxc_container *c, int useinit, ...)
694{
695 va_list ap;
a0e93eeb 696 char **inargs = NULL;
72d0e1cb
SG		 697 bool bret = false;
698
699 /* container exists */
700 if (!c)
701 return false;
702
72d0e1cb 703 va_start(ap, useinit);
a0e93eeb 704 inargs = lxc_va_arg_list_to_argv(ap, 0, 1);
72d0e1cb
SG		 705 va_end(ap);
706
a0e93eeb
CS		 707 if (!inargs) {
708 ERROR("Memory allocation error.");
709 goto out;
72d0e1cb
SG		 710 }
711
a0e93eeb
CS		 712 /* pass NULL if no arguments were supplied */
713 bret = lxcapi_start(c, useinit, *inargs ? inargs : NULL);
72d0e1cb
SG		 714
715out:
716 if (inargs) {
4e03ae57
DE		 717 char **arg;
718 for (arg = inargs; *arg; arg++)
719 free(*arg);
72d0e1cb
SG		 720 free(inargs);
721 }
722
723 return bret;
724}
725
726static bool lxcapi_stop(struct lxc_container *c)
727{
728 int ret;
729
730 if (!c)
731 return false;
732
ef6e34ee 733 ret = lxc_cmd_stop(c->name, c->config_path);
72d0e1cb
SG		 734
735 return ret == 0;
72d0e1cb
SG		 736}
737
d5752559
SH		 738static int do_create_container_dir(const char *path, struct lxc_conf *conf)
739{
740 int ret = -1, lasterr;
741 char *p = alloca(strlen(path)+1);
742 mode_t mask = umask(0002);
743 ret = mkdir(path, 0770);
744 lasterr = errno;
745 umask(mask);
746 errno = lasterr;
747 if (ret) {
748 if (errno == EEXIST)
749 ret = 0;
750 else {
751 SYSERROR("failed to create container path %s", path);
752 return -1;
753 }
754 }
755 strcpy(p, path);
756 if (!lxc_list_empty(&conf->id_map) && chown_mapped_root(p, conf) != 0) {
757 ERROR("Failed to chown container dir");
758 ret = -1;
759 }
760 return ret;
761}
762
72d0e1cb
SG		 763/*
764 * create the standard expected container dir
765 */
766static bool create_container_dir(struct lxc_container *c)
767{
768 char *s;
769 int len, ret;
770
2a59a681 771 len = strlen(c->config_path) + strlen(c->name) + 2;
72d0e1cb
SG		 772 s = malloc(len);
773 if (!s)
774 return false;
2a59a681 775 ret = snprintf(s, len, "%s/%s", c->config_path, c->name);
72d0e1cb
SG		 776 if (ret < 0 || ret >= len) {
777 free(s);
778 return false;
779 }
d5752559 780 ret = do_create_container_dir(s, c->lxc_conf);
72d0e1cb
SG		 781 free(s);
782 return ret == 0;
783}
784
1897e3bc
SH		 785static const char *lxcapi_get_config_path(struct lxc_container *c);
786static bool lxcapi_set_config_item(struct lxc_container *c, const char *key, const char *v);
787
72d0e1cb 788/*
1897e3bc
SH		 789 * do_bdev_create: thin wrapper around bdev_create(). Like bdev_create(),
790 * it returns a mounted bdev on success, NULL on error.
72d0e1cb 791 */
1897e3bc
SH		 792static struct bdev *do_bdev_create(struct lxc_container *c, const char *type,
793 struct bdev_specs *specs)
794{
795 char *dest;
1897e3bc
SH		 796 size_t len;
797 struct bdev *bdev;
798 int ret;
799
cd219ae6
SY		 800 /* rootfs.path or lxcpath/lxcname/rootfs */
801 if (c->lxc_conf->rootfs.path && access(c->lxc_conf->rootfs.path, F_OK) == 0) {
cf465fe4
SH		 802 const char *rpath = c->lxc_conf->rootfs.path;
803 len = strlen(rpath) + 1;
cd219ae6 804 dest = alloca(len);
cf465fe4 805 ret = snprintf(dest, len, "%s", rpath);
cd219ae6 806 } else {
cf465fe4 807 const char *lxcpath = lxcapi_get_config_path(c);
cd219ae6
SY		 808 len = strlen(c->name) + strlen(lxcpath) + 9;
809 dest = alloca(len);
810 ret = snprintf(dest, len, "%s/%s/rootfs", lxcpath, c->name);
811 }
1897e3bc
SH		 812 if (ret < 0 || ret >= len)
813 return NULL;
814
815 bdev = bdev_create(dest, type, c->name, specs);
d44e88c2 816 if (!bdev) {
959aee9c 817 ERROR("Failed to create backing store type %s", type);
1897e3bc 818 return NULL;
d44e88c2
SH		 819 }
820
1897e3bc 821 lxcapi_set_config_item(c, "lxc.rootfs", bdev->src);
cf3ef16d
SH		 822
823 /* if we are not root, chown the rootfs dir to root in the
824 * target uidmap */
825
0e6e3a41 826 if (geteuid() != 0 || (c->lxc_conf && !lxc_list_empty(&c->lxc_conf->id_map))) {
c4d10a05 827 if (chown_mapped_root(bdev->dest, c->lxc_conf) < 0) {
959aee9c 828 ERROR("Error chowning %s to container root", bdev->dest);
97e9cfa0 829 suggest_default_idmap();
cf3ef16d
SH		 830 bdev_put(bdev);
831 return NULL;
832 }
833 }
834
1897e3bc
SH		 835 return bdev;
836}
837
cbee8106
SH		 838/*
839 * Given the '-t' template option to lxc-create, figure out what to
840 * do. If the template is a full executable path, use that. If it
85db5535
DE		 841 * is something like 'sshd', then return $templatepath/lxc-sshd.
842 * On success return the template, on error return NULL.
cbee8106 843 */
85db5535 844static char *get_template_path(const char *t)
cbee8106
SH		 845{
846 int ret, len;
847 char *tpath;
848
cbee8106
SH		 849 if (t[0] == '/' && access(t, X_OK) == 0) {
850 tpath = strdup(t);
cbee8106
SH		 851 return tpath;
852 }
853
854 len = strlen(LXCTEMPLATEDIR) + strlen(t) + strlen("/lxc-") + 1;
855 tpath = malloc(len);
856 if (!tpath)
85db5535 857 return NULL;
cbee8106
SH		 858 ret = snprintf(tpath, len, "%s/lxc-%s", LXCTEMPLATEDIR, t);
859 if (ret < 0 || ret >= len) {
860 free(tpath);
85db5535 861 return NULL;
cbee8106
SH		 862 }
863 if (access(tpath, X_OK) < 0) {
959aee9c 864 SYSERROR("bad template: %s", t);
cbee8106 865 free(tpath);
85db5535 866 return NULL;
cbee8106
SH		 867 }
868
869 return tpath;
870}
871
96b3cb40 872static char *lxcbasename(char *path)
72d0e1cb 873{
96b3cb40
SH		 874 char *p = path + strlen(path) - 1;
875 while (*p != '/' && p > path)
876 p--;
877 return p;
878}
72d0e1cb 879
dc23c1c8 880static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet,
96b3cb40
SH		 881 char *const argv[])
882{
883 pid_t pid;
72d0e1cb 884
72d0e1cb 885 if (!tpath)
96b3cb40 886 return true;
72d0e1cb
SG		 887
888 pid = fork();
889 if (pid < 0) {
959aee9c 890 SYSERROR("failed to fork task for container creation template");
96b3cb40 891 return false;
72d0e1cb
SG		 892 }
893
894 if (pid == 0) { // child
1897e3bc
SH		 895 char *patharg, *namearg, *rootfsarg, *src;
896 struct bdev *bdev = NULL;
72d0e1cb 897 int i;
96b3cb40
SH		 898 int ret, len, nargs = 0;
899 char **newargv;
cf3ef16d 900 struct lxc_conf *conf = c->lxc_conf;
72d0e1cb 901
dc23c1c8
SH		 902 if (quiet) {
903 close(0);
904 close(1);
905 close(2);
906 open("/dev/zero", O_RDONLY);
907 open("/dev/null", O_RDWR);
908 open("/dev/null", O_RDWR);
909 }
1897e3bc
SH		 910
911 src = c->lxc_conf->rootfs.path;
912 /*
1f92162d 913 * for an overlay create, what the user wants is the template to fill
1897e3bc
SH		 914 * in what will become the readonly lower layer. So don't mount for
915 * the template
916 */
1f92162d
SG		 917 if (strncmp(src, "overlayfs:", 10) == 0)
918 src = overlay_getlower(src+10);
919 if (strncmp(src, "aufs:", 5) == 0)
920 src = overlay_getlower(src+5);
921
76a26f55 922 bdev = bdev_init(c->lxc_conf, src, c->lxc_conf->rootfs.mount, NULL);
1897e3bc
SH		 923 if (!bdev) {
924 ERROR("Error opening rootfs");
925 exit(1);
926 }
927
4de2791f 928 if (geteuid() == 0) {
cf3ef16d
SH		 929 if (unshare(CLONE_NEWNS) < 0) {
930 ERROR("error unsharing mounts");
931 exit(1);
932 }
4de2791f 933 if (detect_shared_rootfs()) {
c597baa8 934 if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) {
4de2791f
SH		 935 SYSERROR("Failed to make / rslave to run template");
936 ERROR("Continuing...");
937 }
938 }
939 }
2659c7cb 940 if (strcmp(bdev->type, "dir") && strcmp(bdev->type, "btrfs")) {
4de2791f 941 if (geteuid() != 0) {
2659c7cb 942 ERROR("non-root users can only create btrfs and directory-backed containers");
4de2791f
SH		 943 exit(1);
944 }
cf3ef16d
SH		 945 if (bdev->ops->mount(bdev) < 0) {
946 ERROR("Error mounting rootfs");
947 exit(1);
948 }
949 } else { // TODO come up with a better way here!
950 if (bdev->dest)
951 free(bdev->dest);
952 bdev->dest = strdup(bdev->src);
1897e3bc
SH		 953 }
954
72d0e1cb
SG		 955 /*
956 * create our new array, pre-pend the template name and
957 * base args
958 */
959 if (argv)
1897e3bc 960 for (nargs = 0; argv[nargs]; nargs++) ;
6849cb5b 961 nargs += 4; // template, path, rootfs and name args
cf3ef16d 962
72d0e1cb
SG		 963 newargv = malloc(nargs * sizeof(*newargv));
964 if (!newargv)
965 exit(1);
96b3cb40 966 newargv[0] = lxcbasename(tpath);
72d0e1cb 967
2a59a681 968 len = strlen(c->config_path) + strlen(c->name) + strlen("--path=") + 2;
72d0e1cb
SG		 969 patharg = malloc(len);
970 if (!patharg)
971 exit(1);
2a59a681 972 ret = snprintf(patharg, len, "--path=%s/%s", c->config_path, c->name);
72d0e1cb
SG		 973 if (ret < 0 || ret >= len)
974 exit(1);
975 newargv[1] = patharg;
976 len = strlen("--name=") + strlen(c->name) + 1;
977 namearg = malloc(len);
978 if (!namearg)
979 exit(1);
980 ret = snprintf(namearg, len, "--name=%s", c->name);
981 if (ret < 0 || ret >= len)
982 exit(1);
983 newargv[2] = namearg;
984
1897e3bc
SH		 985 len = strlen("--rootfs=") + 1 + strlen(bdev->dest);
986 rootfsarg = malloc(len);
987 if (!rootfsarg)
988 exit(1);
989 ret = snprintf(rootfsarg, len, "--rootfs=%s", bdev->dest);
990 if (ret < 0 || ret >= len)
991 exit(1);
992 newargv[3] = rootfsarg;
993
72d0e1cb
SG		 994 /* add passed-in args */
995 if (argv)
1897e3bc
SH		 996 for (i = 4; i < nargs; i++)
997 newargv[i] = argv[i-4];
72d0e1cb
SG		 998
999 /* add trailing NULL */
1000 nargs++;
1001 newargv = realloc(newargv, nargs * sizeof(*newargv));
1002 if (!newargv)
1003 exit(1);
1004 newargv[nargs - 1] = NULL;
1005
cf3ef16d
SH		 1006 /*
1007 * If we're running the template in a mapped userns, then
1008 * we prepend the template command with:
1009 * lxc-usernsexec <-m map1> ... <-m mapn> --
57d116ab
SH		 1010 * and we append "--mapped-uid x", where x is the mapped uid
1011 * for our geteuid()
cf3ef16d 1012 */
0e6e3a41 1013 if (!lxc_list_empty(&conf->id_map)) {
cf3ef16d 1014 int n2args = 1;
57d116ab 1015 char txtuid[20];
2133f58c 1016 char txtgid[20];
cf3ef16d
SH		 1017 char **n2 = malloc(n2args * sizeof(*n2));
1018 struct lxc_list *it;
1019 struct id_map *map;
1020
57d116ab
SH		 1021 if (!n2) {
1022 SYSERROR("out of memory");
1023 exit(1);
1024 }
cf3ef16d
SH		 1025 newargv[0] = tpath;
1026 tpath = "lxc-usernsexec";
1027 n2[0] = "lxc-usernsexec";
1028 lxc_list_for_each(it, &conf->id_map) {
1029 map = it->elem;
1030 n2args += 2;
57d116ab 1031 n2 = realloc(n2, n2args * sizeof(char *));
cf3ef16d
SH		 1032 if (!n2)
1033 exit(1);
1034 n2[n2args-2] = "-m";
1035 n2[n2args-1] = malloc(200);
1036 if (!n2[n2args-1])
1037 exit(1);
1038 ret = snprintf(n2[n2args-1], 200, "%c:%lu:%lu:%lu",
1039 map->idtype == ID_TYPE_UID ? 'u' : 'g',
1040 map->nsid, map->hostid, map->range);
1041 if (ret < 0 || ret >= 200)
1042 exit(1);
1043 }
2133f58c 1044 int hostid_mapped = mapped_hostid(geteuid(), conf, ID_TYPE_UID);
6849cb5b 1045 int extraargs = hostid_mapped >= 0 ? 1 : 3;
57d116ab 1046 n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
cf3ef16d
SH		 1047 if (!n2)
1048 exit(1);
57d116ab 1049 if (hostid_mapped < 0) {
2133f58c 1050 hostid_mapped = find_unmapped_nsuid(conf, ID_TYPE_UID);
cf3ef16d 1051 n2[n2args++] = "-m";
57d116ab 1052 if (hostid_mapped < 0) {
cf3ef16d
SH		 1053 ERROR("Could not find free uid to map");
1054 exit(1);
1055 }
1056 n2[n2args++] = malloc(200);
1057 if (!n2[n2args-1]) {
1058 SYSERROR("out of memory");
1059 exit(1);
1060 }
1061 ret = snprintf(n2[n2args-1], 200, "u:%d:%d:1",
57d116ab 1062 hostid_mapped, geteuid());
cf3ef16d
SH		 1063 if (ret < 0 || ret >= 200) {
1064 ERROR("string too long");
1065 exit(1);
1066 }
1067 }
2133f58c
SH		 1068 int hostgid_mapped = mapped_hostid(getegid(), conf, ID_TYPE_GID);
1069 extraargs = hostgid_mapped >= 0 ? 1 : 3;
1070 n2 = realloc(n2, (nargs + n2args + extraargs) * sizeof(char *));
1071 if (!n2)
1072 exit(1);
1073 if (hostgid_mapped < 0) {
1074 hostgid_mapped = find_unmapped_nsuid(conf, ID_TYPE_GID);
1075 n2[n2args++] = "-m";
1076 if (hostgid_mapped < 0) {
1077 ERROR("Could not find free uid to map");
1078 exit(1);
1079 }
1080 n2[n2args++] = malloc(200);
1081 if (!n2[n2args-1]) {
1082 SYSERROR("out of memory");
1083 exit(1);
1084 }
1085 ret = snprintf(n2[n2args-1], 200, "g:%d:%d:1",
1086 hostgid_mapped, getegid());
1087 if (ret < 0 || ret >= 200) {
1088 ERROR("string too long");
1089 exit(1);
1090 }
1091 }
cf3ef16d
SH		 1092 n2[n2args++] = "--";
1093 for (i = 0; i < nargs; i++)
1094 n2[i + n2args] = newargv[i];
57d116ab
SH		 1095 n2args += nargs;
1096 // Finally add "--mapped-uid $uid" to tell template what to chown
1097 // cached images to
2133f58c 1098 n2args += 4;
57d116ab
SH		 1099 n2 = realloc(n2, n2args * sizeof(char *));
1100 if (!n2) {
1101 SYSERROR("out of memory");
1102 exit(1);
1103 }
1104 // note n2[n2args-1] is NULL
2133f58c 1105 n2[n2args-5] = "--mapped-uid";
57d116ab 1106 snprintf(txtuid, 20, "%d", hostid_mapped);
2133f58c
SH		 1107 n2[n2args-4] = txtuid;
1108 n2[n2args-3] = "--mapped-gid";
1109 snprintf(txtgid, 20, "%d", hostgid_mapped);
1110 n2[n2args-2] = txtgid;
57d116ab 1111 n2[n2args-1] = NULL;
cf3ef16d
SH		 1112 free(newargv);
1113 newargv = n2;
1114 }
72d0e1cb 1115 /* execute */
cf3ef16d 1116 execvp(tpath, newargv);
72d0e1cb
SG		 1117 SYSERROR("failed to execute template %s", tpath);
1118 exit(1);
1119 }
1120
9be53773 1121 if (wait_for_pid(pid) != 0) {
959aee9c 1122 ERROR("container creation template for %s failed", c->name);
96b3cb40
SH		 1123 return false;
1124 }
1125
1126 return true;
1127}
1128
74a3920a 1129static bool prepend_lxc_header(char *path, const char *t, char *const argv[])
3ce74686 1130{
1fd9bd50 1131 long flen;
b4569e93 1132 char *contents;
3ce74686 1133 FILE *f;
025ed0f3 1134 int ret = -1;
52026772 1135#if HAVE_LIBGNUTLS
025ed0f3 1136 int i;
3ce74686 1137 unsigned char md_value[SHA_DIGEST_LENGTH];
b4569e93 1138 char *tpath;
52026772 1139#endif
3ce74686 1140
025ed0f3 1141 f = fopen(path, "r");
025ed0f3 1142 if (f == NULL)
3ce74686 1143 return false;
025ed0f3
SH		 1144
1145 if (fseek(f, 0, SEEK_END) < 0)
1146 goto out_error;
1147 if ((flen = ftell(f)) < 0)
1148 goto out_error;
1149 if (fseek(f, 0, SEEK_SET) < 0)
1150 goto out_error;
1151 if ((contents = malloc(flen + 1)) == NULL)
1152 goto out_error;
1153 if (fread(contents, 1, flen, f) != flen)
1154 goto out_free_contents;
1155
3ce74686 1156 contents[flen] = '\0';
025ed0f3 1157 ret = fclose(f);
025ed0f3
SH		 1158 f = NULL;
1159 if (ret < 0)
1160 goto out_free_contents;
3ce74686 1161
b4569e93 1162#if HAVE_LIBGNUTLS
01efd4d3 1163 tpath = get_template_path(t);
85db5535 1164 if (!tpath) {
959aee9c 1165 ERROR("bad template: %s", t);
025ed0f3 1166 goto out_free_contents;
3ce74686
SH		 1167 }
1168
85db5535
DE		 1169 ret = sha1sum_file(tpath, md_value);
1170 if (ret < 0) {
1171 ERROR("Error getting sha1sum of %s", tpath);
3ce74686 1172 free(tpath);
85db5535 1173 goto out_free_contents;
3ce74686 1174 }
85db5535 1175 free(tpath);
3ce74686
SH		 1176#endif
1177
025ed0f3 1178 f = fopen(path, "w");
025ed0f3 1179 if (f == NULL) {
3ce74686
SH		 1180 SYSERROR("reopening config for writing");
1181 free(contents);
1182 return false;
1183 }
1184 fprintf(f, "# Template used to create this container: %s\n", t);
1185 if (argv) {
1186 fprintf(f, "# Parameters passed to the template:");
1187 while (*argv) {
1188 fprintf(f, " %s", *argv);
1189 argv++;
1190 }
1191 fprintf(f, "\n");
1192 }
1193#if HAVE_LIBGNUTLS
56698177
SH		 1194 fprintf(f, "# Template script checksum (SHA-1): ");
1195 for (i=0; i<SHA_DIGEST_LENGTH; i++)
1196 fprintf(f, "%02x", md_value[i]);
1197 fprintf(f, "\n");
3ce74686 1198#endif
0520c252 1199 fprintf(f, "# For additional config options, please look at lxc.container.conf(5)\n");
3ce74686
SH		 1200 if (fwrite(contents, 1, flen, f) != flen) {
1201 SYSERROR("Writing original contents");
1202 free(contents);
1203 fclose(f);
1204 return false;
1205 }
025ed0f3
SH		 1206 ret = 0;
1207out_free_contents:
3ce74686 1208 free(contents);
025ed0f3
SH		 1209out_error:
1210 if (f) {
1211 int newret;
025ed0f3 1212 newret = fclose(f);
025ed0f3
SH		 1213 if (ret == 0)
1214 ret = newret;
1215 }
1216 if (ret < 0) {
1217 SYSERROR("Error prepending header");
3ce74686
SH		 1218 return false;
1219 }
1220 return true;
1221}
1222
4df7f012
SH		 1223static void lxcapi_clear_config(struct lxc_container *c)
1224{
f979ac15
SH		 1225 if (c) {
1226 if (c->lxc_conf) {
1227 lxc_conf_free(c->lxc_conf);
1228 c->lxc_conf = NULL;
1229 }
4df7f012
SH		 1230 }
1231}
1232
96b3cb40 1233static bool lxcapi_destroy(struct lxc_container *c);
18aa217b
SH		 1234static bool container_destroy(struct lxc_container *c);
1235static bool get_snappath_dir(struct lxc_container *c, char *snappath);
96b3cb40
SH		 1236/*
1237 * lxcapi_create:
1238 * create a container with the given parameters.
