]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/cmd/lxc_init.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
autotools: add -Wimplicit-fallthrough
[mirror_lxc.git] / src / lxc / cmd / lxc_init.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #define _GNU_SOURCE
25 #include <ctype.h>
26 #include <errno.h>
27 #include <getopt.h>
28 #include <libgen.h>
29 #include <pthread.h>
30 #include <signal.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <sys/stat.h>
35 #include <sys/types.h>
36 #include <sys/wait.h>
37 #include <unistd.h>
38
39 #include <lxc/lxccontainer.h>
40 #include <lxc/version.h>
41
42 #include "compiler.h"
43 #include "error.h"
44 #include "initutils.h"
45 #include "log.h"
46 #include "namespace.h"
47 #include "parse.h"
48 #include "string_utils.h"
49
50 /* option keys for long only options */
51 #define OPT_USAGE 0x1000
52 #define OPT_VERSION (OPT_USAGE - 1)
53
54 #define QUOTE(macro) #macro
55 #define QUOTEVAL(macro) QUOTE(macro)
56
57 lxc_log_define(lxc_init, lxc);
58
59 static sig_atomic_t was_interrupted;
60
61 static void interrupt_handler(int sig)
62 {
63 if (!was_interrupted)
64 was_interrupted = sig;
65 }
66
67 static struct option long_options[] = {
68 { "name", required_argument, 0, 'n' },
69 { "help", no_argument, 0, 'h' },
70 { "usage", no_argument, 0, OPT_USAGE },
71 { "version", no_argument, 0, OPT_VERSION },
72 { "quiet", no_argument, 0, 'q' },
73 { "logfile", required_argument, 0, 'o' },
74 { "logpriority", required_argument, 0, 'l' },
75 { "lxcpath", required_argument, 0, 'P' },
76 { 0, 0, 0, 0 }
77 };
78 static const char short_options[] = "n:hqo:l:P:";
79
80 struct arguments {
81 const struct option *options;
82 const char *shortopts;
83
84 const char *name;
85 char *log_file;
86 char *log_priority;
87 bool quiet;
88 const char *lxcpath;
89
90 /* remaining arguments */
91 char *const *argv;
92 int argc;
93 };
94
95 static int arguments_parse(struct arguments *my_args, int argc,
96 char *const argv[]);
97
98 static struct arguments my_args = {
99 .options = long_options,
100 .shortopts = short_options
101 };
102
103 static void prevent_forking(void)
104 {
105 FILE *f;
106 size_t len = 0;
107 char *line = NULL;
108 char path[MAXPATHLEN];
109
110 f = fopen("/proc/self/cgroup", "r");
111 if (!f)
112 return;
113
114 while (getline(&line, &len, f) != -1) {
115 int fd, ret;
116 char *p, *p2;
117
118 p = strchr(line, ':');
119 if (!p)
120 continue;
121 p++;
122 p2 = strchr(p, ':');
123 if (!p2)
124 continue;
125 *p2 = '\0';
126
127 /* This is a cgroup v2 entry. Skip it. */
128 if ((p2 - p) == 0)
129 continue;
130
131 if (strcmp(p, "pids") != 0)
132 continue;
133 p2++;
134
135 p2 += lxc_char_left_gc(p2, strlen(p2));
136 p2[lxc_char_right_gc(p2, strlen(p2))] = '\0';
137
138 ret = snprintf(path, sizeof(path),
139 "/sys/fs/cgroup/pids/%s/pids.max", p2);
140 if (ret < 0 || (size_t)ret >= sizeof(path)) {
141 ERROR("Failed to create string");
142 goto on_error;
143 }
144
145 fd = open(path, O_WRONLY);
146 if (fd < 0) {
147 SYSERROR("Failed to open \"%s\"", path);
148 goto on_error;
149 }
150
151 ret = write(fd, "1", 1);
152 if (ret != 1)
153 SYSERROR("Failed to write to \"%s\"", path);
154
155 close(fd);
156 break;
157 }
158
159 on_error:
160 free(line);
