]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/commands.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
commands: remove stack allocations
[mirror_lxc.git] / src / lxc / commands.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #ifndef _GNU_SOURCE
25 #define _GNU_SOURCE 1
26 #endif
27 #include <caps.h>
28 #include <errno.h>
29 #include <fcntl.h>
30 #include <malloc.h>
31 #include <poll.h>
32 #include <signal.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/un.h>
38 #include <unistd.h>
39
40 #include "af_unix.h"
41 #include "cgroup.h"
42 #include "commands.h"
43 #include "commands_utils.h"
44 #include "conf.h"
45 #include "config.h"
46 #include "confile.h"
47 #include "log.h"
48 #include "lxc.h"
49 #include "lxclock.h"
50 #include "mainloop.h"
51 #include "memory_utils.h"
52 #include "monitor.h"
53 #include "start.h"
54 #include "terminal.h"
55 #include "utils.h"
56
57 /*
58 * This file provides the different functions for clients to query/command the
59 * server. The client is typically some lxc tool and the server is typically the
60 * container (ie. lxc-start).
61 *
62 * Each command is transactional, the clients send a request to the server and
63 * the server answers the request with a message giving the request's status
64 * (zero or a negative errno value). Both the request and response may contain
65 * additional data.
66 *
67 * Each command is wrapped in a ancillary message in order to pass a credential
68 * making possible to the server to check if the client is allowed to ask for
69 * this command or not.
70 *
71 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
72 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
73 * information to the end of cmd.data, then you must introduce a new
74 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
75 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
76 *
77 * This is necessary in order to avoid having a newly compiled lxc command
78 * communicating with a running (old) monitor from crashing the running
79 * container.
80 */
81
82 lxc_log_define(commands, lxc);
83
84 static const char *lxc_cmd_str(lxc_cmd_t cmd)
85 {
86 static const char *const cmdname[LXC_CMD_MAX] = {
87 [LXC_CMD_CONSOLE] = "console",
88 [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
89 [LXC_CMD_STOP] = "stop",
90 [LXC_CMD_GET_STATE] = "get_state",
91 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
92 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
93 [LXC_CMD_GET_CGROUP] = "get_cgroup",
94 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
95 [LXC_CMD_GET_NAME] = "get_name",
96 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
97 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
98 [LXC_CMD_CONSOLE_LOG] = "console_log",
99 [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
100 };
101
102 if (cmd >= LXC_CMD_MAX)
103 return "Invalid request";
104
105 return cmdname[cmd];
106 }
107
108 /*
109 * lxc_cmd_rsp_recv: Receive a response to a command
110 *
111 * @sock : the socket connected to the container
112 * @cmd : command to put response in
113 *
114 * Returns the size of the response message or < 0 on failure
115 *
116 * Note that if the command response datalen > 0, then data is
117 * a malloc()ed buffer and should be free()ed by the caller. If
118 * the response data is <= a void * worth of data, it will be
119 * stored directly in data and datalen will be 0.
120 *
121 * As a special case, the response for LXC_CMD_CONSOLE is created
122 * here as it contains an fd for the master pty passed through the
123 * unix socket.