1239 * @c: container to be created. It has the lxcpath, name, and a starting
1240 * configuration already set
1241 * @t: the template to execute to instantiate the root filesystem and
1242 * adjust the configuration.
1243 * @bdevtype: backing store type to use. If NULL, dir will be used.
1244 * @specs: additional parameters for the backing store, i.e. LVM vg to
1245 * use.
1246 *
1247 * @argv: the arguments to pass to the template, terminated by NULL. If no
1248 * arguments, you can just pass NULL.
1249 */
1250static bool lxcapi_create(struct lxc_container *c, const char *t,
dc23c1c8 1251 const char *bdevtype, struct bdev_specs *specs, int flags,
96b3cb40
SH		 1252 char *const argv[])
1253{
a69aad27 1254 bool ret = false;
96b3cb40 1255 pid_t pid;
85db5535 1256 char *tpath = NULL;
cbee8106 1257 int partial_fd;
96b3cb40
SH		 1258
1259 if (!c)
1260 return false;
1261
85db5535
DE		 1262 if (t) {
1263 tpath = get_template_path(t);
1264 if (!tpath) {
959aee9c 1265 ERROR("bad template: %s", t);
85db5535
DE		 1266 goto out;
1267 }
96b3cb40
SH		 1268 }
1269
cf465fe4
SH		 1270 /*
1271 * If a template is passed in, and the rootfs already is defined in
1272 * the container config and exists, then * caller is trying to create
1273 * an existing container. Return an error, but do NOT delete the
1274 * container.
1275 */
1276 if (lxcapi_is_defined(c) && c->lxc_conf && c->lxc_conf->rootfs.path &&
1277 access(c->lxc_conf->rootfs.path, F_OK) == 0 && tpath) {
1278 ERROR("Container %s:%s already exists", c->config_path, c->name);
6c6892b5 1279 goto free_tpath;
cf465fe4
SH		 1280 }
1281
6c6892b5 1282 if (!c->lxc_conf) {
dad87e3b 1283 if (!c->load_config(c, lxc_global_config_value("lxc.default_config"))) {
959aee9c 1284 ERROR("Error loading default configuration file %s", lxc_global_config_value("lxc.default_config"));
6c6892b5
DE		 1285 goto free_tpath;
1286 }
96b3cb40
SH		 1287 }
1288
6c6892b5
DE		 1289 if (!create_container_dir(c))
1290 goto free_tpath;
1291
0590e82c
SH		 1292 /*
1293 * either template or rootfs.path should be set.
1294 * if both template and rootfs.path are set, template is setup as rootfs.path.
1295 * container is already created if we have a config and rootfs.path is accessible
1296 */
1297 if (!c->lxc_conf->rootfs.path && !tpath)
1298 /* no template passed in and rootfs does not exist: error */
1299 goto out;
1300 if (c->lxc_conf->rootfs.path && access(c->lxc_conf->rootfs.path, F_OK) != 0)
1301 /* rootfs passed into configuration, but does not exist: error */
1302 goto out;
1303 if (lxcapi_is_defined(c) && c->lxc_conf->rootfs.path && !tpath) {
1304 /* Rootfs already existed, user just wanted to save the
1305 * loaded configuration */
1306 ret = true;
1307 goto out;
a69aad27 1308 }
96b3cb40
SH		 1309
1310 /* Mark that this container is being created */
1311 if ((partial_fd = create_partial(c)) < 0)
1312 goto out;
1313
1314 /* no need to get disk lock bc we have the partial locked */
1315
1316 /*
1317 * Create the backing store
1318 * Note we can't do this in the same task as we use to execute the
1319 * template because of the way zfs works.
1320 * After you 'zfs create', zfs mounts the fs only in the initial
1321 * namespace.
1322 */
1323 pid = fork();
1324 if (pid < 0) {
959aee9c 1325 SYSERROR("failed to fork task for container creation template");
8eb5694b
SH		 1326 goto out_unlock;
1327 }
1328
96b3cb40
SH		 1329 if (pid == 0) { // child
1330 struct bdev *bdev = NULL;
1331
1332 if (!(bdev = do_bdev_create(c, bdevtype, specs))) {
1333 ERROR("Error creating backing store type %s for %s",
1334 bdevtype ? bdevtype : "(none)", c->name);
1335 exit(1);
1336 }
1337
1338 /* save config file again to store the new rootfs location */
1339 if (!c->save_config(c, NULL)) {
959aee9c 1340 ERROR("failed to save starting configuration for %s", c->name);
96b3cb40
SH		 1341 // parent task won't see bdev in config so we delete it
1342 bdev->ops->umount(bdev);
1343 bdev->ops->destroy(bdev);
1344 exit(1);
1345 }
1346 exit(0);
1347 }
1348 if (wait_for_pid(pid) != 0)
a09295f8 1349 goto out_unlock;
96b3cb40
SH		 1350
1351 /* reload config to get the rootfs */
a3b47c09 1352 lxc_conf_free(c->lxc_conf);
96b3cb40
SH		 1353 c->lxc_conf = NULL;
1354 if (!load_config_locked(c, c->configfile))
a09295f8 1355 goto out_unlock;
96b3cb40 1356
dc23c1c8 1357 if (!create_run_template(c, tpath, !!(flags & LXC_CREATE_QUIET), argv))
96b3cb40
SH		 1358 goto out_unlock;
1359
8eb5694b
SH		 1360 // now clear out the lxc_conf we have, reload from the created
1361 // container
4df7f012 1362 lxcapi_clear_config(c);
3ce74686 1363
9d65a487
KY		 1364 if (t) {
1365 if (!prepend_lxc_header(c->configfile, tpath, argv)) {
1366 ERROR("Error prepending header to configuration file");
1367 goto out_unlock;
1368 }
3ce74686 1369 }
a69aad27 1370 ret = load_config_locked(c, c->configfile);
72d0e1cb
SG		 1371
1372out_unlock:
3e625e2d
SH		 1373 if (partial_fd >= 0)
1374 remove_partial(c, partial_fd);
72d0e1cb 1375out:
a69aad27 1376 if (!ret && c)
18aa217b 1377 container_destroy(c);
6c6892b5
DE		 1378free_tpath:
1379 if (tpath)
1380 free(tpath);
a69aad27 1381 return ret;
72d0e1cb
SG		 1382}
1383
3e625e2d
SH		 1384static bool lxcapi_reboot(struct lxc_container *c)
1385{
1386 pid_t pid;
1387
1388 if (!c)
1389 return false;
1390 if (!c->is_running(c))
1391 return false;
1392 pid = c->init_pid(c);
1393 if (pid <= 0)
1394 return false;
1395 if (kill(pid, SIGINT) < 0)
1396 return false;
1397 return true;
1398
1399}
1400
72d0e1cb
SG		 1401static bool lxcapi_shutdown(struct lxc_container *c, int timeout)
1402{
1403 bool retv;
1404 pid_t pid;
f0f1d8c0 1405 int haltsignal = SIGPWR;
72d0e1cb
SG		 1406
1407 if (!c)
1408 return false;
1409
72d0e1cb
SG		 1410 if (!c->is_running(c))
1411 return true;
1412 pid = c->init_pid(c);
1413 if (pid <= 0)
1414 return true;
b0227444 1415 if (c->lxc_conf && c->lxc_conf->haltsignal)
f0f1d8c0
DE		 1416 haltsignal = c->lxc_conf->haltsignal;
1417 kill(pid, haltsignal);
72d0e1cb 1418 retv = c->wait(c, "STOPPED", timeout);
72d0e1cb
SG		 1419 return retv;
1420}
1421
1897e3bc 1422static bool lxcapi_createl(struct lxc_container *c, const char *t,
dc23c1c8 1423 const char *bdevtype, struct bdev_specs *specs, int flags, ...)
72d0e1cb
SG		 1424{
1425 bool bret = false;
a0e93eeb 1426 char **args = NULL;
72d0e1cb 1427 va_list ap;
72d0e1cb
SG		 1428
1429 if (!c)
1430 return false;
1431
1432 /*
1433 * since we're going to wait for create to finish, I don't think we
1434 * need to get a copy of the arguments.
1435 */
dc23c1c8 1436 va_start(ap, flags);
a0e93eeb 1437 args = lxc_va_arg_list_to_argv(ap, 0, 0);
72d0e1cb 1438 va_end(ap);
a0e93eeb
CS		 1439 if (!args) {
1440 ERROR("Memory allocation error.");
1441 goto out;
1442 }
72d0e1cb 1443
dc23c1c8 1444 bret = c->create(c, t, bdevtype, specs, flags, args);
72d0e1cb
SG		 1445
1446out:
a0e93eeb 1447 free(args);
72d0e1cb
SG		 1448 return bret;
1449}
1450
6b0d5538
SH		 1451static void do_clear_unexp_config_line(struct lxc_conf *conf, const char *key)
1452{
1453 if (strcmp(key, "lxc.cgroup") == 0)
1454 clear_unexp_config_line(conf, key, true);
1455 else if (strcmp(key, "lxc.network") == 0)
1456 clear_unexp_config_line(conf, key, true);
1457 else if (strcmp(key, "lxc.hook") == 0)
1458 clear_unexp_config_line(conf, key, true);
1459 else
1460 clear_unexp_config_line(conf, key, false);
1461 if (!do_append_unexp_config_line(conf, key, ""))
1462 WARN("Error clearing configuration for %s", key);
1463}
1464
12a50cc6 1465static bool lxcapi_clear_config_item(struct lxc_container *c, const char *key)
72d0e1cb
SG		 1466{
1467 int ret;
1468
1469 if (!c || !c->lxc_conf)
1470 return false;
5cee8c50 1471 if (container_mem_lock(c))
72d0e1cb 1472 return false;
72d0e1cb 1473 ret = lxc_clear_config_item(c->lxc_conf, key);
6b0d5538
SH		 1474 if (!ret)
1475 do_clear_unexp_config_line(c->lxc_conf, key);
5cee8c50 1476 container_mem_unlock(c);
72d0e1cb
SG		 1477 return ret == 0;
1478}
1479
51d0854c
DY		 1480static inline bool enter_to_ns(struct lxc_container *c)
1481{
1482 pid_t pid = c->init_pid(c);
ae22a220 1483
0e6e3a41 1484 if ((geteuid() != 0 || (c->lxc_conf && !lxc_list_empty(&c->lxc_conf->id_map))) && access("/proc/self/ns/user", F_OK) == 0) {
51d0854c
DY		 1485 if (!switch_to_ns(pid, "user"))
1486 return false;
9c83a661 1487 }
51d0854c 1488 return switch_to_ns(pid, "net");
799f29ab
ÇO		 1489}
1490
9c88ff1f
ÇO		 1491// used by qsort and bsearch functions for comparing names
1492static inline int string_cmp(char **first, char **second)
1493{
1494 return strcmp(*first, *second);
1495}
1496
1497// used by qsort and bsearch functions for comparing container names
1498static inline int container_cmp(struct lxc_container **first, struct lxc_container **second)
1499{
1500 return strcmp((*first)->name, (*second)->name);
1501}
1502
1503static bool add_to_array(char ***names, char *cname, int pos)
1504{
1505 char **newnames = realloc(*names, (pos+1) * sizeof(char *));
1506 if (!newnames) {
1507 ERROR("Out of memory");
1508 return false;
1509 }
1510
1511 *names = newnames;
1512 newnames[pos] = strdup(cname);
1513 if (!newnames[pos])
1514 return false;
1515
1516 // sort the arrray as we will use binary search on it
1517 qsort(newnames, pos + 1, sizeof(char *), (int (*)(const void *,const void *))string_cmp);
1518
1519 return true;
1520}
1521
2871830a 1522static bool add_to_clist(struct lxc_container ***list, struct lxc_container *c, int pos, bool sort)
9c88ff1f
ÇO		 1523{
1524 struct lxc_container **newlist = realloc(*list, (pos+1) * sizeof(struct lxc_container *));
1525 if (!newlist) {
1526 ERROR("Out of memory");
1527 return false;
1528 }
1529
1530 *list = newlist;
1531 newlist[pos] = c;
1532
1533 // sort the arrray as we will use binary search on it
2871830a
DE		 1534 if (sort)
1535 qsort(newlist, pos + 1, sizeof(struct lxc_container *), (int (*)(const void *,const void *))container_cmp);
9c88ff1f
ÇO		 1536
1537 return true;
1538}
1539
1540static char** get_from_array(char ***names, char *cname, int size)
1541{
1542 return (char **)bsearch(&cname, *names, size, sizeof(char *), (int (*)(const void *, const void *))string_cmp);
1543}
1544
1545
1546static bool array_contains(char ***names, char *cname, int size) {
1547 if(get_from_array(names, cname, size) != NULL)
1548 return true;
1549 return false;
1550}
1551
1552static bool remove_from_array(char ***names, char *cname, int size)
1553{
1554 char **result = get_from_array(names, cname, size);
1555 if (result != NULL) {
1556 free(result);
1557 return true;
1558 }
1559 return false;
1560}
1561
799f29ab
ÇO		 1562static char** lxcapi_get_interfaces(struct lxc_container *c)
1563{
ae22a220
ÇO		 1564 pid_t pid;
1565 int i, count = 0, pipefd[2];
9c88ff1f 1566 char **interfaces = NULL;
ae22a220 1567 char interface[IFNAMSIZ];
799f29ab 1568
ae22a220
ÇO		 1569 if(pipe(pipefd) < 0) {
1570 SYSERROR("pipe failed");
1571 return NULL;
c868b261
ÇO		 1572 }
1573
ae22a220
ÇO		 1574 pid = fork();
1575 if (pid < 0) {
959aee9c 1576 SYSERROR("failed to fork task to get interfaces information");
ae22a220
ÇO		 1577 close(pipefd[0]);
1578 close(pipefd[1]);
1579 return NULL;
1580 }
799f29ab 1581
ae22a220
ÇO		 1582 if (pid == 0) { // child
1583 int ret = 1, nbytes;
1584 struct ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL;
1585
1586 /* close the read-end of the pipe */
1587 close(pipefd[0]);
1588
1589 if (!enter_to_ns(c)) {
1590 SYSERROR("failed to enter namespace");
1591 goto out;
1592 }
1593
1594 /* Grab the list of interfaces */
1595 if (getifaddrs(&interfaceArray)) {
1596 SYSERROR("failed to get interfaces list");
1597 goto out;
1598 }
1599
1600 /* Iterate through the interfaces */
1601 for (tempIfAddr = interfaceArray; tempIfAddr != NULL; tempIfAddr = tempIfAddr->ifa_next) {
1602 nbytes = write(pipefd[1], tempIfAddr->ifa_name, IFNAMSIZ);
1603 if (nbytes < 0) {
1604 ERROR("write failed");
1605 goto out;
1606 }
1607 count++;
1608 }
1609 ret = 0;
1610
1611 out:
1612 if (interfaceArray)
1613 freeifaddrs(interfaceArray);
1614
1615 /* close the write-end of the pipe, thus sending EOF to the reader */
1616 close(pipefd[1]);
1617 exit(ret);
799f29ab
ÇO		 1618 }
1619
ae22a220
ÇO		 1620 /* close the write-end of the pipe */
1621 close(pipefd[1]);
1622
358afd84 1623 while (read(pipefd[0], &interface, IFNAMSIZ) == IFNAMSIZ) {
