]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/cmd/lxc_init.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2194 from hallyn/2018-02-27/lxcinit-umountdev
[mirror_lxc.git] / src / lxc / cmd / lxc_init.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #define _GNU_SOURCE
25 #include <errno.h>
26 #include <getopt.h>
27 #include <libgen.h>
28 #include <signal.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <unistd.h>
33 #include <sys/stat.h>
34 #include <sys/types.h>
35 #include <sys/wait.h>
36 #include <ctype.h>
37
38 #include <lxc/lxccontainer.h>
39 #include <lxc/version.h>
40
41 #include "error.h"
42 #include "initutils.h"
43 #include "log.h"
44 #include "namespace.h"
45 #include "parse.h"
46
47 /* option keys for long only options */
48 #define OPT_USAGE 0x1000
49 #define OPT_VERSION OPT_USAGE - 1
50
51 #define QUOTE(macro) #macro
52 #define QUOTEVAL(macro) QUOTE(macro)
53
54 lxc_log_define(lxc_init, lxc);
55
56 static sig_atomic_t was_interrupted = 0;
57
58 static void interrupt_handler(int sig)
59 {
60 if (!was_interrupted)
61 was_interrupted = sig;
62 }
63
64 static struct option long_options[] = {
65 { "name", required_argument, 0, 'n' },
66 { "help", no_argument, 0, 'h' },
67 { "usage", no_argument, 0, OPT_USAGE },
68 { "version", no_argument, 0, OPT_VERSION },
69 { "quiet", no_argument, 0, 'q' },
70 { "logfile", required_argument, 0, 'o' },
71 { "logpriority", required_argument, 0, 'l' },
72 { "lxcpath", required_argument, 0, 'P' },
73 { 0, 0, 0, 0 }
74 };
75 static char short_options[] = "n:hqo:l:P:";
76
77 struct arguments {
78 const struct option *options;
79 const char *shortopts;
80
81 const char *name;
82 char *log_file;
83 char *log_priority;
84 bool quiet;
85 const char *lxcpath;
86
87 /* remaining arguments */
88 char *const *argv;
89 int argc;
90 };
91
92 static int arguments_parse(struct arguments *my_args, int argc,
93 char *const argv[]);
94
95 static struct arguments my_args = {
96 .options = long_options,
97 .shortopts = short_options
98 };
99
100 static void prevent_forking(void)
101 {
102 FILE *f;
103 int fd = -1;
104 size_t len = 0;
105 char *line = NULL;
106 char path[MAXPATHLEN];
107
108 f = fopen("/proc/self/cgroup", "r");
109 if (!f)
110 return;
111
112 while (getline(&line, &len, f) != -1) {
113 int ret;
114 char *p, *p2;
115
116 p = strchr(line, ':');
117 if (!p)
118 continue;
119 p++;
120 p2 = strchr(p, ':');
121 if (!p2)
122 continue;
123 *p2 = '\0';
124
125 /* This is a cgroup v2 entry. Skip it. */
126 if ((p2 - p) == 0)
127 continue;
128
129 if (strcmp(p, "pids") != 0)
130 continue;
131 p2++;
132
133 p2 += lxc_char_left_gc(p2, strlen(p2));
134 p2[lxc_char_right_gc(p2, strlen(p2))] = '\0';
135
136 ret = snprintf(path, sizeof(path),
137 "/sys/fs/cgroup/pids/%s/pids.max", p2);
138 if (ret < 0 || (size_t)ret >= sizeof(path)) {
139 ERROR("Failed to create string");
140 goto on_error;
141 }
142
143 fd = open(path, O_WRONLY);
144 if (fd < 0) {
145 SYSERROR("Failed to open \"%s\"", path);
146 goto on_error;
147 }
148
149 if (write(fd, "1", 1) != 1)
150 SYSERROR("Failed to write to \"%s\"", path);
151
152 close(fd);
153 fd = -1;
154 break;
155 }
156
157 on_error:
158 free(line);
159 fclose(f);
160 }
161