124 */
125 static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
126 {
127 int ret, rspfd;
128 struct lxc_cmd_rsp *rsp = &cmd->rsp;
129
130 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
131 if (ret < 0) {
132 SYSWARN("Failed to receive response for command \"%s\"",
133 lxc_cmd_str(cmd->req.cmd));
134
135 if (errno == ECONNRESET)
136 return -1;
137
138 return -1;
139 }
140 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
141
142 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
143 struct lxc_cmd_console_rsp_data *rspdata;
144
145 /* recv() returns 0 bytes when a tty cannot be allocated,
146 * rsp->ret is < 0 when the peer permission check failed
147 */
148 if (ret == 0 || rsp->ret < 0)
149 return 0;
150
151 rspdata = malloc(sizeof(*rspdata));
152 if (!rspdata) {
153 errno = ENOMEM;
154 ERROR("Failed to allocate response buffer for command \"%s\"",
155 lxc_cmd_str(cmd->req.cmd));
156 return -1;
157 }
158
159 rspdata->masterfd = rspfd;
160 rspdata->ttynum = PTR_TO_INT(rsp->data);
161 rsp->data = rspdata;
162 }
163
164 if (rsp->datalen == 0) {
165 DEBUG("Response data length for command \"%s\" is 0",
166 lxc_cmd_str(cmd->req.cmd));
167 return ret;
168 }
169
170 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
171 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
172 ERROR("Response data for command \"%s\" is too long: %d bytes > %d",
173 lxc_cmd_str(cmd->req.cmd), rsp->datalen, LXC_CMD_DATA_MAX);
174 return -1;
175 }
176
177 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
178 rsp->data = malloc(rsp->datalen + 1);
179 ((char *)rsp->data)[rsp->datalen] = '\0';
180 } else {
181 rsp->data = malloc(rsp->datalen);
182 }
183 if (!rsp->data) {
184 errno = ENOMEM;
185 ERROR("Failed to allocate response buffer for command \"%s\"",
186 lxc_cmd_str(cmd->req.cmd));
187 return -1;
188 }
189
190 ret = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
191 if (ret != rsp->datalen) {
192 SYSERROR("Failed to receive response data for command \"%s\"",
193 lxc_cmd_str(cmd->req.cmd));
194 return -1;
195 }
196
197 return ret;
198 }
199
200 /*
201 * lxc_cmd_rsp_send: Send a command response
202 *
203 * @fd : file descriptor of socket to send response on
204 * @rsp : response to send
205 *
206 * Returns 0 on success, < 0 on failure
207 */
208 static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
209 {
210 ssize_t ret;
211
212 errno = EMSGSIZE;
213 ret = lxc_send_nointr(fd, rsp, sizeof(*rsp), MSG_NOSIGNAL);
214 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
215 SYSERROR("Failed to send command response %zd", ret);
216 return -1;
217 }
218
219 if (!rsp->data || rsp->datalen <= 0)
220 return 0;
221
222 errno = EMSGSIZE;
223 ret = lxc_send_nointr(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
224 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
225 SYSWARN("Failed to send command response data %zd", ret);
226 return -1;
227 }
228
229 return 0;
230 }
231
232 static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
233 const char *lxcpath, const char *hashed_sock_name)
234 {
235 int client_fd, saved_errno;
236 ssize_t ret = -1;
237
238 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
239 if (client_fd < 0)
240 return -1;
241
242 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
243 sizeof(cmd->req));
244 if (ret < 0 || (size_t)ret != sizeof(cmd->req))
245 goto on_error;
246
247 if (cmd->req.datalen <= 0)
248 return client_fd;
249
250 errno = EMSGSIZE;
251 ret = lxc_send_nointr(client_fd, (void *)cmd->req.data,
252 cmd->req.datalen, MSG_NOSIGNAL);
253 if (ret < 0 || ret != (ssize_t)cmd->req.datalen)
254 goto on_error;
255
256 return client_fd;
257
258 on_error:
259 saved_errno = errno;
260 close(client_fd);
261 errno = saved_errno;
262
263 return -1;
264 }
265
266 /*
267 * lxc_cmd: Connect to the specified running container, send it a command
268 * request and collect the response
269 *
270 * @name : name of container to connect to
271 * @cmd : command with initialized request to send
272 * @stopped : output indicator if the container was not running
273 * @lxcpath : the lxcpath in which the container is running
274 *
275 * Returns the size of the response message on success, < 0 on failure
276 *
277 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
278 * the fd cannot be closed because it is used as a placeholder to indicate
279 * that a particular tty slot is in use. The fd is also used as a signal to
280 * the container that when the caller dies or closes the fd, the container
281 * will notice the fd on its side of the socket in its mainloop select and
282 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
283 * returned in the cmd response structure.