ae22a220
ÇO		 1624 if (array_contains(&interfaces, interface, count))
1625 continue;
799f29ab 1626
ae22a220
ÇO		 1627 if(!add_to_array(&interfaces, interface, count))
1628 ERROR("PARENT: add_to_array failed");
9c88ff1f
ÇO		 1629 count++;
1630 }
799f29ab 1631
ae22a220
ÇO		 1632 if (wait_for_pid(pid) != 0) {
1633 for(i=0;i<count;i++)
1634 free(interfaces[i]);
1635 free(interfaces);
1636 interfaces = NULL;
1637 }
9c88ff1f 1638
ae22a220
ÇO		 1639 /* close the read-end of the pipe */
1640 close(pipefd[0]);
799f29ab 1641
9c88ff1f
ÇO		 1642 /* Append NULL to the array */
1643 if(interfaces)
1644 interfaces = (char **)lxc_append_null_to_array((void **)interfaces, count);
799f29ab 1645
9c88ff1f 1646 return interfaces;
799f29ab
ÇO		 1647}
1648
f0ca2726 1649static char** lxcapi_get_ips(struct lxc_container *c, const char* interface, const char* family, int scope)
799f29ab 1650{
ae22a220
ÇO		 1651 pid_t pid;
1652 int i, count = 0, pipefd[2];
9c88ff1f 1653 char **addresses = NULL;
ae22a220 1654 char address[INET6_ADDRSTRLEN];
799f29ab 1655
ae22a220
ÇO		 1656 if(pipe(pipefd) < 0) {
1657 SYSERROR("pipe failed");
1658 return NULL;
c868b261
ÇO		 1659 }
1660
ae22a220
ÇO		 1661 pid = fork();
1662 if (pid < 0) {
959aee9c 1663 SYSERROR("failed to fork task to get container ips");
ae22a220
ÇO		 1664 close(pipefd[0]);
1665 close(pipefd[1]);
1666 return NULL;
9c83a661
SG		 1667 }
1668
ae22a220
ÇO		 1669 if (pid == 0) { // child
1670 int ret = 1, nbytes;
1671 struct ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL;
1672 char addressOutputBuffer[INET6_ADDRSTRLEN];
1673 void *tempAddrPtr = NULL;
1674 char *address = NULL;
fe218ca3 1675
ae22a220
ÇO		 1676 /* close the read-end of the pipe */
1677 close(pipefd[0]);
1678
1679 if (!enter_to_ns(c)) {
1680 SYSERROR("failed to enter namespace");
1681 goto out;
9c83a661 1682 }
ae22a220
ÇO		 1683
1684 /* Grab the list of interfaces */
1685 if (getifaddrs(&interfaceArray)) {
1686 SYSERROR("failed to get interfaces list");
1687 goto out;
1688 }
1689
1690 /* Iterate through the interfaces */
1691 for (tempIfAddr = interfaceArray; tempIfAddr != NULL; tempIfAddr = tempIfAddr->ifa_next) {
1692 if (tempIfAddr->ifa_addr == NULL)
9c83a661
SG		 1693 continue;
1694
ae22a220
ÇO		 1695 if(tempIfAddr->ifa_addr->sa_family == AF_INET) {
1696 if (family && strcmp(family, "inet"))
1697 continue;
1698 tempAddrPtr = &((struct sockaddr_in *)tempIfAddr->ifa_addr)->sin_addr;
1699 }
1700 else {
1701 if (family && strcmp(family, "inet6"))
1702 continue;
1703
1704 if (((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_scope_id != scope)
1705 continue;
1706
1707 tempAddrPtr = &((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_addr;
1708 }
1709
1710 if (interface && strcmp(interface, tempIfAddr->ifa_name))
1711 continue;
1712 else if (!interface && strcmp("lo", tempIfAddr->ifa_name) == 0)
9c83a661
SG		 1713 continue;
1714
ae22a220
ÇO		 1715 address = (char *)inet_ntop(tempIfAddr->ifa_addr->sa_family,
1716 tempAddrPtr,
1717 addressOutputBuffer,
1718 sizeof(addressOutputBuffer));
1719 if (!address)
1720 continue;
1721
1722 nbytes = write(pipefd[1], address, INET6_ADDRSTRLEN);
1723 if (nbytes < 0) {
1724 ERROR("write failed");
1725 goto out;
1726 }
1727 count++;
9c83a661 1728 }
ae22a220 1729 ret = 0;
9c83a661 1730
ae22a220
ÇO		 1731 out:
1732 if(interfaceArray)
1733 freeifaddrs(interfaceArray);
9c83a661 1734
ae22a220
ÇO		 1735 /* close the write-end of the pipe, thus sending EOF to the reader */
1736 close(pipefd[1]);
1737 exit(ret);
6849cb5b 1738 }
9c83a661 1739
ae22a220
ÇO		 1740 /* close the write-end of the pipe */
1741 close(pipefd[1]);
1742
358afd84 1743 while (read(pipefd[0], &address, INET6_ADDRSTRLEN) == INET6_ADDRSTRLEN) {
9c88ff1f 1744 if(!add_to_array(&addresses, address, count))
ae22a220 1745 ERROR("PARENT: add_to_array failed");
9c88ff1f 1746 count++;
9c83a661
SG		 1747 }
1748
ae22a220
ÇO		 1749 if (wait_for_pid(pid) != 0) {
1750 for(i=0;i<count;i++)
1751 free(addresses[i]);
1752 free(addresses);
1753 addresses = NULL;
1754 }
9c83a661 1755
ae22a220
ÇO		 1756 /* close the read-end of the pipe */
1757 close(pipefd[0]);
9c83a661
SG		 1758
1759 /* Append NULL to the array */
9c88ff1f
ÇO		 1760 if(addresses)
1761 addresses = (char **)lxc_append_null_to_array((void **)addresses, count);
9c83a661
SG		 1762
1763 return addresses;
1764}
1765
12a50cc6 1766static int lxcapi_get_config_item(struct lxc_container *c, const char *key, char *retv, int inlen)
72d0e1cb
SG		 1767{
1768 int ret;
1769
1770 if (!c || !c->lxc_conf)
1771 return -1;
5cee8c50 1772 if (container_mem_lock(c))
72d0e1cb 1773 return -1;
72d0e1cb 1774 ret = lxc_get_config_item(c->lxc_conf, key, retv, inlen);
5cee8c50 1775 container_mem_unlock(c);
72d0e1cb
SG		 1776 return ret;
1777}
1778
8ac18377
ÇO		 1779static char* lxcapi_get_running_config_item(struct lxc_container *c, const char *key)
1780{
1781 char *ret;
1782
1783 if (!c || !c->lxc_conf)
1784 return NULL;
1785 if (container_mem_lock(c))
1786 return NULL;
1787 ret = lxc_cmd_get_config_item(c->name, key, c->get_config_path(c));
1788 container_mem_unlock(c);
1789 return ret;
1790}
1791
12a50cc6 1792static int lxcapi_get_keys(struct lxc_container *c, const char *key, char *retv, int inlen)
72d0e1cb
SG		 1793{
1794 if (!key)
1795 return lxc_listconfigs(retv, inlen);
1796 /*
1797 * Support 'lxc.network.<idx>', i.e. 'lxc.network.0'
1798 * This is an intelligent result to show which keys are valid given
1799 * the type of nic it is
1800 */
1801 if (!c || !c->lxc_conf)
1802 return -1;
5cee8c50 1803 if (container_mem_lock(c))
72d0e1cb
SG		 1804 return -1;
1805 int ret = -1;
1806 if (strncmp(key, "lxc.network.", 12) == 0)
6849cb5b 1807 ret = lxc_list_nicconfigs(c->lxc_conf, key, retv, inlen);
5cee8c50 1808 container_mem_unlock(c);
72d0e1cb
SG		 1809 return ret;
1810}
1811
12a50cc6 1812static bool lxcapi_save_config(struct lxc_container *c, const char *alt_file)
72d0e1cb 1813{
39dc698c
SH		 1814 FILE *fout;
1815 bool ret = false, need_disklock = false;
1816 int lret;
1817
72d0e1cb
SG		 1818 if (!alt_file)
1819 alt_file = c->configfile;
1820 if (!alt_file)
6849cb5b 1821 return false; // should we write to stdout if no file is specified?
39dc698c
SH		 1822
1823 // If we haven't yet loaded a config, load the stock config
1824 if (!c->lxc_conf) {
dad87e3b 1825 if (!c->load_config(c, lxc_global_config_value("lxc.default_config"))) {
959aee9c 1826 ERROR("Error loading default configuration file %s while saving %s", lxc_global_config_value("lxc.default_config"), c->name);
72d0e1cb
SG		 1827 return false;
1828 }
39dc698c 1829 }
72d0e1cb 1830
5a3d2e1e
SG		 1831 if (!create_container_dir(c))
1832 return false;
1833
39dc698c
SH		 1834 /*
1835 * If we're writing to the container's config file, take the
1836 * disk lock. Otherwise just take the memlock to protect the
1837 * struct lxc_container while we're traversing it.
1838 */
1839 if (strcmp(c->configfile, alt_file) == 0)
1840 need_disklock = true;
1841
1842 if (need_disklock)
1843 lret = container_disk_lock(c);
1844 else
1845 lret = container_mem_lock(c);
1846
1847 if (lret)
72d0e1cb 1848 return false;
39dc698c
SH		 1849
1850 fout = fopen(alt_file, "w");
1851 if (!fout)
1852 goto out;
6b0d5538 1853 write_config(fout, c->lxc_conf);
72d0e1cb 1854 fclose(fout);
39dc698c
SH		 1855 ret = true;
1856
1857out:
1858 if (need_disklock)
1859 container_disk_unlock(c);
1860 else
1861 container_mem_unlock(c);
1862 return ret;
72d0e1cb
SG		 1863}
1864
dfb31b25
SH		 1865static bool mod_rdep(struct lxc_container *c, bool inc)
1866{
1867 char path[MAXPATHLEN];
1868 int ret, v = 0;
1869 FILE *f;
1870 bool bret = false;
1871
1872 if (container_disk_lock(c))
1873 return false;
1874 ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_snapshots", c->config_path,
1875 c->name);
1876 if (ret < 0 || ret > MAXPATHLEN)
1877 goto out;
1878 f = fopen(path, "r");
1879 if (f) {
1880 ret = fscanf(f, "%d", &v);
1881 fclose(f);
1882 if (ret != 1) {
1883 ERROR("Corrupted file %s", path);
1884 goto out;
1885 }
1886 }
1887 v += inc ? 1 : -1;
1888 f = fopen(path, "w");
1889 if (!f)
1890 goto out;
1891 if (fprintf(f, "%d\n", v) < 0) {
1892 ERROR("Error writing new snapshots value");
1893 fclose(f);
1894 goto out;
1895 }
025ed0f3 1896 ret = fclose(f);
025ed0f3 1897 if (ret != 0) {
dfb31b25
SH		 1898 SYSERROR("Error writing to or closing snapshots file");
1899 goto out;
1900 }
1901
1902 bret = true;
1903
1904out:
1905 container_disk_unlock(c);
1906 return bret;
1907}
1908
1909static void strip_newline(char *p)
1910{
1911 size_t len = strlen(p);
1912 if (len < 1)
1913 return;
1914 if (p[len-1] == '\n')
1915 p[len-1] = '\0';
1916}
1917
1918static void mod_all_rdeps(struct lxc_container *c, bool inc)
1919{
1920 struct lxc_container *p;
1921 char *lxcpath = NULL, *lxcname = NULL, path[MAXPATHLEN];
1922 size_t pathlen = 0, namelen = 0;
1923 FILE *f;
1924 int ret;
1925
1926 ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_rdepends",
1927 c->config_path, c->name);
1928 if (ret < 0 || ret >= MAXPATHLEN) {
1929 ERROR("Path name too long");
1930 return;
1931 }
025ed0f3 1932 f = fopen(path, "r");
025ed0f3 1933 if (f == NULL)
dfb31b25
SH		 1934 return;
1935 while (getline(&lxcpath, &pathlen, f) != -1) {
1936 if (getline(&lxcname, &namelen, f) == -1) {
959aee9c 1937 ERROR("badly formatted file %s", path);
dfb31b25
SH		 1938 goto out;
1939 }
1940 strip_newline(lxcpath);
1941 strip_newline(lxcname);
1942 if ((p = lxc_container_new(lxcname, lxcpath)) == NULL) {
1943 ERROR("Unable to find dependent container %s:%s",
1944 lxcpath, lxcname);
1945 continue;
1946 }
1947 if (!mod_rdep(p, inc))
1948 ERROR("Failed to increase numsnapshots for %s:%s",
1949 lxcpath, lxcname);
1950 lxc_container_put(p);
1951 }
1952out:
1953 if (lxcpath) free(lxcpath);
1954 if (lxcname) free(lxcname);
1955 fclose(f);
1956}
1957
18aa217b 1958static bool has_fs_snapshots(struct lxc_container *c)
dfb31b25
SH		 1959{
1960 char path[MAXPATHLEN];
1961 int ret, v;
1962 FILE *f;
1963 bool bret = false;
1964
1965 ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_snapshots", c->config_path,
1966 c->name);
1967 if (ret < 0 || ret > MAXPATHLEN)
1968 goto out;
1969 f = fopen(path, "r");
1970 if (!f)
1971 goto out;
1972 ret = fscanf(f, "%d", &v);
1973 fclose(f);
1974 if (ret != 1)
1975 goto out;
1976 bret = v != 0;
1977
1978out:
1979 return bret;
1980}
1981
18aa217b
SH		 1982static bool has_snapshots(struct lxc_container *c)
1983{
1984 char path[MAXPATHLEN];
1985 struct dirent dirent, *direntp;
1986 int count=0;
1987 DIR *dir;
1988
1989 if (!get_snappath_dir(c, path))
1990 return false;
1991 dir = opendir(path);
1992 if (!dir)
1993 return false;
1994 while (!readdir_r(dir, &dirent, &direntp)) {
1995 if (!direntp)
1996 break;
1997
1998 if (!strcmp(direntp->d_name, "."))
1999 continue;
2000
2001 if (!strcmp(direntp->d_name, ".."))
2002 continue;
2003 count++;
2004 break;
2005 }
2006 closedir(dir);
2007 return count > 0;
2008}
2009
4355ab5f
SH		 2010static int lxc_rmdir_onedev_wrapper(void *data)
2011{
2012 char *arg = (char *) data;
18aa217b 2013 return lxc_rmdir_onedev(arg, "snaps");
4355ab5f
SH		 2014}
2015
44a706bd
SH		 2016static int do_bdev_destroy(struct lxc_conf *conf)
2017{
2018 struct bdev *r;
2019 int ret = 0;
2020
76a26f55 2021 r = bdev_init(conf, conf->rootfs.path, conf->rootfs.mount, NULL);
44a706bd
SH		 2022 if (!r)
2023 return -1;
2024
2025 if (r->ops->destroy(r) < 0)
2026 ret = -1;
2027 bdev_put(r);
2028 return ret;
2029}
2030
2031static int bdev_destroy_wrapper(void *data)
2032{
2033 struct lxc_conf *conf = data;
2034
2035 if (setgid(0) < 0) {
2036 ERROR("Failed to setgid to 0");
2037 return -1;
2038 }
2039 if (setgroups(0, NULL) < 0)
2040 WARN("Failed to clear groups");
2041 if (setuid(0) < 0) {
2042 ERROR("Failed to setuid to 0");
2043 return -1;
2044 }
2045 return do_bdev_destroy(conf);
2046}
2047
18aa217b 2048static bool container_destroy(struct lxc_container *c)
72d0e1cb 2049{
c868b261 2050 bool bret = false;
fef48dc9 2051 int ret;
72d0e1cb 2052
1897e3bc 2053 if (!c || !lxcapi_is_defined(c))
5a3d2e1e
SG		 2054 return false;
2055
3bc449ed 2056 if (container_disk_lock(c))
72d0e1cb 2057 return false;
72d0e1cb 2058
39dc698c 2059 if (!is_stopped(c)) {
60bf62d4
SH		 2060 // we should queue some sort of error - in c->error_string?
