[mirror_lxc.git] / src / lxc / start.h

/* SPDX-License-Identifier: LGPL-2.1+ */

#ifndef __LXC_START_H
#define __LXC_START_H

#include <linux/sched.h>
#include <sched.h>
#include <signal.h>
#include <stdbool.h>
#include <sys/param.h>
#include <sys/socket.h>
#include <sys/un.h>

#include "compiler.h"
#include "conf.h"
#include "macro.h"
#include "namespace.h"
#include "state.h"

struct lxc_handler {
	/* Record the clone for namespaces flags that the container requested.
	 *
	 * @ns_clone_flags
	 * - All clone flags that were requested.
	 *
	 * @ns_on_clone_flags
	 * - The clone flags for namespaces to actually use when calling
	 *   lxc_clone(): After the container has started ns_on_clone_flags will
	 *   list the clone flags that were unshare()ed rather then clone()ed
	 *   because of ordering requirements (e.g. e.g. CLONE_NEWNET and
	 *   CLONE_NEWUSER) or implementation details.
	 *
	 * @ns_unshare_flags
	 * - Flags for namespaces that were unshared, not cloned.
	 *
	 * @clone_flags
	 * - ns_on_clone flags | other flags used to create container.
	 */
	struct /* lxc_ns */ {
		unsigned int ns_clone_flags;
		unsigned int ns_on_clone_flags;
		unsigned int ns_unshare_flags;
		__aligned_u64 clone_flags;
	};

	/* Signal file descriptor. */
	int sigfd;

	/* List of file descriptors referring to the namespaces of the
	 * container. Note that these are not necessarily identical to
	 * the "clone_flags" handler field in case namespace inheritance is
	 * requested.
	 */
	int nsfd[LXC_NS_MAX];

	/* Abstract unix domain SOCK_DGRAM socketpair to pass arbitrary data
	 * between child and parent.
	 */
	int data_sock[2];

	/* The socketpair() fds used to wait on successful daemonized startup. */
	int state_socket_pair[2];

	/* Socketpair to synchronize processes during container creation. */
	int sync_sock[2];

	/* Pointer to the name of the container. Do not free! */
	const char *name;

	/* Pointer to the path the container. Do not free! */
	const char *lxcpath;

	/* Whether the container's startup process euid is 0. */
	bool am_root;

	/* Indicates whether should we close std{in,out,err} on start. */
	bool daemonize;

	/* The child's pid. */
	pid_t pid;

	/* The child's pidfd. */
	int pidfd;

	/* The grandfather's pid when double-forking. */
	pid_t transient_pid;

	/* The monitor's pid. */
	pid_t monitor_pid;

	int monitor_status_fd;

	/* Whether the child has already exited. */
	bool init_died;

	/* The signal mask prior to setting up the signal file descriptor. */
	sigset_t oldmask;

	/* The container's in-memory configuration. */
	struct lxc_conf *conf;

	/* A set of operations to be performed at various stages of the
	 * container's life.
	 */
	struct lxc_operations *ops;

	/* This holds the cgroup information. Note that the data here is
	 * specific to the cgroup driver used.
	 */
	void *cgroup_data;

	/* Data to be passed to handler ops. */
	void *data;

	/* Current state of the container. */
	lxc_state_t state;

	/* The exit status of the container; not defined unless ->init_died ==
	 * true.
	 */
	int exit_status;

	struct cgroup_ops *cgroup_ops;

	/* Internal fds that always need to stay open. */
	int keep_fds[3];

	/* Static memory, don't free. */
	struct lsm_ops *lsm_ops;

	/* The namespace idx is guaranteed to match the stashed namespace path. */
	char nsfd_paths[LXC_NS_MAX + 1][LXC_EXPOSE_NAMESPACE_LEN];
	/* The namesace idx is _not_ guaranteed to match the stashed namespace path. */
	lxc_namespace_t hook_argc;
	char *hook_argv[LXC_NS_MAX + 1];
};

struct execute_args {
	char *init_path;
	int init_fd;
	char *const *argv;
	int quiet;
};

struct lxc_operations {
	int (*start)(struct lxc_handler *, void *);
	int (*post_start)(struct lxc_handler *, void *);
};

__hidden extern int lxc_poll(const char *name, struct lxc_handler *handler);
__hidden extern int lxc_set_state(const char *name, struct lxc_handler *handler, lxc_state_t state);
__hidden extern int lxc_serve_state_clients(const char *name, struct lxc_handler *handler,
					    lxc_state_t state);
__hidden extern void lxc_abort(struct lxc_handler *handler);
__hidden extern struct lxc_handler *lxc_init_handler(struct lxc_handler *old, const char *name,
						     struct lxc_conf *conf, const char *lxcpath,
						     bool daemonize);
__hidden extern void lxc_put_handler(struct lxc_handler *handler);
__hidden extern int lxc_init(const char *name, struct lxc_handler *handler);
__hidden extern void lxc_end(struct lxc_handler *handler);