284 */
285 static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
286 const char *lxcpath, const char *hashed_sock_name)
287 {
288 int client_fd, saved_errno;
289 int ret = -1;
290 bool stay_connected = false;
291
292 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
293 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
294 stay_connected = true;
295
296 *stopped = 0;
297
298 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
299 if (client_fd < 0) {
300 SYSTRACE("Command \"%s\" failed to connect command socket",
301 lxc_cmd_str(cmd->req.cmd));
302
303 if (errno == ECONNREFUSED || errno == EPIPE)
304 *stopped = 1;
305
306 return -1;
307 }
308
309 ret = lxc_cmd_rsp_recv(client_fd, cmd);
310 if (ret < 0 && errno == ECONNRESET)
311 *stopped = 1;
312
313 if (!stay_connected || ret <= 0) {
314 saved_errno = errno;
315 close(client_fd);
316 errno = saved_errno;
317 return ret;
318 }
319
320 if (stay_connected && ret > 0)
321 cmd->rsp.ret = client_fd;
322
323 return ret;
324 }
325
326 int lxc_try_cmd(const char *name, const char *lxcpath)
327 {
328 int stopped, ret;
329 struct lxc_cmd_rr cmd = {
330 .req = { .cmd = LXC_CMD_GET_INIT_PID },
331 };
332
333 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
334 if (stopped)
335 return 0;
336 if (ret > 0 && cmd.rsp.ret < 0) {
337 errno = cmd.rsp.ret;
338 return -1;
339 }
340 if (ret > 0)
341 return 0;
342
343 /* At this point we weren't denied access, and the container *was*
344 * started. There was some inexplicable error in the protocol. I'm not
345 * clear on whether we should return -1 here, but we didn't receive a
346 * -EACCES, so technically it's not that we're not allowed to control
347 * the container - it's just not behaving.
348 */
349 return 0;
350 }
351
352 /* Implementations of the commands and their callbacks */
353
354 /*
355 * lxc_cmd_get_init_pid: Get pid of the container's init process
356 *
357 * @name : name of container to connect to
358 * @lxcpath : the lxcpath in which the container is running
359 *
360 * Returns the pid on success, < 0 on failure
361 */
362 pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
363 {
364 int ret, stopped;
365 intmax_t pid;
366 struct lxc_cmd_rr cmd = {
367 .req = {
368 .cmd = LXC_CMD_GET_INIT_PID
369 },
370 .rsp = {
371 .data = INTMAX_TO_PTR((intmax_t){-1})
372 }
373 };
374
375 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
376 if (ret < 0)
377 return -1;
378
379 pid = PTR_TO_INTMAX(cmd.rsp.data);
380 if (pid < 0)
381 return -1;
382
383 /* We need to assume that pid_t can actually hold any pid given to us
384 * by the kernel. If it can't it's a libc bug.
385 */
386 return (pid_t)pid;
387 }
388
389 static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
390 struct lxc_handler *handler)
391 {
392 intmax_t pid = handler->pid;
393
394 struct lxc_cmd_rsp rsp = {
395 .data = INTMAX_TO_PTR(pid)
396 };
397
398 return lxc_cmd_rsp_send(fd, &rsp);
399 }
400
401 /*
402 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
403 *
404 * @name : name of container to connect to
405 * @lxcpath : the lxcpath in which the container is running
406 *
407 * Returns the clone flags on success, < 0 on failure
408 */
409 int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
410 {
411 int ret, stopped;
412 struct lxc_cmd_rr cmd = {
413 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
414 };
415
416 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
417 if (ret < 0)
418 return ret;
419
420 return PTR_TO_INT(cmd.rsp.data);
421 }
422
423 static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
424 struct lxc_handler *handler)
425 {
426 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->ns_clone_flags) };
427
428 return lxc_cmd_rsp_send(fd, &rsp);
429 }
430
431 /*
432 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
433 * particular subsystem. This is the cgroup path relative to the root
434 * of the cgroup filesystem.
