2 * lxc: linux Container library
4 * Copyright © 2012 Oracle.
7 * Dwight Engen <dwight.engen@oracle.com>
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
30 #include <netinet/in.h>
37 #include <sys/epoll.h>
38 #include <sys/param.h>
39 #include <sys/socket.h>
41 #include <sys/types.h>
45 #include <lxc/lxccontainer.h>
52 #include "raw_syscalls.h"
55 #define CLIENTFDS_CHUNK 64
57 lxc_log_define(lxc_monitord
, lxc
);
61 static void lxc_monitord_cleanup(void);
64 * Defines the structure to store the monitor information
65 * @lxcpath : the path being monitored
66 * @fifofd : the file descriptor for publishers (containers) to write state
67 * @listenfd : the file descriptor for subscribers (lxc-monitors) to connect
68 * @clientfds : accepted client file descriptors
69 * @clientfds_size : number of file descriptors clientfds can hold
70 * @clientfds_cnt : the count of valid fds in clientfds
71 * @descr : the lxc_mainloop state
80 struct lxc_epoll_descr descr
;
83 static struct lxc_monitor monitor
;
86 static int lxc_monitord_fifo_create(struct lxc_monitor
*mon
)
89 char fifo_path
[PATH_MAX
];
92 ret
= lxc_monitor_fifo_name(mon
->lxcpath
, fifo_path
, sizeof(fifo_path
), 1);
96 ret
= mknod(fifo_path
, S_IFIFO
| S_IRUSR
| S_IWUSR
, 0);
97 if (ret
< 0 && errno
!= EEXIST
) {
98 SYSINFO("Failed to mknod monitor fifo %s", fifo_path
);
102 mon
->fifofd
= open(fifo_path
, O_RDWR
);
103 if (mon
->fifofd
< 0) {
104 SYSERROR("Failed to open monitor fifo %s", fifo_path
);
110 lk
.l_whence
= SEEK_SET
;
114 if (fcntl(mon
->fifofd
, F_SETLK
, &lk
) != 0) {
115 /* another lxc-monitord is already running, don't start up */
116 SYSDEBUG("lxc-monitord already running on lxcpath %s", mon
->lxcpath
);
124 static int lxc_monitord_fifo_delete(struct lxc_monitor
*mon
)
126 char fifo_path
[PATH_MAX
];
129 ret
= lxc_monitor_fifo_name(mon
->lxcpath
, fifo_path
, sizeof(fifo_path
), 0);
137 static void lxc_monitord_sockfd_remove(struct lxc_monitor
*mon
, int fd
)
141 if (lxc_mainloop_del_handler(&mon
->descr
, fd
))
142 CRIT("File descriptor %d not found in mainloop", fd
);
145 for (i
= 0; i
< mon
->clientfds_cnt
; i
++)
146 if (mon
->clientfds
[i
] == fd
)
149 if (i
>= mon
->clientfds_cnt
) {
150 CRIT("File descriptor %d not found in clients array", fd
);
151 lxc_monitord_cleanup();
155 memmove(&mon
->clientfds
[i
], &mon
->clientfds
[i
+1],
156 (mon
->clientfds_cnt
- i
- 1) * sizeof(mon
->clientfds
[0]));
157 mon
->clientfds_cnt
--;
160 static int lxc_monitord_sock_handler(int fd
, uint32_t events
, void *data
,
161 struct lxc_epoll_descr
*descr
)
163 struct lxc_monitor
*mon
= data
;
165 if (events
& EPOLLIN
) {
169 rc
= lxc_read_nointr(fd
, buf
, sizeof(buf
));
170 if (rc
> 0 && !strncmp(buf
, "quit", 4))
171 quit
= LXC_MAINLOOP_CLOSE
;
174 if (events
& EPOLLHUP
)
175 lxc_monitord_sockfd_remove(mon
, fd
);
180 static int lxc_monitord_sock_accept(int fd
, uint32_t events
, void *data
,
181 struct lxc_epoll_descr
*descr
)
184 struct lxc_monitor
*mon
= data
