]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/commands.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
start: cleanup namespace handling
[mirror_lxc.git] / src / lxc / commands.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #include "config.h"
25
26 #include <caps.h>
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <malloc.h>
30 #include <poll.h>
31 #include <signal.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/un.h>
38
39 #include "af_unix.h"
40 #include "cgroup.h"
41 #include "commands.h"
42 #include "commands_utils.h"
43 #include "conf.h"
44 #include "confile.h"
45 #include "console.h"
46 #include "log.h"
47 #include "lxc.h"
48 #include "lxclock.h"
49 #include "mainloop.h"
50 #include "monitor.h"
51 #include "start.h"
52 #include "utils.h"
53
54 /*
55 * This file provides the different functions for clients to query/command the
56 * server. The client is typically some lxc tool and the server is typically the
57 * container (ie. lxc-start).
58 *
59 * Each command is transactional, the clients send a request to the server and
60 * the server answers the request with a message giving the request's status
61 * (zero or a negative errno value). Both the request and response may contain
62 * additional data.
63 *
64 * Each command is wrapped in a ancillary message in order to pass a credential
65 * making possible to the server to check if the client is allowed to ask for
66 * this command or not.
67 *
68 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
69 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
70 * information to the end of cmd.data, then you must introduce a new
71 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
72 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
73 *
74 * This is necessary in order to avoid having a newly compiled lxc command
75 * communicating with a running (old) monitor from crashing the running
76 * container.
77 */
78
79 lxc_log_define(lxc_commands, lxc);
80
81 static const char *lxc_cmd_str(lxc_cmd_t cmd)
82 {
83 static const char *const cmdname[LXC_CMD_MAX] = {
84 [LXC_CMD_CONSOLE] = "console",
85 [LXC_CMD_CONSOLE_WINCH] = "console_winch",
86 [LXC_CMD_STOP] = "stop",
87 [LXC_CMD_GET_STATE] = "get_state",
88 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
89 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
90 [LXC_CMD_GET_CGROUP] = "get_cgroup",
91 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
92 [LXC_CMD_GET_NAME] = "get_name",
93 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
94 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
95 [LXC_CMD_CONSOLE_LOG] = "console_log",
96 [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
97 };
98
99 if (cmd >= LXC_CMD_MAX)
100 return "Unknown cmd";
101
102 return cmdname[cmd];
103 }
104
105 /*
106 * lxc_cmd_rsp_recv: Receive a response to a command
107 *
108 * @sock : the socket connected to the container
109 * @cmd : command to put response in
110 *
111 * Returns the size of the response message or < 0 on failure
112 *
113 * Note that if the command response datalen > 0, then data is
114 * a malloc()ed buffer and should be free()ed by the caller. If
115 * the response data is <= a void * worth of data, it will be
116 * stored directly in data and datalen will be 0.
117 *
118 * As a special case, the response for LXC_CMD_CONSOLE is created
119 * here as it contains an fd for the master pty passed through the
120 * unix socket.
121 */
122 static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
123 {
124 int ret, rspfd;
125 struct lxc_cmd_rsp *rsp = &cmd->rsp;
126
127 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
128 if (ret < 0) {
129 WARN("%s - Failed to receive response for command \"%s\"",
130 strerror(errno), lxc_cmd_str(cmd->req.cmd));
131 if (errno == ECONNRESET)
132 return -ECONNRESET;
133
134 return -1;
135 }
136 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
137
138 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
139 struct lxc_cmd_console_rsp_data *rspdata;
140
141 /* recv() returns 0 bytes when a tty cannot be allocated,
142 * rsp->ret is < 0 when the peer permission check failed
143 */
144 if (ret == 0 || rsp->ret < 0)
145 return 0;
146
147 rspdata = malloc(sizeof(*rspdata));
148 if (!rspdata) {
149 ERROR("Failed to allocate response buffer for command \"%s\"",
150 lxc_cmd_str(cmd->req.cmd));
151 return -ENOMEM;
152 }
153 rspdata->masterfd = rspfd;
154 rspdata->ttynum = PTR_TO_INT(rsp->data);
155 rsp->data = rspdata;
156 }
157
158 if (rsp->datalen == 0) {
159 DEBUG("Response data length for command \"%s\" is 0",
160 lxc_cmd_str(cmd->req.cmd));
161 return ret;
162 }
163
164 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
165 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
166 errno = EFBIG;
167 ERROR("%s - Response data for command \"%s\" is too long: %d "
168 "bytes > %d", strerror(errno), lxc_cmd_str(cmd->req.cmd),
169 rsp->datalen, LXC_CMD_DATA_MAX);
170 return -EFBIG;
171 }
172
173 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
