]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/cmd/lxc_init.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2267 from brauner/QbitLogic-master
[mirror_lxc.git] / src / lxc / cmd / lxc_init.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #define _GNU_SOURCE
25 #include <errno.h>
26 #include <getopt.h>
27 #include <libgen.h>
28 #include <signal.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <string.h>
32 #include <unistd.h>
33 #include <sys/stat.h>
34 #include <sys/types.h>
35 #include <sys/wait.h>
36 #include <ctype.h>
37
38 #include <lxc/lxccontainer.h>
39 #include <lxc/version.h>
40
41 #include "error.h"
42 #include "initutils.h"
43 #include "log.h"
44 #include "namespace.h"
45 #include "parse.h"
46
47 /* option keys for long only options */
48 #define OPT_USAGE 0x1000
49 #define OPT_VERSION OPT_USAGE - 1
50
51 #define QUOTE(macro) #macro
52 #define QUOTEVAL(macro) QUOTE(macro)
53
54 lxc_log_define(lxc_init, lxc);
55
56 static sig_atomic_t was_interrupted = 0;
57
58 static void interrupt_handler(int sig)
59 {
60 if (!was_interrupted)
61 was_interrupted = sig;
62 }
63
64 static struct option long_options[] = {
65 { "name", required_argument, 0, 'n' },
66 { "help", no_argument, 0, 'h' },
67 { "usage", no_argument, 0, OPT_USAGE },
68 { "version", no_argument, 0, OPT_VERSION },
69 { "quiet", no_argument, 0, 'q' },
70 { "logfile", required_argument, 0, 'o' },
71 { "logpriority", required_argument, 0, 'l' },
72 { "lxcpath", required_argument, 0, 'P' },
73 { 0, 0, 0, 0 }
74 };
75 static char short_options[] = "n:hqo:l:P:";
76
77 struct arguments {
78 const struct option *options;
79 const char *shortopts;
80
81 const char *name;
82 char *log_file;
83 char *log_priority;
84 bool quiet;
85 const char *lxcpath;
86
87 /* remaining arguments */
88 char *const *argv;
89 int argc;
90 };
91
92 static int arguments_parse(struct arguments *my_args, int argc,
93 char *const argv[]);
94
95 static struct arguments my_args = {
96 .options = long_options,
97 .shortopts = short_options
98 };
99
100 static void prevent_forking(void)
101 {
102 FILE *f;
103 size_t len = 0;
104 char *line = NULL;
105 char path[MAXPATHLEN];
106
107 f = fopen("/proc/self/cgroup", "r");
108 if (!f)
109 return;
110
111 while (getline(&line, &len, f) != -1) {
112 int fd, ret;
113 char *p, *p2;
114
115 p = strchr(line, ':');
116 if (!p)
117 continue;
118 p++;
119 p2 = strchr(p, ':');
120 if (!p2)
121 continue;
122 *p2 = '\0';
123
124 /* This is a cgroup v2 entry. Skip it. */
125 if ((p2 - p) == 0)
126 continue;
127
128 if (strcmp(p, "pids") != 0)
129 continue;
130 p2++;
131
132 p2 += lxc_char_left_gc(p2, strlen(p2));
133 p2[lxc_char_right_gc(p2, strlen(p2))] = '\0';
134
135 ret = snprintf(path, sizeof(path),
136 "/sys/fs/cgroup/pids/%s/pids.max", p2);
137 if (ret < 0 || (size_t)ret >= sizeof(path)) {
138 ERROR("Failed to create string");
139 goto on_error;
140 }
141
142 fd = open(path, O_WRONLY);
143 if (fd < 0) {
144 SYSERROR("Failed to open \"%s\"", path);
145 goto on_error;
146 }
147
148 ret = write(fd, "1", 1);
149 if (ret != 1)
150 SYSERROR("Failed to write to \"%s\"", path);
151
152 close(fd);
153 break;
154 }
155
156 on_error:
157 free(line);
158 fclose(f);
159 }
160