;
186 socklen_t credsz
= sizeof(cred
);
188 ret
= LXC_MAINLOOP_ERROR
;
189 clientfd
= accept(fd
, NULL
, 0);
191 SYSERROR("Failed to accept connection for client file descriptor %d", fd
);
195 if (fcntl(clientfd
, F_SETFD
, FD_CLOEXEC
)) {
196 SYSERROR("Failed to set FD_CLOEXEC on client socket connection %d", clientfd
);
200 if (getsockopt(clientfd
, SOL_SOCKET
, SO_PEERCRED
, &cred
, &credsz
)) {
201 SYSERROR("Failed to get credentials on client socket connection %d", clientfd
);
205 if (cred
.uid
&& cred
.uid
!= geteuid()) {
206 WARN("Monitor denied for uid %d on client socket connection %d", cred
.uid
, clientfd
);
210 if (mon
->clientfds_cnt
+ 1 > mon
->clientfds_size
) {
213 clientfds
= realloc(mon
->clientfds
,
214 (mon
->clientfds_size
+ CLIENTFDS_CHUNK
) * sizeof(mon
->clientfds
[0]));
216 ERROR("Failed to realloc memory for %d client file descriptors",
217 mon
->clientfds_size
+ CLIENTFDS_CHUNK
);
221 mon
->clientfds
= clientfds
;
222 mon
->clientfds_size
+= CLIENTFDS_CHUNK
;
225 ret
= lxc_mainloop_add_handler(&mon
->descr
, clientfd
,
226 lxc_monitord_sock_handler
, mon
);
228 ERROR("Failed to add socket handler");
232 mon
->clientfds
[mon
->clientfds_cnt
++] = clientfd
;
233 INFO("Accepted client file descriptor %d. Number of accepted file descriptors is now %d",
234 clientfd
, mon
->clientfds_cnt
);
244 static int lxc_monitord_sock_create(struct lxc_monitor
*mon
)
246 struct sockaddr_un addr
;
249 if (lxc_monitor_sock_name(mon
->lxcpath
, &addr
) < 0)
252 fd
= lxc_abstract_unix_open(addr
.sun_path
, SOCK_STREAM
, O_TRUNC
);
254 SYSERROR("Failed to open unix socket");
262 static int lxc_monitord_sock_delete(struct lxc_monitor
*mon
)
264 struct sockaddr_un addr
;
266 if (lxc_monitor_sock_name(mon
->lxcpath
, &addr
) < 0)
269 if (addr
.sun_path
[0])
270 unlink(addr
.sun_path
);
275 static int lxc_monitord_create(struct lxc_monitor
*mon
)
279 ret
= lxc_monitord_fifo_create(mon
);
283 return lxc_monitord_sock_create(mon
);
286 static void lxc_monitord_delete(struct lxc_monitor
*mon
)
290 lxc_mainloop_del_handler(&mon
->descr
, mon
->listenfd
);
291 lxc_abstract_unix_close(mon
->listenfd
);
292 lxc_monitord_sock_delete(mon
);
294 lxc_mainloop_del_handler(&mon
->descr
, mon
->fifofd
);
295 lxc_monitord_fifo_delete(mon
);
298 for (i
= 0; i
< mon
->clientfds_cnt
; i
++) {
299 lxc_mainloop_del_handler(&mon
->descr
, mon
->clientfds
[i
]);
300 close(mon
->clientfds
[i
]);
303 mon
->clientfds_cnt
= 0;
306 static int lxc_monitord_fifo_handler(int fd
, uint32_t events
, void *data
,
307 struct lxc_epoll_descr
*descr
)
310 struct lxc_msg msglxc
;
311 struct lxc_monitor
*mon
= data
;
313 ret
= lxc_read_nointr(fd
, &msglxc
, sizeof(msglxc
));
314 if (ret
!= sizeof(msglxc
)) {
315 SYSERROR("Reading from fifo failed");
316 return LXC_MAINLOOP_CLOSE
;
319 for (i
= 0; i
< mon
->clientfds_cnt
; i
++) {
320 ret
= lxc_write_nointr(mon
->clientfds
[i
], &msglxc
, sizeof(msglxc
));
322 SYSERROR("Failed to send message to client file descriptor %d",