2061 ERROR("container %s is not stopped", c->name);
2062 goto out;
72d0e1cb
SG		 2063 }
2064
44a706bd
SH		 2065 if (c->lxc_conf && c->lxc_conf->rootfs.path && c->lxc_conf->rootfs.mount) {
2066 if (am_unpriv())
2067 ret = userns_exec_1(c->lxc_conf, bdev_destroy_wrapper, c->lxc_conf);
2068 else
2069 ret = do_bdev_destroy(c->lxc_conf);
2070 if (ret < 0) {
2071 ERROR("Error destroying rootfs for %s", c->name);
2072 goto out;
60bf62d4
SH		 2073 }
2074 }
2075
dfb31b25
SH		 2076 mod_all_rdeps(c, false);
2077
60bf62d4
SH		 2078 const char *p1 = lxcapi_get_config_path(c);
2079 char *path = alloca(strlen(p1) + strlen(c->name) + 2);
2080 sprintf(path, "%s/%s", p1, c->name);
c868b261 2081 if (am_unpriv())
4355ab5f
SH		 2082 ret = userns_exec_1(c->lxc_conf, lxc_rmdir_onedev_wrapper, path);
2083 else
18aa217b 2084 ret = lxc_rmdir_onedev(path, "snaps");
4355ab5f 2085 if (ret < 0) {
60bf62d4
SH		 2086 ERROR("Error destroying container directory for %s", c->name);
2087 goto out;
2088 }
fef48dc9 2089 bret = true;
60bf62d4
SH		 2090
2091out:
3bc449ed 2092 container_disk_unlock(c);
fef48dc9 2093 return bret;
72d0e1cb
SG		 2094}
2095
18aa217b
SH		 2096static bool lxcapi_destroy(struct lxc_container *c)
2097{
2098 if (!c || !lxcapi_is_defined(c))
2099 return false;
2100 if (has_snapshots(c)) {
2101 ERROR("Container %s has snapshots; not removing", c->name);
2102 return false;
2103 }
2104
2105 if (has_fs_snapshots(c)) {
2106 ERROR("container %s has snapshots on its rootfs", c->name);
2107 return false;
2108 }
2109
2110 return container_destroy(c);
2111}
2112
2113static bool lxcapi_snapshot_destroy_all(struct lxc_container *c);
2114
2115static bool lxcapi_destroy_with_snapshots(struct lxc_container *c)
2116{
2117 if (!c || !lxcapi_is_defined(c))
2118 return false;
2119 if (!lxcapi_snapshot_destroy_all(c)) {
2120 ERROR("Error deleting all snapshots");
2121 return false;
2122 }
2123 return lxcapi_destroy(c);
2124}
2125
96532523
SH		 2126static bool set_config_item_locked(struct lxc_container *c, const char *key, const char *v)
2127{
2128 struct lxc_config_t *config;
2129
2130 if (!c->lxc_conf)
2131 c->lxc_conf = lxc_conf_init();
6b0d5538 2132 if (!c->lxc_conf)
96532523
SH		 2133 return false;
2134 config = lxc_getconfig(key);
2135 if (!config)
2136 return false;
6b0d5538 2137 if (config->cb(key, v, c->lxc_conf) != 0)
f979ac15 2138 return false;
6b0d5538 2139 return do_append_unexp_config_line(c->lxc_conf, key, v);
96532523
SH		 2140}
2141
12a50cc6 2142static bool lxcapi_set_config_item(struct lxc_container *c, const char *key, const char *v)
72d0e1cb 2143{
72d0e1cb 2144 bool b = false;
72d0e1cb
SG		 2145
2146 if (!c)
2147 return false;
2148
5cee8c50 2149 if (container_mem_lock(c))
72d0e1cb
SG		 2150 return false;
2151
96532523 2152 b = set_config_item_locked(c, key, v);
72d0e1cb 2153
5cee8c50 2154 container_mem_unlock(c);
72d0e1cb
SG		 2155 return b;
2156}
2157
2158static char *lxcapi_config_file_name(struct lxc_container *c)
2159{
2160 if (!c || !c->configfile)
2161 return NULL;
2162 return strdup(c->configfile);
2163}
2164
2a59a681
SH		 2165static const char *lxcapi_get_config_path(struct lxc_container *c)
2166{
2167 if (!c || !c->config_path)
2168 return NULL;
2169 return (const char *)(c->config_path);
2170}
2171
afeecbba
SH		 2172/*
2173 * not for export
2174 * Just recalculate the c->configfile based on the
2175 * c->config_path, which must be set.
2176 * The lxc_container must be locked or not yet public.
2177 */
2178static bool set_config_filename(struct lxc_container *c)
2179{
2180 char *newpath;
2181 int len, ret;
2182
2183 if (!c->config_path)
2184 return false;
2185
2186 /* $lxc_path + "/" + c->name + "/" + "config" + '\0' */
2187 len = strlen(c->config_path) + strlen(c->name) + strlen("config") + 3;
2188 newpath = malloc(len);
2189 if (!newpath)
2190 return false;
2191
2192 ret = snprintf(newpath, len, "%s/%s/config", c->config_path, c->name);
2193 if (ret < 0 || ret >= len) {
2194 fprintf(stderr, "Error printing out config file name\n");
2195 free(newpath);
2196 return false;
2197 }
2198
2199 if (c->configfile)
2200 free(c->configfile);
2201 c->configfile = newpath;
2202
2203 return true;
2204}
2205
2a59a681
SH		 2206static bool lxcapi_set_config_path(struct lxc_container *c, const char *path)
2207{
2208 char *p;
2209 bool b = false;
afeecbba 2210 char *oldpath = NULL;
2a59a681
SH		 2211
2212 if (!c)
2213 return b;
2214
5cee8c50 2215 if (container_mem_lock(c))
2a59a681
SH		 2216 return b;
2217
2218 p = strdup(path);
afeecbba
SH		 2219 if (!p) {
2220 ERROR("Out of memory setting new lxc path");
2a59a681 2221 goto err;
afeecbba
SH		 2222 }
2223
2a59a681
SH		 2224 b = true;
2225 if (c->config_path)
afeecbba 2226 oldpath = c->config_path;
2a59a681 2227 c->config_path = p;
afeecbba
SH		 2228
2229 /* Since we've changed the config path, we have to change the
2230 * config file name too */
2231 if (!set_config_filename(c)) {
2232 ERROR("Out of memory setting new config filename");
2233 b = false;
2234 free(c->config_path);
2235 c->config_path = oldpath;
2236 oldpath = NULL;
2237 }
2a59a681 2238err:
afeecbba
SH		 2239 if (oldpath)
2240 free(oldpath);
5cee8c50 2241 container_mem_unlock(c);
2a59a681
SH		 2242 return b;
2243}
2244
2245
794dd120
SH		 2246static bool lxcapi_set_cgroup_item(struct lxc_container *c, const char *subsys, const char *value)
2247{
2248 int ret;
794dd120
SH		 2249
2250 if (!c)
2251 return false;
2252
3bc449ed 2253 if (is_stopped(c))
794dd120
SH		 2254 return false;
2255
3bc449ed
SH		 2256 if (container_disk_lock(c))
2257 return false;
794dd120 2258
33ad9f1a 2259 ret = lxc_cgroup_set(subsys, value, c->name, c->config_path);
3bc449ed
SH		 2260
2261 container_disk_unlock(c);
2262 return ret == 0;
794dd120
SH		 2263}
2264
2265static int lxcapi_get_cgroup_item(struct lxc_container *c, const char *subsys, char *retv, int inlen)
2266{
3bc449ed 2267 int ret;
794dd120 2268
6502006a 2269 if (!c)
794dd120
SH		 2270 return -1;
2271
3bc449ed 2272 if (is_stopped(c))
794dd120
SH		 2273 return -1;
2274
3bc449ed
SH		 2275 if (container_disk_lock(c))
2276 return -1;
794dd120 2277
33ad9f1a 2278 ret = lxc_cgroup_get(subsys, retv, inlen, c->name, c->config_path);
794dd120 2279
3bc449ed 2280 container_disk_unlock(c);
794dd120
SH		 2281 return ret;
2282}
2283
593e8478 2284const char *lxc_get_global_config_item(const char *key)
83c98d82 2285{
593e8478 2286 return lxc_global_config_value(key);
a8428dfa
SH		 2287}
2288
b6b918a1
SG		 2289const char *lxc_get_version(void)
2290{
95ee490b 2291 return LXC_VERSION;
b6b918a1
SG		 2292}
2293
f0ca2726 2294static int copy_file(const char *old, const char *new)
9be53773
SH		 2295{
2296 int in, out;
2297 ssize_t len, ret;
2298 char buf[8096];
2299 struct stat sbuf;
2300
2301 if (file_exists(new)) {
2302 ERROR("copy destination %s exists", new);
2303 return -1;
2304 }
2305 ret = stat(old, &sbuf);
2306 if (ret < 0) {
dfb31b25 2307 INFO("Error stat'ing %s", old);
9be53773
SH		 2308 return -1;
2309 }
2310
2311 in = open(old, O_RDONLY);
2312 if (in < 0) {
dfb31b25 2313 SYSERROR("Error opening original file %s", old);
9be53773
SH		 2314 return -1;
2315 }
2316 out = open(new, O_CREAT | O_EXCL | O_WRONLY, 0644);
2317 if (out < 0) {
dfb31b25 2318 SYSERROR("Error opening new file %s", new);
9be53773
SH		 2319 close(in);
2320 return -1;
2321 }
2322
2323 while (1) {
2324 len = read(in, buf, 8096);
2325 if (len < 0) {
dfb31b25 2326 SYSERROR("Error reading old file %s", old);
9be53773
SH		 2327 goto err;
2328 }
2329 if (len == 0)
2330 break;
2331 ret = write(out, buf, len);
6849cb5b 2332 if (ret < len) { // should we retry?
dfb31b25 2333 SYSERROR("Error: write to new file %s was interrupted", new);
9be53773
SH		 2334 goto err;
2335 }
2336 }
2337 close(in);
2338 close(out);
2339
2340 // we set mode, but not owner/group
2341 ret = chmod(new, sbuf.st_mode);
2342 if (ret) {
dfb31b25 2343 SYSERROR("Error setting mode on %s", new);
9be53773
SH		 2344 return -1;
2345 }
2346
2347 return 0;
2348
2349err:
2350 close(in);
2351 close(out);
2352 return -1;
2353}
2354
9be53773
SH		 2355static int copyhooks(struct lxc_container *oldc, struct lxc_container *c)
2356{
619256b5 2357 int i, len, ret;
9be53773 2358 struct lxc_list *it;
619256b5
ÇO		 2359 char *cpath;
2360
2361 len = strlen(oldc->config_path) + strlen(oldc->name) + 3;
2362 cpath = alloca(len);
2363 ret = snprintf(cpath, len, "%s/%s/", oldc->config_path, oldc->name);
2364 if (ret < 0 || ret >= len)
2365 return -1;
9be53773
SH		 2366
2367 for (i=0; i<NUM_LXC_HOOKS; i++) {
2368 lxc_list_for_each(it, &c->lxc_conf->hooks[i]) {
2369 char *hookname = it->elem;
c32981c3 2370 char *fname = strrchr(hookname, '/');
9be53773
SH		 2371 char tmppath[MAXPATHLEN];
2372 if (!fname) // relative path - we don't support, but maybe we should
2373 return 0;
619256b5
ÇO		 2374 if (strncmp(hookname, cpath, len - 1) != 0) {
2375 // this hook is public - ignore
2376 continue;
2377 }
9be53773
SH		 2378 // copy the script, and change the entry in confile
2379 ret = snprintf(tmppath, MAXPATHLEN, "%s/%s/%s",
2380 c->config_path, c->name, fname+1);
2381 if (ret < 0 || ret >= MAXPATHLEN)
2382 return -1;
2383 ret = copy_file(it->elem, tmppath);
2384 if (ret < 0)
2385 return -1;
2386 free(it->elem);
2387 it->elem = strdup(tmppath);
2388 if (!it->elem) {
2389 ERROR("out of memory copying hook path");
2390 return -1;
2391 }
9be53773
SH		 2392 }
2393 }
2394
67702c21
SH		 2395 if (!clone_update_unexp_hooks(c->lxc_conf, oldc->config_path,
2396 c->config_path, oldc->name, c->name)) {
6b0d5538
SH		 2397 ERROR("Error saving new hooks in clone");
2398 return -1;
2399 }
9be53773
SH		 2400 c->save_config(c, NULL);
2401 return 0;
2402}
2403
9be53773
SH		 2404
2405static int copy_fstab(struct lxc_container *oldc, struct lxc_container *c)
2406{
2407 char newpath[MAXPATHLEN];
2408 char *oldpath = oldc->lxc_conf->fstab;
2409 int ret;
2410
2411 if (!oldpath)
2412 return 0;
2413
6b0d5538
SH		 2414 clear_unexp_config_line(c->lxc_conf, "lxc.mount", false);
2415
c32981c3 2416 char *p = strrchr(oldpath, '/');
9be53773
SH		 2417 if (!p)
2418 return -1;
2419 ret = snprintf(newpath, MAXPATHLEN, "%s/%s%s",
2420 c->config_path, c->name, p);
2421 if (ret < 0 || ret >= MAXPATHLEN) {
2422 ERROR("error printing new path for %s", oldpath);
2423 return -1;
2424 }
2425 if (file_exists(newpath)) {
2426 ERROR("error: fstab file %s exists", newpath);
2427 return -1;
2428 }
2429
2430 if (copy_file(oldpath, newpath) < 0) {
2431 ERROR("error: copying %s to %s", oldpath, newpath);
2432 return -1;
2433 }
2434 free(c->lxc_conf->fstab);
2435 c->lxc_conf->fstab = strdup(newpath);
2436 if (!c->lxc_conf->fstab) {
2437 ERROR("error: allocating pathname");
2438 return -1;
2439 }
6b0d5538
SH		 2440 if (!do_append_unexp_config_line(c->lxc_conf, "lxc.mount", newpath)) {
2441 ERROR("error saving new lxctab");
2442 return -1;
2443 }
9be53773
SH		 2444
2445 return 0;
2446}
2447
dfb31b25
SH		 2448static void copy_rdepends(struct lxc_container *c, struct lxc_container *c0)
2449{
2450 char path0[MAXPATHLEN], path1[MAXPATHLEN];
2451 int ret;
2452
2453 ret = snprintf(path0, MAXPATHLEN, "%s/%s/lxc_rdepends", c0->config_path,
2454 c0->name);
2455 if (ret < 0 || ret >= MAXPATHLEN) {
2456 WARN("Error copying reverse dependencies");
2457 return;
2458 }
2459 ret = snprintf(path1, MAXPATHLEN, "%s/%s/lxc_rdepends", c->config_path,
2460 c->name);
2461 if (ret < 0 || ret >= MAXPATHLEN) {
2462 WARN("Error copying reverse dependencies");
2463 return;
2464 }
2465 if (copy_file(path0, path1) < 0) {
2466 INFO("Error copying reverse dependencies");
2467 return;
2468 }
2469}
2470
2471static bool add_rdepends(struct lxc_container *c, struct lxc_container *c0)
2472{
2473 int ret;
2474 char path[MAXPATHLEN];
2475 FILE *f;
2476 bool bret;
2477
2478 ret = snprintf(path, MAXPATHLEN, "%s/%s/lxc_rdepends", c->config_path,
2479 c->name);
2480 if (ret < 0 || ret >= MAXPATHLEN)
2481 return false;
2482 f = fopen(path, "a");
2483 if (!f)
2484 return false;
2485 bret = true;
2486 // if anything goes wrong, just return an error
2487 if (fprintf(f, "%s\n%s\n", c0->config_path, c0->name) < 0)
2488 bret = false;
2489 if (fclose(f) != 0)
2490 bret = false;
2491 return bret;
2492}
2493
9be53773 2494static int copy_storage(struct lxc_container *c0, struct lxc_container *c,
d659597e 2495 const char *newtype, int flags, const char *bdevdata, uint64_t newsize)
9be53773
SH		 2496{
2497 struct bdev *bdev;
dfb31b25 2498 int need_rdep;
9be53773 2499
1354955b 2500 bdev = bdev_copy(c0, c->name, c->config_path, newtype, flags,
dfb31b25 2501 bdevdata, newsize, &need_rdep);
9be53773 2502 if (!bdev) {
dfb31b25 2503 ERROR("Error copying storage");
9be53773
SH		 2504 return -1;
2505 }
2506 free(c->lxc_conf->rootfs.path);
2507 c->lxc_conf->rootfs.path = strdup(bdev->src);
2508 bdev_put(bdev);
dfb31b25
SH		 2509 if (!c->lxc_conf->rootfs.path) {
2510 ERROR("Out of memory while setting storage path");
9be53773 2511 return -1;
dfb31b25 2512 }
6b0d5538
SH		 2513 // We will simply append a new lxc.rootfs entry to the unexpanded config
2514 clear_unexp_config_line(c->lxc_conf, "lxc.rootfs", false);
2515 if (!do_append_unexp_config_line(c->lxc_conf, "lxc.rootfs", c->lxc_conf->rootfs.path)) {
2516 ERROR("Error saving new rootfs to cloend config");
d0218321
SH		 2517 return -1;
2518 }
eee59f94
SH		 2519 if (flags & LXC_CLONE_SNAPSHOT)
2520 copy_rdepends(c, c0);
dfb31b25
SH		 2521 if (need_rdep) {
2522 if (!add_rdepends(c, c0))
2523 WARN("Error adding reverse dependency from %s to %s",
2524 c->name, c0->name);
2525 }
2526
2527 mod_all_rdeps(c, true);
2528
9be53773
SH		 2529 return 0;
2530}
2531
1354955b
SH		 2532struct clone_update_data {
2533 struct lxc_container *c0;
2534 struct lxc_container *c1;
2535 int flags;
2536 char **hookargs;
2537};
2538
2539static int clone_update_rootfs(struct clone_update_data *data)
9be53773 2540{
1354955b
SH		 2541 struct lxc_container *c0 = data->c0;
2542 struct lxc_container *c = data->c1;
2543 int flags = data->flags;
2544 char **hookargs = data->hookargs;
9be53773
SH		 2545 int ret = -1;
2546 char path[MAXPATHLEN];
2547 struct bdev *bdev;
2548 FILE *fout;
148e91f5 2549 struct lxc_conf *conf = c->lxc_conf;
9be53773
SH		 2550
2551 /* update hostname in rootfs */
2552 /* we're going to mount, so run in a clean namespace to simplify cleanup */
2553
1354955b
SH		 2554 if (setgid(0) < 0) {
2555 ERROR("Failed to setgid to 0");
2556 return -1;
2557 }
2558 if (setuid(0) < 0) {
2559 ERROR("Failed to setuid to 0");
9be53773 2560 return -1;
1354955b 2561 }
c476bdce
SH		 2562 if (setgroups(0, NULL) < 0)
2563 WARN("Failed to clear groups");
9be53773 2564
1354955b
SH		 2565 if (unshare(CLONE_NEWNS) < 0)
2566 return -1;
76a26f55 2567 bdev = bdev_init(c->lxc_conf, c->lxc_conf->rootfs.path, c->lxc_conf->rootfs.mount, NULL);
9be53773 2568 if (!bdev)
1354955b 2569 return -1;
cf3ef16d
SH		 2570 if (strcmp(bdev->type, "dir") != 0) {
2571 if (unshare(CLONE_NEWNS) < 0) {
2572 ERROR("error unsharing mounts");
e7de366c 2573 bdev_put(bdev);
1354955b 2574 return -1;
cf3ef16d 2575 }
2c6f3fc9
SH		 2576 if (detect_shared_rootfs()) {
2577 if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) {
2578 SYSERROR("Failed to make / rslave");
2579 ERROR("Continuing...");
2580 }
2581 }
e7de366c
SG		 2582 if (bdev->ops->mount(bdev) < 0) {
2583 bdev_put(bdev);
1354955b 2584 return -1;
e7de366c 2585 }
cf3ef16d
SH		 2586 } else { // TODO come up with a better way
2587 if (bdev->dest)
2588 free(bdev->dest);
2589 bdev->dest = strdup(bdev->src);
2590 }
148e91f5
SH		 2591
2592 if (!lxc_list_empty(&conf->hooks[LXCHOOK_CLONE])) {
2593 /* Start of environment variable setup for hooks */
1143ed39
DE		 2594 if (setenv("LXC_SRC_NAME", c0->name, 1)) {
2595 SYSERROR("failed to set environment variable for source container name");
2596 }
148e91f5
SH		 2597 if (setenv("LXC_NAME", c->name, 1)) {
2598 SYSERROR("failed to set environment variable for container name");
2599 }
2600 if (setenv("LXC_CONFIG_FILE", conf->rcfile, 1)) {
2601 SYSERROR("failed to set environment variable for config path");
2602 }
24ef39f4 2603 if (setenv("LXC_ROOTFS_MOUNT", bdev->dest, 1)) {
148e91f5
SH		 2604 SYSERROR("failed to set environment variable for rootfs mount");
2605 }
2606 if (setenv("LXC_ROOTFS_PATH", conf->rootfs.path, 1)) {
2607 SYSERROR("failed to set environment variable for rootfs mount");
2608 }
2609
283678ed 2610 if (run_lxc_hooks(c->name, "clone", conf, c->get_config_path(c), hookargs)) {
148e91f5 2611 ERROR("Error executing clone hook for %s", c->name);
e7de366c 2612 bdev_put(bdev);
1354955b 2613 return -1;
148e91f5
SH		 2614 }
2615 }
2616
2617 if (!(flags & LXC_CLONE_KEEPNAME)) {
2618 ret = snprintf(path, MAXPATHLEN, "%s/etc/hostname", bdev->dest);
e7de366c
SG		 2619 bdev_put(bdev);
2620
148e91f5 2621 if (ret < 0 || ret >= MAXPATHLEN)
1354955b 2622 return -1;
8058be39 2623 if (!file_exists(path))
1354955b 2624 return 0;
148e91f5 2625 if (!(fout = fopen(path, "w"))) {
959aee9c 2626 SYSERROR("unable to open %s: ignoring", path);
1354955b 2627 return 0;
148e91f5 2628 }
a684f0b7
ÇO		 2629 if (fprintf(fout, "%s", c->name) < 0) {
2630 fclose(fout);
1354955b 2631 return -1;
6849cb5b 2632 }
148e91f5 2633 if (fclose(fout) < 0)
1354955b 2634 return -1;
9be53773 2635 }
e7de366c
SG		 2636 else
2637 bdev_put(bdev);
2638
1354955b
SH		 2639 return 0;
2640}
2641
2642static int clone_update_rootfs_wrapper(void *data)
2643{
2644 struct clone_update_data *arg = (struct clone_update_data *) data;
2645 return clone_update_rootfs(arg);
9be53773
SH		 2646}
2647
2648/*
2649 * We want to support:
2650sudo lxc-clone -o o1 -n n1 -s -L|-fssize fssize -v|--vgname vgname \
2651 -p|--lvprefix lvprefix -t|--fstype fstype -B backingstore
2652
2653-s [ implies overlayfs]
2654-s -B overlayfs
2655-s -B aufs
2656
2657only rootfs gets converted (copied/snapshotted) on clone.