161 fclose(f);
162 }
163
164 static void kill_children(pid_t pid)
165 {
166 FILE *f;
167 char path[PATH_MAX];
168 int ret;
169
170 ret = snprintf(path, sizeof(path), "/proc/%d/task/%d/children", pid, pid);
171 if (ret < 0 || (size_t)ret >= sizeof(path)) {
172 ERROR("Failed to create string");
173 return;
174 }
175
176 f = fopen(path, "r");
177 if (!f) {
178 SYSERROR("Failed to open %s", path);
179 return;
180 }
181
182 while (!feof(f)) {
183 pid_t pid;
184
185 if (fscanf(f, "%d ", &pid) != 1) {
186 ERROR("Failed to retrieve pid");
187 fclose(f);
188 return;
189 }
190
191 kill_children(pid);
192 kill(pid, SIGKILL);
193 }
194
195 fclose(f);
196 }
197
198 static void remove_self(void)
199 {
200 int ret;
201 ssize_t n;
202 char path[MAXPATHLEN] = {0};
203
204 n = readlink("/proc/self/exe", path, sizeof(path));
205 if (n < 0 || n >= MAXPATHLEN) {
206 SYSDEBUG("Failed to readlink \"/proc/self/exe\"");
207 return;
208 }
209 path[n] = '\0';
210
211 ret = umount2(path, MNT_DETACH);
212 if (ret < 0) {
213 SYSDEBUG("Failed to unmount \"%s\"", path);
214 return;
215 }
216
217 ret = unlink(path);
218 if (ret < 0) {
219 SYSDEBUG("Failed to unlink \"%s\"", path);
220 return;
221 }
222 }
223
224 int main(int argc, char *argv[])
225 {
226 int i, ret;
227 pid_t pid, sid;
228 struct sigaction act;
229 struct lxc_log log;
230 sigset_t mask, omask;
231 int have_status = 0, exit_with = 1, shutdown = 0;
232
233 if (arguments_parse(&my_args, argc, argv))
234 exit(EXIT_FAILURE);
235
236 log.prefix = "lxc-init";
237 log.name = my_args.name;
238 log.file = my_args.log_file;
239 log.level = my_args.log_priority;
240 log.quiet = my_args.quiet;
241 log.lxcpath = my_args.lxcpath;
242
243 ret = lxc_log_init(&log);
244 if (ret < 0)
245 exit(EXIT_FAILURE);
246 lxc_log_options_no_override();
247
248 if (!my_args.argc) {
249 ERROR("Please specify a command to execute");
250 exit(EXIT_FAILURE);
251 }
252
253 /* Mask all the signals so we are safe to install a signal handler and
254 * to fork.
255 */
256 ret = sigfillset(&mask);
257 if (ret < 0)
258 exit(EXIT_FAILURE);
259
260 ret = sigdelset(&mask, SIGILL);
261 if (ret < 0)
262 exit(EXIT_FAILURE);
263
264 ret = sigdelset(&mask, SIGSEGV);
265 if (ret < 0)
266 exit(EXIT_FAILURE);
267
268 ret = sigdelset(&mask, SIGBUS);
269 if (ret < 0)
270 exit(EXIT_FAILURE);
271
272 ret = pthread_sigmask(SIG_SETMASK, &mask, &omask);
273 if (ret < 0)
274 exit(EXIT_FAILURE);
275
276 ret = sigfillset(&act.sa_mask);
277 if (ret < 0)
278 exit(EXIT_FAILURE);
279
280 ret = sigdelset(&act.sa_mask, SIGILL);
281 if (ret < 0)
282 exit(EXIT_FAILURE);
283
284 ret = sigdelset(&act.sa_mask, SIGSEGV);
285 if (ret < 0)
286 exit(EXIT_FAILURE);
287
288 ret = sigdelset(&act.sa_mask, SIGBUS);
289 if (ret < 0)
290 exit(EXIT_FAILURE);
291
292 ret = sigdelset(&act.sa_mask, SIGSTOP);
293 if (ret < 0)
294 exit(EXIT_FAILURE);
295
296 ret = sigdelset(&act.sa_mask, SIGKILL);
297 if (ret < 0)
298 exit(EXIT_FAILURE);
299
300 act.sa_flags = 0;
301 act.sa_handler = interrupt_handler;
302
303 for (i = 1; i < NSIG; i++) {
304 /* Exclude some signals: ILL, SEGV and BUS are likely to reveal
305 * a bug and we want a core. STOP and KILL cannot be handled
306 * anyway: they're here for documentation. 32 and 33 are not
307 * defined.
