1 /* SPDX-License-Identifier: LGPL-2.1+ */
9 #include <netinet/in.h>
16 #include <sys/epoll.h>
17 #include <sys/param.h>
18 #include <sys/socket.h>
20 #include <sys/types.h>
24 #include <lxc/lxccontainer.h>
31 #include "process_utils.h"
34 #define CLIENTFDS_CHUNK 64
36 lxc_log_define(lxc_monitord
, lxc
);
40 static void lxc_monitord_cleanup(void);
43 * Defines the structure to store the monitor information
44 * @lxcpath : the path being monitored
45 * @fifofd : the file descriptor for publishers (containers) to write state
46 * @listenfd : the file descriptor for subscribers (lxc-monitors) to connect
47 * @clientfds : accepted client file descriptors
48 * @clientfds_size : number of file descriptors clientfds can hold
49 * @clientfds_cnt : the count of valid fds in clientfds
50 * @descr : the lxc_mainloop state
59 struct lxc_epoll_descr descr
;
62 static struct lxc_monitor monitor
;
65 static int lxc_monitord_fifo_create(struct lxc_monitor
*mon
)
68 char fifo_path
[PATH_MAX
];
71 ret
= lxc_monitor_fifo_name(mon
->lxcpath
, fifo_path
, sizeof(fifo_path
), 1);
75 ret
= mknod(fifo_path
, S_IFIFO
| S_IRUSR
| S_IWUSR
, 0);
76 if (ret
< 0 && errno
!= EEXIST
) {
77 SYSINFO("Failed to mknod monitor fifo %s", fifo_path
);
81 mon
->fifofd
= open(fifo_path
, O_RDWR
);
82 if (mon
->fifofd
< 0) {
83 SYSERROR("Failed to open monitor fifo %s", fifo_path
);
89 lk
.l_whence
= SEEK_SET
;
93 if (fcntl(mon
->fifofd
, F_SETLK
, &lk
) != 0) {
94 /* another lxc-monitord is already running, don't start up */
95 SYSDEBUG("lxc-monitord already running on lxcpath %s", mon
->lxcpath
);
103 static int lxc_monitord_fifo_delete(struct lxc_monitor
*mon
)
105 char fifo_path
[PATH_MAX
];
108 ret
= lxc_monitor_fifo_name(mon
->lxcpath
, fifo_path
, sizeof(fifo_path
), 0);
116 static void lxc_monitord_sockfd_remove(struct lxc_monitor
*mon
, int fd
)
120 if (lxc_mainloop_del_handler(&mon
->descr
, fd
))
121 CRIT("File descriptor %d not found in mainloop", fd
);
124 for (i
= 0; i
< mon
->clientfds_cnt
; i
++)
125 if (mon
->clientfds
[i
] == fd
)
128 if (i
>= mon
->clientfds_cnt
) {
129 CRIT("File descriptor %d not found in clients array", fd
);
130 lxc_monitord_cleanup();
134 memmove(&mon
->clientfds
[i
], &mon
->clientfds
[i
+1],
135 (mon
->clientfds_cnt
- i
- 1) * sizeof(mon
->clientfds
[0]));
136 mon
->clientfds_cnt
--;
139 static int lxc_monitord_sock_handler(int fd
, uint32_t events
, void *data
,
140 struct lxc_epoll_descr
*descr
)
142 struct lxc_monitor
*mon
= data
;
144 if (events
& EPOLLIN
) {
148 rc
= lxc_read_nointr(fd
, buf
, sizeof(buf
));
149 if (rc
> 0 && !strncmp(buf
, "quit", 4))
150 quit
= LXC_MAINLOOP_CLOSE
;
153 if (events
& EPOLLHUP
)
154 lxc_monitord_sockfd_remove(mon
, fd
);
159 static int lxc_monitord_sock_accept(int fd
, uint32_t events
, void *data
,
160 struct lxc_epoll_descr
*descr
)
163 struct lxc_monitor
*mon
= data
;
165 socklen_t credsz
= sizeof(cred
);
167 ret
= LXC_MAINLOOP_ERROR
;
168 clientfd
= accept(fd
, NULL
, 0);
170 SYSERROR("Failed to accept connection for client file descriptor %d", fd
);