174 rsp->data = malloc(rsp->datalen + 1);
175 ((char *)rsp->data)[rsp->datalen] = '\0';
176 } else {
177 rsp->data = malloc(rsp->datalen);
178 }
179 if (!rsp->data) {
180 errno = ENOMEM;
181 ERROR("%s - Failed to allocate response buffer for command "
182 "\"%s\"", strerror(errno), lxc_cmd_str(cmd->req.cmd));
183 return -ENOMEM;
184 }
185
186 ret = recv(sock, rsp->data, rsp->datalen, 0);
187 if (ret != rsp->datalen) {
188 ERROR("%s - Failed to receive response data for command \"%s\"",
189 lxc_cmd_str(cmd->req.cmd), strerror(errno));
190 if (ret >= 0)
191 ret = -1;
192 }
193
194 return ret;
195 }
196
197 /*
198 * lxc_cmd_rsp_send: Send a command response
199 *
200 * @fd : file descriptor of socket to send response on
201 * @rsp : response to send
202 *
203 * Returns 0 on success, < 0 on failure
204 */
205 static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
206 {
207 ssize_t ret;
208
209 ret = send(fd, rsp, sizeof(*rsp), 0);
210 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
211 ERROR("%s - Failed to send command response %zd",
212 strerror(errno), ret);
213 return -1;
214 }
215
216 if (rsp->datalen <= 0)
217 return 0;
218
219 ret = send(fd, rsp->data, rsp->datalen, 0);
220 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
221 WARN("%s - Failed to send command response data %zd",
222 strerror(errno), ret);
223 return -1;
224 }
225
226 return 0;
227 }
228
229 static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
230 const char *lxcpath, const char *hashed_sock_name)
231 {
232 int client_fd;
233 ssize_t ret = -1;
234
235 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
236 if (client_fd < 0) {
237 if (client_fd == -ECONNREFUSED)
238 return -ECONNREFUSED;
239
240 return -1;
241 }
242
243 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
244 sizeof(cmd->req));
245 if (ret < 0 || (size_t)ret != sizeof(cmd->req)) {
246 close(client_fd);
247
248 if (errno == EPIPE)
249 return -EPIPE;
250
251 if (ret >= 0)
252 return -EMSGSIZE;
253
254 return -1;
255 }
256
257 if (cmd->req.datalen <= 0)
258 return client_fd;
259
260 ret = send(client_fd, cmd->req.data, cmd->req.datalen, MSG_NOSIGNAL);
261 if (ret < 0 || ret != (ssize_t)cmd->req.datalen) {
262 close(client_fd);
263
264 if (errno == EPIPE)
265 return -EPIPE;
266
267 if (ret >= 0)
268 return -EMSGSIZE;
269
270 return -1;
271 }
272
273 return client_fd;
274 }
275
276 /*
277 * lxc_cmd: Connect to the specified running container, send it a command
278 * request and collect the response
279 *
280 * @name : name of container to connect to
281 * @cmd : command with initialized request to send
282 * @stopped : output indicator if the container was not running
283 * @lxcpath : the lxcpath in which the container is running
284 *
285 * Returns the size of the response message on success, < 0 on failure
286 *
287 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
288 * the fd cannot be closed because it is used as a placeholder to indicate
289 * that a particular tty slot is in use. The fd is also used as a signal to
290 * the container that when the caller dies or closes the fd, the container
291 * will notice the fd on its side of the socket in its mainloop select and
292 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
293 * returned in the cmd response structure.
294 */
295 static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
296 const char *lxcpath, const char *hashed_sock_name)
297 {
298 int client_fd;
299 int ret = -1;
300 bool stay_connected = false;
301
302 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
303 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
304 stay_connected = true;
305
306 *stopped = 0;
307
308 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
309 if (client_fd < 0) {
310 TRACE("%s - Command \"%s\" failed to connect command socket",
311 strerror(errno), lxc_cmd_str(cmd->req.cmd));
312 if (client_fd == -ECONNREFUSED) {
313 *stopped = 1;
314 return -1;
315 }
316
317 if (client_fd == -EPIPE)
318 goto epipe;
319
320 goto out;
321 }
322
323 ret = lxc_cmd_rsp_recv(client_fd, cmd);
324 if (ret == -ECONNRESET)
325 *stopped = 1;
326 out:
327 if (!stay_connected || ret <= 0)
328 if (client_fd >= 0)
329 close(client_fd);
330
331 if (stay_connected && ret > 0)
332 cmd->rsp.ret = client_fd;
333
334 return ret;
335
336 epipe:
337 *stopped = 1;
338 return 0;
339 }
340
341 int lxc_try_cmd(const char *name, const char *lxcpath)
342 {
343 int stopped, ret;
344 struct lxc_cmd_rr cmd = {
345 .req = { .cmd = LXC_CMD_GET_INIT_PID },
346 };
347
348 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
349 if (stopped)
350 return 0;
351 if (ret > 0 && cmd.rsp.ret < 0) {
352 errno = cmd.rsp.ret;
353 return -1;
354 }
355 if (ret > 0)
356 return 0;
357
358 /* At this point we weren't denied access, and the container *was*
359 * started. There was some inexplicable error in the protocol. I'm not
360 * clear on whether we should return -1 here, but we didn't receive a
361 * -EACCES, so technically it's not that we're not allowed to control
362 * the container - it's just not behaving.
