]>
Commit | Line | Data |
---|---|---|
5e97c3fc | 1 | /* |
2 | * lxc: linux Container library | |
3 | * | |
4 | * (C) Copyright IBM Corp. 2007, 2008 | |
5 | * | |
6 | * Authors: | |
9afe19d6 | 7 | * Daniel Lezcano <daniel.lezcano at free.fr> |
5e97c3fc | 8 | * |
9 | * This library is free software; you can redistribute it and/or | |
10 | * modify it under the terms of the GNU Lesser General Public | |
11 | * License as published by the Free Software Foundation; either | |
12 | * version 2.1 of the License, or (at your option) any later version. | |
13 | * | |
14 | * This library is distributed in the hope that it will be useful, | |
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
17 | * Lesser General Public License for more details. | |
18 | * | |
19 | * You should have received a copy of the GNU Lesser General Public | |
20 | * License along with this library; if not, write to the Free Software | |
250b1eec | 21 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA |
5e97c3fc | 22 | */ |
d06245b8 NC |
23 | #include "config.h" |
24 | ||
5e97c3fc | 25 | #include <stdio.h> |
26 | #include <libgen.h> | |
96c210bb | 27 | #include <stdlib.h> |
5e97c3fc | 28 | #include <unistd.h> |
29 | #include <string.h> | |
b0a33c1e | 30 | #include <errno.h> |
c36583c3 | 31 | #include <fcntl.h> |
f8e09a0b | 32 | #include <signal.h> |
5e97c3fc | 33 | #include <sys/param.h> |
34 | #include <sys/utsname.h> | |
35 | #include <sys/types.h> | |
36 | #include <sys/socket.h> | |
c36583c3 | 37 | #include <sys/stat.h> |
5e97c3fc | 38 | #include <arpa/inet.h> |
39 | #include <netinet/in.h> | |
40 | #include <net/if.h> | |
41 | ||
f2363e38 ÇO |
42 | #include <lxc/lxccontainer.h> |
43 | ||
fae349da | 44 | #include "log.h" |
0ed9cc8b | 45 | #include "caps.h" |
fae349da DL |
46 | #include "lxc.h" |
47 | #include "conf.h" | |
63376d7d | 48 | #include "cgroup.h" |
fae349da | 49 | #include "utils.h" |
fae349da DL |
50 | #include "confile.h" |
51 | #include "arguments.h" | |
36eb9bde | 52 | |
eab15c1e CB |
53 | #define OPT_SHARE_NET OPT_USAGE + 1 |
54 | #define OPT_SHARE_IPC OPT_USAGE + 2 | |
55 | #define OPT_SHARE_UTS OPT_USAGE + 3 | |
9f30a190 | 56 | |
6ea518f6 | 57 | lxc_log_define(lxc_start_ui, lxc); |
5e97c3fc | 58 | |
33ba4ad7 CLG |
59 | static struct lxc_list defines; |
60 | ||
596a818d DE |
61 | static int ensure_path(char **confpath, const char *path) |
62 | { | |
63 | int err = -1, fd; | |
64 | char *fullpath = NULL; | |
65 | ||
66 | if (path) { | |
67 | if (access(path, W_OK)) { | |
68 | fd = creat(path, 0600); | |
84bdfb2b | 69 | if (fd < 0 && errno != EEXIST) { |
596a818d DE |
70 | SYSERROR("failed to create '%s'", path); |
71 | goto err; | |
72 | } | |
84bdfb2b SH |
73 | if (fd >= 0) |
74 | close(fd); | |
596a818d DE |
75 | } |
76 | ||
77 | fullpath = realpath(path, NULL); | |
78 | if (!fullpath) { | |
79 | SYSERROR("failed to get the real path of '%s'", path); | |
80 | goto err; | |
81 | } | |
