src/liblxc/execute.c

   1 /*
   2  * lxc: linux Container library
   3  *
   4  * (C) Copyright IBM Corp. 2007, 2008
   5  *
   6  * Authors:
   7  * Daniel Lezcano <dlezcano at fr.ibm.com>
   8  *
   9  * This library is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public
  11  * License as published by the Free Software Foundation; either
  12  * version 2.1 of the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  22  */
  23 #define _GNU_SOURCE
  24 #include <stdio.h>
  25 #undef _GNU_SOURCE
  26 #include <stdlib.h>
  27 #include <string.h>
  28 #include <unistd.h>
  29 #include <errno.h>
  30 #include <signal.h>
  31 #include <fcntl.h>
  32 #include <sys/types.h>
  33 #include <sys/stat.h>
  34 #include <sys/param.h>
  35 #include <sys/prctl.h>
  36 #include <sys/wait.h>
  37 #include <sys/file.h>
  38 #include <sys/mount.h>
  39 #include <netinet/in.h>
  40 #include <net/if.h>
  41
  42 #include <list.h>
  43 #include <conf.h>
  44 #include <log.h>
  45 #include <lxc.h>
  46 #include <lock.h>
  47 #include <state.h>
  48 #include <cgroup.h>
  49 #include <namespace.h>
  50 #include <utils.h>
  51
  52 LXC_TTY_HANDLER(SIGINT);
  53 LXC_TTY_HANDLER(SIGQUIT);
  54
  55 int lxc_execute(const char *name, int argc, char *argv[],
  56                 lxc_callback_t preexec, void *data)
  57 {
  58         char *init = NULL, *val = NULL, *vinit = "[vinit]";
  59         int fd, lock, sv[2], sync = 0, err = -1;
  60         pid_t pid;
  61         int clone_flags;
  62
  63         lock = lxc_get_lock(name);
  64         if (!lock) {
  65                 lxc_log_error("'%s' is busy", name);
  66                 return -1;
  67         }
  68
  69         if (lock < 0) {
  70                 lxc_log_error("failed to acquire lock on '%s':%s",
  71                               name, strerror(-lock));
  72                 return -1;
  73         }
  74
  75         fcntl(lock, F_SETFD, FD_CLOEXEC);
  76
  77         if (lxc_setstate(name, STARTING)) {
  78                 lxc_log_error("failed to set state %s", state2str(STARTING));
  79                 goto out;
  80         }
  81
  82         if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sv)) {
  83                 lxc_log_syserror("failed to create communication socketpair");
  84                 goto err;
  85         }
  86
  87         LXC_TTY_ADD_HANDLER(SIGINT);
  88         LXC_TTY_ADD_HANDLER(SIGQUIT);
  89
  90         clone_flags = CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
  91         if (conf_has_utsname(name))
  92                 clone_flags |= CLONE_NEWUTS;
  93         if (conf_has_network(name))
  94                 clone_flags |= CLONE_NEWNET;
  95
  96         pid = fork_ns(clone_flags);
  97         if (pid < 0) {
  98                 lxc_log_syserror("failed to fork into a new namespace");
  99                 goto err_fork_ns;
 100         }
 101
 102         if (!pid) {
 103
 104                 pid = fork();
 105                 if (pid < 0) {
 106                         lxc_log_syserror("failed to fork");
 107                         return 1;
 108                 }
 109
 110                 if (!pid) {
 111                         close(sv[1]);
 112                         fcntl(sv[0], F_SETFD, FD_CLOEXEC);
 113
 114                         if (write(sv[0], &sync, sizeof(sync)) < 0) {
 115                                 lxc_log_syserror("failed to write socket");
 116                                 return 1;
 117                         }
 118
 119                         if (read(sv[0], &sync, sizeof(sync)) < 0) {
 120                                 lxc_log_syserror("failed to read socket");
 121                                 return 1;
 122                         }
 123
 124                         if (lxc_setup(name)) {
 125                                 lxc_log_error("failed to setup the container");
 126                                 goto error;
 127                         }
 128                         if (mount("proc", "/proc", "proc", 0, NULL)) {
 129                                 lxc_log_error("failed to mount '/proc'");
 130                                 goto error;
 131                         }
 132                         if (mount("sysfs", "/sys", "sysfs", 0, NULL)) {
 133                                 lxc_log_syserror("failed to mount '/sys'");
 134                                 /* continue: non fatal error until sysfs not per
 135                                  namespace */
 136                         }
 137
 138                         if (preexec)
 139                                 if (preexec(name, argc, argv, data)) {
 140                                         lxc_log_error("preexec callback has failed");
 141                                         return -1;