308 */
309 if (i == SIGILL || i == SIGSEGV || i == SIGBUS ||
310 i == SIGSTOP || i == SIGKILL || i == 32 || i == 33)
311 continue;
312
313 ret = sigaction(i, &act, NULL);
314 if (ret < 0) {
315 if (errno == EINVAL)
316 continue;
317
318 SYSERROR("Failed to change signal action");
319 exit(EXIT_FAILURE);
320 }
321 }
322
323 remove_self();
324
325 pid = fork();
326 if (pid < 0)
327 exit(EXIT_FAILURE);
328
329 if (!pid) {
330 /* restore default signal handlers */
331 for (i = 1; i < NSIG; i++) {
332 sighandler_t sigerr;
333
334 if (i == SIGILL || i == SIGSEGV || i == SIGBUS ||
335 i == SIGSTOP || i == SIGKILL || i == 32 || i == 33)
336 continue;
337
338 sigerr = signal(i, SIG_DFL);
339 if (sigerr == SIG_ERR) {
340 SYSDEBUG("Failed to reset to default action "
341 "for signal \"%d\": %d", i, pid);
342 }
343 }
344
345 ret = pthread_sigmask(SIG_SETMASK, &omask, NULL);
346 if (ret < 0) {
347 SYSERROR("Failed to set signal mask");
348 exit(EXIT_FAILURE);
349 }
350
351 sid = setsid();
352 if (sid < 0)
353 DEBUG("Failed to make child session leader");
354
355 if (ioctl(STDIN_FILENO, TIOCSCTTY, 0) < 0)
356 DEBUG("Failed to set controlling terminal");
357
358 NOTICE("Exec'ing \"%s\"", my_args.argv[0]);
359
360 ret = execvp(my_args.argv[0], my_args.argv);
361 SYSERROR("Failed to exec \"%s\"", my_args.argv[0]);
362 exit(ret);
363 }
364
365 INFO("Attempting to set proc title to \"init\"");
366 setproctitle("init");
367
368 /* Let's process the signals now. */
369 ret = sigdelset(&omask, SIGALRM);
370 if (ret < 0)
371 exit(EXIT_FAILURE);
372
373 ret = pthread_sigmask(SIG_SETMASK, &omask, NULL);
374 if (ret < 0) {
375 SYSERROR("Failed to set signal mask");
376 exit(EXIT_FAILURE);
377 }
378
379 /* No need of other inherited fds but stderr. */
380 close(STDIN_FILENO);
381 close(STDOUT_FILENO);
382
383 for (;;) {
384 int status;
385 pid_t waited_pid;
386
387 switch (was_interrupted) {
388 case 0:
389 /* Some applications send SIGHUP in order to get init to reload
390 * its configuration. We don't want to forward this onto the
391 * application itself, because it probably isn't expecting this
392 * signal since it was expecting init to do something with it.
393 *
394 * Instead, let's explicitly ignore it here. The actual
395 * terminal case is handled in the monitor's handler, which
396 * sends this task a SIGTERM in the case of a SIGHUP, which is
397 * what we want.