363 */
364 return 0;
365 }
366
367 /* Implentations of the commands and their callbacks */
368
369 /*
370 * lxc_cmd_get_init_pid: Get pid of the container's init process
371 *
372 * @name : name of container to connect to
373 * @lxcpath : the lxcpath in which the container is running
374 *
375 * Returns the pid on success, < 0 on failure
376 */
377 pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
378 {
379 int ret, stopped;
380 struct lxc_cmd_rr cmd = {
381 .req = { .cmd = LXC_CMD_GET_INIT_PID },
382 };
383
384 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
385 if (ret < 0)
386 return ret;
387
388 return PTR_TO_INT(cmd.rsp.data);
389 }
390
391 static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
392 struct lxc_handler *handler)
393 {
394 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->pid) };
395
396 return lxc_cmd_rsp_send(fd, &rsp);
397 }
398
399 /*
400 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
401 *
402 * @name : name of container to connect to
403 * @lxcpath : the lxcpath in which the container is running
404 *
405 * Returns the clone flags on success, < 0 on failure
406 */
407 int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
408 {
409 int ret, stopped;
410 struct lxc_cmd_rr cmd = {
411 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
412 };
413
414 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
415 if (ret < 0)
416 return ret;
417
418 return PTR_TO_INT(cmd.rsp.data);
419 }
420
421 static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
422 struct lxc_handler *handler)
423 {
424 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->ns_clone_flags) };
425
426 return lxc_cmd_rsp_send(fd, &rsp);
427 }
428
429 /*
430 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
431 * particular subsystem. This is the cgroup path relative to the root
432 * of the cgroup filesystem.
433 *
434 * @name : name of container to connect to
435 * @lxcpath : the lxcpath in which the container is running
436 * @subsystem : the subsystem being asked about
437 *
438 * Returns the path on success, NULL on failure. The caller must free() the
439 * returned path.
440 */
441 char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
442 const char *subsystem)
443 {
444 int ret, stopped;
445 struct lxc_cmd_rr cmd = {
446 .req = {
447 .cmd = LXC_CMD_GET_CGROUP,
448 .data = subsystem,
449 .datalen = 0,
450 },
451 };
452
453 cmd.req.data = subsystem;
454 cmd.req.datalen = 0;
455 if (subsystem)
456 cmd.req.datalen = strlen(subsystem) + 1;
457
458 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
459 if (ret < 0)
460 return NULL;
461
462 if (ret == 0)
463 return NULL;
464
465 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
466 return NULL;
467
468 return cmd.rsp.data;
469 }
470
471 static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
472 struct lxc_handler *handler)
473 {
474 const char *path;
475 struct lxc_cmd_rsp rsp;
476
477 if (req->datalen > 0)
478 path = cgroup_get_cgroup(handler, req->data);
479 else
480 path = cgroup_get_cgroup(handler, NULL);
481 if (!path)
482 return -1;
483
484 rsp.ret = 0;
485 rsp.datalen = strlen(path) + 1;
486 rsp.data = (char *)path;
487
488 return lxc_cmd_rsp_send(fd, &rsp);
489 }
490
491 /*
492 * lxc_cmd_get_config_item: Get config item the running container
493 *
494 * @name : name of container to connect to
495 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
496 * @lxcpath : the lxcpath in which the container is running
497 *
498 * Returns the item on success, NULL on failure. The caller must free() the
499 * returned item.