/* lxc_check_inherited: Check for any open file descriptors and close them if
 *                      requested.
 * @param[in] conf          The container's configuration.
 * @param[in] closeall      Whether we should close all open file descriptors.
 * @param[in] fds_to_ignore Array of file descriptors to ignore.
 * @param[in] len_fds       Length of fds_to_ignore array.
 */
__hidden extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall, int *fds_to_ignore,
					size_t len_fds);
static inline int inherit_fds(struct lxc_handler *handler, bool closeall)
{
	return lxc_check_inherited(handler->conf, closeall, handler->keep_fds,
				   ARRAY_SIZE(handler->keep_fds));
}

__hidden extern int __lxc_start(struct lxc_handler *, struct lxc_operations *, void *, const char *,
				bool, int *);

__hidden extern int resolve_clone_flags(struct lxc_handler *handler);
__hidden extern void lxc_expose_namespace_environment(const struct lxc_handler *handler);

static inline bool container_uses_namespace(const struct lxc_handler *handler,
					    unsigned int ns_flag)
{
	return (handler->ns_clone_flags & ns_flag);
}

#endif
Commit	Line	Data
cc73685d CB	1	/* SPDX-License-Identifier: LGPL-2.1+ */
cc73685d CB	2
f1a4a029 ÇO	3	#ifndef __LXC_START_H
f1a4a029 ÇO	4	#define __LXC_START_H
00b3c2e2	5
0aff04e0 CB	6	#include <linux/sched.h>
0aff04e0 CB	7	#include <sched.h>
9dc56d32	8	#include <signal.h>
35a02107	9	#include <stdbool.h>
872e1899	10	#include <sys/param.h>
5e5576a4 CB	11	#include <sys/socket.h>
5e5576a4 CB	12	#include <sys/un.h>
f2363e38	13
8c8cd087	14	#include "compiler.h"
aa460476	15	#include "conf.h"
85c279bb	16	#include "macro.h"
9f30a190	17	#include "namespace.h"
35a02107	18	#include "state.h"
1bc5cc8c	19
872e1899	20	struct lxc_handler {
becad0ec CB	21	/* Record the clone for namespaces flags that the container requested.
	22	*
	23	* @ns_clone_flags
	24	* - All clone flags that were requested.
	25	*
	26	* @ns_on_clone_flags
	27	* - The clone flags for namespaces to actually use when calling
	28	* lxc_clone(): After the container has started ns_on_clone_flags will
	29	* list the clone flags that were unshare()ed rather then clone()ed
	30	* because of ordering requirements (e.g. e.g. CLONE_NEWNET and
	31	* CLONE_NEWUSER) or implementation details.
becad0ec	32	*
f7176c3e CB	33	* @ns_unshare_flags
	34	* - Flags for namespaces that were unshared, not cloned.
	35	*
	36	* @clone_flags
	37	* - ns_on_clone flags \| other flags used to create container.
8deca6c9	38	*/
becad0ec	39	struct /* lxc_ns */ {
f7176c3e CB	40	unsigned int ns_clone_flags;
	41	unsigned int ns_on_clone_flags;
	42	unsigned int ns_unshare_flags;
0aff04e0	43	__aligned_u64 clone_flags;
becad0ec	44	};
8deca6c9	45
35a02107 CB	46	/* Signal file descriptor. */
	47	int sigfd;
	48
	49	/* List of file descriptors referring to the namespaces of the
	50	* container. Note that these are not necessarily identical to
	51	* the "clone_flags" handler field in case namespace inheritance is
	52	* requested.
	53	*/
	54	int nsfd[LXC_NS_MAX];
1a0e70ac	55
c6012571 CB	56	/* Abstract unix domain SOCK_DGRAM socketpair to pass arbitrary data
	57	* between child and parent.
	58	*/
	59	int data_sock[2];
1a0e70ac	60
1a0e70ac	61	/* The socketpair() fds used to wait on successful daemonized startup. */
5e5576a4	62	int state_socket_pair[2];
35a02107 CB	63
	64	/* Socketpair to synchronize processes during container creation. */
	65	int sync_sock[2];
	66
f0ecc19d CB	67	/* Pointer to the name of the container. Do not free! */
f0ecc19d CB	68	const char *name;
35a02107	69
f0ecc19d	70	/* Pointer to the path the container. Do not free! */
35a02107 CB	71	const char *lxcpath;
	72
	73	/* Whether the container's startup process euid is 0. */
	74	bool am_root;
	75
	76	/* Indicates whether should we close std{in,out,err} on start. */
bb955810	77	bool daemonize;
35a02107 CB	78
	79	/* The child's pid. */
	80	pid_t pid;
	81
33942046 CB	82	/* The child's pidfd. */
	83	int pidfd;
	84
c581d2a6 CB	85	/* The grandfather's pid when double-forking. */