161 static void kill_children(pid_t pid)
162 {
163 FILE *f;
164 char path[PATH_MAX];
165 int ret;
166
167 ret = snprintf(path, sizeof(path), "/proc/%d/task/%d/children", pid, pid);
168 if (ret < 0 || (size_t)ret >= sizeof(path)) {
169 ERROR("Failed to create string");
170 return;
171 }
172
173 f = fopen(path, "r");
174 if (!f) {
175 SYSERROR("Failed to open %s", path);
176 return;
177 }
178
179 while (!feof(f)) {
180 pid_t pid;
181
182 if (fscanf(f, "%d ", &pid) != 1) {
183 ERROR("Failed to retrieve pid");
184 fclose(f);
185 return;
186 }
187
188 kill_children(pid);
189 kill(pid, SIGKILL);
190 }
191
192 fclose(f);
193 }
194
195 static void remove_self(void)
196 {
197 int ret;
198 ssize_t n;
199 char path[MAXPATHLEN] = {0};
200
201 n = readlink("/proc/self/exe", path, sizeof(path));
202 if (n < 0 || n >= MAXPATHLEN) {
203 SYSERROR("Failed to readlink \"/proc/self/exe\"");
204 return;
205 }
206 path[n] = '\0';
207
208 ret = umount2(path, MNT_DETACH);
209 if (ret < 0) {
210 SYSERROR("Failed to unmount \"%s\"", path);
211 return;
212 }
213
214 ret = unlink(path);
215 if (ret < 0) {
216 SYSERROR("Failed to unlink \"%s\"", path);
217 return;
218 }
219 }
220
221 int main(int argc, char *argv[])
222 {
223 int i, ret;
224 pid_t pid, sid;
225 struct sigaction act;
226 struct lxc_log log;
227 sigset_t mask, omask;
228 int have_status = 0, exit_with = 1, shutdown = 0;
229
230 if (arguments_parse(&my_args, argc, argv))
231 exit(EXIT_FAILURE);
232
233 log.prefix = "lxc-init";
234 log.name = my_args.name;
235 log.file = my_args.log_file;
236 log.level = my_args.log_priority;
237 log.quiet = my_args.quiet;
238 log.lxcpath = my_args.lxcpath;
239
240 ret = lxc_log_init(&log);
241 if (ret < 0)
242 exit(EXIT_FAILURE);
243 lxc_log_options_no_override();
244
245 if (!my_args.argc) {
246 ERROR("Please specify a command to execute");
247 exit(EXIT_FAILURE);
248 }
249
250 /* Mask all the signals so we are safe to install a signal handler and
251 * to fork.
252 */
253 ret = sigfillset(&mask);
254 if (ret < 0)
255 exit(EXIT_FAILURE);
256
257 ret = sigdelset(&mask, SIGILL);
258 if (ret < 0)
259 exit(EXIT_FAILURE);
260
261 ret = sigdelset(&mask, SIGSEGV);
262 if (ret < 0)
263 exit(EXIT_FAILURE);
264
265 ret = sigdelset(&mask, SIGBUS);
266 if (ret < 0)
267 exit(EXIT_FAILURE);
268
269 ret = sigprocmask(SIG_SETMASK, &mask, &omask);
270 if (ret < 0)
271 exit(EXIT_FAILURE);
272
273 ret = sigfillset(&act.sa_mask);
274 if (ret < 0)
275 exit(EXIT_FAILURE);
276
277 ret = sigdelset(&act.sa_mask, SIGILL);
278 if (ret < 0)
279 exit(EXIT_FAILURE);
280
281 ret = sigdelset(&act.sa_mask, SIGSEGV);
282 if (ret < 0)
283 exit(EXIT_FAILURE);
284
285 ret = sigdelset(&act.sa_mask, SIGBUS);
286 if (ret < 0)
287 exit(EXIT_FAILURE);
288
289 ret = sigdelset(&act.sa_mask, SIGSTOP);
290 if (ret < 0)
291 exit(EXIT_FAILURE);
292
293 ret = sigdelset(&act.sa_mask, SIGKILL);
294 if (ret < 0)
295 exit(EXIT_FAILURE);
296
297 act.sa_flags = 0;
298 act.sa_handler = interrupt_handler;
299
300 for (i = 1; i < NSIG; i++) {
301 /* Exclude some signals: ILL, SEGV and BUS are likely to reveal
302 * a bug and we want a core. STOP and KILL cannot be handled
303 * anyway: they're here for documentation. 32 and 33 are not
304 * defined.