174 if (fcntl(clientfd
, F_SETFD
, FD_CLOEXEC
)) {
175 SYSERROR("Failed to set FD_CLOEXEC on client socket connection %d", clientfd
);
179 if (getsockopt(clientfd
, SOL_SOCKET
, SO_PEERCRED
, &cred
, &credsz
)) {
180 SYSERROR("Failed to get credentials on client socket connection %d", clientfd
);
184 if (cred
.uid
&& cred
.uid
!= geteuid()) {
185 WARN("Monitor denied for uid %d on client socket connection %d", cred
.uid
, clientfd
);
189 if (mon
->clientfds_cnt
+ 1 > mon
->clientfds_size
) {
192 clientfds
= realloc(mon
->clientfds
,
193 (mon
->clientfds_size
+ CLIENTFDS_CHUNK
) * sizeof(mon
->clientfds
[0]));
195 ERROR("Failed to realloc memory for %d client file descriptors",
196 mon
->clientfds_size
+ CLIENTFDS_CHUNK
);
200 mon
->clientfds
= clientfds
;
201 mon
->clientfds_size
+= CLIENTFDS_CHUNK
;
204 ret
= lxc_mainloop_add_handler(&mon
->descr
, clientfd
,
205 lxc_monitord_sock_handler
, mon
);
207 ERROR("Failed to add socket handler");
211 mon
->clientfds
[mon
->clientfds_cnt
++] = clientfd
;
212 INFO("Accepted client file descriptor %d. Number of accepted file descriptors is now %d",
213 clientfd
, mon
->clientfds_cnt
);
223 static int lxc_monitord_sock_create(struct lxc_monitor
*mon
)
225 struct sockaddr_un addr
;
228 if (lxc_monitor_sock_name(mon
->lxcpath
, &addr
) < 0)
231 fd
= lxc_abstract_unix_open(addr
.sun_path
, SOCK_STREAM
, O_TRUNC
);
233 SYSERROR("Failed to open unix socket");
241 static int lxc_monitord_sock_delete(struct lxc_monitor
*mon
)
243 struct sockaddr_un addr
;
245 if (lxc_monitor_sock_name(mon
->lxcpath
, &addr
) < 0)
248 if (addr
.sun_path
[0])
249 unlink(addr
.sun_path
);
254 static int lxc_monitord_create(struct lxc_monitor
*mon
)
258 ret
= lxc_monitord_fifo_create(mon
);
262 return lxc_monitord_sock_create(mon
);
265 static void lxc_monitord_delete(struct lxc_monitor
*mon
)
269 lxc_mainloop_del_handler(&mon
->descr
, mon
->listenfd
);
270 lxc_abstract_unix_close(mon
->listenfd
);
271 lxc_monitord_sock_delete(mon
);
273 lxc_mainloop_del_handler(&mon
->descr
, mon
->fifofd
);
274 lxc_monitord_fifo_delete(mon
);
277 for (i
= 0; i
< mon
->clientfds_cnt
; i
++) {
278 lxc_mainloop_del_handler(&mon
->descr
, mon
->clientfds
[i
]);
279 close(mon
->clientfds
[i
]);
282 mon
->clientfds_cnt
= 0;
285 static int lxc_monitord_fifo_handler(int fd
, uint32_t events
, void *data
,
286 struct lxc_epoll_descr
*descr
)
289 struct lxc_msg msglxc
;
290 struct lxc_monitor
*mon
= data
;
292 ret
= lxc_read_nointr(fd
, &msglxc
, sizeof(msglxc
));
293 if (ret
!= sizeof(msglxc
)) {
294 SYSERROR("Reading from fifo failed");
295 return LXC_MAINLOOP_CLOSE
;
298 for (i
= 0; i
< mon
->clientfds_cnt
; i
++) {
299 ret
= lxc_write_nointr(mon
->clientfds
[i
], &msglxc
, sizeof(msglxc
));
301 SYSERROR("Failed to send message to client file descriptor %d",
305 return LXC_MAINLOOP_CONTINUE
;
308 static int lxc_monitord_mainloop_add(struct lxc_monitor
*mon
)
312 ret
= lxc_mainloop_add_handler(&mon
->descr
, mon
->fifofd
,
313 lxc_monitord_fifo_handler
, mon
);
315 ERROR("Failed to add to mainloop monitor handler for fifo");