435 *
436 * @name : name of container to connect to
437 * @lxcpath : the lxcpath in which the container is running
438 * @subsystem : the subsystem being asked about
439 *
440 * Returns the path on success, NULL on failure. The caller must free() the
441 * returned path.
442 */
443 char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
444 const char *subsystem)
445 {
446 int ret, stopped;
447 struct lxc_cmd_rr cmd = {
448 .req = {
449 .cmd = LXC_CMD_GET_CGROUP,
450 .data = subsystem,
451 .datalen = 0,
452 },
453 };
454
455 cmd.req.data = subsystem;
456 cmd.req.datalen = 0;
457 if (subsystem)
458 cmd.req.datalen = strlen(subsystem) + 1;
459
460 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
461 if (ret < 0)
462 return NULL;
463
464 if (ret == 0)
465 return NULL;
466
467 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
468 return NULL;
469
470 return cmd.rsp.data;
471 }
472
473 static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
474 struct lxc_handler *handler)
475 {
476 const char *path;
477 struct lxc_cmd_rsp rsp;
478 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
479
480 if (req->datalen > 0)
481 path = cgroup_ops->get_cgroup(cgroup_ops, req->data);
482 else
483 path = cgroup_ops->get_cgroup(cgroup_ops, NULL);
484 if (!path)
485 return -1;
486
487 rsp.ret = 0;
488 rsp.datalen = strlen(path) + 1;
489 rsp.data = (char *)path;
490
491 return lxc_cmd_rsp_send(fd, &rsp);
492 }
493
494 /*
495 * lxc_cmd_get_config_item: Get config item the running container
496 *
497 * @name : name of container to connect to
498 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
499 * @lxcpath : the lxcpath in which the container is running
500 *
501 * Returns the item on success, NULL on failure. The caller must free() the
502 * returned item.
503 */
504 char *lxc_cmd_get_config_item(const char *name, const char *item,
505 const char *lxcpath)
506 {
507 int ret, stopped;
508 struct lxc_cmd_rr cmd = {
509 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
510 .data = item,
511 .datalen = strlen(item) + 1,
512 },
513 };
514
515 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
516 if (ret < 0)
517 return NULL;
518
519 if (cmd.rsp.ret == 0)
520 return cmd.rsp.data;
521
522 return NULL;
523 }
524
525 static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
526 struct lxc_handler *handler)
527 {
528 __do_free char *cidata = NULL;
529 int cilen;
530 struct lxc_config_t *item;
531 struct lxc_cmd_rsp rsp;
532
533 memset(&rsp, 0, sizeof(rsp));
534 item = lxc_get_config(req->data);
535 if (!item)
536 goto err1;
537
538 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
539 if (cilen <= 0)
540 goto err1;
541
542 cidata = must_realloc(NULL, cilen + 1);
543 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
544 goto err1;
545
546 cidata[cilen] = '\0';
547 rsp.data = cidata;
548 rsp.datalen = cilen + 1;
549 rsp.ret = 0;
550 goto out;
551
552 err1:
553 rsp.ret = -1;
554 out:
555 return lxc_cmd_rsp_send(fd, &rsp);
556 }
557
558 /*
559 * lxc_cmd_get_state: Get current state of the container
560 *
561 * @name : name of container to connect to
562 * @lxcpath : the lxcpath in which the container is running
563 *
564 * Returns the state on success, < 0 on failure
565 */
566 int lxc_cmd_get_state(const char *name, const char *lxcpath)
567 {
568 int ret, stopped;
569 struct lxc_cmd_rr cmd = {
570 .req = { .cmd = LXC_CMD_GET_STATE }
571 };
572
573 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
574 if (ret < 0 && stopped)
575 return STOPPED;
576
577 if (ret < 0)
578 return -1;
579
580 if (!ret) {
581 WARN("Container \"%s\" has stopped before sending its state", name);
582 return -1;
583 }
584
585 DEBUG("Container \"%s\" is in \"%s\" state", name,
586 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
587
588 return PTR_TO_INT(cmd.rsp.data);
589 }
590
591 static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
592 struct lxc_handler *handler)
593 {
594 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
595
596 return lxc_cmd_rsp_send(fd, &rsp);
597 }
598
599 /*
600 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
601 * the processes running inside this container will be killed.