82 | ||
e58e6e11 | 83 | *confpath = fullpath; |
596a818d | 84 | } |
040f39c4 | 85 | err = EXIT_SUCCESS; |
596a818d DE |
86 | |
87 | err: | |
596a818d DE |
88 | return err; |
89 | } | |
90 | ||
02b4f2e1 MM |
91 | static int pid_from_lxcname(const char *lxcname_or_pid, const char *lxcpath) { |
92 | char *eptr; | |
93 | int pid = strtol(lxcname_or_pid, &eptr, 10); | |
94 | if (*eptr != '\0' || pid < 1) { | |
95 | struct lxc_container *s; | |
96 | s = lxc_container_new(lxcname_or_pid, lxcpath); | |
97 | if (!s) { | |
98 | SYSERROR("'%s' is not a valid pid nor a container name", lxcname_or_pid); | |
99 | return -1; | |
100 | } | |
101 | ||
102 | if (!s->may_control(s)) { | |
103 | SYSERROR("Insufficient privileges to control container '%s'", s->name); | |
f8059880 | 104 | lxc_container_put(s); |
02b4f2e1 MM |
105 | return -1; |
106 | } | |
107 | ||
108 | pid = s->init_pid(s); | |
109 | if (pid < 1) { | |
110 | SYSERROR("Is container '%s' running?", s->name); | |
f8059880 | 111 | lxc_container_put(s); |
02b4f2e1 MM |
112 | return -1; |
113 | } | |
f8059880 MM |
114 | |
115 | lxc_container_put(s); | |
02b4f2e1 MM |
116 | } |
117 | if (kill(pid, 0) < 0) { | |
118 | SYSERROR("Can't send signal to pid %d", pid); | |
119 | return -1; | |
120 | } | |
f8059880 | 121 | |
02b4f2e1 MM |
122 | return pid; |
123 | } | |
124 | ||
125 | static int open_ns(int pid, const char *ns_proc_name) { | |
126 | int fd; | |
127 | char path[MAXPATHLEN]; | |
f8059880 | 128 | snprintf(path, MAXPATHLEN, "/proc/%d/ns/%s", pid, ns_proc_name); |
02b4f2e1 MM |
129 | |
130 | fd = open(path, O_RDONLY); | |
131 | if (fd < 0) { | |
132 | SYSERROR("failed to open %s", path); | |
133 | return -1; | |
134 | } | |
135 | return fd; | |
136 | } | |
137 | ||
c36583c3 DL |
138 | static int my_parser(struct lxc_arguments* args, int c, char* arg) |
139 | { | |
140 | switch (c) { | |
829dd918 | 141 | case 'c': args->console = arg; break; |
596a818d | 142 | case 'L': args->console_log = arg; break; |
83758ed0 | 143 | case 'd': args->daemonize = 1; break; |
476d302c | 144 | case 'F': args->daemonize = 0; break; |
48862401 | 145 | case 'f': args->rcfile = arg; break; |
b119f362 | 146 | case 'C': args->close_all_fds = 1; break; |
33ba4ad7 | 147 | case 's': return lxc_config_define_add(&defines, arg); |
3114c982 | 148 | case 'p': args->pidfile = arg; break; |
46926165 MM |
149 | case OPT_SHARE_NET: args->share_ns[LXC_NS_NET] = arg; break; |
150 | case OPT_SHARE_IPC: args->share_ns[LXC_NS_IPC] = arg; break; | |
6c544cb3 | 151 | case OPT_SHARE_UTS: args->share_ns[LXC_NS_UTS] = arg; break; |
c36583c3 DL |
152 | } |
153 | return 0; | |
154 | } | |
155 | ||
9618063c | 156 | static const struct option my_longopts[] = { |
c36583c3 | 157 | {"daemon", no_argument, 0, 'd'}, |
476d302c | 158 | {"foreground", no_argument, 0, 'F'}, |
48862401 | 159 | {"rcfile", required_argument, 0, 'f'}, |
33ba4ad7 | 160 | {"define", required_argument, 0, 's'}, |