2658*/
2659
d5752559 2660static int create_file_dirname(char *path, struct lxc_conf *conf)
9be53773 2661{
c32981c3 2662 char *p = strrchr(path, '/');
d5752559 2663 int ret = -1;
9be53773
SH		 2664
2665 if (!p)
2666 return -1;
2667 *p = '\0';
d5752559 2668 ret = do_create_container_dir(path, conf);
9be53773
SH		 2669 *p = '/';
2670 return ret;
2671}
2672
74a3920a 2673static struct lxc_container *lxcapi_clone(struct lxc_container *c, const char *newname,
9be53773 2674 const char *lxcpath, int flags,
d659597e 2675 const char *bdevtype, const char *bdevdata, uint64_t newsize,
148e91f5 2676 char **hookargs)
9be53773
SH		 2677{
2678 struct lxc_container *c2 = NULL;
2679 char newpath[MAXPATHLEN];
176d9acb 2680 int ret, storage_copied = 0;
8d2efe40 2681 char *origroot = NULL;
1354955b 2682 struct clone_update_data data;
9be53773 2683 FILE *fout;
1354955b 2684 pid_t pid;
9be53773
SH		 2685
2686 if (!c || !c->is_defined(c))
2687 return NULL;
2688
5cee8c50 2689 if (container_mem_lock(c))
9be53773
SH		 2690 return NULL;
2691
39dc698c 2692 if (!is_stopped(c)) {
9be53773
SH		 2693 ERROR("error: Original container (%s) is running", c->name);
2694 goto out;
2695 }
2696
2697 // Make sure the container doesn't yet exist.
05d53f4c
SH		 2698 if (!newname)
2699 newname = c->name;
2700 if (!lxcpath)
2701 lxcpath = c->get_config_path(c);
2702 ret = snprintf(newpath, MAXPATHLEN, "%s/%s/config", lxcpath, newname);
6849cb5b 2703 if (ret < 0 || ret >= MAXPATHLEN) {
9be53773
SH		 2704 SYSERROR("clone: failed making config pathname");
2705 goto out;
2706 }
2707 if (file_exists(newpath)) {
2708 ERROR("error: clone: %s exists", newpath);
2709 goto out;
2710 }
2711
d5752559 2712 ret = create_file_dirname(newpath, c->lxc_conf);
96532523 2713 if (ret < 0 && errno != EEXIST) {
9be53773
SH		 2714 ERROR("Error creating container dir for %s", newpath);
2715 goto out;
2716 }
2717
2718 // copy the configuration, tweak it as needed,
8d2efe40
SH		 2719 if (c->lxc_conf->rootfs.path) {
2720 origroot = c->lxc_conf->rootfs.path;
2721 c->lxc_conf->rootfs.path = NULL;
2722 }
9be53773
SH		 2723 fout = fopen(newpath, "w");
2724 if (!fout) {
2725 SYSERROR("open %s", newpath);
2726 goto out;
2727 }
6b0d5538 2728 write_config(fout, c->lxc_conf);
9be53773 2729 fclose(fout);
8d2efe40 2730 c->lxc_conf->rootfs.path = origroot;
9be53773 2731
05d53f4c 2732 sprintf(newpath, "%s/%s/rootfs", lxcpath, newname);
9be53773
SH		 2733 if (mkdir(newpath, 0755) < 0) {
2734 SYSERROR("error creating %s", newpath);
2735 goto out;
2736 }
2737
1354955b
SH		 2738 if (am_unpriv()) {
2739 if (chown_mapped_root(newpath, c->lxc_conf) < 0) {
959aee9c 2740 ERROR("Error chowning %s to container root", newpath);
1354955b
SH		 2741 goto out;
2742 }
2743 }
2744
05d53f4c 2745 c2 = lxc_container_new(newname, lxcpath);
375c2258 2746 if (!c2) {
05d53f4c
SH		 2747 ERROR("clone: failed to create new container (%s %s)", newname,
2748 lxcpath);
9be53773
SH		 2749 goto out;
2750 }
8d2efe40
SH		 2751
2752 // copy/snapshot rootfs's
2753 ret = copy_storage(c, c2, bdevtype, flags, bdevdata, newsize);
2754 if (ret < 0)
2755 goto out;
9be53773 2756
6b0d5538
SH		 2757 clear_unexp_config_line(c2->lxc_conf, "lxc.utsname", false);
2758
96532523
SH		 2759 // update utsname
2760 if (!set_config_item_locked(c2, "lxc.utsname", newname)) {
2761 ERROR("Error setting new hostname");
2762 goto out;
2763 }
2764
619256b5
ÇO		 2765 // copy hooks
2766 ret = copyhooks(c, c2);
2767 if (ret < 0) {
2768 ERROR("error copying hooks");
2769 goto out;
9be53773
SH		 2770 }
2771
2772 if (copy_fstab(c, c2) < 0) {
2773 ERROR("error copying fstab");
9be53773
SH		 2774 goto out;
2775 }
2776
2777 // update macaddrs
6b0d5538 2778 if (!(flags & LXC_CLONE_KEEPMACADDR)) {
67702c21
SH		 2779 if (!network_new_hwaddrs(c2->lxc_conf)) {
2780 ERROR("Error updating mac addresses");
6b0d5538
SH		 2781 goto out;
2782 }
2783 }
9be53773 2784
176d9acb
SH		 2785 // We've now successfully created c2's storage, so clear it out if we
2786 // fail after this
2787 storage_copied = 1;
2788
375c2258 2789 if (!c2->save_config(c2, NULL))
9be53773 2790 goto out;
9be53773 2791
1354955b
SH		 2792 if ((pid = fork()) < 0) {
2793 SYSERROR("fork");
9be53773 2794 goto out;
1354955b
SH		 2795 }
2796 if (pid > 0) {
2797 ret = wait_for_pid(pid);
2798 if (ret)
2799 goto out;
2800 container_mem_unlock(c);
2801 return c2;
2802 }
2803 data.c0 = c;
2804 data.c1 = c2;
2805 data.flags = flags;
2806 data.hookargs = hookargs;
2807 if (am_unpriv())
2808 ret = userns_exec_1(c->lxc_conf, clone_update_rootfs_wrapper,
2809 &data);
2810 else
2811 ret = clone_update_rootfs(&data);
2812 if (ret < 0)
2813 exit(1);
9be53773 2814
5cee8c50 2815 container_mem_unlock(c);
1354955b 2816 exit(0);
9be53773
SH		 2817
2818out:
5cee8c50 2819 container_mem_unlock(c);
375c2258 2820 if (c2) {
176d9acb
SH		 2821 if (!storage_copied)
2822 c2->lxc_conf->rootfs.path = NULL;
375c2258 2823 c2->destroy(c2);
9be53773 2824 lxc_container_put(c2);
375c2258 2825 }
9be53773
SH		 2826
2827 return NULL;
2828}
2829
06e5650e
ÇO		 2830static bool lxcapi_rename(struct lxc_container *c, const char *newname)
2831{
2832 struct bdev *bdev;
2833 struct lxc_container *newc;
06e5650e 2834
d693cf93 2835 if (!c || !c->name || !c->config_path || !c->lxc_conf)
06e5650e
ÇO		 2836 return false;
2837
18aa217b
SH		 2838 if (has_fs_snapshots(c) || has_snapshots(c)) {
2839 ERROR("Renaming a container with snapshots is not supported");
2840 return false;
2841 }
76a26f55 2842 bdev = bdev_init(c->lxc_conf, c->lxc_conf->rootfs.path, c->lxc_conf->rootfs.mount, NULL);
06e5650e
ÇO		 2843 if (!bdev) {
2844 ERROR("Failed to find original backing store type");
2845 return false;
2846 }
2847
619256b5 2848 newc = lxcapi_clone(c, newname, c->config_path, LXC_CLONE_KEEPMACADDR, NULL, bdev->type, 0, NULL);
06e5650e
ÇO		 2849 bdev_put(bdev);
2850 if (!newc) {
2851 lxc_container_put(newc);
2852 return false;
2853 }
2854
2855 if (newc && lxcapi_is_defined(newc))
2856 lxc_container_put(newc);
2857
18aa217b 2858 if (!container_destroy(c)) {
06e5650e
ÇO		 2859 ERROR("Could not destroy existing container %s", c->name);
2860 return false;
2861 }
2862 return true;
2863}
2864
a0e93eeb
CS		 2865static int lxcapi_attach(struct lxc_container *c, lxc_attach_exec_t exec_function, void *exec_payload, lxc_attach_options_t *options, pid_t *attached_process)
2866{
2867 if (!c)
2868 return -1;
2869
2870 return lxc_attach(c->name, c->config_path, exec_function, exec_payload, options, attached_process);
2871}
2872
2873static int lxcapi_attach_run_wait(struct lxc_container *c, lxc_attach_options_t *options, const char *program, const char * const argv[])
2874{
2875 lxc_attach_command_t command;
2876 pid_t pid;
2877 int r;
2878
2879 if (!c)
2880 return -1;
2881
2882 command.program = (char*)program;
2883 command.argv = (char**)argv;
2884 r = lxc_attach(c->name, c->config_path, lxc_attach_run_command, &command, options, &pid);
2885 if (r < 0) {
2886 ERROR("ups");
2887 return r;
2888 }
2889 return lxc_wait_for_pid_status(pid);
2890}
2891
74a3920a 2892static int get_next_index(const char *lxcpath, char *cname)
f5dd1d53
SH		 2893{
2894 char *fname;
2895 struct stat sb;
2896 int i = 0, ret;
2897
2898 fname = alloca(strlen(lxcpath) + 20);
2899 while (1) {
2900 sprintf(fname, "%s/snap%d", lxcpath, i);
2901 ret = stat(fname, &sb);
2902 if (ret != 0)
2903 return i;
2904 i++;
2905 }
2906}
2907
18aa217b
SH		 2908static bool get_snappath_dir(struct lxc_container *c, char *snappath)
2909{
2910 int ret;
2911 /*
2912 * If the old style snapshot path exists, use it
2913 * /var/lib/lxc -> /var/lib/lxcsnaps
2914 */
2915 ret = snprintf(snappath, MAXPATHLEN, "%ssnaps", c->config_path);
2916 if (ret < 0 || ret >= MAXPATHLEN)
2917 return false;
2918 if (dir_exists(snappath)) {
2919 ret = snprintf(snappath, MAXPATHLEN, "%ssnaps/%s", c->config_path, c->name);
2920 if (ret < 0 || ret >= MAXPATHLEN)
2921 return false;
2922 return true;
2923 }
2924
2925 /*
2926 * Use the new style path
2927 * /var/lib/lxc -> /var/lib/lxc + c->name + /snaps + \0
2928 */
2929 ret = snprintf(snappath, MAXPATHLEN, "%s/%s/snaps", c->config_path, c->name);
2930 if (ret < 0 || ret >= MAXPATHLEN)
2931 return false;
2932 return true;
2933}
2934
f0ca2726 2935static int lxcapi_snapshot(struct lxc_container *c, const char *commentfile)
f5dd1d53
SH		 2936{
2937 int i, flags, ret;
2938 struct lxc_container *c2;
2939 char snappath[MAXPATHLEN], newname[20];
2940
840f05df
SH		 2941 if (!c || !lxcapi_is_defined(c))
2942 return -1;
2943
cdd01be2
SH		 2944 if (!bdev_can_backup(c->lxc_conf)) {
2945 ERROR("%s's backing store cannot be backed up.", c->name);
2946 ERROR("Your container must use another backing store type.");
2947 return -1;
2948 }
2949
18aa217b 2950 if (!get_snappath_dir(c, snappath))
f5dd1d53 2951 return -1;
18aa217b 2952
f5dd1d53
SH		 2953 i = get_next_index(snappath, c->name);
2954
2955 if (mkdir_p(snappath, 0755) < 0) {
2956 ERROR("Failed to create snapshot directory %s", snappath);
2957 return -1;
2958 }
2959
2960 ret = snprintf(newname, 20, "snap%d", i);
2961 if (ret < 0 || ret >= 20)
2962 return -1;
2963
0a83cbbb
SH		 2964 /*
2965 * We pass LXC_CLONE_SNAPSHOT to make sure that a rdepends file entry is
2966 * created in the original container
2967 */
2968 flags = LXC_CLONE_SNAPSHOT | LXC_CLONE_KEEPMACADDR | LXC_CLONE_KEEPNAME |
2969 LXC_CLONE_KEEPBDEVTYPE | LXC_CLONE_MAYBE_SNAPSHOT;
76a26f55 2970 if (bdev_is_dir(c->lxc_conf, c->lxc_conf->rootfs.path)) {
8c39f7a4
SH		 2971 ERROR("Snapshot of directory-backed container requested.");
2972 ERROR("Making a copy-clone. If you do want snapshots, then");
1f92162d 2973 ERROR("please create an aufs or overlayfs clone first, snapshot that");
8c39f7a4
SH		 2974 ERROR("and keep the original container pristine.");
2975 flags &= ~LXC_CLONE_SNAPSHOT | LXC_CLONE_MAYBE_SNAPSHOT;
2976 }
f5dd1d53
SH		 2977 c2 = c->clone(c, newname, snappath, flags, NULL, NULL, 0, NULL);
2978 if (!c2) {
959aee9c 2979 ERROR("clone of %s:%s failed", c->config_path, c->name);
f5dd1d53
SH		 2980 return -1;
2981 }
2982
2983 lxc_container_put(c2);
2984
2985 // Now write down the creation time
2986 time_t timer;
2987 char buffer[25];
2988 struct tm* tm_info;
025ed0f3 2989 FILE *f;
f5dd1d53
SH		 2990
2991 time(&timer);
2992 tm_info = localtime(&timer);
2993
2994 strftime(buffer, 25, "%Y:%m:%d %H:%M:%S", tm_info);
2995
2996 char *dfnam = alloca(strlen(snappath) + strlen(newname) + 5);
2997 sprintf(dfnam, "%s/%s/ts", snappath, newname);
025ed0f3 2998 f = fopen(dfnam, "w");
f5dd1d53 2999 if (!f) {
959aee9c 3000 ERROR("Failed to open %s", dfnam);
f5dd1d53
SH		 3001 return -1;
3002 }
3003 if (fprintf(f, "%s", buffer) < 0) {
3004 SYSERROR("Writing timestamp");
3005 fclose(f);
3006 return -1;
3007 }
025ed0f3 3008 ret = fclose(f);
025ed0f3 3009 if (ret != 0) {
f5dd1d53
SH		 3010 SYSERROR("Writing timestamp");
3011 return -1;
3012 }
3013
3014 if (commentfile) {
3015 // $p / $name / comment \0
3016 int len = strlen(snappath) + strlen(newname) + 10;
3017 char *path = alloca(len);
3018 sprintf(path, "%s/%s/comment", snappath, newname);
3019 return copy_file(commentfile, path) < 0 ? -1 : i;
3020 }
3021
3022 return i;
3023}
3024
3025static void lxcsnap_free(struct lxc_snapshot *s)
3026{
3027 if (s->name)
3028 free(s->name);
3029 if (s->comment_pathname)
3030 free(s->comment_pathname);
3031 if (s->timestamp)
3032 free(s->timestamp);
3033 if (s->lxcpath)
3034 free(s->lxcpath);
3035}
3036
3037static char *get_snapcomment_path(char* snappath, char *name)
3038{
3039 // $snappath/$name/comment
3040 int ret, len = strlen(snappath) + strlen(name) + 10;
3041 char *s = malloc(len);
3042
3043 if (s) {
3044 ret = snprintf(s, len, "%s/%s/comment", snappath, name);
3045 if (ret < 0 || ret >= len) {
3046 free(s);
3047 s = NULL;
3048 }
3049 }
3050 return s;
3051}
3052
3053static char *get_timestamp(char* snappath, char *name)
3054{
3055 char path[MAXPATHLEN], *s = NULL;
3056 int ret, len;
3057 FILE *fin;
3058
3059 ret = snprintf(path, MAXPATHLEN, "%s/%s/ts", snappath, name);
3060 if (ret < 0 || ret >= MAXPATHLEN)
3061 return NULL;
025ed0f3 3062 fin = fopen(path, "r");
025ed0f3 3063 if (!fin)
f5dd1d53
SH		 3064 return NULL;
3065 (void) fseek(fin, 0, SEEK_END);
3066 len = ftell(fin);
3067 (void) fseek(fin, 0, SEEK_SET);
3068 if (len > 0) {
3069 s = malloc(len+1);
3070 if (s) {
3071 s[len] = '\0';
3072 if (fread(s, 1, len, fin) != len) {
3073 SYSERROR("reading timestamp");
3074 free(s);
3075 s = NULL;
3076 }
3077 }
3078 }
3079 fclose(fin);
3080 return s;
3081}
3082
3083static int lxcapi_snapshot_list(struct lxc_container *c, struct lxc_snapshot **ret_snaps)
3084{
3085 char snappath[MAXPATHLEN], path2[MAXPATHLEN];
18aa217b 3086 int count = 0, ret;
f5dd1d53
SH		 3087 struct dirent dirent, *direntp;
3088 struct lxc_snapshot *snaps =NULL, *nsnaps;
3089 DIR *dir;
3090
3091 if (!c || !lxcapi_is_defined(c))
3092 return -1;
c868b261 3093
18aa217b 3094 if (!get_snappath_dir(c, snappath)) {
f5dd1d53
SH		 3095 ERROR("path name too long");
3096 return -1;
3097 }
025ed0f3 3098 dir = opendir(snappath);
025ed0f3 3099 if (!dir) {
f5dd1d53
SH		 3100 INFO("failed to open %s - assuming no snapshots", snappath);
3101 return 0;
3102 }
3103
3104 while (!readdir_r(dir, &dirent, &direntp)) {
3105 if (!direntp)
3106 break;
3107
3108 if (!strcmp(direntp->d_name, "."))