162 static void kill_children(pid_t pid)
163 {
164 FILE *f;
165 char path[PATH_MAX];
166 int ret;
167
168 ret = snprintf(path, sizeof(path), "/proc/%d/task/%d/children", pid, pid);
169 if (ret < 0 || (size_t)ret >= sizeof(path)) {
170 ERROR("Failed to create string");
171 return;
172 }
173
174 f = fopen(path, "r");
175 if (!f) {
176 SYSERROR("Failed to open %s", path);
177 return;
178 }
179
180 while (!feof(f)) {
181 pid_t pid;
182
183 if (fscanf(f, "%d ", &pid) != 1) {
184 ERROR("Failed to retrieve pid");
185 fclose(f);
186 return;
187 }
188
189 kill_children(pid);
190 kill(pid, SIGKILL);
191 }
192
193 fclose(f);
194 }
195
196 static void remove_self(void)
197 {
198 int ret;
199 ssize_t n;
200 char path[MAXPATHLEN] = {0};
201
202 n = readlink("/proc/self/exe", path, sizeof(path));
203 if (n < 0 || n >= MAXPATHLEN) {
204 SYSERROR("Failed to readlink \"/proc/self/exe\"");
205 return;
206 }
207 path[n] = '\0';
208
209 ret = umount2(path, MNT_DETACH);
210 if (ret < 0) {
211 SYSERROR("Failed to unmount \"%s\"", path);
212 return;
213 }
214
215 ret = unlink(path);
216 if (ret < 0) {
217 SYSERROR("Failed to unlink \"%s\"", path);
218 return;
219 }
220 }
221
222 int main(int argc, char *argv[])
223 {
224 int i, ret;
225 pid_t pid, sid;
226 struct sigaction act;
227 struct lxc_log log;
228 sigset_t mask, omask;
229 int have_status = 0, exit_with = 1, shutdown = 0;
230
231 if (arguments_parse(&my_args, argc, argv))
232 exit(EXIT_FAILURE);
233
234 log.prefix = "lxc-init";
235 log.name = my_args.name;
236 log.file = my_args.log_file;
237 log.level = my_args.log_priority;
238 log.quiet = my_args.quiet;
239 log.lxcpath = my_args.lxcpath;
240
241 ret = lxc_log_init(&log);
242 if (ret < 0)
243 exit(EXIT_FAILURE);
244 lxc_log_options_no_override();
245
246 if (!my_args.argc) {
247 ERROR("Please specify a command to execute");
248 exit(EXIT_FAILURE);
249 }
250
251 /* Mask all the signals so we are safe to install a signal handler and
252 * to fork.
253 */
254 ret = sigfillset(&mask);
255 if (ret < 0)
256 exit(EXIT_FAILURE);
257
258 ret = sigdelset(&mask, SIGILL);
259 if (ret < 0)
260 exit(EXIT_FAILURE);
261
262 ret = sigdelset(&mask, SIGSEGV);
263 if (ret < 0)
264 exit(EXIT_FAILURE);
265
266 ret = sigdelset(&mask, SIGBUS);
267 if (ret < 0)
268 exit(EXIT_FAILURE);
269
270 ret = sigprocmask(SIG_SETMASK, &mask, &omask);
271 if (ret < 0)
272 exit(EXIT_FAILURE);
273
274 ret = sigfillset(&act.sa_mask);
275 if (ret < 0)
276 exit(EXIT_FAILURE);
277
278 ret = sigdelset(&act.sa_mask, SIGILL);
279 if (ret < 0)
280 exit(EXIT_FAILURE);
281
282 ret = sigdelset(&act.sa_mask, SIGSEGV);
283 if (ret < 0)
284 exit(EXIT_FAILURE);
285
286 ret = sigdelset(&act.sa_mask, SIGBUS);
287 if (ret < 0)
288 exit(EXIT_FAILURE);
289
290 ret = sigdelset(&act.sa_mask, SIGSTOP);
291 if (ret < 0)
292 exit(EXIT_FAILURE);
293
294 ret = sigdelset(&act.sa_mask, SIGKILL);
295 if (ret < 0)
296 exit(EXIT_FAILURE);
297
298 act.sa_flags = 0;
299 act.sa_handler = interrupt_handler;
300
301 for (i = 1; i < NSIG; i++) {
302 /* Exclude some signals: ILL, SEGV and BUS are likely to reveal
303 * a bug and we want a core. STOP and KILL cannot be handled
304 * anyway: they're here for documentation. 32 and 33 are not
305 * defined.