829dd918 | 161 | {"console", required_argument, 0, 'c'}, |
596a818d | 162 | {"console-log", required_argument, 0, 'L'}, |
b119f362 | 163 | {"close-all-fds", no_argument, 0, 'C'}, |
3114c982 | 164 | {"pidfile", required_argument, 0, 'p'}, |
9f30a190 | 165 | {"share-net", required_argument, 0, OPT_SHARE_NET}, |
3c93577b | 166 | {"share-ipc", required_argument, 0, OPT_SHARE_IPC}, |
6c544cb3 | 167 | {"share-uts", required_argument, 0, OPT_SHARE_UTS}, |
9618063c MN |
168 | LXC_COMMON_OPTIONS |
169 | }; | |
170 | ||
171 | static struct lxc_arguments my_args = { | |
172 | .progname = "lxc-start", | |
173 | .help = "\ | |
174 | --name=NAME -- COMMAND\n\ | |
175 | \n\ | |
176 | lxc-start start COMMAND in specified container NAME\n\ | |
177 | \n\ | |
178 | Options :\n\ | |
5e8757ed | 179 | -n, --name=NAME NAME of the container\n\ |
c00f3f36 SG |
180 | -d, --daemon Daemonize the container (default)\n\ |
181 | -F, --foreground Start with the current tty attached to /dev/console\n\ | |
596a818d DE |
182 | -p, --pidfile=FILE Create a file with the process id\n\ |
183 | -f, --rcfile=FILE Load configuration file FILE\n\ | |
184 | -c, --console=FILE Use specified FILE for the container console\n\ | |
185 | -L, --console-log=FILE Log container console output to FILE\n\ | |
186 | -C, --close-all-fds If any fds are inherited, close them\n\ | |
187 | If not specified, exit with failure instead\n\ | |
d028235d | 188 | Note: --daemon implies --close-all-fds\n\ |
9f30a190 | 189 | -s, --define KEY=VAL Assign VAL to configuration variable KEY\n\ |
304dc8b3 | 190 | --share-[net|ipc|uts]=NAME Share a namespace with another container or pid\n\ |
9f30a190 | 191 | ", |
c36583c3 DL |
192 | .options = my_longopts, |
193 | .parser = my_parser, | |
194 | .checker = NULL, | |
c00f3f36 | 195 | .daemonize = 1, |
3114c982 | 196 | .pidfile = NULL, |
9618063c | 197 | }; |
5e97c3fc | 198 | |
199 | int main(int argc, char *argv[]) | |
200 | { | |
b52b0595 | 201 | int err = EXIT_FAILURE; |
91480a0f | 202 | struct lxc_conf *conf; |
73b910a3 | 203 | struct lxc_log log; |
91480a0f DL |
204 | char *const *args; |
205 | char *rcfile = NULL; | |
9618063c | 206 | char *const default_args[] = { |
b2b6c597 | 207 | "/sbin/init", |
13aad0ae | 208 | NULL, |
b2b6c597 | 209 | }; |
79622932 | 210 | struct lxc_container *c; |
5e97c3fc | 211 | |
33ba4ad7 CLG |
212 | lxc_list_init(&defines); |
213 | ||
0ed9cc8b | 214 | if (lxc_caps_init()) |
b52b0595 | 215 | exit(err); |
0ed9cc8b | 216 | |
e043236e | 217 | if (lxc_arguments_parse(&my_args, argc, argv)) |
b52b0595 | 218 | exit(err); |
5e97c3fc | 219 | |
9618063c | 220 | if (!my_args.argc) |
f79d43bb | 221 | args = default_args; |
9618063c MN |
222 | else |
223 | args = my_args.argv; | |
5e97c3fc | 224 | |
73b910a3 | 225 | log.name = my_args.name; |
226 | log.file = my_args.log_file; | |
4b73005c | 227 | log.level = my_args.log_priority; |
73b910a3 | 228 | log.prefix = my_args.progname; |