3109 continue;
3110
3111 if (!strcmp(direntp->d_name, ".."))
3112 continue;
3113
3114 ret = snprintf(path2, MAXPATHLEN, "%s/%s/config", snappath, direntp->d_name);
3115 if (ret < 0 || ret >= MAXPATHLEN) {
3116 ERROR("pathname too long");
3117 goto out_free;
3118 }
3119 if (!file_exists(path2))
3120 continue;
3121 nsnaps = realloc(snaps, (count + 1)*sizeof(*snaps));
3122 if (!nsnaps) {
3123 SYSERROR("Out of memory");
3124 goto out_free;
3125 }
3126 snaps = nsnaps;
3127 snaps[count].free = lxcsnap_free;
3128 snaps[count].name = strdup(direntp->d_name);
3129 if (!snaps[count].name)
3130 goto out_free;
3131 snaps[count].lxcpath = strdup(snappath);
3132 if (!snaps[count].lxcpath) {
3133 free(snaps[count].name);
3134 goto out_free;
3135 }
3136 snaps[count].comment_pathname = get_snapcomment_path(snappath, direntp->d_name);
3137 snaps[count].timestamp = get_timestamp(snappath, direntp->d_name);
3138 count++;
3139 }
3140
3141 if (closedir(dir))
3142 WARN("failed to close directory");
3143
3144 *ret_snaps = snaps;
3145 return count;
3146
3147out_free:
3148 if (snaps) {
3149 int i;
3150 for (i=0; i<count; i++)
3151 lxcsnap_free(&snaps[i]);
3152 free(snaps);
3153 }
9baa57bd
SH		 3154 if (closedir(dir))
3155 WARN("failed to close directory");
f5dd1d53
SH		 3156 return -1;
3157}
3158
f0ca2726 3159static bool lxcapi_snapshot_restore(struct lxc_container *c, const char *snapname, const char *newname)
f5dd1d53
SH		 3160{
3161 char clonelxcpath[MAXPATHLEN];
18aa217b 3162 int flags = 0;
f5dd1d53
SH		 3163 struct lxc_container *snap, *rest;
3164 struct bdev *bdev;
3165 bool b = false;
3166
3167 if (!c || !c->name || !c->config_path)
3168 return false;
3169
18aa217b
SH		 3170 if (has_fs_snapshots(c)) {
3171 ERROR("container rootfs has dependent snapshots");
3172 return false;
3173 }
3174
76a26f55 3175 bdev = bdev_init(c->lxc_conf, c->lxc_conf->rootfs.path, c->lxc_conf->rootfs.mount, NULL);
f5dd1d53
SH		 3176 if (!bdev) {
3177 ERROR("Failed to find original backing store type");
3178 return false;
3179 }
3180
3181 if (!newname)
3182 newname = c->name;
7e36f87e 3183
18aa217b 3184 if (!get_snappath_dir(c, clonelxcpath)) {
f5dd1d53
SH		 3185 bdev_put(bdev);
3186 return false;
3187 }
3188 // how should we lock this?
3189
3190 snap = lxc_container_new(snapname, clonelxcpath);
3191 if (!snap || !lxcapi_is_defined(snap)) {
3192 ERROR("Could not open snapshot %s", snapname);
3193 if (snap) lxc_container_put(snap);
3194 bdev_put(bdev);
3195 return false;
3196 }
3197
7e36f87e 3198 if (strcmp(c->name, newname) == 0) {
18aa217b 3199 if (!container_destroy(c)) {
7e36f87e
ÇO		 3200 ERROR("Could not destroy existing container %s", newname);
3201 lxc_container_put(snap);
3202 bdev_put(bdev);
3203 return false;
3204 }
3205 }
3206
de269ee8
SH		 3207 if (strcmp(bdev->type, "dir") != 0 && strcmp(bdev->type, "loop") != 0)
3208 flags = LXC_CLONE_SNAPSHOT | LXC_CLONE_MAYBE_SNAPSHOT;
3209 rest = lxcapi_clone(snap, newname, c->config_path, flags,
3210 bdev->type, NULL, 0, NULL);
f5dd1d53
SH		 3211 bdev_put(bdev);
3212 if (rest && lxcapi_is_defined(rest))
3213 b = true;
3214 if (rest)
3215 lxc_container_put(rest);
3216 lxc_container_put(snap);
3217 return b;
3218}
3219
18aa217b 3220static bool do_snapshot_destroy(const char *snapname, const char *clonelxcpath)
771d96b3 3221{
771d96b3 3222 struct lxc_container *snap = NULL;
18aa217b 3223 bool bret = false;
771d96b3
ÇO		 3224
3225 snap = lxc_container_new(snapname, clonelxcpath);
18aa217b 3226 if (!snap) {
771d96b3
ÇO		 3227 ERROR("Could not find snapshot %s", snapname);
3228 goto err;
3229 }
3230
3231 if (!lxcapi_destroy(snap)) {
3232 ERROR("Could not destroy snapshot %s", snapname);
3233 goto err;
3234 }
18aa217b 3235 bret = true;
771d96b3 3236
771d96b3
ÇO		 3237err:
3238 if (snap)
3239 lxc_container_put(snap);
18aa217b
SH		 3240 return bret;
3241}
3242
3243static bool remove_all_snapshots(const char *path)
3244{
3245 DIR *dir;
3246 struct dirent dirent, *direntp;
3247 bool bret = true;
3248
3249 dir = opendir(path);
3250 if (!dir) {
3251 SYSERROR("opendir on snapshot path %s", path);
3252 return false;
3253 }
3254 while (!readdir_r(dir, &dirent, &direntp)) {
3255 if (!direntp)
3256 break;
3257 if (!strcmp(direntp->d_name, "."))
3258 continue;
3259 if (!strcmp(direntp->d_name, ".."))
3260 continue;
3261 if (!do_snapshot_destroy(direntp->d_name, path)) {
3262 bret = false;
3263 continue;
3264 }
3265 }
3266
3267 closedir(dir);
3268
3269 if (rmdir(path))
3270 SYSERROR("Error removing directory %s", path);
3271
3272 return bret;
3273}
3274
3275static bool lxcapi_snapshot_destroy(struct lxc_container *c, const char *snapname)
3276{
3277 char clonelxcpath[MAXPATHLEN];
3278
3279 if (!c || !c->name || !c->config_path || !snapname)
3280 return false;
3281
3282 if (!get_snappath_dir(c, clonelxcpath))
3283 return false;
3284
3285 return do_snapshot_destroy(snapname, clonelxcpath);
3286}
3287
3288static bool lxcapi_snapshot_destroy_all(struct lxc_container *c)
3289{
3290 char clonelxcpath[MAXPATHLEN];
3291
3292 if (!c || !c->name || !c->config_path)
3293 return false;
3294
3295 if (!get_snappath_dir(c, clonelxcpath))
3296 return false;
3297
3298 return remove_all_snapshots(clonelxcpath);
771d96b3
ÇO		 3299}
3300
b494d2dd
SH		 3301static bool lxcapi_may_control(struct lxc_container *c)
3302{
3303 return lxc_try_cmd(c->name, c->config_path) == 0;
3304}
3305
d5aa23e6
SH		 3306static bool do_add_remove_node(pid_t init_pid, const char *path, bool add,
3307 struct stat *st)
3308{
3309 char chrootpath[MAXPATHLEN];
3310 char *directory_path = NULL;
3311 pid_t pid;
3312 int ret;
3313
3314 if ((pid = fork()) < 0) {
3315 SYSERROR("failed to fork a child helper");
3316 return false;
3317 }
3318 if (pid) {
3319 if (wait_for_pid(pid) != 0) {
3320 ERROR("Failed to create note in guest");
3321 return false;
3322 }
3323 return true;
3324 }
3325
3326 /* prepare the path */
3327 ret = snprintf(chrootpath, MAXPATHLEN, "/proc/%d/root", init_pid);
3328 if (ret < 0 || ret >= MAXPATHLEN)
3329 return false;
3330
6b9324bd 3331 if (chroot(chrootpath) < 0)
d5aa23e6 3332 exit(1);
6b9324bd 3333 if (chdir("/") < 0)
d5aa23e6
SH		 3334 exit(1);
3335 /* remove path if it exists */
3336 if(faccessat(AT_FDCWD, path, F_OK, AT_SYMLINK_NOFOLLOW) == 0) {
3337 if (unlink(path) < 0) {
3338 ERROR("unlink failed");
3339 exit(1);
3340 }
3341 }
3342 if (!add)
3343 exit(0);
3344
3345 /* create any missing directories */
3346 directory_path = dirname(strdup(path));
3347 if (mkdir_p(directory_path, 0755) < 0 && errno != EEXIST) {
3348 ERROR("failed to create directory");
3349 exit(1);
3350 }
3351
3352 /* create the device node */
3353 if (mknod(path, st->st_mode, st->st_rdev) < 0) {
3354 ERROR("mknod failed");
3355 exit(1);
3356 }
3357
3358 exit(0);
3359}
3360
f0ca2726 3361static bool add_remove_device_node(struct lxc_container *c, const char *src_path, const char *dest_path, bool add)
a9a0ed90
ÇO		 3362{
3363 int ret;
3364 struct stat st;
a9a0ed90 3365 char value[MAX_BUFFER];
f0ca2726 3366 const char *p;
a9a0ed90
ÇO		 3367
3368 /* make sure container is running */
3369 if (!c->is_running(c)) {
3370 ERROR("container is not running");
d5aa23e6 3371 return false;
a9a0ed90
ÇO		 3372 }
3373
3374 /* use src_path if dest_path is NULL otherwise use dest_path */
3375 p = dest_path ? dest_path : src_path;
3376
a9a0ed90
ÇO		 3377 /* make sure we can access p */
3378 if(access(p, F_OK) < 0 || stat(p, &st) < 0)
d5aa23e6 3379 return false;
a9a0ed90
ÇO		 3380
3381 /* continue if path is character device or block device */
c6a9b0d7 3382 if (S_ISCHR(st.st_mode))
a9a0ed90 3383 ret = snprintf(value, MAX_BUFFER, "c %d:%d rwm", major(st.st_rdev), minor(st.st_rdev));
c6a9b0d7 3384 else if (S_ISBLK(st.st_mode))
a9a0ed90
ÇO		 3385 ret = snprintf(value, MAX_BUFFER, "b %d:%d rwm", major(st.st_rdev), minor(st.st_rdev));
3386 else
d5aa23e6 3387 return false;
a9a0ed90
ÇO		 3388
3389 /* check snprintf return code */
3390 if (ret < 0 || ret >= MAX_BUFFER)
d5aa23e6 3391 return false;
a9a0ed90 3392
d5aa23e6
SH		 3393 if (!do_add_remove_node(c->init_pid(c), p, add, &st))
3394 return false;
a9a0ed90 3395
d5aa23e6 3396 /* add or remove device to/from cgroup access list */
a9a0ed90 3397 if (add) {
a9a0ed90
ÇO		 3398 if (!c->set_cgroup_item(c, "devices.allow", value)) {
3399 ERROR("set_cgroup_item failed while adding the device node");
d5aa23e6 3400 return false;
a9a0ed90
ÇO		 3401 }
3402 } else {
a9a0ed90
ÇO		 3403 if (!c->set_cgroup_item(c, "devices.deny", value)) {
3404 ERROR("set_cgroup_item failed while removing the device node");
d5aa23e6 3405 return false;
a9a0ed90
ÇO		 3406 }
3407 }
d5aa23e6 3408
a9a0ed90 3409 return true;
a9a0ed90
ÇO		 3410}
3411
f0ca2726 3412static bool lxcapi_add_device_node(struct lxc_container *c, const char *src_path, const char *dest_path)
a9a0ed90 3413{
c868b261
ÇO		 3414 if (am_unpriv()) {
3415 ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
3416 return false;
3417 }
a9a0ed90
ÇO		 3418 return add_remove_device_node(c, src_path, dest_path, true);
3419}
3420
f0ca2726 3421static bool lxcapi_remove_device_node(struct lxc_container *c, const char *src_path, const char *dest_path)
a9a0ed90 3422{
c868b261
ÇO		 3423 if (am_unpriv()) {
3424 ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
3425 return false;
3426 }
a9a0ed90
ÇO		 3427 return add_remove_device_node(c, src_path, dest_path, false);
3428}
3429
e58fae8f
DY		 3430static bool lxcapi_attach_interface(struct lxc_container *c, const char *ifname,
3431 const char *dst_ifname)
3432{
3433 int ret = 0;
3434 if (am_unpriv()) {
3435 ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
3436 return false;
3437 }
3438
3439 if (!ifname) {
3440 ERROR("No source interface name given");
3441 return false;
3442 }
3443
3444 ret = lxc_netdev_isup(ifname);
3445 if (ret < 0)
3446 goto err;
3447
3448 /* netdev of ifname is up. */
3449 if (ret) {
3450 ret = lxc_netdev_down(ifname);
3451 if (ret)
3452 goto err;
3453 }
3454
3455 ret = lxc_netdev_move_by_name(ifname, c->init_pid(c), dst_ifname);
3456 if (ret)
3457 goto err;
3458
3459 return true;
3460err:
3461 /* -EINVAL means there is no netdev named as ifanme. */
3462 if (ret == -EINVAL) {
3463 ERROR("No network device named as %s.", ifname);
3464 }
3465 return false;
3466}
3467
3468static bool lxcapi_detach_interface(struct lxc_container *c, const char *ifname,
3469 const char *dst_ifname)
3470{
3471 pid_t pid, pid_outside;
3472
3473 if (am_unpriv()) {
3474 ERROR(NOT_SUPPORTED_ERROR, __FUNCTION__);
3475 return false;
3476 }
3477
3478 if (!ifname) {
3479 ERROR("No source interface name given");
3480 return false;
3481 }
3482
3483 pid_outside = getpid();
3484 pid = fork();
3485 if (pid < 0) {
3486 ERROR("failed to fork task to get interfaces information");
3487 return false;
3488 }
3489
3490 if (pid == 0) { // child
3491 int ret = 0;
3492 if (!enter_to_ns(c)) {
3493 ERROR("failed to enter namespace");
3494 exit(-1);
3495 }
3496
3497 ret = lxc_netdev_isup(ifname);
3498 if (ret < 0)
3499 exit(ret);
3500
3501 /* netdev of ifname is up. */
3502 if (ret) {
3503 ret = lxc_netdev_down(ifname);
3504 if (ret)
3505 exit(ret);
3506 }
3507
3508 ret = lxc_netdev_move_by_name(ifname, pid_outside, dst_ifname);
3509
3510 /* -EINVAL means there is no netdev named as ifanme. */
3511 if (ret == -EINVAL) {
3512 ERROR("No network device named as %s.", ifname);
3513 }
3514 exit(ret);
3515 }
3516
3517 if (wait_for_pid(pid) != 0)
3518 return false;
3519
3520 return true;
3521}
3522
735f2c6e
TA		 3523struct criu_opts {
3524 /* The type of criu invocation, one of "dump" or "restore" */
3525 char *action;
3526
3527 /* The directory to pass to criu */
3528 char *directory;
3529
3530 /* The container to dump */
3531 struct lxc_container *c;
3532
3533 /* Enable criu verbose mode? */
3534 bool verbose;
3535
3536 /* dump: stop the container or not after dumping? */
3537 bool stop;
3538
3539 /* restore: the file to write the init process' pid into */
3540 char *pidfile;
2ba7a429 3541 const char *cgroup_path;
735f2c6e
TA		 3542};
3543
3544/*
3545 * @out must be 128 bytes long
3546 */
3547static int read_criu_file(const char *directory, const char *file, int netnr, char *out)
3548{
3549 char path[PATH_MAX];
3550 int ret;
3551 FILE *f;
3552
3553 ret = snprintf(path, PATH_MAX, "%s/%s%d", directory, file, netnr);
3554 if (ret < 0 || ret >= PATH_MAX) {