326 return LXC_MAINLOOP_CONTINUE
;
329 static int lxc_monitord_mainloop_add(struct lxc_monitor
*mon
)
333 ret
= lxc_mainloop_add_handler(&mon
->descr
, mon
->fifofd
,
334 lxc_monitord_fifo_handler
, mon
);
336 ERROR("Failed to add to mainloop monitor handler for fifo");
340 ret
= lxc_mainloop_add_handler(&mon
->descr
, mon
->listenfd
,
341 lxc_monitord_sock_accept
, mon
);
343 ERROR("Failed to add to mainloop monitor handler for listen socket");
350 static void lxc_monitord_cleanup(void)
352 lxc_monitord_delete(&monitor
);
355 static void lxc_monitord_sig_handler(int sig
)
360 int main(int argc
, char *argv
[])
363 char logpath
[PATH_MAX
];
365 char *lxcpath
= argv
[1];
366 bool mainloop_opened
= false;
367 bool monitord_created
= false;
372 "Usage: lxc-monitord lxcpath sync-pipe-fd\n\n"
373 "NOTE: lxc-monitord is intended for use by lxc internally\n"
374 " and does not need to be run by hand\n\n");
378 ret
= snprintf(logpath
, sizeof(logpath
), "%s/lxc-monitord.log",
379 (strcmp(LXCPATH
, lxcpath
) ? lxcpath
: LOGPATH
));
380 if (ret
< 0 || ret
>= sizeof(logpath
))
386 log
.prefix
= "lxc-monitord";
388 log
.lxcpath
= lxcpath
;
390 ret
= lxc_log_init(&log
);
392 INFO("Failed to open log file %s, log will be lost", lxcpath
);
393 lxc_log_options_no_override();
395 if (lxc_safe_int(argv
[2], &pipefd
) < 0)
398 if (sigfillset(&mask
) ||
399 sigdelset(&mask
, SIGILL
) ||
400 sigdelset(&mask
, SIGSEGV
) ||
401 sigdelset(&mask
, SIGBUS
) ||
402 sigdelset(&mask
, SIGTERM
) ||
403 pthread_sigmask(SIG_BLOCK
, &mask
, NULL
)) {
404 SYSERROR("Failed to set signal mask");
408 signal(SIGILL
, lxc_monitord_sig_handler
);
409 signal(SIGSEGV
, lxc_monitord_sig_handler
);
410 signal(SIGBUS
, lxc_monitord_sig_handler
);
411 signal(SIGTERM
, lxc_monitord_sig_handler
);
413 if (sigsetjmp(mark
, 1) != 0)
418 memset(&monitor
, 0, sizeof(monitor
));
419 monitor
.lxcpath
= lxcpath
;
420 if (lxc_mainloop_open(&monitor
.descr
)) {
421 ERROR("Failed to create mainloop");
424 mainloop_opened
= true;
426 if (lxc_monitord_create(&monitor
))
428 monitord_created
= true;
430 /* sync with parent, we're ignoring the return from write
431 * because regardless if it works or not, the following
432 * close will sync us with the parent process. the
433 * if-empty-statement construct is to quiet the
434 * warn-unused-result warning.
436 if (lxc_write_nointr(pipefd
, "S", 1))
440 if (lxc_monitord_mainloop_add(&monitor
)) {
441 ERROR("Failed to add mainloop handlers");
445 NOTICE("lxc-monitord with pid %d is now monitoring lxcpath %s",
446 lxc_raw_getpid(), monitor
.lxcpath
);
449 ret
= lxc_mainloop(&monitor
.descr
, 1000 * 30);
451 ERROR("mainloop returned an error");
455 if (monitor
.clientfds_cnt
<= 0) {
456 NOTICE("No remaining clients. lxc-monitord is exiting");
460 if (quit
== LXC_MAINLOOP_CLOSE
) {
461 NOTICE("Got quit command. lxc-monitord is exitting");
470 if (monitord_created
)
471 lxc_monitord_cleanup();
474 lxc_mainloop_close(&monitor
.descr
);