229 | log.quiet = my_args.quiet; | |
230 | log.lxcpath = my_args.lxcpath[0]; | |
231 | ||
232 | if (lxc_log_init(&log)) | |
b52b0595 | 233 | exit(err); |
6edbfc86 | 234 | lxc_log_options_no_override(); |
51cab631 | 235 | |
37180208 | 236 | if (access(my_args.lxcpath[0], O_RDONLY) < 0) { |
040f39c4 CB |
237 | if (!my_args.quiet) |
238 | fprintf(stderr, "You lack access to %s\n", my_args.lxcpath[0]); | |
239 | exit(err); | |
240 | } | |
241 | ||
69733b5d SH |
242 | const char *lxcpath = my_args.lxcpath[0]; |
243 | ||
79622932 SH |
244 | /* |
245 | * rcfile possibilities: | |
246 | * 1. rcfile from random path specified in cli option | |
247 | * 2. rcfile not specified, use $lxcpath/$lxcname/config | |
248 | * 3. rcfile not specified and does not exist. | |
249 | */ | |
96c210bb | 250 | /* rcfile is specified in the cli option */ |
79622932 | 251 | if (my_args.rcfile) { |
96c210bb | 252 | rcfile = (char *)my_args.rcfile; |
69733b5d | 253 | c = lxc_container_new(my_args.name, lxcpath); |
79622932 SH |
254 | if (!c) { |
255 | ERROR("Failed to create lxc_container"); | |
b52b0595 | 256 | exit(err); |
79622932 | 257 | } |
4df7f012 | 258 | c->clear_config(c); |
79622932 SH |
259 | if (!c->load_config(c, rcfile)) { |
260 | ERROR("Failed to load rcfile"); | |
261 | lxc_container_put(c); | |
b52b0595 | 262 | exit(err); |
79622932 | 263 | } |
b586db43 WB |
264 | c->configfile = strdup(my_args.rcfile); |
265 | if (!c->configfile) { | |
266 | ERROR("Out of memory setting new config filename"); | |
267 | goto out; | |
268 | } | |
79622932 | 269 | } else { |
fa9ab205 NL |
270 | int rc; |
271 | ||
79622932 | 272 | rc = asprintf(&rcfile, "%s/%s/config", lxcpath, my_args.name); |
fa9ab205 | 273 | if (rc == -1) { |
96c210bb | 274 | SYSERROR("failed to allocate memory"); |
b52b0595 | 275 | exit(err); |
96c210bb | 276 | } |
444f3ca2 | 277 | INFO("using rcfile %s", rcfile); |
96c210bb DL |
278 | |
279 | /* container configuration does not exist */ | |
280 | if (access(rcfile, F_OK)) { | |
281 | free(rcfile); | |
282 | rcfile = NULL; | |
79622932 SH |
283 | } |
284 | c = lxc_container_new(my_args.name, lxcpath); | |
285 | if (!c) { | |
286 | ERROR("Failed to create lxc_container"); | |
b52b0595 | 287 | exit(err); |
96c210bb DL |
288 | } |
289 | } | |
290 | ||
72c78e0e CB |
291 | /* We do not check here whether the container is defined, because we |
292 | * support volatile containers. Which means the container does not need | |
293 | * to be created for it to be started. You can just pass a configuration | |
294 | * file as argument and start the container right away. | |
295 | */ | |
040f39c4 CB |
296 | |
297 | if (!c->may_control(c)) { | |
298 | fprintf(stderr, "Insufficent privileges to control %s\n", c->name); | |
299 | goto out; | |
300 | } | |
301 | ||
312f9c5d DY |
302 | if (c->is_running(c)) { |
303 | ERROR("Container is already running."); | |
040f39c4 | 304 | err = EXIT_SUCCESS; |
312f9c5d DY |