3555 ERROR("%s: path too long", __func__);
3556 return -1;
3557 }
3558
3559 f = fopen(path, "r");
3560 if (!f)
3561 return -1;
3562
3563 ret = fscanf(f, "%127s", out);
3564 fclose(f);
3565 if (ret <= 0)
3566 return -1;
3567
3568 return 0;
3569}
3570
3571static void exec_criu(struct criu_opts *opts)
3572{
3573 char **argv, log[PATH_MAX];
7c8f5230 3574 int static_args = 14, argc = 0, i, ret;
735f2c6e
TA		 3575
3576 /* The command line always looks like:
7c8f5230
TA		 3577 * criu $(action) --tcp-established --file-locks --link-remap --force-irmap \
3578 * --manage-cgroups action-script foo.sh -D $(directory) \
3579 * -o $(directory)/$(action).log
735f2c6e
TA		 3580 * +1 for final NULL */
3581
3582 if (strcmp(opts->action, "dump") == 0) {
3583 /* -t pid */
3584 static_args += 2;
3585
3586 /* --leave-running */
3587 if (!opts->stop)
3588 static_args++;
3589 } else if (strcmp(opts->action, "restore") == 0) {
2ba7a429
TA		 3590 /* --root $(lxc_mount_point) --restore-detached
3591 * --restore-sibling --pidfile $foo --cgroup-root $foo */
3592 static_args += 8;
735f2c6e
TA		 3593 } else {
3594 return;
3595 }
3596
3597 if (opts->verbose)
3598 static_args++;
3599
3600 ret = snprintf(log, PATH_MAX, "%s/%s.log", opts->directory, opts->action);
3601 if (ret < 0 || ret >= PATH_MAX) {
3602 ERROR("logfile name too long\n");
3603 return;
3604 }
3605
3606 argv = malloc(static_args * sizeof(*argv));
3607 if (!argv)
3608 return;
3609
3610 memset(argv, 0, static_args * sizeof(*argv));
3611
2566a145
TA		 3612#define DECLARE_ARG(arg) \
3613 do { \
3614 if (arg == NULL) { \
3615 ERROR("Got NULL argument for criu"); \
3616 goto err; \
3617 } \
3618 argv[argc++] = strdup(arg); \
3619 if (!argv[argc-1]) \
3620 goto err; \
735f2c6e
TA		 3621 } while (0)
3622
3623 argv[argc++] = on_path("criu", NULL);
3624 if (!argv[argc-1]) {
3625 ERROR("Couldn't find criu binary\n");
3626 goto err;
3627 }
3628
3629 DECLARE_ARG(opts->action);
3630 DECLARE_ARG("--tcp-established");
3631 DECLARE_ARG("--file-locks");
3632 DECLARE_ARG("--link-remap");
7c8f5230 3633 DECLARE_ARG("--force-irmap");
735f2c6e
TA		 3634 DECLARE_ARG("--manage-cgroups");
3635 DECLARE_ARG("--action-script");
3636 DECLARE_ARG(LIBEXECDIR "/lxc/lxc-restore-net");
3637 DECLARE_ARG("-D");
3638 DECLARE_ARG(opts->directory);
3639 DECLARE_ARG("-o");
3640 DECLARE_ARG(log);
3641
3642 if (opts->verbose)
3643 DECLARE_ARG("-vvvvvv");
3644
3645 if (strcmp(opts->action, "dump") == 0) {
3646 char pid[32];
3647
3648 if (sprintf(pid, "%d", lxcapi_init_pid(opts->c)) < 0)
3649 goto err;
3650
3651 DECLARE_ARG("-t");
3652 DECLARE_ARG(pid);
3653 if (!opts->stop)
3654 DECLARE_ARG("--leave-running");
3655 } else if (strcmp(opts->action, "restore") == 0) {
3656 int netnr = 0;
3657 struct lxc_list *it;
3658
3659 DECLARE_ARG("--root");
3660 DECLARE_ARG(opts->c->lxc_conf->rootfs.mount);
3661 DECLARE_ARG("--restore-detached");
74bcefea 3662 DECLARE_ARG("--restore-sibling");
735f2c6e
TA		 3663 DECLARE_ARG("--pidfile");
3664 DECLARE_ARG(opts->pidfile);
2ba7a429
TA		 3665 DECLARE_ARG("--cgroup-root");
3666 DECLARE_ARG(opts->cgroup_path);
735f2c6e
TA		 3667
3668 lxc_list_for_each(it, &opts->c->lxc_conf->network) {
3669 char eth[128], veth[128], buf[257];
3670 void *m;
3671
3672 if (read_criu_file(opts->directory, "veth", netnr, veth))
3673 goto err;
3674 if (read_criu_file(opts->directory, "eth", netnr, eth))
3675 goto err;
3676 ret = snprintf(buf, 257, "%s=%s", eth, veth);
3677 if (ret < 0 || ret >= 257)
3678 goto err;
3679
3680 /* final NULL and --veth-pair eth0:vethASDF */
3681 m = realloc(argv, (argc + 1 + 2) * sizeof(*argv));
3682 if (!m)
3683 goto err;
3684 argv = m;
3685
3686 DECLARE_ARG("--veth-pair");
3687 DECLARE_ARG(buf);
3688 argv[argc] = NULL;
3689
3690 netnr++;
3691 }
3692 }
3693
3694#undef DECLARE_ARG
3695
3696 execv(argv[0], argv);
3697err:
3698 for (i = 0; argv[i]; i++)
3699 free(argv[i]);
3700 free(argv);
3701}
3702
3703/* Check and make sure the container has a configuration that we know CRIU can
3704 * dump. */
3705static bool criu_ok(struct lxc_container *c)
3706{
3707 struct lxc_list *it;
3708 bool found_deny_rule = false;
3709
3710 if (geteuid()) {
3711 ERROR("Must be root to checkpoint\n");
3712 return false;
3713 }
3714
3715 /* We only know how to restore containers with veth networks. */
3716 lxc_list_for_each(it, &c->lxc_conf->network) {
3717 struct lxc_netdev *n = it->elem;
3718 if (n->type != LXC_NET_VETH && n->type != LXC_NET_NONE) {
3719 ERROR("Found network that is not VETH or NONE\n");
3720 return false;
3721 }
3722 }
3723
3724 // These requirements come from http://criu.org/LXC
3725 if (c->lxc_conf->console.path &&
3726 strcmp(c->lxc_conf->console.path, "none") != 0) {
3727 ERROR("lxc.console must be none\n");
3728 return false;
3729 }
3730
3731 if (c->lxc_conf->tty != 0) {
3732 ERROR("lxc.tty must be 0\n");
3733 return false;
3734 }
3735
3736 lxc_list_for_each(it, &c->lxc_conf->cgroup) {
3737 struct lxc_cgroup *cg = it->elem;
3738 if (strcmp(cg->subsystem, "devices.deny") == 0 &&
3739 strcmp(cg->value, "c 5:1 rwm") == 0) {
3740
3741 found_deny_rule = true;
3742 break;
3743 }
3744 }
3745
3746 if (!found_deny_rule) {
3747 ERROR("couldn't find devices.deny = c 5:1 rwm");
3748 return false;
3749 }
3750
3751 return true;
3752}
3753
3754static bool lxcapi_checkpoint(struct lxc_container *c, char *directory, bool stop, bool verbose)
3755{
3756 int netnr, status;
3757 struct lxc_list *it;
3758 bool error = false;
3759 pid_t pid;
3760
3761 if (!criu_ok(c))
3762 return false;
3763
3764 if (mkdir(directory, 0700) < 0 && errno != EEXIST)
3765 return false;
3766
3767 netnr = 0;
3768 lxc_list_for_each(it, &c->lxc_conf->network) {
3769 char *veth = NULL, *bridge = NULL, veth_path[PATH_MAX], eth[128];
3770 struct lxc_netdev *n = it->elem;
3771 int pret;
3772
3773 pret = snprintf(veth_path, PATH_MAX, "lxc.network.%d.veth.pair", netnr);
3774 if (pret < 0 || pret >= PATH_MAX) {
3775 error = true;
3776 goto out;
3777 }
3778
3779 veth = lxcapi_get_running_config_item(c, veth_path);
3780 if (!veth) {
3781 /* criu_ok() checks that all interfaces are
3782 * LXC_NET{VETH,NONE}, and VETHs should have this
3783 * config */
3784 assert(n->type == LXC_NET_NONE);
3785 break;
3786 }
3787
3788 pret = snprintf(veth_path, PATH_MAX, "lxc.network.%d.link", netnr);
3789 if (pret < 0 || pret >= PATH_MAX) {
3790 error = true;
3791 goto out;
3792 }
3793
3794 bridge = lxcapi_get_running_config_item(c, veth_path);
3795 if (!bridge) {
3796 error = true;
3797 goto out;
3798 }
3799
3800 pret = snprintf(veth_path, PATH_MAX, "%s/veth%d", directory, netnr);
3801 if (pret < 0 || pret >= PATH_MAX || print_to_file(veth_path, veth) < 0) {
3802 error = true;
3803 goto out;
3804 }
3805
3806 pret = snprintf(veth_path, PATH_MAX, "%s/bridge%d", directory, netnr);
3807 if (pret < 0 || pret >= PATH_MAX || print_to_file(veth_path, bridge) < 0) {
3808 error = true;
3809 goto out;
3810 }
3811
3812 if (n->name) {
3813 if (strlen(n->name) >= 128) {
3814 error = true;
3815 goto out;
3816 }
3817 strncpy(eth, n->name, 128);
3818 } else
3819 sprintf(eth, "eth%d", netnr);
3820
3821 pret = snprintf(veth_path, PATH_MAX, "%s/eth%d", directory, netnr);
3822 if (pret < 0 || pret >= PATH_MAX || print_to_file(veth_path, eth) < 0)
3823 error = true;
3824
3825out:
3826 free(veth);
3827 free(bridge);
3828 if (error)
3829 return false;
3830 }
3831
3832 pid = fork();
3833 if (pid < 0)
3834 return false;
3835
3836 if (pid == 0) {
3837 struct criu_opts os;
3838
3839 os.action = "dump";
3840 os.directory = directory;
3841 os.c = c;
3842 os.stop = stop;
3843 os.verbose = verbose;
3844
3845 /* exec_criu() returning is an error */
3846 exec_criu(&os);
3847 exit(1);
3848 } else {
3849 pid_t w = waitpid(pid, &status, 0);
3850 if (w == -1) {
3851 perror("waitpid");
3852 return false;
3853 }
3854
3855 if (WIFEXITED(status)) {
3856 return !WEXITSTATUS(status);
3857 }
3858
3859 return false;
3860 }
3861}
3862
3863static bool lxcapi_restore(struct lxc_container *c, char *directory, bool verbose)
3864{
3865 pid_t pid;
3866 struct lxc_list *it;
3867 struct lxc_rootfs *rootfs;
3868 char pidfile[L_tmpnam];
dbb51a43
TA		 3869 struct lxc_handler *handler;
3870 bool has_error = true;
735f2c6e
TA		 3871
3872 if (!criu_ok(c))
3873 return false;
3874
3875 if (geteuid()) {
3876 ERROR("Must be root to restore\n");
3877 return false;
3878 }
3879
3880 if (!tmpnam(pidfile))
3881 return false;
3882
dbb51a43
TA		 3883 handler = lxc_init(c->name, c->lxc_conf, c->config_path);
3884 if (!handler)
3885 return false;
3886
3887 if (!cgroup_init(handler)) {
3888 ERROR("failed initing cgroups");
3889 goto out_fini_handler;
3890 }
3891
2ba7a429
TA		 3892 if (!cgroup_create(handler)) {
3893 ERROR("failed creating groups");
3894 goto out_fini_handler;
3895 }
3896
735f2c6e
TA		 3897 pid = fork();
3898 if (pid < 0)
dbb51a43 3899 goto out_fini_handler;
735f2c6e
TA		 3900
3901 if (pid == 0) {
3902 struct criu_opts os;
3903
3904 if (unshare(CLONE_NEWNS))
6d5b330d 3905 exit(1);
735f2c6e
TA		 3906
3907 /* CRIU needs the lxc root bind mounted so that it is the root of some
3908 * mount. */
3909 rootfs = &c->lxc_conf->rootfs;
3910
3911 if (rootfs_is_blockdev(c->lxc_conf)) {
3912 if (do_rootfs_setup(c->lxc_conf, c->name, c->config_path) < 0)
6d5b330d 3913 exit(1);
735f2c6e
TA		 3914 }
3915 else {
3916 if (mkdir(rootfs->mount, 0755) < 0 && errno != EEXIST)
6d5b330d 3917 exit(1);
735f2c6e
TA		 3918
3919 if (mount(rootfs->path, rootfs->mount, NULL, MS_BIND, NULL) < 0) {
3920 rmdir(rootfs->mount);
6d5b330d 3921 exit(1);
735f2c6e
TA		 3922 }
3923 }
3924
3925 os.action = "restore";
3926 os.directory = directory;
3927 os.c = c;
3928 os.pidfile = pidfile;
3929 os.verbose = verbose;
2ba7a429 3930 os.cgroup_path = cgroup_canonical_path(handler);
735f2c6e
TA		 3931
3932 /* exec_criu() returning is an error */
3933 exec_criu(&os);
3934 umount(rootfs->mount);
3935 rmdir(rootfs->mount);
3936 exit(1);
3937 } else {
3938 int status;
3b72c4a0 3939
735f2c6e
TA		 3940 pid_t w = waitpid(pid, &status, 0);
3941
3942 if (w == -1) {
3943 perror("waitpid");
dbb51a43 3944 goto out_fini_handler;
735f2c6e
TA		 3945 }
3946
3947 if (WIFEXITED(status)) {
3948 if (WEXITSTATUS(status)) {
3b72c4a0 3949 goto out_fini_handler;
735f2c6e
TA		 3950 }
3951 else {
3952 int netnr = 0, ret;
735f2c6e
TA		 3953 FILE *f = fopen(pidfile, "r");
3954 if (!f) {
3955 perror("reading pidfile");
3956 ERROR("couldn't read restore's init pidfile %s\n", pidfile);
3b72c4a0 3957 goto out_fini_handler;
735f2c6e
TA		 3958 }
3959
3960 ret = fscanf(f, "%d", (int*) &handler->pid);
3961 fclose(f);
3962 if (ret != 1) {
3963 ERROR("reading restore pid failed");
3b72c4a0 3964 goto out_fini_handler;
735f2c6e
TA		 3965 }
3966
dbb51a43 3967 if (container_mem_lock(c))
3b72c4a0 3968 goto out_fini_handler;
735f2c6e
TA		 3969
3970 lxc_list_for_each(it, &c->lxc_conf->network) {
3971 char eth[128], veth[128];
3972 struct lxc_netdev *netdev = it->elem;
3973
3974 if (read_criu_file(directory, "veth", netnr, veth)) {
dbb51a43
TA		 3975 container_mem_unlock(c);
3976 goto out_fini_handler;
735f2c6e 3977 }
dbb51a43 3978
735f2c6e 3979 if (read_criu_file(directory, "eth", netnr, eth)) {
dbb51a43
TA		 3980 container_mem_unlock(c);
3981 goto out_fini_handler;
735f2c6e 3982 }
dbb51a43 3983
735f2c6e
TA		 3984 netdev->priv.veth_attr.pair = strdup(veth);
3985 if (!netdev->priv.veth_attr.pair) {
dbb51a43
TA		 3986 container_mem_unlock(c);
3987 goto out_fini_handler;
735f2c6e 3988 }
dbb51a43 3989
735f2c6e
TA		 3990 netnr++;
3991 }
dbb51a43 3992
735f2c6e 3993 container_mem_unlock(c);
735f2c6e 3994
dbb51a43 3995 if (lxc_set_state(c->name, handler, RUNNING))
3b72c4a0 3996 goto out_fini_handler;
735f2c6e 3997 }
c49ecd78
TA		 3998 } else {
3999 ERROR("CRIU was killed with signal %d\n", WTERMSIG(status));
c49ecd78 4000 goto out_fini_handler;
735f2c6e
TA		 4001 }
4002
4003 if (lxc_poll(c->name, handler)) {
4004 lxc_abort(c->name, handler);
dbb51a43 4005 goto out_fini_handler;
735f2c6e 4006 }
dbb51a43
TA		 4007 }
4008
4009 has_error = false;
735f2c6e 4010
3b72c4a0 4011out_fini_handler:
dbb51a43
TA		 4012 lxc_fini(c->name, handler);
4013 return !has_error;
735f2c6e
TA		 4014}
4015
a0e93eeb
CS		 4016static int lxcapi_attach_run_waitl(struct lxc_container *c, lxc_attach_options_t *options, const char *program, const char *arg, ...)