500 */
501 char *lxc_cmd_get_config_item(const char *name, const char *item,
502 const char *lxcpath)
503 {
504 int ret, stopped;
505 struct lxc_cmd_rr cmd = {
506 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
507 .data = item,
508 .datalen = strlen(item) + 1,
509 },
510 };
511
512 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
513 if (ret < 0)
514 return NULL;
515
516 if (cmd.rsp.ret == 0)
517 return cmd.rsp.data;
518
519 return NULL;
520 }
521
522 static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
523 struct lxc_handler *handler)
524 {
525 int cilen;
526 char *cidata;
527 struct lxc_config_t *item;
528 struct lxc_cmd_rsp rsp;
529
530 memset(&rsp, 0, sizeof(rsp));
531 item = lxc_get_config(req->data);
532 if (!item)
533 goto err1;
534
535 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
536 if (cilen <= 0)
537 goto err1;
538
539 cidata = alloca(cilen + 1);
540 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
541 goto err1;
542
543 cidata[cilen] = '\0';
544 rsp.data = cidata;
545 rsp.datalen = cilen + 1;
546 rsp.ret = 0;
547 goto out;
548
549 err1:
550 rsp.ret = -1;
551 out:
552 return lxc_cmd_rsp_send(fd, &rsp);
553 }
554
555 /*
556 * lxc_cmd_get_state: Get current state of the container
557 *
558 * @name : name of container to connect to
559 * @lxcpath : the lxcpath in which the container is running
560 *
561 * Returns the state on success, < 0 on failure
562 */
563 int lxc_cmd_get_state(const char *name, const char *lxcpath)
564 {
565 int ret, stopped;
566 struct lxc_cmd_rr cmd = {
567 .req = { .cmd = LXC_CMD_GET_STATE }
568 };
569
570 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
571 if (ret < 0 && stopped)
572 return STOPPED;
573
574 if (ret < 0)
575 return -1;
576
577 if (!ret) {
578 WARN("Container \"%s\" has stopped before sending its state", name);
579 return -1;
580 }
581
582 DEBUG("Container \"%s\" is in \"%s\" state", name,
583 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
584
585 return PTR_TO_INT(cmd.rsp.data);
586 }
587
588 static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
589 struct lxc_handler *handler)
590 {
591 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
592
593 return lxc_cmd_rsp_send(fd, &rsp);
594 }
595
596 /*
597 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
598 * the processes running inside this container will be killed.
599 *
600 * @name : name of container to connect to
601 * @lxcpath : the lxcpath in which the container is running
602 *
603 * Returns 0 on success, < 0 on failure
604 */
605 int lxc_cmd_stop(const char *name, const char *lxcpath)
606 {
607 int ret, stopped;
608 struct lxc_cmd_rr cmd = {
609 .req = { .cmd = LXC_CMD_STOP },
610 };
611
612 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
613 if (ret < 0) {
614 if (stopped) {
615 INFO("Container \"%s\" is already stopped", name);
616 return 0;
617 }
618
619 return -1;
620 }
621
622 /* We do not expect any answer, because we wait for the connection to be
623 * closed.
624 */
625 if (ret > 0) {
626 ERROR("%s - Failed to stop container \"%s\"",
627 strerror(-cmd.rsp.ret), name);
628 return -1;
629 }
630
631 INFO("Container \"%s\" has stopped", name);
632 return 0;
633 }
634
635 static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
636 struct lxc_handler *handler)
637 {
638 struct lxc_cmd_rsp rsp;
639 int stopsignal = SIGKILL;
640
641 if (handler->conf->stopsignal)
642 stopsignal = handler->conf->stopsignal;
643 memset(&rsp, 0, sizeof(rsp));
644 rsp.ret = kill(handler->pid, stopsignal);
645 if (!rsp.ret) {
646 /* We can't just use lxc_unfreeze() since we are already in the
647 * context of handling the STOP cmd in lxc-start, and calling
648 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
649 * deadlock us.
