[mirror_lxc.git] / src / lxc / start.h

/* SPDX-License-Identifier: LGPL-2.1+ */

#ifndef __LXC_START_H
#define __LXC_START_H

#include <linux/sched.h>
#include <sched.h>
#include <signal.h>
#include <stdbool.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/un.h>

#include "compiler.h"
#include "conf.h"
#include "macro.h"
#include "namespace.h"
#include "state.h"

struct lxc_handler {
	/* Record the clone for namespaces flags that the container requested.
	 *
	 * @ns_clone_flags
	 * - All clone flags that were requested.
	 *
	 * @ns_on_clone_flags
	 * - The clone flags for namespaces to actually use when calling
	 *   lxc_clone(): After the container has started ns_on_clone_flags will
	 *   list the clone flags that were unshare()ed rather then clone()ed
	 *   because of ordering requirements (e.g. e.g. CLONE_NEWNET and
	 *   CLONE_NEWUSER) or implementation details.
	 *
	 * @ns_unshare_flags
	 * - Flags for namespaces that were unshared, not cloned.
	 *
	 * @clone_flags
	 * - ns_on_clone flags | other flags used to create container.
	 */
	struct /* lxc_ns */ {
		unsigned int ns_clone_flags;
		unsigned int ns_on_clone_flags;
		unsigned int ns_unshare_flags;
		__aligned_u64 clone_flags;
	};

	/* File descriptor to pin the rootfs for privileged containers. */
	int pinfd;

	/* Signal file descriptor. */
	int sigfd;

	/* List of file descriptors referring to the namespaces of the
	 * container. Note that these are not necessarily identical to
	 * the "clone_flags" handler field in case namespace inheritance is
	 * requested.
	 */
	int nsfd[LXC_NS_MAX];

	/* Abstract unix domain SOCK_DGRAM socketpair to pass arbitrary data
	 * between child and parent.
	 */
	int data_sock[2];

	/* The socketpair() fds used to wait on successful daemonized startup. */
	int state_socket_pair[2];

	/* Socketpair to synchronize processes during container creation. */
	int sync_sock[2];

	/* Pointer to the name of the container. Do not free! */
	const char *name;

	/* Pointer to the path the container. Do not free! */
	const char *lxcpath;

	/* Whether the container's startup process euid is 0. */
	bool am_root;

	/* Indicates whether should we close std{in,out,err} on start. */
	bool daemonize;

	/* The child's pid. */
	pid_t pid;

	/* The child's pidfd. */
	int pidfd;

	/* The grandfather's pid when double-forking. */
	pid_t transient_pid;

	/* The monitor's pid. */
	pid_t monitor_pid;

	int monitor_status_fd;

	/* Whether the child has already exited. */
	bool init_died;

	/* The signal mask prior to setting up the signal file descriptor. */
	sigset_t oldmask;

	/* The container's in-memory configuration. */
	struct lxc_conf *conf;

	/* A set of operations to be performed at various stages of the
	 * container's life.
	 */
	struct lxc_operations *ops;

	/* This holds the cgroup information. Note that the data here is
	 * specific to the cgroup driver used.
	 */
	void *cgroup_data;

	/* Data to be passed to handler ops. */
	void *data;

	/* Current state of the container. */
	lxc_state_t state;

	/* The exit status of the container; not defined unless ->init_died ==
	 * true.
	 */
	int exit_status;

	struct cgroup_ops *cgroup_ops;

	/* Internal fds that always need to stay open. */
	int keep_fds[3];

	/* Static memory, don't free. */
	struct lsm_ops *lsm_ops;
};

struct execute_args {
	char *init_path;
	int init_fd;
	char *const *argv;
	int quiet;
};

struct lxc_operations {
	int (*start)(struct lxc_handler *, void *);
	int (*post_start)(struct lxc_handler *, void *);
};

__hidden extern int lxc_poll(const char *name, struct lxc_handler *handler);
__hidden extern int lxc_set_state(const char *name, struct lxc_handler *handler, lxc_state_t state);
__hidden extern int lxc_serve_state_clients(const char *name, struct lxc_handler *handler,
					    lxc_state_t state);
__hidden extern void lxc_abort(struct lxc_handler *handler);
__hidden extern struct lxc_handler *lxc_init_handler(struct lxc_handler *old, const char *name,
						     struct lxc_conf *conf, const char *lxcpath,
						     bool daemonize);
__hidden extern void lxc_put_handler(struct lxc_handler *handler);
__hidden extern int lxc_init(const char *name, struct lxc_handler *handler);
__hidden extern void lxc_end(struct lxc_handler *handler);

