[mirror_lxc.git] / src / lxc / start.h

/* SPDX-License-Identifier: LGPL-2.1+ */

#ifndef __LXC_START_H
#define __LXC_START_H

#include "config.h"

#include <linux/sched.h>
#include <sched.h>
#include <signal.h>
#include <stdbool.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/un.h>

#include "compiler.h"
#include "conf.h"
#include "macro.h"
#include "namespace.h"
#include "state.h"

struct lxc_handler {
	/* Record the clone for namespaces flags that the container requested.
	 *
	 * @ns_clone_flags
	 * - All clone flags that were requested.
	 *
	 * @ns_on_clone_flags
	 * - The clone flags for namespaces to actually use when calling
	 *   lxc_clone(): After the container has started ns_on_clone_flags will
	 *   list the clone flags that were unshare()ed rather then clone()ed
	 *   because of ordering requirements (e.g. e.g. CLONE_NEWNET and
	 *   CLONE_NEWUSER) or implementation details.
	 *
	 * @ns_unshare_flags
	 * - Flags for namespaces that were unshared, not cloned.
	 *
	 * @clone_flags
	 * - ns_on_clone flags | other flags used to create container.
	 */
	struct /* lxc_ns */ {
		unsigned int ns_clone_flags;
		unsigned int ns_on_clone_flags;
		unsigned int ns_unshare_flags;
		__aligned_u64 clone_flags;
	};

	/* Signal file descriptor. */
	int sigfd;

	/* List of file descriptors referring to the namespaces of the
	 * container. Note that these are not necessarily identical to
	 * the "clone_flags" handler field in case namespace inheritance is
	 * requested.
	 */
	int nsfd[LXC_NS_MAX];

	/* Abstract unix domain SOCK_DGRAM socketpair to pass arbitrary data
	 * between child and parent.
	 */
	int data_sock[2];

	/* The socketpair() fds used to wait on successful daemonized startup. */
	int state_socket_pair[2];

	/* Socketpair to synchronize processes during container creation. */
	int sync_sock[2];

	/* Pointer to the name of the container. Do not free! */
	const char *name;

	/* Pointer to the path the container. Do not free! */
	const char *lxcpath;

	/* Whether the container's startup process euid is 0. */
	bool am_root;

	/* Indicates whether should we close std{in,out,err} on start. */
	bool daemonize;

	/* The child's pid. */
	pid_t pid;

	/* The child's pidfd. */
	int pidfd;

	/* The grandfather's pid when double-forking. */
	pid_t transient_pid;

	/* The monitor's pid. */
	pid_t monitor_pid;

	int monitor_status_fd;

	/* Whether the child has already exited. */
	bool init_died;

	/* The signal mask prior to setting up the signal file descriptor. */
	sigset_t oldmask;

	/* The container's in-memory configuration. */
	struct lxc_conf *conf;

	/* A set of operations to be performed at various stages of the
	 * container's life.
	 */
	struct lxc_operations *ops;

	/* This holds the cgroup information. Note that the data here is
	 * specific to the cgroup driver used.
	 */
	void *cgroup_data;

	/* Data to be passed to handler ops. */
	void *data;

	/* Current state of the container. */
	lxc_state_t state;

	/* The exit status of the container; not defined unless ->init_died ==
	 * true.
	 */
	int exit_status;

	struct cgroup_ops *cgroup_ops;

	/* Internal fds that always need to stay open. */
	int keep_fds[3];

	/* Static memory, don't free. */
	struct lsm_ops *lsm_ops;

	/* The namespace idx is guaranteed to match the stashed namespace path. */
	char nsfd_paths[LXC_NS_MAX + 1][LXC_EXPOSE_NAMESPACE_LEN];
	/* The namesace idx is _not_ guaranteed to match the stashed namespace path. */
	lxc_namespace_t hook_argc;
	char *hook_argv[LXC_NS_MAX + 1];
};

struct execute_args {
	char *const *argv;
	int quiet;
};

struct lxc_operations {
	int (*start)(struct lxc_handler *, void *);
	int (*post_start)(struct lxc_handler *, void *);
};

__hidden extern int lxc_poll(const char *name, struct lxc_handler *handler);
__hidden extern int lxc_set_state(const char *name, struct lxc_handler *handler, lxc_state_t state);
__hidden extern int lxc_serve_state_clients(const char *name, struct lxc_handler *handler,
					    lxc_state_t state);
__hidden extern void lxc_abort(struct lxc_handler *handler);
__hidden extern struct lxc_handler *lxc_init_handler(struct lxc_handler *old, const char *name,
						     struct lxc_conf *conf, const char *lxcpath,
						     bool daemonize);
__hidden extern void lxc_put_handler(struct lxc_handler *handler);
__hidden extern int lxc_init(const char *name, struct lxc_handler *handler);
__hidden extern void lxc_end(struct lxc_handler *handler);