	86	pid_t transient_pid;
	87
434c8e15 CB	88	/* The monitor's pid. */
	89	pid_t monitor_pid;
	90
4d8bdfa0 CB	91	int monitor_status_fd;
4d8bdfa0 CB	92
3c319edb CB	93	/* Whether the child has already exited. */
	94	bool init_died;
	95
35a02107 CB	96	/* The signal mask prior to setting up the signal file descriptor. */
	97	sigset_t oldmask;
	98
	99	/* The container's in-memory configuration. */
	100	struct lxc_conf *conf;
	101
35a02107 CB	102	/* A set of operations to be performed at various stages of the
	103	* container's life.
	104	*/
	105	struct lxc_operations *ops;
	106
	107	/* This holds the cgroup information. Note that the data here is
	108	* specific to the cgroup driver used.
	109	*/
	110	void *cgroup_data;
	111
	112	/* Data to be passed to handler ops. */
	113	void *data;
	114
	115	/* Current state of the container. */
	116	lxc_state_t state;
cd5177e9 TA	117
	118	/* The exit status of the container; not defined unless ->init_died ==
	119	* true.
	120	*/
	121	int exit_status;
2202afc9 CB	122
2202afc9 CB	123	struct cgroup_ops *cgroup_ops;
85c279bb CB	124
	125	/* Internal fds that always need to stay open. */
	126	int keep_fds[3];
d701d729	127
af04d847 CB	128	/* Static memory, don't free. */
af04d847 CB	129	struct lsm_ops *lsm_ops;
8db6be1b CB	130
	131	/* The namespace idx is guaranteed to match the stashed namespace path. */
	132	char nsfd_paths[LXC_NS_MAX + 1][LXC_EXPOSE_NAMESPACE_LEN];
	133	/* The namesace idx is _not_ guaranteed to match the stashed namespace path. */
	134	lxc_namespace_t hook_argc;
	135	char *hook_argv[LXC_NS_MAX + 1];
fc25b815 MN	136	};
fc25b815 MN	137
794248d0 CB	138	struct execute_args {
794248d0 CB	139	char *init_path;
4b5b3a2a	140	int init_fd;
794248d0 CB	141	char const argv;
	142	int quiet;
	143	};
	144
dbc9832d CB	145	struct lxc_operations {
	146	int (start)(struct lxc_handler , void *);
	147	int (post_start)(struct lxc_handler , void *);
	148	};
	149
8c8cd087 CB	150	__hidden extern int lxc_poll(const char name, struct lxc_handler handler);
	151	__hidden extern int lxc_set_state(const char name, struct lxc_handler handler, lxc_state_t state);
	152	__hidden extern int lxc_serve_state_clients(const char name, struct lxc_handler handler,
	153	lxc_state_t state);
	154	__hidden extern void lxc_abort(struct lxc_handler *handler);
	155	__hidden extern struct lxc_handler lxc_init_handler(struct lxc_handler old, const char *name,
	156	struct lxc_conf conf, const char lxcpath,
	157	bool daemonize);
	158	__hidden extern void lxc_put_handler(struct lxc_handler *handler);
	159	__hidden extern int lxc_init(const char name, struct lxc_handler handler);
	160	__hidden extern void lxc_end(struct lxc_handler *handler);
1bc5cc8c	161
47a46cf1 CB	162	/* lxc_check_inherited: Check for any open file descriptors and close them if
	163	* requested.
	164	* @param[in] conf The container's configuration.
	165	* @param[in] closeall Whether we should close all open file descriptors.
	166	* @param[in] fds_to_ignore Array of file descriptors to ignore.
	167	* @param[in] len_fds Length of fds_to_ignore array.
	168	*/
8c8cd087 CB	169	__hidden extern int lxc_check_inherited(struct lxc_conf conf, bool closeall, int fds_to_ignore,
8c8cd087 CB	170	size_t len_fds);
85c279bb CB	171	static inline int inherit_fds(struct lxc_handler *handler, bool closeall)
	172	{
	173	return lxc_check_inherited(handler->conf, closeall, handler->keep_fds,
	174	ARRAY_SIZE(handler->keep_fds));
	175	}
1bc5cc8c	176
8c8cd087 CB	177	__hidden extern int __lxc_start(struct lxc_handler , struct lxc_operations , void , const char ,
	178	bool, int *);
	179
	180	__hidden extern int resolve_clone_flags(struct lxc_handler *handler);
8db6be1b	181	__hidden extern void lxc_expose_namespace_environment(const struct lxc_handler *handler);
1bc5cc8c	182
937a3af9 CB	183	static inline bool container_uses_namespace(const struct lxc_handler *handler,
	184	unsigned int ns_flag)
	185	{
	186	return (handler->ns_clone_flags & ns_flag);
	187	}
	188
a529bc25	189	#endif