305 */
306 if (i == SIGILL || i == SIGSEGV || i == SIGBUS ||
307 i == SIGSTOP || i == SIGKILL || i == 32 || i == 33)
308 continue;
309
310 ret = sigaction(i, &act, NULL);
311 if (ret < 0) {
312 if (errno == EINVAL)
313 continue;
314
315 SYSERROR("Failed to change signal action");
316 exit(EXIT_FAILURE);
317 }
318 }
319
320 remove_self();
321
322 pid = fork();
323 if (pid < 0)
324 exit(EXIT_FAILURE);
325
326 if (!pid) {
327 /* restore default signal handlers */
328 for (i = 1; i < NSIG; i++) {
329 sighandler_t sigerr;
330 sigerr = signal(i, SIG_DFL);
331 if (sigerr == SIG_ERR) {
332 DEBUG("%s - Failed to reset to default action "
333 "for signal \"%d\": %d", strerror(errno),
334 i, pid);
335 }
336 }
337
338 ret = sigprocmask(SIG_SETMASK, &omask, NULL);
339 if (ret < 0) {
340 SYSERROR("Failed to set signal mask");
341 exit(EXIT_FAILURE);
342 }
343
344 sid = setsid();
345 if (sid < 0)
346 DEBUG("Failed to make child session leader");
347
348 if (ioctl(STDIN_FILENO, TIOCSCTTY, 0) < 0)
349 DEBUG("Failed to set controlling terminal");
350
351 NOTICE("Exec'ing \"%s\"", my_args.argv[0]);
352
353 ret = execvp(my_args.argv[0], my_args.argv);
354 ERROR("%s - Failed to exec \"%s\"", strerror(errno), my_args.argv[0]);
355 exit(ret);
356 }
357
358 INFO("Attempting to set proc title to \"init\"");
359 setproctitle("init");
360
361 /* Let's process the signals now. */
362 ret = sigdelset(&omask, SIGALRM);
363 if (ret < 0)
364 exit(EXIT_FAILURE);
365
366 ret = sigprocmask(SIG_SETMASK, &omask, NULL);
367 if (ret < 0) {
368 SYSERROR("Failed to set signal mask");
369 exit(EXIT_FAILURE);
370 }
371
372 /* No need of other inherited fds but stderr. */
373 close(STDIN_FILENO);
374 close(STDOUT_FILENO);
375
376 for (;;) {
377 int status;
378 pid_t waited_pid;
379
380 switch (was_interrupted) {
381 case 0:
382 /* Some applications send SIGHUP in order to get init to reload
383 * its configuration. We don't want to forward this onto the
384 * application itself, because it probably isn't expecting this
385 * signal since it was expecting init to do something with it.
386 *
387 * Instead, let's explicitly ignore it here. The actual
388 * terminal case is handled in the monitor's handler, which
389 * sends this task a SIGTERM in the case of a SIGHUP, which is
390 * what we want.
391 */
392 case SIGHUP:
393 break;
394 case SIGPWR:
395 case SIGTERM:
396 if (!shutdown) {
397 pid_t mypid = lxc_raw_getpid();
398
399 shutdown = 1;
400 prevent_forking();
401 if (mypid != 1) {
402 kill_children(mypid);
403 } else {
404 ret = kill(-1, SIGTERM);
405 if (ret < 0)
406 DEBUG("%s - Failed to send SIGTERM to "
407 "all children", strerror(errno));
408 }
409 alarm(1);
410 }
411 break;
412 case SIGALRM: {
413 pid_t mypid = lxc_raw_getpid();
414
415 prevent_forking();
416 if (mypid != 1) {
417 kill_children(mypid);
418 } else {
419 ret = kill(-1, SIGKILL);
420 if (ret < 0)
421 DEBUG("%s - Failed to send SIGTERM to "
422 "all children", strerror(errno));
423 }
424 break;
425 }
426 default:
427 ret = kill(pid, was_interrupted);
428 if (ret < 0)
429 DEBUG("%s - Failed to send signal \"%d\" to "
430 "%d", strerror(errno), was_interrupted, pid);
431 break;
432 }
433 ret = EXIT_SUCCESS;
434
435 was_interrupted = 0;
436 waited_pid = wait(&status);
437 if (waited_pid < 0) {
438 if (errno == ECHILD)
439 goto out;
440
441 if (errno == EINTR)
442 continue;
443
444 ERROR("%s - Failed to wait on child %d",
445 strerror(errno), pid);
446 goto out;
447 }
448
449 /* Reset timer each time a process exited. */
450 if (shutdown)
451 alarm(1);
452
453 /* Keep the exit code of the started application (not wrapped
454 * pid) and continue to wait for the end of the orphan group.