/* lxc_check_inherited: Check for any open file descriptors and close them if
 *                      requested.
 * @param[in] conf          The container's configuration.
 * @param[in] closeall      Whether we should close all open file descriptors.
 * @param[in] fds_to_ignore Array of file descriptors to ignore.
 * @param[in] len_fds       Length of fds_to_ignore array.
 */
__hidden extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall, int *fds_to_ignore,
					size_t len_fds);
static inline int inherit_fds(struct lxc_handler *handler, bool closeall)
{
	return lxc_check_inherited(handler->conf, closeall, handler->keep_fds,
				   ARRAY_SIZE(handler->keep_fds));
}

__hidden extern int __lxc_start(struct lxc_handler *, struct lxc_operations *, void *, const char *,
				bool, int *);

__hidden extern int resolve_clone_flags(struct lxc_handler *handler);

#endif
Commit	Line	Data
cc73685d CB	1	/* SPDX-License-Identifier: LGPL-2.1+ */
cc73685d CB	2
f1a4a029 ÇO	3	#ifndef __LXC_START_H
f1a4a029 ÇO	4	#define __LXC_START_H
00b3c2e2	5
0aff04e0 CB	6	#include <linux/sched.h>
0aff04e0 CB	7	#include <sched.h>
9dc56d32	8	#include <signal.h>
35a02107	9	#include <stdbool.h>
872e1899	10	#include <sys/param.h>
5e5576a4 CB	11	#include <sys/socket.h>
5e5576a4 CB	12	#include <sys/un.h>
f2363e38	13
8c8cd087	14	#include "compiler.h"
aa460476	15	#include "conf.h"
85c279bb	16	#include "macro.h"
9f30a190	17	#include "namespace.h"
35a02107	18	#include "state.h"
1bc5cc8c	19
872e1899	20	struct lxc_handler {
becad0ec CB	21	/* Record the clone for namespaces flags that the container requested.
	22	*
	23	* @ns_clone_flags
	24	* - All clone flags that were requested.
	25	*
	26	* @ns_on_clone_flags
	27	* - The clone flags for namespaces to actually use when calling
	28	* lxc_clone(): After the container has started ns_on_clone_flags will
	29	* list the clone flags that were unshare()ed rather then clone()ed
	30	* because of ordering requirements (e.g. e.g. CLONE_NEWNET and
	31	* CLONE_NEWUSER) or implementation details.
becad0ec	32	*
f7176c3e CB	33	* @ns_unshare_flags
	34	* - Flags for namespaces that were unshared, not cloned.
	35	*
	36	* @clone_flags
	37	* - ns_on_clone flags \| other flags used to create container.
8deca6c9	38	*/
becad0ec	39	struct /* lxc_ns */ {
f7176c3e CB	40	unsigned int ns_clone_flags;
	41	unsigned int ns_on_clone_flags;
	42	unsigned int ns_unshare_flags;
0aff04e0	43	__aligned_u64 clone_flags;
becad0ec	44	};
8deca6c9	45
35a02107	46	/* File descriptor to pin the rootfs for privileged containers. */
2b0e17e4	47	int pinfd;
35a02107 CB	48
	49	/* Signal file descriptor. */
	50	int sigfd;
	51
	52	/* List of file descriptors referring to the namespaces of the
	53	* container. Note that these are not necessarily identical to
	54	* the "clone_flags" handler field in case namespace inheritance is
	55	* requested.
	56	*/
	57	int nsfd[LXC_NS_MAX];
1a0e70ac	58
c6012571 CB	59	/* Abstract unix domain SOCK_DGRAM socketpair to pass arbitrary data
	60	* between child and parent.
	61	*/
	62	int data_sock[2];
1a0e70ac	63
1a0e70ac	64	/* The socketpair() fds used to wait on successful daemonized startup. */
5e5576a4	65	int state_socket_pair[2];
35a02107 CB	66
	67	/* Socketpair to synchronize processes during container creation. */
	68	int sync_sock[2];
	69
f0ecc19d CB	70	/* Pointer to the name of the container. Do not free! */
f0ecc19d CB	71	const char *name;
35a02107	72
f0ecc19d	73	/* Pointer to the path the container. Do not free! */
35a02107 CB	74	const char *lxcpath;
	75
	76	/* Whether the container's startup process euid is 0. */
	77	bool am_root;
	78