306 */
307 if (i == SIGILL || i == SIGSEGV || i == SIGBUS ||
308 i == SIGSTOP || i == SIGKILL || i == 32 || i == 33)
309 continue;
310
311 ret = sigaction(i, &act, NULL);
312 if (ret < 0) {
313 if (errno == EINVAL)
314 continue;
315
316 SYSERROR("Failed to change signal action");
317 exit(EXIT_FAILURE);
318 }
319 }
320
321 remove_self();
322
323 pid = fork();
324 if (pid < 0)
325 exit(EXIT_FAILURE);
326
327 if (!pid) {
328 /* restore default signal handlers */
329 for (i = 1; i < NSIG; i++) {
330 sighandler_t sigerr;
331 sigerr = signal(i, SIG_DFL);
332 if (sigerr == SIG_ERR) {
333 DEBUG("%s - Failed to reset to default action "
334 "for signal \"%d\": %d", strerror(errno),
335 i, pid);
336 }
337 }
338
339 ret = sigprocmask(SIG_SETMASK, &omask, NULL);
340 if (ret < 0) {
341 SYSERROR("Failed to set signal mask");
342 exit(EXIT_FAILURE);
343 }
344
345 sid = setsid();
346 if (sid < 0)
347 DEBUG("Failed to make child session leader");
348
349 if (ioctl(STDIN_FILENO, TIOCSCTTY, 0) < 0)
350 DEBUG("Failed to set controlling terminal");
351
352 NOTICE("Exec'ing \"%s\"", my_args.argv[0]);
353
354 ret = execvp(my_args.argv[0], my_args.argv);
355 ERROR("%s - Failed to exec \"%s\"", strerror(errno), my_args.argv[0]);
356 exit(ret);
357 }
358
359 INFO("Attempting to set proc title to \"init\"");
360 setproctitle("init");
361
362 /* Let's process the signals now. */
363 ret = sigdelset(&omask, SIGALRM);
364 if (ret < 0)
365 exit(EXIT_FAILURE);
366
367 ret = sigprocmask(SIG_SETMASK, &omask, NULL);
368 if (ret < 0) {
369 SYSERROR("Failed to set signal mask");
370 exit(EXIT_FAILURE);
371 }
372
373 /* No need of other inherited fds but stderr. */
374 close(STDIN_FILENO);
375 close(STDOUT_FILENO);
376
377 for (;;) {
378 int status;
379 pid_t waited_pid;
380
381 switch (was_interrupted) {
382 case 0:
383 /* Some applications send SIGHUP in order to get init to reload
384 * its configuration. We don't want to forward this onto the
385 * application itself, because it probably isn't expecting this
386 * signal since it was expecting init to do something with it.
387 *
388 * Instead, let's explicitly ignore it here. The actual
389 * terminal case is handled in the monitor's handler, which
390 * sends this task a SIGTERM in the case of a SIGHUP, which is
391 * what we want.
392 */
393 case SIGHUP:
394 break;
395 case SIGPWR:
396 case SIGTERM:
397 if (!shutdown) {
398 pid_t mypid = lxc_raw_getpid();
399
400 shutdown = 1;
401 prevent_forking();
402 if (mypid != 1) {
403 kill_children(mypid);
404 } else {
405 ret = kill(-1, SIGTERM);
406 if (ret < 0)
407 DEBUG("%s - Failed to send SIGTERM to "
408 "all children", strerror(errno));
409 }
410 alarm(1);
411 }
412 break;
413 case SIGALRM: {
414 pid_t mypid = lxc_raw_getpid();
415
416 prevent_forking();
417 if (mypid != 1) {
418 kill_children(mypid);
419 } else {
420 ret = kill(-1, SIGKILL);
421 if (ret < 0)
422 DEBUG("%s - Failed to send SIGTERM to "
423 "all children", strerror(errno));
424 }
425 break;
426 }
427 default:
428 ret = kill(pid, was_interrupted);
429 if (ret < 0)
430 DEBUG("%s - Failed to send signal \"%d\" to "
431 "%d", strerror(errno), was_interrupted, pid);
432 break;
433 }
434 ret = EXIT_SUCCESS;
435
436 was_interrupted = 0;
437 waited_pid = wait(&status);
438 if (waited_pid < 0) {
439 if (errno == ECHILD)
440 goto out;
441
442 if (errno == EINTR)
443 continue;
444
445 ERROR("%s - Failed to wait on child %d",
446 strerror(errno), pid);
447 goto out;
448 }
449
450 /* Reset timer each time a process exited. */
451 if (shutdown)
452 alarm(1);
453
454 /* Keep the exit code of the started application (not wrapped
455 * pid) and continue to wait for the end of the orphan group.