602 *
603 * @name : name of container to connect to
604 * @lxcpath : the lxcpath in which the container is running
605 *
606 * Returns 0 on success, < 0 on failure
607 */
608 int lxc_cmd_stop(const char *name, const char *lxcpath)
609 {
610 int ret, stopped;
611 struct lxc_cmd_rr cmd = {
612 .req = { .cmd = LXC_CMD_STOP },
613 };
614
615 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
616 if (ret < 0) {
617 if (stopped) {
618 INFO("Container \"%s\" is already stopped", name);
619 return 0;
620 }
621
622 return -1;
623 }
624
625 /* We do not expect any answer, because we wait for the connection to be
626 * closed.
627 */
628 if (ret > 0) {
629 errno = -cmd.rsp.ret;
630 SYSERROR("Failed to stop container \"%s\"", name);
631 return -1;
632 }
633
634 INFO("Container \"%s\" has stopped", name);
635 return 0;
636 }
637
638 static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
639 struct lxc_handler *handler)
640 {
641 struct lxc_cmd_rsp rsp;
642 int stopsignal = SIGKILL;
643 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
644
645 if (handler->conf->stopsignal)
646 stopsignal = handler->conf->stopsignal;
647 memset(&rsp, 0, sizeof(rsp));
648 rsp.ret = kill(handler->pid, stopsignal);
649 if (!rsp.ret) {
650 /* We can't just use lxc_unfreeze() since we are already in the
651 * context of handling the STOP cmd in lxc-start, and calling
652 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
653 * deadlock us.
654 */
655 if (!cgroup_ops->get_cgroup(cgroup_ops, "freezer"))
656 return 0;
657
658 if (cgroup_ops->unfreeze(cgroup_ops))
659 return 0;
660
661 ERROR("Failed to unfreeze container \"%s\"", handler->name);
662 rsp.ret = -1;
663 }
664
665 return lxc_cmd_rsp_send(fd, &rsp);
666 }
667
668 /*
669 * lxc_cmd_terminal_winch: noop
670 *
671 * @name : name of container to connect to
672 * @lxcpath : the lxcpath in which the container is running
673 *
674 * Returns 0 on success, < 0 on failure
675 */
676 int lxc_cmd_terminal_winch(const char *name, const char *lxcpath)
677 {
678 return 0;
679 }
680
681 static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
682 struct lxc_handler *handler)
683 {
684 /* should never be called */
685 return -1;
686 }
687
688 /*
689 * lxc_cmd_console: Open an fd to a tty in the container
690 *
691 * @name : name of container to connect to
692 * @ttynum : in: the tty to open or -1 for next available
693 * : out: the tty allocated
694 * @fd : out: file descriptor for master side of pty
695 * @lxcpath : the lxcpath in which the container is running
696 *
697 * Returns fd holding tty allocated on success, < 0 on failure
698 */
699 int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
700 {
701 int ret, stopped;
702 struct lxc_cmd_console_rsp_data *rspdata;
703 struct lxc_cmd_rr cmd = {
704 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
705 };
706
707 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
708 if (ret < 0)
709 return ret;
710
711 if (cmd.rsp.ret < 0) {
712 errno = -cmd.rsp.ret;
713 SYSERROR("Denied access to tty");
714 ret = -1;
715 goto out;
716 }
717
718 if (ret == 0) {
719 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
720 ret = -1;
721 goto out;
722 }
723
724 rspdata = cmd.rsp.data;
725 if (rspdata->masterfd < 0) {
726 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
727 goto out;
728 }
729
730 ret = cmd.rsp.ret; /* socket fd */
731 *fd = rspdata->masterfd;
732 *ttynum = rspdata->ttynum;
733 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
734
735 out:
736 free(cmd.rsp.data);
737 return ret;
738 }
739
740 static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
741 struct lxc_handler *handler)
742 {
743 int masterfd, ret;
744 struct lxc_cmd_rsp rsp;
745 int ttynum = PTR_TO_INT(req->data);
746
747 masterfd = lxc_terminal_allocate(handler->conf, fd, &ttynum);
748 if (masterfd < 0)
749 goto out_close;
750
751 memset(&rsp, 0, sizeof(rsp));
752 rsp.data = INT_TO_PTR(ttynum);
753 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
754 if (ret < 0) {
755 SYSERROR("Failed to send tty to client");
756 lxc_terminal_free(handler->conf, fd);
757 goto out_close;
758 }
759
760 return 0;
761
762 out_close:
763 /* Special indicator to lxc_cmd_handler() to close the fd and do
764 * related cleanup.