 142                                 }
 143
 144                         execvp(argv[0], argv);
 145                 error:
 146                         lxc_log_syserror("failed to exec %s", argv[0]);
 147                         if (write(sv[0], &sync, sizeof(sync)) < 0)
 148                                 lxc_log_syserror("failed to write the socket");
 149
 150                         return 1;
 151                 }
 152
 153                 setsid();
 154                 close(0);
 155                 close(1);
 156                 close(2);
 157
 158                 if (prctl(PR_SET_NAME, vinit, 0, 0, 0))
 159                         lxc_log_syserror("failed to set process name");
 160
 161                 close(sv[0]);
 162                 close(sv[1]);
 163
 164                 for (;;) {
 165                         int status;
 166                         if (wait(&status) < 0) {
 167                                 if (errno == ECHILD)
 168                                         return 0;
 169                                 if (errno == EINTR)
 170                                         continue;
 171                                 lxc_log_syserror("failed to wait child");
 172                                 return 1;
 173                         }
 174                 }
 175         }
 176
 177         close(sv[0]);
 178
 179         if (read(sv[1], &sync, sizeof(sync)) < 0) {
 180                 lxc_log_syserror("failed to read the socket");
 181                 goto err_pipe_read;
 182         }
 183
 184         if (clone_flags & CLONE_NEWNET && conf_create_network(name, pid)) {
 185                 lxc_log_error("failed to create the configured network");
 186                 goto err_create_network;
 187         }
 188
 189         if (write(sv[1], &sync, sizeof(sync)) < 0) {
 190                 lxc_log_syserror("failed to write the socket");
 191                 goto err_pipe_write;
 192         }
 193
 194         err = read(sv[1], &sync, sizeof(sync));
 195         if (err < 0) {
 196                 lxc_log_error("failed to read the socket");
 197                 goto err_pipe_read2;
 198         }
 199
 200         if (err > 0) {
 201                 lxc_log_error("something went wrong with %d", pid);
 202                 /* TODO : check status etc ... */
 203                 waitpid(pid, NULL, 0);
 204                 goto err_child_failed;
 205         }
 206
 207         asprintf(&init, LXCPATH "/%s/init", name);
 208         fd = open(init, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR);
 209         if (fd < 0) {
 210                 lxc_log_syserror("failed to open %s", init);
 211                 goto err_open;
 212         }
 213
 214         asprintf(&val, "%d", pid);
 215         if (write(fd, val, strlen(val)) < 0) {
 216                 lxc_log_syserror("failed to write init pid");
 217                 goto err_write;
 218         }
 219
 220         if (lxc_link_nsgroup(name, pid))
 221                 lxc_log_warning("cgroupfs not found: cgroup disabled");
 222
 223         if (lxc_setstate(name, RUNNING)) {
 224                 lxc_log_error("failed to set state to %s", state2str(RUNNING));
 225                 goto err_state_failed;
 226         }
 227
 228 wait_again:
 229         if (waitpid(pid, NULL, 0) < 0) {
 230                 if (errno == EINTR)
 231                         goto wait_again;
 232                 lxc_log_syserror("failed to wait the pid %d", pid);
 233                 goto err_waitpid_failed;
 234         }
 235
 236         if (lxc_setstate(name, STOPPING))
 237                 lxc_log_error("failed to set state %s", state2str(STOPPING));
 238
 239         if (clone_flags & CLONE_NEWNET && conf_destroy_network(name))
 240                 lxc_log_error("failed to destroy the network");
 241
 242         err = 0;
 243 out:
 244         if (lxc_setstate(name, STOPPED))
 245                 lxc_log_error("failed to set state %s", state2str(STOPPED));
 246
 247         lxc_unlink_nsgroup(name);
 248         unlink(init);
 249         free(init);
 250         free(val);
 251         lxc_put_lock(lock);
 252
 253         return err;
 254
 255 err_write:
 256         close(fd);
 257
 258 err_state_failed:
 259 err_child_failed:
 260 err_pipe_read2:
 261 err_pipe_write:
 262         conf_destroy_network(name);
 263 err_create_network:
 264 err_pipe_read:
 265 err_open:
 266 err_waitpid_failed:
 267         if (lxc_setstate(name, ABORTING))
 268                 lxc_log_error("failed to set state %s", state2str(STOPPED));
 269
 270         kill(pid, SIGKILL);
 271 err_fork_ns:
 272         LXC_TTY_DEL_HANDLER(SIGQUIT);
 273         LXC_TTY_DEL_HANDLER(SIGINT);
 274         close(sv[0]);
 275         close(sv[1]);
 276 err:
 277         goto out;
 278 }