455 */
456 if (waited_pid == pid && !have_status) {
457 exit_with = lxc_error_set_and_log(waited_pid, status);
458 have_status = 1;
459 }
460 }
461 out:
462 if (ret < 0)
463 exit(EXIT_FAILURE);
464 exit(exit_with);
465 }
466
467 static void print_usage(const struct option longopts[])
468
469 {
470 fprintf(stderr, "Usage: lxc-init [-n|--name=NAME] [-h|--help] [--usage] [--version] \n\
471 [-q|--quiet] [-o|--logfile=LOGFILE] [-l|--logpriority=LOGPRIORITY] [-P|--lxcpath=LXCPATH]\n");
472 exit(0);
473 }
474
475 static void print_version()
476 {
477 printf("%s\n", LXC_VERSION);
478 exit(0);
479 }
480
481 static void print_help()
482 {
483 fprintf(stderr, "\
484 Usage: lxc-init --name=NAME -- COMMAND\n\
485 \n\
486 lxc-init start a COMMAND as PID 2 inside a container\n\
487 \n\
488 Options :\n\
489 -n, --name=NAME NAME of the container\n\
490 -o, --logfile=FILE Output log to FILE instead of stderr\n\
491 -l, --logpriority=LEVEL Set log priority to LEVEL\n\
492 -q, --quiet Don't produce any output\n\
493 -P, --lxcpath=PATH Use specified container path\n\
494 -?, --help Give this help list\n\
495 --usage Give a short usage message\n\
496 --version Print the version number\n\
497 \n\
498 Mandatory or optional arguments to long options are also mandatory or optional\n\
499 for any corresponding short options.\n\
500 \n\
501 See the lxc-init man page for further information.\n\n");
502
503 }
504
505 static int arguments_parse(struct arguments *args, int argc,
506 char *const argv[])
507 {
508 while (true) {
509 int c;
510 int index = 0;
511
512 c = getopt_long(argc, argv, args->shortopts, args->options, &index);
513 if (c == -1)
514 break;
515 switch (c) {
516 case 'n':
517 args->name = optarg;
518 break;
519 case 'o':
520 args->log_file = optarg;
521 break;
522 case 'l':
523 args->log_priority = optarg;
524 break;
525 case 'q':
526 args->quiet = true;
527 break;
528 case 'P':
529 remove_trailing_slashes(optarg);
530 args->lxcpath = optarg;
531 break;
532 case OPT_USAGE:
533 print_usage(args->options);
534 case OPT_VERSION:
535 print_version();
536 case '?':
537 print_help();
538 exit(EXIT_FAILURE);
539 case 'h':
540 print_help();
541 exit(EXIT_SUCCESS);
542 }
543 }
544
545 /*
546 * Reclaim the remaining command arguments
547 */
548 args->argv = &argv[optind];
549 args->argc = argc - optind;
550
551 /* If no lxcpath was given, use default */
552 if (!args->lxcpath) {
553 args->lxcpath = lxc_global_config_value("lxc.lxcpath");
554 }
555
556 /* Check the command options */
557 if (!args->name) {
558 if(!args->quiet)
559 fprintf(stderr, "lxc-init: missing container name, use --name option\n");
560 return -1;
561 }
562
563 return 0;
564 }
LXC mirror