765 */
766 return 1;
767 }
768
769 /*
770 * lxc_cmd_get_name: Returns the name of the container
771 *
772 * @hashed_sock_name: hashed socket name
773 *
774 * Returns the name on success, NULL on failure.
775 */
776 char *lxc_cmd_get_name(const char *hashed_sock_name)
777 {
778 int ret, stopped;
779 struct lxc_cmd_rr cmd = {
780 .req = { .cmd = LXC_CMD_GET_NAME},
781 };
782
783 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
784 if (ret < 0)
785 return NULL;
786
787 if (cmd.rsp.ret == 0)
788 return cmd.rsp.data;
789
790 return NULL;
791 }
792
793 static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
794 struct lxc_handler *handler)
795 {
796 struct lxc_cmd_rsp rsp;
797
798 memset(&rsp, 0, sizeof(rsp));
799
800 rsp.data = (char *)handler->name;
801 rsp.datalen = strlen(handler->name) + 1;
802 rsp.ret = 0;
803
804 return lxc_cmd_rsp_send(fd, &rsp);
805 }
806
807 /*
808 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
809 *
810 * @hashed_sock_name: hashed socket name
811 *
812 * Returns the lxcpath on success, NULL on failure.
813 */
814 char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
815 {
816 int ret, stopped;
817 struct lxc_cmd_rr cmd = {
818 .req = { .cmd = LXC_CMD_GET_LXCPATH},
819 };
820
821 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
822 if (ret < 0)
823 return NULL;
824
825 if (cmd.rsp.ret == 0)
826 return cmd.rsp.data;
827
828 return NULL;
829 }
830
831 static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
832 struct lxc_handler *handler)
833 {
834 struct lxc_cmd_rsp rsp;
835
836 memset(&rsp, 0, sizeof(rsp));
837
838 rsp.ret = 0;
839 rsp.data = (char *)handler->lxcpath;
840 rsp.datalen = strlen(handler->lxcpath) + 1;
841
842 return lxc_cmd_rsp_send(fd, &rsp);
843 }
844
845 int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
846 lxc_state_t states[MAX_STATE],
847 int *state_client_fd)
848 {
849 int state, stopped;
850 ssize_t ret;
851 struct lxc_cmd_rr cmd = {
852 .req = {
853 .cmd = LXC_CMD_ADD_STATE_CLIENT,
854 .data = states,
855 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
856 },
857 };
858
859 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
860 if (states[STOPPED] != 0 && stopped != 0)
861 return STOPPED;
862
863 if (ret < 0) {
864 if (errno != ECONNREFUSED)
865 SYSERROR("Failed to execute command");
866
867 return -1;
868 }
869
870 /* We should now be guaranteed to get an answer from the state sending
871 * function.