319 ret
= lxc_mainloop_add_handler(&mon
->descr
, mon
->listenfd
,
320 lxc_monitord_sock_accept
, mon
);
322 ERROR("Failed to add to mainloop monitor handler for listen socket");
329 static void lxc_monitord_cleanup(void)
331 lxc_monitord_delete(&monitor
);
334 static void lxc_monitord_sig_handler(int sig
)
339 int main(int argc
, char *argv
[])
341 int ret
, pipefd
= -1;
342 char logpath
[PATH_MAX
];
344 const char *lxcpath
= NULL
;
345 bool mainloop_opened
= false;
346 bool monitord_created
= false;
347 bool persistent
= false;
350 if (argc
> 1 && !strcmp(argv
[1], "--daemon")) {
361 lxcpath
= lxc_global_config_value("lxc.lxcpath");
363 ERROR("Failed to get default lxcpath");
369 if (lxc_safe_int(argv
[1], &pipefd
) < 0)
375 if (argc
!= 1 || (persistent
!= (pipefd
== -1))) {
377 "Usage: lxc-monitord lxcpath sync-pipe-fd\n"
378 " lxc-monitord --daemon lxcpath\n\n"
379 "NOTE: lxc-monitord is intended for use by lxc internally\n"
380 " and does not need to be run by hand\n\n");
384 ret
= snprintf(logpath
, sizeof(logpath
), "%s/lxc-monitord.log",
385 (strcmp(LXCPATH
, lxcpath
) ? lxcpath
: LOGPATH
));
386 if (ret
< 0 || ret
>= sizeof(logpath
))
392 log
.prefix
= "lxc-monitord";
394 log
.lxcpath
= lxcpath
;
396 ret
= lxc_log_init(&log
);
398 INFO("Failed to open log file %s, log will be lost", lxcpath
);
399 lxc_log_options_no_override();
401 if (sigfillset(&mask
) ||
402 sigdelset(&mask
, SIGILL
) ||
403 sigdelset(&mask
, SIGSEGV
) ||
404 sigdelset(&mask
, SIGBUS
) ||
405 sigdelset(&mask
, SIGTERM
) ||
406 pthread_sigmask(SIG_BLOCK
, &mask
, NULL
)) {
407 SYSERROR("Failed to set signal mask");
411 signal(SIGILL
, lxc_monitord_sig_handler
);
412 signal(SIGSEGV
, lxc_monitord_sig_handler
);
413 signal(SIGBUS
, lxc_monitord_sig_handler
);
414 signal(SIGTERM
, lxc_monitord_sig_handler
);
416 if (sigsetjmp(mark
, 1) != 0)
421 memset(&monitor
, 0, sizeof(monitor
));
422 monitor
.lxcpath
= lxcpath
;
423 if (lxc_mainloop_open(&monitor
.descr
)) {
424 ERROR("Failed to create mainloop");
427 mainloop_opened
= true;
429 if (lxc_monitord_create(&monitor
))
431 monitord_created
= true;
434 /* sync with parent, we're ignoring the return from write
435 * because regardless if it works or not, the following
436 * close will sync us with the parent process. the
437 * if-empty-statement construct is to quiet the
438 * warn-unused-result warning.
440 if (lxc_write_nointr(pipefd
, "S", 1))
445 if (lxc_monitord_mainloop_add(&monitor
)) {
446 ERROR("Failed to add mainloop handlers");
450 NOTICE("lxc-monitord with pid %d is now monitoring lxcpath %s",
451 lxc_raw_getpid(), monitor
.lxcpath
);
454 ret
= lxc_mainloop(&monitor
.descr
, persistent
? -1 : 1000 * 30);
456 ERROR("mainloop returned an error");
460 if (monitor
.clientfds_cnt
<= 0) {
461 NOTICE("No remaining clients. lxc-monitord is exiting");
465 if (quit
== LXC_MAINLOOP_CLOSE
) {
466 NOTICE("Got quit command. lxc-monitord is exiting");
475 if (monitord_created
)
476 lxc_monitord_cleanup();
479 lxc_mainloop_close(&monitor
.descr
);