/* lxc_check_inherited: Check for any open file descriptors and close them if
 *                      requested.
 * @param[in] conf          The container's configuration.
 * @param[in] closeall      Whether we should close all open file descriptors.
 * @param[in] fds_to_ignore Array of file descriptors to ignore.
 * @param[in] len_fds       Length of fds_to_ignore array.
 */
__hidden extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall, int *fds_to_ignore,
					size_t len_fds);
static inline int inherit_fds(struct lxc_handler *handler, bool closeall)
{
	return lxc_check_inherited(handler->conf, closeall, handler->keep_fds,
				   ARRAY_SIZE(handler->keep_fds));
}

__hidden extern int __lxc_start(struct lxc_handler *, struct lxc_operations *, void *, const char *,
				bool, int *);

__hidden extern int resolve_clone_flags(struct lxc_handler *handler);
__hidden extern void lxc_expose_namespace_environment(const struct lxc_handler *handler);

static inline bool container_uses_namespace(const struct lxc_handler *handler,
					    unsigned int ns_flag)
{
	return (handler->ns_clone_flags & ns_flag);
}

#endif
Commit	Line	Data
cc73685d CB	1	/* SPDX-License-Identifier: LGPL-2.1+ */
cc73685d CB	2
f1a4a029 ÇO	3	#ifndef __LXC_START_H
f1a4a029 ÇO	4	#define __LXC_START_H
00b3c2e2	5
1160ce89 CB	6	#include "config.h"
1160ce89 CB	7
0aff04e0 CB	8	#include <linux/sched.h>
0aff04e0 CB	9	#include <sched.h>
9dc56d32	10	#include <signal.h>
35a02107	11	#include <stdbool.h>
872e1899	12	#include <sys/param.h>
5e5576a4 CB	13	#include <sys/socket.h>
5e5576a4 CB	14	#include <sys/un.h>
f2363e38	15
8c8cd087	16	#include "compiler.h"
aa460476	17	#include "conf.h"
85c279bb	18	#include "macro.h"
9f30a190	19	#include "namespace.h"
35a02107	20	#include "state.h"
1bc5cc8c	21
872e1899	22	struct lxc_handler {
becad0ec CB	23	/* Record the clone for namespaces flags that the container requested.
	24	*
	25	* @ns_clone_flags
	26	* - All clone flags that were requested.
	27	*
	28	* @ns_on_clone_flags
	29	* - The clone flags for namespaces to actually use when calling
	30	* lxc_clone(): After the container has started ns_on_clone_flags will
	31	* list the clone flags that were unshare()ed rather then clone()ed
	32	* because of ordering requirements (e.g. e.g. CLONE_NEWNET and
	33	* CLONE_NEWUSER) or implementation details.
becad0ec	34	*
f7176c3e CB	35	* @ns_unshare_flags
	36	* - Flags for namespaces that were unshared, not cloned.
	37	*
	38	* @clone_flags
	39	* - ns_on_clone flags \| other flags used to create container.
8deca6c9	40	*/
becad0ec	41	struct /* lxc_ns */ {
f7176c3e CB	42	unsigned int ns_clone_flags;
	43	unsigned int ns_on_clone_flags;
	44	unsigned int ns_unshare_flags;
0aff04e0	45	__aligned_u64 clone_flags;
becad0ec	46	};
8deca6c9	47
35a02107 CB	48	/* Signal file descriptor. */
	49	int sigfd;
	50
	51	/* List of file descriptors referring to the namespaces of the
	52	* container. Note that these are not necessarily identical to
	53	* the "clone_flags" handler field in case namespace inheritance is
	54	* requested.
	55	*/
	56	int nsfd[LXC_NS_MAX];
1a0e70ac	57
c6012571 CB	58	/* Abstract unix domain SOCK_DGRAM socketpair to pass arbitrary data
	59	* between child and parent.
	60	*/
	61	int data_sock[2];
1a0e70ac	62
1a0e70ac	63	/* The socketpair() fds used to wait on successful daemonized startup. */
5e5576a4	64	int state_socket_pair[2];
35a02107 CB	65
	66	/* Socketpair to synchronize processes during container creation. */
	67	int sync_sock[2];
	68
f0ecc19d CB	69	/* Pointer to the name of the container. Do not free! */
f0ecc19d CB	70	const char *name;
35a02107	71
f0ecc19d	72	/* Pointer to the path the container. Do not free! */
35a02107 CB	73	const char *lxcpath;
	74
	75	/* Whether the container's startup process euid is 0. */
	76	bool am_root;
	77
	78	/* Indicates whether should we close std{in,out,err} on start. */
bb955810	79	bool daemonize;
35a02107 CB	80
	81	/* The child's pid. */
	82	pid_t pid;
	83
33942046 CB	84	/* The child's pidfd. */
	85	int pidfd;