650 */
651 if (cgroup_unfreeze(handler))
652 return 0;
653
654 ERROR("Failed to unfreeze container \"%s\"", handler->name);
655 rsp.ret = -1;
656 }
657
658 return lxc_cmd_rsp_send(fd, &rsp);
659 }
660
661 /*
662 * lxc_cmd_console_winch: To process as if a SIGWINCH were received
663 *
664 * @name : name of container to connect to
665 * @lxcpath : the lxcpath in which the container is running
666 *
667 * Returns 0 on success, < 0 on failure
668 */
669 int lxc_cmd_console_winch(const char *name, const char *lxcpath)
670 {
671 int ret, stopped;
672 struct lxc_cmd_rr cmd = {
673 .req = { .cmd = LXC_CMD_CONSOLE_WINCH },
674 };
675
676 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
677 if (ret < 0)
678 return ret;
679
680 return 0;
681 }
682
683 static int lxc_cmd_console_winch_callback(int fd, struct lxc_cmd_req *req,
684 struct lxc_handler *handler)
685 {
686 struct lxc_cmd_rsp rsp = { .data = 0 };
687
688 lxc_console_sigwinch(SIGWINCH);
689
690 return lxc_cmd_rsp_send(fd, &rsp);
691 }
692
693 /*
694 * lxc_cmd_console: Open an fd to a tty in the container
695 *
696 * @name : name of container to connect to
697 * @ttynum : in: the tty to open or -1 for next available
698 * : out: the tty allocated
699 * @fd : out: file descriptor for master side of pty
700 * @lxcpath : the lxcpath in which the container is running
701 *
702 * Returns fd holding tty allocated on success, < 0 on failure
703 */
704 int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
705 {
706 int ret, stopped;
707 struct lxc_cmd_console_rsp_data *rspdata;
708 struct lxc_cmd_rr cmd = {
709 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
710 };
711
712 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
713 if (ret < 0)
714 return ret;
715
716 if (cmd.rsp.ret < 0) {
717 ERROR("%s - Denied access to tty", strerror(-cmd.rsp.ret));
718 ret = -1;
719 goto out;
720 }
721
722 if (ret == 0) {
723 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
724 ret = -1;
725 goto out;
726 }
727
728 rspdata = cmd.rsp.data;
729 if (rspdata->masterfd < 0) {
730 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
731 goto out;
732 }
733
734 ret = cmd.rsp.ret; /* socket fd */
735 *fd = rspdata->masterfd;
736 *ttynum = rspdata->ttynum;
737 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
738
739 out:
740 free(cmd.rsp.data);
741 return ret;
742 }
743
744 static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
745 struct lxc_handler *handler)
746 {
747 int masterfd, ret;
748 struct lxc_cmd_rsp rsp;
749 int ttynum = PTR_TO_INT(req->data);
750
751 masterfd = lxc_console_allocate(handler->conf, fd, &ttynum);
752 if (masterfd < 0)
753 goto out_close;
754
755 memset(&rsp, 0, sizeof(rsp));
756 rsp.data = INT_TO_PTR(ttynum);
757 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
758 if (ret < 0) {
759 ERROR("Failed to send tty to client");
760 lxc_console_free(handler->conf, fd);
761 goto out_close;
762 }
763
764 return 0;
765
766 out_close:
767 /* Special indicator to lxc_cmd_handler() to close the fd and do
768 * related cleanup.
769 */
770 return 1;
771 }
772
773 /*
774 * lxc_cmd_get_name: Returns the name of the container
775 *
776 * @hashed_sock_name: hashed socket name
777 *
778 * Returns the name on success, NULL on failure.
779 */
780 char *lxc_cmd_get_name(const char *hashed_sock_name)
781 {
782 int ret, stopped;
783 struct lxc_cmd_rr cmd = {
784 .req = { .cmd = LXC_CMD_GET_NAME},
785 };
786
787 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
788 if (ret < 0)
789 return NULL;
790
791 if (cmd.rsp.ret == 0)
792 return cmd.rsp.data;
793
794 return NULL;
795 }
796
797 static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
798 struct lxc_handler *handler)
799 {
800 struct lxc_cmd_rsp rsp;
801
802 memset(&rsp, 0, sizeof(rsp));
803
804 rsp.data = (char *)handler->name;
805 rsp.datalen = strlen(handler->name) + 1;
806 rsp.ret = 0;
807
808 return lxc_cmd_rsp_send(fd, &rsp);
809 }
810
811 /*
812 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
813 *
814 * @hashed_sock_name: hashed socket name
815 *
816 * Returns the lxcpath on success, NULL on failure.
817 */
818 char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
819 {
820 int ret, stopped;
821 struct lxc_cmd_rr cmd = {
822 .req = { .cmd = LXC_CMD_GET_LXCPATH},
823 };
824
825 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
826 if (ret < 0)
827 return NULL;
828
829 if (cmd.rsp.ret == 0)
830 return cmd.rsp.data;
831
832 return NULL;
833 }
834
835 static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
836 struct lxc_handler *handler)
837 {
838 struct lxc_cmd_rsp rsp;
839
840 memset(&rsp, 0, sizeof(rsp));
841
842 rsp.ret = 0;
843 rsp.data = (char *)handler->lxcpath;
844 rsp.datalen = strlen(handler->lxcpath) + 1;
845
846 return lxc_cmd_rsp_send(fd, &rsp);
847 }
848
849 int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
850 lxc_state_t states[MAX_STATE],
851 int *state_client_fd)
852 {
853 int state, stopped;
854 ssize_t ret;
855 struct lxc_cmd_rr cmd = {
856 .req = {
857 .cmd = LXC_CMD_ADD_STATE_CLIENT,
858 .data = states,
859 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
860 },
861 };
862
863 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
864 if (states[STOPPED] != 0 && stopped != 0)
865 return STOPPED;
866
867 if (ret < 0) {
868 if (errno != ECONNREFUSED)
869 ERROR("%s - Failed to execute command", strerror(errno));
870 return -1;
871 }
872
873 /* We should now be guaranteed to get an answer from the state sending
874 * function.