4017{
4018 va_list ap;
4019 const char **argv;
4020 int ret;
4021
4022 if (!c)
4023 return -1;
4024
4025 va_start(ap, arg);
4026 argv = lxc_va_arg_list_to_argv_const(ap, 1);
4027 va_end(ap);
4028
4029 if (!argv) {
4030 ERROR("Memory allocation error.");
4031 return -1;
4032 }
4033 argv[0] = arg;
4034
4035 ret = lxcapi_attach_run_wait(c, options, program, (const char * const *)argv);
4036 free((void*)argv);
4037 return ret;
4038}
4039
afeecbba 4040struct lxc_container *lxc_container_new(const char *name, const char *configpath)
72d0e1cb
SG		 4041{
4042 struct lxc_container *c;
72d0e1cb 4043
18aa217b
SH		 4044 if (!name)
4045 return NULL;
4046
72d0e1cb
SG		 4047 c = malloc(sizeof(*c));
4048 if (!c) {
4049 fprintf(stderr, "failed to malloc lxc_container\n");
4050 return NULL;
4051 }
4052 memset(c, 0, sizeof(*c));
4053
afeecbba
SH		 4054 if (configpath)
4055 c->config_path = strdup(configpath);
4056 else
593e8478 4057 c->config_path = strdup(lxc_global_config_value("lxc.lxcpath"));
afeecbba 4058
2a59a681 4059 if (!c->config_path) {
03fadd16 4060 fprintf(stderr, "Out of memory\n");
2a59a681
SH		 4061 goto err;
4062 }
4063
f5dd1d53 4064 remove_trailing_slashes(c->config_path);
72d0e1cb
SG		 4065 c->name = malloc(strlen(name)+1);
4066 if (!c->name) {
4067 fprintf(stderr, "Error allocating lxc_container name\n");
4068 goto err;
4069 }
4070 strcpy(c->name, name);
4071
4072 c->numthreads = 1;
df271a59 4073 if (!(c->slock = lxc_newlock(c->config_path, name))) {
72d0e1cb
SG		 4074 fprintf(stderr, "failed to create lock\n");
4075 goto err;
4076 }
4077
df271a59 4078 if (!(c->privlock = lxc_newlock(NULL, NULL))) {
72d0e1cb
SG		 4079 fprintf(stderr, "failed to alloc privlock\n");
4080 goto err;
4081 }
4082
afeecbba 4083 if (!set_config_filename(c)) {
72d0e1cb
SG		 4084 fprintf(stderr, "Error allocating config file pathname\n");
4085 goto err;
4086 }
72d0e1cb 4087
bac806d1
SH		 4088 if (file_exists(c->configfile) && !lxcapi_load_config(c, NULL))
4089 goto err;
72d0e1cb 4090
3e625e2d
SH		 4091 if (ongoing_create(c) == 2) {
4092 ERROR("Error: %s creation was not completed", c->name);
18aa217b 4093 container_destroy(c);
4df7f012 4094 lxcapi_clear_config(c);
3e625e2d 4095 }
c8ad5f46 4096 c->daemonize = true;
72cf75fa 4097 c->pidfile = NULL;
3e625e2d 4098
72d0e1cb
SG		 4099 // assign the member functions
4100 c->is_defined = lxcapi_is_defined;
4101 c->state = lxcapi_state;
4102 c->is_running = lxcapi_is_running;
4103 c->freeze = lxcapi_freeze;
4104 c->unfreeze = lxcapi_unfreeze;
0115f8fd 4105 c->console = lxcapi_console;
b5159817 4106 c->console_getfd = lxcapi_console_getfd;
72d0e1cb
SG		 4107 c->init_pid = lxcapi_init_pid;
4108 c->load_config = lxcapi_load_config;
4109 c->want_daemonize = lxcapi_want_daemonize;
130a1888 4110 c->want_close_all_fds = lxcapi_want_close_all_fds;
72d0e1cb
SG		 4111 c->start = lxcapi_start;
4112 c->startl = lxcapi_startl;
4113 c->stop = lxcapi_stop;
4114 c->config_file_name = lxcapi_config_file_name;
4115 c->wait = lxcapi_wait;
4116 c->set_config_item = lxcapi_set_config_item;
4117 c->destroy = lxcapi_destroy;
18aa217b 4118 c->destroy_with_snapshots = lxcapi_destroy_with_snapshots;
06e5650e 4119 c->rename = lxcapi_rename;
72d0e1cb
SG		 4120 c->save_config = lxcapi_save_config;
4121 c->get_keys = lxcapi_get_keys;
4122 c->create = lxcapi_create;
4123 c->createl = lxcapi_createl;
4124 c->shutdown = lxcapi_shutdown;
3e625e2d 4125 c->reboot = lxcapi_reboot;
4df7f012 4126 c->clear_config = lxcapi_clear_config;
72d0e1cb
SG		 4127 c->clear_config_item = lxcapi_clear_config_item;
4128 c->get_config_item = lxcapi_get_config_item;
8ac18377 4129 c->get_running_config_item = lxcapi_get_running_config_item;
794dd120
SH		 4130 c->get_cgroup_item = lxcapi_get_cgroup_item;
4131 c->set_cgroup_item = lxcapi_set_cgroup_item;
2a59a681
SH		 4132 c->get_config_path = lxcapi_get_config_path;
4133 c->set_config_path = lxcapi_set_config_path;
9be53773 4134 c->clone = lxcapi_clone;
799f29ab 4135 c->get_interfaces = lxcapi_get_interfaces;
9c83a661 4136 c->get_ips = lxcapi_get_ips;
a0e93eeb
CS		 4137 c->attach = lxcapi_attach;
4138 c->attach_run_wait = lxcapi_attach_run_wait;
4139 c->attach_run_waitl = lxcapi_attach_run_waitl;
f5dd1d53
SH		 4140 c->snapshot = lxcapi_snapshot;
4141 c->snapshot_list = lxcapi_snapshot_list;
4142 c->snapshot_restore = lxcapi_snapshot_restore;
771d96b3 4143 c->snapshot_destroy = lxcapi_snapshot_destroy;
18aa217b 4144 c->snapshot_destroy_all = lxcapi_snapshot_destroy_all;
b494d2dd 4145 c->may_control = lxcapi_may_control;
a9a0ed90
ÇO		 4146 c->add_device_node = lxcapi_add_device_node;
4147 c->remove_device_node = lxcapi_remove_device_node;
e58fae8f
DY		 4148 c->attach_interface = lxcapi_attach_interface;
4149 c->detach_interface = lxcapi_detach_interface;
735f2c6e
TA		 4150 c->checkpoint = lxcapi_checkpoint;
4151 c->restore = lxcapi_restore;
72d0e1cb
SG		 4152
4153 /* we'll allow the caller to update these later */
ab1bf971 4154 if (lxc_log_init(NULL, "none", NULL, "lxc_container", 0, c->config_path)) {
72d0e1cb
SG		 4155 fprintf(stderr, "failed to open log\n");
4156 goto err;
4157 }
4158
72d0e1cb
SG		 4159 return c;
4160
4161err:
4162 lxc_container_free(c);
4163 return NULL;
4164}
4165
4a7c7daa 4166int lxc_get_wait_states(const char **states)
72d0e1cb
SG		 4167{
4168 int i;
4169
4170 if (states)
4171 for (i=0; i<MAX_STATE; i++)
4172 states[i] = lxc_state2str(i);
4173 return MAX_STATE;
4174}
a41f104b 4175
a41f104b
SH		 4176/*
4177 * These next two could probably be done smarter with reusing a common function
4178 * with different iterators and tests...
4179 */
4180int list_defined_containers(const char *lxcpath, char ***names, struct lxc_container ***cret)
4181{
4182 DIR *dir;
4183 int i, cfound = 0, nfound = 0;
4184 struct dirent dirent, *direntp;
4185 struct lxc_container *c;
4186
4187 if (!lxcpath)
593e8478 4188 lxcpath = lxc_global_config_value("lxc.lxcpath");
a41f104b 4189
a41f104b 4190 dir = opendir(lxcpath);
a41f104b
SH		 4191 if (!dir) {
4192 SYSERROR("opendir on lxcpath");
4193 return -1;
4194 }
4195
4196 if (cret)
4197 *cret = NULL;
4198 if (names)
4199 *names = NULL;
4200
4201 while (!readdir_r(dir, &dirent, &direntp)) {
4202 if (!direntp)
4203 break;
4204 if (!strcmp(direntp->d_name, "."))
4205 continue;
4206 if (!strcmp(direntp->d_name, ".."))
4207 continue;
4208
4209 if (!config_file_exists(lxcpath, direntp->d_name))
4210 continue;
4211
4212 if (names) {
9c88ff1f 4213 if (!add_to_array(names, direntp->d_name, cfound))
a41f104b
SH		 4214 goto free_bad;
4215 }
4216 cfound++;
4217
4218 if (!cret) {
4219 nfound++;
4220 continue;
4221 }
4222
4223 c = lxc_container_new(direntp->d_name, lxcpath);
4224 if (!c) {
4225 INFO("Container %s:%s has a config but could not be loaded",
4226 lxcpath, direntp->d_name);
4227 if (names)
9c88ff1f
ÇO		 4228 if(!remove_from_array(names, direntp->d_name, cfound--))
4229 goto free_bad;
a41f104b
SH		 4230 continue;
4231 }
4232 if (!lxcapi_is_defined(c)) {
4233 INFO("Container %s:%s has a config but is not defined",
4234 lxcpath, direntp->d_name);
4235 if (names)
9c88ff1f
ÇO		 4236 if(!remove_from_array(names, direntp->d_name, cfound--))
4237 goto free_bad;
a41f104b
SH		 4238 lxc_container_put(c);
4239 continue;
4240 }
4241
2871830a 4242 if (!add_to_clist(cret, c, nfound, true)) {
a41f104b
SH		 4243 lxc_container_put(c);
4244 goto free_bad;
4245 }
4246 nfound++;
4247 }
4248
a41f104b 4249 closedir(dir);
a41f104b
SH		 4250 return nfound;
4251
4252free_bad:
4253 if (names && *names) {
4254 for (i=0; i<cfound; i++)
4255 free((*names)[i]);
4256 free(*names);
4257 }
4258 if (cret && *cret) {
4259 for (i=0; i<nfound; i++)
4260 lxc_container_put((*cret)[i]);
4261 free(*cret);
4262 }
a41f104b 4263 closedir(dir);
a41f104b
SH		 4264 return -1;
4265}
4266
148a9d27
DE		 4267int list_active_containers(const char *lxcpath, char ***nret,
4268 struct lxc_container ***cret)
a41f104b 4269{
148a9d27 4270 int i, ret = -1, cret_cnt = 0, ct_name_cnt = 0;
a41f104b
SH		 4271 int lxcpath_len;
4272 char *line = NULL;
148a9d27 4273 char **ct_name = NULL;
a41f104b
SH		 4274 size_t len = 0;
4275 struct lxc_container *c;
88556fd7 4276 bool is_hashed;
a41f104b
SH		 4277
4278 if (!lxcpath)
593e8478 4279 lxcpath = lxc_global_config_value("lxc.lxcpath");
a41f104b
SH		 4280 lxcpath_len = strlen(lxcpath);
4281
4282 if (cret)
4283 *cret = NULL;
148a9d27
DE		 4284 if (nret)
4285 *nret = NULL;
a41f104b 4286
a41f104b 4287 FILE *f = fopen("/proc/net/unix", "r");
a41f104b
SH		 4288 if (!f)
4289 return -1;
4290
4291 while (getline(&line, &len, f) != -1) {
88556fd7 4292
0f8f9c8a 4293 char *p = strrchr(line, ' '), *p2;
a41f104b
SH		 4294 if (!p)
4295 continue;
4296 p++;
4297 if (*p != 0x40)
4298 continue;
4299 p++;
88556fd7
ÇO		 4300
4301 is_hashed = false;
4302 if (strncmp(p, lxcpath, lxcpath_len) == 0) {
4303 p += lxcpath_len;
4304 } else if (strncmp(p, "lxc/", 4) == 0) {
4305 p += 4;
4306 is_hashed = true;
4307 } else {
a41f104b 4308 continue;
88556fd7
ÇO		 4309 }
4310
a41f104b
SH		 4311 while (*p == '/')
4312 p++;
4313
4314 // Now p is the start of lxc_name
4315 p2 = index(p, '/');
4316 if (!p2 || strncmp(p2, "/command", 8) != 0)
4317 continue;
4318 *p2 = '\0';
4319
88556fd7
ÇO		 4320 if (is_hashed) {
4321 if (strncmp(lxcpath, lxc_cmd_get_lxcpath(p), lxcpath_len) != 0)
4322 continue;
4323 p = lxc_cmd_get_name(p);
4324 }
4325
148a9d27 4326 if (array_contains(&ct_name, p, ct_name_cnt))
9c88ff1f
ÇO		 4327 continue;
4328
148a9d27
DE		 4329 if (!add_to_array(&ct_name, p, ct_name_cnt))
4330 goto free_cret_list;
9c88ff1f 4331
148a9d27 4332 ct_name_cnt++;
a41f104b 4333
148a9d27 4334 if (!cret)
a41f104b 4335 continue;
a41f104b
SH		 4336
4337 c = lxc_container_new(p, lxcpath);
4338 if (!c) {
4339 INFO("Container %s:%s is running but could not be loaded",
4340 lxcpath, p);
148a9d27 4341 remove_from_array(&ct_name, p, ct_name_cnt--);
a41f104b
SH		 4342 continue;
4343 }
4344
4345 /*
4346 * If this is an anonymous container, then is_defined *can*
4347 * return false. So we don't do that check. Count on the
4348 * fact that the command socket exists.
4349 */
4350
148a9d27 4351 if (!add_to_clist(cret, c, cret_cnt, true)) {
a41f104b 4352 lxc_container_put(c);
148a9d27 4353 goto free_cret_list;
a41f104b 4354 }
148a9d27 4355 cret_cnt++;
a41f104b
SH		 4356 }
4357
148a9d27
DE		 4358 assert(!nret || !cret || cret_cnt == ct_name_cnt);
4359 ret = ct_name_cnt;
4360 if (nret)
4361 *nret = ct_name;
4362 else
4363 goto free_ct_name;
4364 goto out;
a41f104b 4365
148a9d27 4366free_cret_list:
a41f104b 4367 if (cret && *cret) {
148a9d27 4368 for (i = 0; i < cret_cnt; i++)
a41f104b
SH		 4369 lxc_container_put((*cret)[i]);
4370 free(*cret);
4371 }
148a9d27
DE		 4372
4373free_ct_name:
4374 if (ct_name) {
4375 for (i = 0; i < ct_name_cnt; i++)
4376 free(ct_name[i]);
4377 free(ct_name);
4378 }
4379
4380out:
e853a32d
ÇO		 4381 if (line)
4382 free(line);
4383
a41f104b 4384 fclose(f);
148a9d27 4385 return ret;
a41f104b 4386}
2871830a
DE		 4387
4388int list_all_containers(const char *lxcpath, char ***nret,
4389 struct lxc_container ***cret)
4390{
4391 int i, ret, active_cnt, ct_cnt, ct_list_cnt;
4392 char **active_name;
4393 char **ct_name;
4394 struct lxc_container **ct_list = NULL;
4395
4396 ct_cnt = list_defined_containers(lxcpath, &ct_name, NULL);
4397 if (ct_cnt < 0)
4398 return ct_cnt;
4399
4400 active_cnt = list_active_containers(lxcpath, &active_name, NULL);
4401 if (active_cnt < 0) {
4402 ret = active_cnt;
4403 goto free_ct_name;
4404 }
4405
4406 for (i = 0; i < active_cnt; i++) {
4407 if (!array_contains(&ct_name, active_name[i], ct_cnt)) {
4408 if (!add_to_array(&ct_name, active_name[i], ct_cnt)) {
4409 ret = -1;
4410 goto free_active_name;
4411 }
4412 ct_cnt++;
4413 }
4414 free(active_name[i]);
4415 active_name[i] = NULL;
4416 }
4417 free(active_name);
4418 active_name = NULL;
4419 active_cnt = 0;
4420
4421 for (i = 0, ct_list_cnt = 0; i < ct_cnt && cret; i++) {
4422 struct lxc_container *c;
4423
4424 c = lxc_container_new(ct_name[i], lxcpath);
4425 if (!c) {
4426 WARN("Container %s:%s could not be loaded", lxcpath, ct_name[i]);
4427 remove_from_array(&ct_name, ct_name[i], ct_cnt--);
4428 continue;
4429 }
4430
4431 if (!add_to_clist(&ct_list, c, ct_list_cnt, false)) {
4432 lxc_container_put(c);
4433 ret = -1;
4434 goto free_ct_list;
4435 }
4436 ct_list_cnt++;
4437 }
4438
4439 if (cret)
4440 *cret = ct_list;
4441
4442 if (nret)
4443 *nret = ct_name;
4444 else {
4445 ret = ct_cnt;
4446 goto free_ct_name;
4447 }
4448 return ct_cnt;
4449
4450free_ct_list:
4451 for (i = 0; i < ct_list_cnt; i++) {
4452 lxc_container_put(ct_list[i]);
4453 }
4454 if (ct_list)
4455 free(ct_list);
4456
4457free_active_name:
4458 for (i = 0; i < active_cnt; i++) {
4459 if (active_name[i])
4460 free(active_name[i]);
4461 }
4462 if (active_name)
4463 free(active_name);
4464
4465free_ct_name:
4466 for (i = 0; i < ct_cnt; i++) {
4467 free(ct_name[i]);
4468 }
4469 free(ct_name);
4470 return ret;
4471}
LXC mirror