398 */
399 case SIGHUP:
400 break;
401 case SIGPWR:
402 case SIGTERM:
403 if (!shutdown) {
404 pid_t mypid = lxc_raw_getpid();
405
406 shutdown = 1;
407 prevent_forking();
408 if (mypid != 1) {
409 kill_children(mypid);
410 } else {
411 ret = kill(-1, SIGTERM);
412 if (ret < 0)
413 SYSDEBUG("Failed to send SIGTERM to all children");
414 }
415 alarm(1);
416 }
417 break;
418 case SIGALRM: {
419 pid_t mypid = lxc_raw_getpid();
420
421 prevent_forking();
422 if (mypid != 1) {
423 kill_children(mypid);
424 } else {
425 ret = kill(-1, SIGKILL);
426 if (ret < 0)
427 SYSDEBUG("Failed to send SIGTERM to all children");
428 }
429 break;
430 }
431 default:
432 ret = kill(pid, was_interrupted);
433 if (ret < 0)
434 SYSDEBUG("Failed to send signal \"%d\" to %d", was_interrupted, pid);
435 break;
436 }
437 ret = EXIT_SUCCESS;
438
439 was_interrupted = 0;
440 waited_pid = wait(&status);
441 if (waited_pid < 0) {
442 if (errno == ECHILD)
443 goto out;
444
445 if (errno == EINTR)
446 continue;
447
448 SYSERROR("Failed to wait on child %d", pid);
449 goto out;
450 }
451
452 /* Reset timer each time a process exited. */
453 if (shutdown)
454 alarm(1);
455
456 /* Keep the exit code of the started application (not wrapped
457 * pid) and continue to wait for the end of the orphan group.
458 */
459 if (waited_pid == pid && !have_status) {
460 exit_with = lxc_error_set_and_log(waited_pid, status);
461 have_status = 1;
462 }
463 }
464 out:
465 if (ret < 0)
466 exit(EXIT_FAILURE);
467 exit(exit_with);
468 }
469
470 __noreturn__ static void print_usage_exit(const struct option longopts[])
471
472 {
473 fprintf(stderr, "Usage: lxc-init [-n|--name=NAME] [-h|--help] [--usage] [--version]\n\
474 [-q|--quiet] [-o|--logfile=LOGFILE] [-l|--logpriority=LOGPRIORITY] [-P|--lxcpath=LXCPATH]\n");
475 exit(0);
476 }
477
478 __noreturn__ static void print_version_exit(void)
479 {
480 printf("%s\n", LXC_VERSION);
481 exit(0);
482 }
483
484 static void print_help(void)
485 {
486 fprintf(stderr, "\
487 Usage: lxc-init --name=NAME -- COMMAND\n\
488 \n\
489 lxc-init start a COMMAND as PID 2 inside a container\n\
490 \n\
491 Options :\n\
492 -n, --name=NAME NAME of the container\n\
493 -o, --logfile=FILE Output log to FILE instead of stderr\n\
494 -l, --logpriority=LEVEL Set log priority to LEVEL\n\
495 -q, --quiet Don't produce any output\n\
496 -P, --lxcpath=PATH Use specified container path\n\
497 -?, --help Give this help list\n\
498 --usage Give a short usage message\n\
499 --version Print the version number\n\
500 \n\
501 Mandatory or optional arguments to long options are also mandatory or optional\n\
502 for any corresponding short options.\n\
503 \n\
504 See the lxc-init man page for further information.\n\n");
505 }
506
507 static int arguments_parse(struct arguments *args, int argc,
508 char *const argv[])
509 {
510 while (true) {
511 int c;
512 int index = 0;
513
514 c = getopt_long(argc, argv, args->shortopts, args->options, &index);
515 if (c == -1)
516 break;
517 switch (c) {
518 case 'n':
519 args->name = optarg;
520 break;
521 case 'o':
522 args->log_file = optarg;
523 break;
524 case 'l':
525 args->log_priority = optarg;
526 break;
527 case 'q':
528 args->quiet = true;
529 break;
530 case 'P':
531 remove_trailing_slashes(optarg);
532 args->lxcpath = optarg;
533 break;
534 case OPT_USAGE:
535 print_usage_exit(args->options);
536 case OPT_VERSION:
537 print_version_exit();
538 case '?':
539 print_help();
540 exit(EXIT_FAILURE);
541 case 'h':
542 print_help();
543 exit(EXIT_SUCCESS);
544 }
545 }
546
547 /*
548 * Reclaim the remaining command arguments
549 */
550 args->argv = &argv[optind];
551 args->argc = argc - optind;
552
553 /* If no lxcpath was given, use default */
554 if (!args->lxcpath)
555 args->lxcpath = lxc_global_config_value("lxc.lxcpath");
556
557 /* Check the command options */
558 if (!args->name) {
559 if (!args->quiet)
560 fprintf(stderr, "lxc-init: missing container name, use --name option\n");
561 return -1;
562 }
563
564 return 0;
565 }
LXC mirror