	79	/* Indicates whether should we close std{in,out,err} on start. */
bb955810	80	bool daemonize;
35a02107 CB	81
	82	/* The child's pid. */
	83	pid_t pid;
	84
33942046 CB	85	/* The child's pidfd. */
	86	int pidfd;
	87
c581d2a6 CB	88	/* The grandfather's pid when double-forking. */
	89	pid_t transient_pid;
	90
434c8e15 CB	91	/* The monitor's pid. */
	92	pid_t monitor_pid;
	93
4d8bdfa0 CB	94	int monitor_status_fd;
4d8bdfa0 CB	95
3c319edb CB	96	/* Whether the child has already exited. */
	97	bool init_died;
	98
35a02107 CB	99	/* The signal mask prior to setting up the signal file descriptor. */
	100	sigset_t oldmask;
	101
	102	/* The container's in-memory configuration. */
	103	struct lxc_conf *conf;
	104
35a02107 CB	105	/* A set of operations to be performed at various stages of the
	106	* container's life.
	107	*/
	108	struct lxc_operations *ops;
	109
	110	/* This holds the cgroup information. Note that the data here is
	111	* specific to the cgroup driver used.
	112	*/
	113	void *cgroup_data;
	114
	115	/* Data to be passed to handler ops. */
	116	void *data;
	117
	118	/* Current state of the container. */
	119	lxc_state_t state;
cd5177e9 TA	120
	121	/* The exit status of the container; not defined unless ->init_died ==
	122	* true.
	123	*/
	124	int exit_status;
2202afc9 CB	125
2202afc9 CB	126	struct cgroup_ops *cgroup_ops;
85c279bb CB	127
	128	/* Internal fds that always need to stay open. */
	129	int keep_fds[3];
d701d729	130
af04d847 CB	131	/* Static memory, don't free. */
af04d847 CB	132	struct lsm_ops *lsm_ops;
fc25b815 MN	133	};
fc25b815 MN	134
794248d0 CB	135	struct execute_args {
794248d0 CB	136	char *init_path;
4b5b3a2a	137	int init_fd;
794248d0 CB	138	char const argv;
	139	int quiet;
	140	};
	141
dbc9832d CB	142	struct lxc_operations {
	143	int (start)(struct lxc_handler , void *);
	144	int (post_start)(struct lxc_handler , void *);
	145	};
	146
8c8cd087 CB	147	__hidden extern int lxc_poll(const char name, struct lxc_handler handler);
	148	__hidden extern int lxc_set_state(const char name, struct lxc_handler handler, lxc_state_t state);
	149	__hidden extern int lxc_serve_state_clients(const char name, struct lxc_handler handler,
	150	lxc_state_t state);
	151	__hidden extern void lxc_abort(struct lxc_handler *handler);
	152	__hidden extern struct lxc_handler lxc_init_handler(struct lxc_handler old, const char *name,
	153	struct lxc_conf conf, const char lxcpath,
	154	bool daemonize);
	155	__hidden extern void lxc_put_handler(struct lxc_handler *handler);
	156	__hidden extern int lxc_init(const char name, struct lxc_handler handler);
	157	__hidden extern void lxc_end(struct lxc_handler *handler);
1bc5cc8c	158
47a46cf1 CB	159	/* lxc_check_inherited: Check for any open file descriptors and close them if
	160	* requested.
	161	* @param[in] conf The container's configuration.
	162	* @param[in] closeall Whether we should close all open file descriptors.
	163	* @param[in] fds_to_ignore Array of file descriptors to ignore.
	164	* @param[in] len_fds Length of fds_to_ignore array.
	165	*/
8c8cd087 CB	166	__hidden extern int lxc_check_inherited(struct lxc_conf conf, bool closeall, int fds_to_ignore,
8c8cd087 CB	167	size_t len_fds);
85c279bb CB	168	static inline int inherit_fds(struct lxc_handler *handler, bool closeall)
	169	{
	170	return lxc_check_inherited(handler->conf, closeall, handler->keep_fds,
	171	ARRAY_SIZE(handler->keep_fds));
	172	}
1bc5cc8c	173
8c8cd087 CB	174	__hidden extern int __lxc_start(struct lxc_handler , struct lxc_operations , void , const char ,
	175	bool, int *);
	176
	177	__hidden extern int resolve_clone_flags(struct lxc_handler *handler);
1bc5cc8c	178
a529bc25	179	#endif