875 */
876 if (cmd.rsp.ret < 0) {
877 ERROR("%s - Failed to receive socket fd", strerror(-cmd.rsp.ret));
878 return -1;
879 }
880
881 state = PTR_TO_INT(cmd.rsp.data);
882 if (state < MAX_STATE) {
883 TRACE("Container is already in requested state %s", lxc_state2str(state));
884 close(cmd.rsp.ret);
885 return state;
886 }
887
888 *state_client_fd = cmd.rsp.ret;
889 TRACE("Added state client %d to state client list", cmd.rsp.ret);
890 return MAX_STATE;
891 }
892
893 static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
894 struct lxc_handler *handler)
895 {
896 int ret;
897 struct lxc_cmd_rsp rsp = {0};
898
899 if (req->datalen < 0)
900 goto reap_client_fd;
901
902 if (req->datalen > (sizeof(lxc_state_t) * MAX_STATE))
903 goto reap_client_fd;
904
905 if (!req->data)
906 goto reap_client_fd;
907
908 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
909 if (rsp.ret < 0)
910 goto reap_client_fd;
911
912 rsp.data = INT_TO_PTR(rsp.ret);
913
914 ret = lxc_cmd_rsp_send(fd, &rsp);
915 if (ret < 0)
916 goto reap_client_fd;
917
918 return 0;
919
920 reap_client_fd:
921 /* Special indicator to lxc_cmd_handler() to close the fd and do related
922 * cleanup.
923 */
924 return 1;
925 }
926
927 int lxc_cmd_console_log(const char *name, const char *lxcpath,
928 struct lxc_console_log *log)
929 {
930 int ret, stopped;
931 struct lxc_cmd_console_log data;
932 struct lxc_cmd_rr cmd;
933
934 data.clear = log->clear;
935 data.read = log->read;
936 data.read_max = *log->read_max;
937 data.write_logfile = log->write_logfile;
938
939 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
940 cmd.req.data = &data;
941 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
942
943 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
944 if (ret < 0)
945 return ret;
946
947 /* There is nothing to be read from the buffer. So clear any values we
948 * where passed to clearly indicate to the user that nothing went wrong.
949 */
950 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
951 *log->read_max = 0;
952 log->data = NULL;
953 }
954
955 /* This is a proper error so don't touch any values we were passed. */
956 if (cmd.rsp.ret < 0)
957 return cmd.rsp.ret;
958
959 *log->read_max = cmd.rsp.datalen;
960 log->data = cmd.rsp.data;
961
962 return 0;
963 }
964
965 static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
966 struct lxc_handler *handler)
967 {
968 struct lxc_cmd_rsp rsp;
969 uint64_t buffer_size = handler->conf->console.buffer_size;
970 const struct lxc_cmd_console_log *log = req->data;
971 struct lxc_console *console = &handler->conf->console;
972 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
973
974 rsp.ret = -EFAULT;
975 rsp.datalen = 0;
976 rsp.data = NULL;
977 if (buffer_size <= 0)
978 goto out;
979
980 if (log->read || log->write_logfile)
981 rsp.datalen = lxc_ringbuf_used(buf);
982
983 if (log->read)
984 rsp.data = lxc_ringbuf_get_read_addr(buf);
985
986 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
987 rsp.datalen = log->read_max;
988
989 /* there's nothing to read */
990 rsp.ret = -ENODATA;
991 if (log->read && (buf->r_off == buf->w_off))
992 goto out;
993
994 if (log->write_logfile && rsp.datalen > 0) {
995 rsp.ret = -ENOENT;
996 if (!console->buffer_log_file)
997 goto out;
998
999 rsp.ret = lxc_console_write_ringbuffer(console);
1000 if (rsp.ret < 0)
1001 goto out;
1002 }
1003
1004 rsp.ret = 0;
1005 if (log->clear) {
1006 int ret;
1007 size_t len;
1008 char *tmp;
1009
1010 /* clear the ringbuffer */
1011 lxc_ringbuf_clear(buf);
1012
1013 /* truncate the ringbuffer log file */
1014 if (console->buffer_log_file) {
1015 rsp.ret = -ENOENT;
1016 if (!file_exists(console->buffer_log_file))
1017 goto out;
1018
1019 /* be very certain things are kosher */
1020 rsp.ret = -EBADF;
1021 if (console->buffer_log_file_fd < 0)
1022 goto out;
1023
1024 rsp.ret = lxc_unpriv(ftruncate(console->buffer_log_file_fd, 0));
1025 if (rsp.ret < 0) {
1026 ERROR("%s - Failed to truncate console "