305 | goto out; |
306 | } | |
79622932 SH |
307 | /* |
308 | * We should use set_config_item() over &defines, which would handle | |
309 | * unset c->lxc_conf for us and let us not use lxc_config_define_load() | |
310 | */ | |
311 | if (!c->lxc_conf) | |
312 | c->lxc_conf = lxc_conf_init(); | |
313 | conf = c->lxc_conf; | |
fae349da | 314 | |
33ba4ad7 | 315 | if (lxc_config_define_load(&defines, conf)) |
2d4bcb96 | 316 | goto out; |
33ba4ad7 | 317 | |
f2ae79a0 | 318 | if (!rcfile && !strcmp("/sbin/init", args[0])) { |
79622932 | 319 | ERROR("Executing '/sbin/init' with no configuration file may crash the host"); |
2d4bcb96 | 320 | goto out; |
f2ae79a0 AN |
321 | } |
322 | ||
596a818d DE |
323 | if (ensure_path(&conf->console.path, my_args.console) < 0) { |
324 | ERROR("failed to ensure console path '%s'", my_args.console); | |
2d4bcb96 | 325 | goto out; |
596a818d | 326 | } |
829dd918 | 327 | |
596a818d DE |
328 | if (ensure_path(&conf->console.log_path, my_args.console_log) < 0) { |
329 | ERROR("failed to ensure console log '%s'", my_args.console_log); | |
2d4bcb96 | 330 | goto out; |
829dd918 DL |
331 | } |
332 | ||
3114c982 | 333 | if (my_args.pidfile != NULL) { |
72cf75fa QH |
334 | if (ensure_path(&c->pidfile, my_args.pidfile) < 0) { |
335 | ERROR("failed to ensure pidfile '%s'", my_args.pidfile); | |
336 | goto out; | |
337 | } | |
3114c982 NC |
338 | } |
339 | ||
46926165 MM |
340 | int i; |
341 | for (i = 0; i < LXC_NS_MAX; i++) { | |
342 | if (my_args.share_ns[i] == NULL) | |
343 | continue; | |
9f30a190 | 344 | |
46926165 | 345 | int pid = pid_from_lxcname(my_args.share_ns[i], lxcpath); |
3c93577b MM |
346 | if (pid < 1) |
347 | goto out; | |
348 | ||
46926165 | 349 | int fd = open_ns(pid, ns_info[i].proc_name); |
3c93577b MM |
350 | if (fd < 0) |
351 | goto out; | |
46926165 | 352 | conf->inherit_ns_fd[i] = fd; |
3c93577b MM |
353 | } |
354 | ||
c8ad5f46 SH |
355 | if (!my_args.daemonize) { |
356 | c->want_daemonize(c, false); | |
c36583c3 DL |
357 | } |
358 | ||
b119f362 | 359 | if (my_args.close_all_fds) |
540f932a | 360 | c->want_close_all_fds(c, true); |
b119f362 | 361 | |
67c660d0 | 362 | if (args == default_args) |
b52b0595 | 363 | err = c->start(c, 0, NULL) ? EXIT_SUCCESS : EXIT_FAILURE; |
67c660d0 | 364 | else |
b52b0595 | 365 | err = c->start(c, 0, args) ? EXIT_SUCCESS : EXIT_FAILURE; |
307ab05d SG |
366 | |
367 | if (err) { | |
368 | ERROR("The container failed to start."); | |
369 | if (my_args.daemonize) | |
370 | ERROR("To get more details, run the container in foreground mode."); | |
371 | ERROR("Additional information can be obtained by setting the " | |
a90842e4 | 372 | "--logfile and --logpriority options."); |
d4ef230c RV |
373 | err = c->error_num; |
374 | lxc_container_put(c); | |
b52b0595 | 375 | exit(err); |
307ab05d SG |
376 | } |
377 | ||
2d4bcb96 | 378 | out: |
79622932 | 379 | lxc_container_put(c); |
b52b0595 | 380 | exit(err); |
5e97c3fc | 381 | } |