456 */
457 if (waited_pid == pid && !have_status) {
458 exit_with = lxc_error_set_and_log(waited_pid, status);
459 have_status = 1;
460 }
461 }
462 out:
463 if (ret < 0)
464 exit(EXIT_FAILURE);
465 exit(exit_with);
466 }
467
468 static void print_usage(const struct option longopts[])
469
470 {
471 fprintf(stderr, "Usage: lxc-init [-n|--name=NAME] [-h|--help] [--usage] [--version] \n\
472 [-q|--quiet] [-o|--logfile=LOGFILE] [-l|--logpriority=LOGPRIORITY] [-P|--lxcpath=LXCPATH]\n");
473 exit(0);
474 }
475
476 static void print_version()
477 {
478 printf("%s\n", LXC_VERSION);
479 exit(0);
480 }
481
482 static void print_help()
483 {
484 fprintf(stderr, "\
485 Usage: lxc-init --name=NAME -- COMMAND\n\
486 \n\
487 lxc-init start a COMMAND as PID 2 inside a container\n\
488 \n\
489 Options :\n\
490 -n, --name=NAME NAME of the container\n\
491 -o, --logfile=FILE Output log to FILE instead of stderr\n\
492 -l, --logpriority=LEVEL Set log priority to LEVEL\n\
493 -q, --quiet Don't produce any output\n\
494 -P, --lxcpath=PATH Use specified container path\n\
495 -?, --help Give this help list\n\
496 --usage Give a short usage message\n\
497 --version Print the version number\n\
498 \n\
499 Mandatory or optional arguments to long options are also mandatory or optional\n\
500 for any corresponding short options.\n\
501 \n\
502 See the lxc-init man page for further information.\n\n");
503
504 }
505
506 static int arguments_parse(struct arguments *args, int argc,
507 char *const argv[])
508 {
509 while (true) {
510 int c;
511 int index = 0;
512
513 c = getopt_long(argc, argv, args->shortopts, args->options, &index);
514 if (c == -1)
515 break;
516 switch (c) {
517 case 'n':
518 args->name = optarg;
519 break;
520 case 'o':
521 args->log_file = optarg;
522 break;
523 case 'l':
524 args->log_priority = optarg;
525 break;
526 case 'q':
527 args->quiet = true;
528 break;
529 case 'P':
530 remove_trailing_slashes(optarg);
531 args->lxcpath = optarg;
532 break;
533 case OPT_USAGE:
534 print_usage(args->options);
535 case OPT_VERSION:
536 print_version();
537 case '?':
538 print_help();
539 exit(EXIT_FAILURE);
540 case 'h':
541 print_help();
542 exit(EXIT_SUCCESS);
543 }
544 }
545
546 /*
547 * Reclaim the remaining command arguments
548 */
549 args->argv = &argv[optind];
550 args->argc = argc - optind;
551
552 /* If no lxcpath was given, use default */
553 if (!args->lxcpath) {
554 args->lxcpath = lxc_global_config_value("lxc.lxcpath");
555 }
556
557 /* Check the command options */
558 if (!args->name) {
559 if(!args->quiet)
560 fprintf(stderr, "lxc-init: missing container name, use --name option\n");
561 return -1;
562 }
563
564 return 0;
565 }
LXC mirror