1027 "ringbuffer log file \"%s\"",
1028 strerror(errno), console->buffer_log_file);
1029 goto out;
1030 }
1031 }
1032
1033 /* rotate the console log file */
1034 if (!console->log_path || console->log_rotate == 0)
1035 goto out;
1036
1037 /* be very certain things are kosher */
1038 rsp.ret = -EBADF;
1039 if (console->log_fd < 0)
1040 goto out;
1041
1042 len = strlen(console->log_path) + sizeof(".1");
1043 tmp = alloca(len);
1044
1045 rsp.ret = -EFBIG;
1046 ret = snprintf(tmp, len, "%s.1", console->log_path);
1047 if (ret < 0 || (size_t)ret >= len)
1048 goto out;
1049
1050 close(console->log_fd);
1051 console->log_fd = -1;
1052 rsp.ret = lxc_unpriv(rename(console->log_path, tmp));
1053 if (rsp.ret < 0)
1054 goto out;
1055
1056 rsp.ret = lxc_console_create_log_file(console);
1057 } else if (rsp.datalen > 0) {
1058 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
1059 }
1060
1061 out:
1062 return lxc_cmd_rsp_send(fd, &rsp);
1063 }
1064
1065 int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
1066 lxc_state_t state)
1067 {
1068 int stopped;
1069 ssize_t ret;
1070 struct lxc_cmd_rr cmd = {
1071 .req = {
1072 .cmd = LXC_CMD_SERVE_STATE_CLIENTS,
1073 .data = INT_TO_PTR(state)
1074 },
1075 };
1076
1077 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
1078 if (ret < 0) {
1079 ERROR("%s - Failed to execute command", strerror(errno));
1080 return -1;
1081 }
1082
1083 return 0;
1084 }
1085
1086 static int lxc_cmd_serve_state_clients_callback(int fd, struct lxc_cmd_req *req,
1087 struct lxc_handler *handler)
1088 {
1089 int ret;
1090 lxc_state_t state = PTR_TO_INT(req->data);
1091 struct lxc_cmd_rsp rsp = {0};
1092
1093 ret = lxc_serve_state_clients(handler->name, handler, state);
1094 if (ret < 0)
1095 goto reap_client_fd;
1096
1097 ret = lxc_cmd_rsp_send(fd, &rsp);
1098 if (ret < 0)
1099 goto reap_client_fd;
1100
1101 return 0;
1102
1103 reap_client_fd:
1104 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1105 * cleanup.
1106 */
1107 return 1;
1108 }
1109
1110 static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
1111 struct lxc_handler *handler)
1112 {
1113 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1114
1115 callback cb[LXC_CMD_MAX] = {
1116 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
1117 [LXC_CMD_CONSOLE_WINCH] = lxc_cmd_console_winch_callback,
1118 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1119 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1120 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1121 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1122 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1123 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1124 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1125 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1126 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
1127 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
1128 [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
1129 };
1130
1131 if (req->cmd >= LXC_CMD_MAX) {
1132 ERROR("Undefined command id %d", req->cmd);
1133 return -1;
1134 }
1135 return cb[req->cmd](fd, req, handler);
1136 }
1137
1138 static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
1139 struct lxc_epoll_descr *descr,
1140 const lxc_cmd_t cmd)
1141 {
1142 struct lxc_state_client *client;
1143 struct lxc_list *cur, *next;
1144
1145 lxc_console_free(handler->conf, fd);
1146 lxc_mainloop_del_handler(descr, fd);
1147 if (cmd != LXC_CMD_ADD_STATE_CLIENT) {
1148 close(fd);
1149 return;
1150 }
1151
1152 process_lock();
1153 lxc_list_for_each_safe(cur, &handler->conf->state_clients, next) {
1154 client = cur->elem;
1155 if (client->clientfd != fd)
1156 continue;
1157
1158 /* kick client from list */
1159 lxc_list_del(cur);
1160 close(client->clientfd);
1161 free(cur->elem);
1162 free(cur);
1163 /* No need to walk the whole list. If we found the state client
1164 * fd there can't be a second one.