	86
c581d2a6 CB	87	/* The grandfather's pid when double-forking. */
	88	pid_t transient_pid;
	89
434c8e15 CB	90	/* The monitor's pid. */
	91	pid_t monitor_pid;
	92
4d8bdfa0 CB	93	int monitor_status_fd;
4d8bdfa0 CB	94
3c319edb CB	95	/* Whether the child has already exited. */
	96	bool init_died;
	97
35a02107 CB	98	/* The signal mask prior to setting up the signal file descriptor. */
	99	sigset_t oldmask;
	100
	101	/* The container's in-memory configuration. */
	102	struct lxc_conf *conf;
	103
35a02107 CB	104	/* A set of operations to be performed at various stages of the
	105	* container's life.
	106	*/
	107	struct lxc_operations *ops;
	108
	109	/* This holds the cgroup information. Note that the data here is
	110	* specific to the cgroup driver used.
	111	*/
	112	void *cgroup_data;
	113
	114	/* Data to be passed to handler ops. */
	115	void *data;
	116
	117	/* Current state of the container. */
	118	lxc_state_t state;
cd5177e9 TA	119
	120	/* The exit status of the container; not defined unless ->init_died ==
	121	* true.
	122	*/
	123	int exit_status;
2202afc9 CB	124
2202afc9 CB	125	struct cgroup_ops *cgroup_ops;
85c279bb CB	126
	127	/* Internal fds that always need to stay open. */
	128	int keep_fds[3];
d701d729	129
af04d847 CB	130	/* Static memory, don't free. */
af04d847 CB	131	struct lsm_ops *lsm_ops;
8db6be1b CB	132
	133	/* The namespace idx is guaranteed to match the stashed namespace path. */
	134	char nsfd_paths[LXC_NS_MAX + 1][LXC_EXPOSE_NAMESPACE_LEN];
	135	/* The namesace idx is _not_ guaranteed to match the stashed namespace path. */
	136	lxc_namespace_t hook_argc;
	137	char *hook_argv[LXC_NS_MAX + 1];
fc25b815 MN	138	};
fc25b815 MN	139
794248d0	140	struct execute_args {
794248d0 CB	141	char const argv;
	142	int quiet;
	143	};
	144
dbc9832d CB	145	struct lxc_operations {
	146	int (start)(struct lxc_handler , void *);
	147	int (post_start)(struct lxc_handler , void *);
	148	};
	149
8c8cd087 CB	150	__hidden extern int lxc_poll(const char name, struct lxc_handler handler);
	151	__hidden extern int lxc_set_state(const char name, struct lxc_handler handler, lxc_state_t state);
	152	__hidden extern int lxc_serve_state_clients(const char name, struct lxc_handler handler,
	153	lxc_state_t state);
	154	__hidden extern void lxc_abort(struct lxc_handler *handler);
	155	__hidden extern struct lxc_handler lxc_init_handler(struct lxc_handler old, const char *name,
	156	struct lxc_conf conf, const char lxcpath,
	157	bool daemonize);
	158	__hidden extern void lxc_put_handler(struct lxc_handler *handler);
	159	__hidden extern int lxc_init(const char name, struct lxc_handler handler);
	160	__hidden extern void lxc_end(struct lxc_handler *handler);
1bc5cc8c	161
47a46cf1 CB	162	/* lxc_check_inherited: Check for any open file descriptors and close them if
	163	* requested.
	164	* @param[in] conf The container's configuration.
	165	* @param[in] closeall Whether we should close all open file descriptors.
	166	* @param[in] fds_to_ignore Array of file descriptors to ignore.
	167	* @param[in] len_fds Length of fds_to_ignore array.
	168	*/
8c8cd087 CB	169	__hidden extern int lxc_check_inherited(struct lxc_conf conf, bool closeall, int fds_to_ignore,
8c8cd087 CB	170	size_t len_fds);
85c279bb CB	171	static inline int inherit_fds(struct lxc_handler *handler, bool closeall)
	172	{
	173	return lxc_check_inherited(handler->conf, closeall, handler->keep_fds,
	174	ARRAY_SIZE(handler->keep_fds));
	175	}
1bc5cc8c	176
8c8cd087 CB	177	__hidden extern int __lxc_start(struct lxc_handler , struct lxc_operations , void , const char ,
	178	bool, int *);
	179
	180	__hidden extern int resolve_clone_flags(struct lxc_handler *handler);
8db6be1b	181	__hidden extern void lxc_expose_namespace_environment(const struct lxc_handler *handler);
1bc5cc8c	182
937a3af9 CB	183	static inline bool container_uses_namespace(const struct lxc_handler *handler,
	184	unsigned int ns_flag)
	185	{
	186	return (handler->ns_clone_flags & ns_flag);
	187	}
	188
a529bc25	189	#endif