1165 */
1166 break;
1167 }
1168 process_unlock();
1169 }
1170
1171 static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1172 struct lxc_epoll_descr *descr)
1173 {
1174 int ret;
1175 struct lxc_cmd_req req;
1176 void *reqdata = NULL;
1177 struct lxc_handler *handler = data;
1178
1179 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
1180 if (ret == -EACCES) {
1181 /* We don't care for the peer, just send and close. */
1182 struct lxc_cmd_rsp rsp = {.ret = ret};
1183
1184 lxc_cmd_rsp_send(fd, &rsp);
1185 goto out_close;
1186 }
1187
1188 if (ret < 0) {
1189 SYSERROR("Failed to receive data on command socket for command "
1190 "\"%s\"", lxc_cmd_str(req.cmd));
1191 goto out_close;
1192 }
1193
1194 if (ret == 0)
1195 goto out_close;
1196
1197 if (ret != sizeof(req)) {
1198 WARN("Failed to receive full command request. Ignoring request "
1199 "for \"%s\"", lxc_cmd_str(req.cmd));
1200 ret = -1;
1201 goto out_close;
1202 }
1203
1204 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1205 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
1206 ERROR("Received command data length %d is too large for "
1207 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1208 errno = EFBIG;
1209 ret = -EFBIG;
1210 goto out_close;
1211 }
1212
1213 if (req.datalen > 0) {
1214 /* LXC_CMD_CONSOLE_LOG needs to be able to allocate data
1215 * that exceeds LXC_CMD_DATA_MAX: use malloc() for that.
1216 */
1217 if (req.cmd == LXC_CMD_CONSOLE_LOG)
1218 reqdata = malloc(req.datalen);
1219 else
1220 reqdata = alloca(req.datalen);
1221 if (!reqdata) {
1222 ERROR("Failed to allocate memory for \"%s\" command",
1223 lxc_cmd_str(req.cmd));
1224 errno = ENOMEM;
1225 ret = -ENOMEM;
1226 goto out_close;
1227 }
1228
1229 ret = recv(fd, reqdata, req.datalen, 0);
1230 if (ret != req.datalen) {
1231 WARN("Failed to receive full command request. Ignoring "
1232 "request for \"%s\"", lxc_cmd_str(req.cmd));
1233 ret = -1;
1234 goto out_close;
1235 }
1236
1237 req.data = reqdata;
1238 }
1239
1240 ret = lxc_cmd_process(fd, &req, handler);
1241 if (ret) {
1242 /* This is not an error, but only a request to close fd. */
1243 ret = 0;
1244 goto out_close;
1245 }
1246
1247 out:
1248 if (req.cmd == LXC_CMD_CONSOLE_LOG && reqdata)
1249 free(reqdata);
1250
1251 return ret;
1252
1253 out_close:
1254 lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);
1255 goto out;
1256 }
1257
1258 static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1259 struct lxc_epoll_descr *descr)
1260 {
1261 int connection;
1262 int opt = 1, ret = -1;
1263
1264 connection = accept(fd, NULL, 0);
1265 if (connection < 0) {
1266 SYSERROR("Failed to accept connection to run command.");
1267 return -1;
1268 }
1269
1270 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1271 if (ret < 0) {
1272 SYSERROR("Failed to set close-on-exec on incoming command connection");
1273 goto out_close;
1274 }
1275
1276 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1277 if (ret < 0) {
1278 SYSERROR("Failed to enable necessary credentials on command socket");
1279 goto out_close;
1280 }
1281
1282 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
1283 if (ret) {
1284 ERROR("Failed to add command handler");
1285 goto out_close;
1286 }
1287
1288 out:
1289 return ret;
1290
1291 out_close:
1292 close(connection);
1293 goto out;
1294 }
1295
1296 int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
1297 {
1298 int fd, len, ret;
1299 char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = {0};
1300 char *offset = &path[1];
1301
1302 /* -2 here because this is an abstract unix socket so it needs a
1303 * leading \0, and we null terminate, so it needs a trailing \0.
1304 * Although null termination isn't required by the API, we do it anyway
1305 * because we print the sockname out sometimes.
1306 */
1307 len = sizeof(path) - 2;
1308 ret = lxc_make_abstract_socket_name(offset, len, name, lxcpath, NULL, suffix);
1309 if (ret < 0)
1310 return -1;
1311 TRACE("Creating abstract unix socket \"%s\"", offset);
1312
1313 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
1314 if (fd < 0) {
1315 ERROR("%s - Failed to create command socket %s",
1316 strerror(errno), offset);
1317 if (errno == EADDRINUSE)
1318 ERROR("Container \"%s\" appears to be already running", name);
1319 return -1;
1320 }
1321
1322 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1323 if (ret < 0) {
1324 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
1325 close(fd);
1326 return -1;
1327 }
1328
1329 return fd;
1330 }
1331
1332 int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
1333 struct lxc_handler *handler)
1334 {
1335 int ret;
1336 int fd = handler->conf->maincmd_fd;
1337
1338 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
1339 if (ret < 0) {
1340 ERROR("Failed to add handler for command socket");
1341 close(fd);
1342 }
1343
1344 return ret;
1345 }
LXC mirror