872 */
873 if (cmd.rsp.ret < 0) {
874 errno = -cmd.rsp.ret;
875 SYSERROR("Failed to receive socket fd");
876 return -1;
877 }
878
879 state = PTR_TO_INT(cmd.rsp.data);
880 if (state < MAX_STATE) {
881 TRACE("Container is already in requested state %s", lxc_state2str(state));
882 close(cmd.rsp.ret);
883 return state;
884 }
885
886 *state_client_fd = cmd.rsp.ret;
887 TRACE("Added state client %d to state client list", cmd.rsp.ret);
888 return MAX_STATE;
889 }
890
891 static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
892 struct lxc_handler *handler)
893 {
894 int ret;
895 struct lxc_cmd_rsp rsp = {0};
896
897 if (req->datalen < 0)
898 goto reap_client_fd;
899
900 if (req->datalen != (sizeof(lxc_state_t) * MAX_STATE))
901 goto reap_client_fd;
902
903 if (!req->data)
904 goto reap_client_fd;
905
906 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
907 if (rsp.ret < 0)
908 goto reap_client_fd;
909
910 rsp.data = INT_TO_PTR(rsp.ret);
911
912 ret = lxc_cmd_rsp_send(fd, &rsp);
913 if (ret < 0)
914 goto reap_client_fd;
915
916 return 0;
917
918 reap_client_fd:
919 /* Special indicator to lxc_cmd_handler() to close the fd and do related
920 * cleanup.
921 */
922 return 1;
923 }
924
925 int lxc_cmd_console_log(const char *name, const char *lxcpath,
926 struct lxc_console_log *log)
927 {
928 int ret, stopped;
929 struct lxc_cmd_console_log data;
930 struct lxc_cmd_rr cmd;
931
932 data.clear = log->clear;
933 data.read = log->read;
934 data.read_max = *log->read_max;
935
936 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
937 cmd.req.data = &data;
938 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
939
940 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
941 if (ret < 0)
942 return ret;
943
944 /* There is nothing to be read from the buffer. So clear any values we
945 * where passed to clearly indicate to the user that nothing went wrong.
946 */
947 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
948 *log->read_max = 0;
949 log->data = NULL;
950 }
951
952 /* This is a proper error so don't touch any values we were passed. */
953 if (cmd.rsp.ret < 0)
954 return cmd.rsp.ret;
955
956 *log->read_max = cmd.rsp.datalen;
957 log->data = cmd.rsp.data;
958
959 return 0;
960 }
961
962 static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
963 struct lxc_handler *handler)
964 {
965 struct lxc_cmd_rsp rsp;
966 uint64_t buffer_size = handler->conf->console.buffer_size;
967 const struct lxc_cmd_console_log *log = req->data;
968 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
969
970 rsp.ret = -EFAULT;
971 rsp.datalen = 0;
972 rsp.data = NULL;
973 if (buffer_size <= 0)
974 goto out;
975
976 if (log->read || log->write_logfile)
977 rsp.datalen = lxc_ringbuf_used(buf);
978
979 if (log->read)
980 rsp.data = lxc_ringbuf_get_read_addr(buf);
981
982 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
983 rsp.datalen = log->read_max;
984
985 /* there's nothing to read */
986 rsp.ret = -ENODATA;
987 if (log->read && (buf->r_off == buf->w_off))
988 goto out;
989
990 rsp.ret = 0;
991 if (log->clear)
992 lxc_ringbuf_clear(buf); /* clear the ringbuffer */
993 else if (rsp.datalen > 0)
994 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
995
996 out:
997 return lxc_cmd_rsp_send(fd, &rsp);
998 }
999
1000 int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
1001 lxc_state_t state)
1002 {
1003 int stopped;
1004 ssize_t ret;
1005 struct lxc_cmd_rr cmd = {
1006 .req = {
1007 .cmd = LXC_CMD_SERVE_STATE_CLIENTS,
1008 .data = INT_TO_PTR(state)
1009 },
1010 };
1011
1012 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
1013 if (ret < 0) {
1014 SYSERROR("Failed to execute command");
1015 return -1;
1016 }
1017
1018 return 0;
1019 }
1020
1021 static int lxc_cmd_serve_state_clients_callback(int fd, struct lxc_cmd_req *req,
1022 struct lxc_handler *handler)
1023 {
1024 int ret;
1025 lxc_state_t state = PTR_TO_INT(req->data);
1026 struct lxc_cmd_rsp rsp = {0};
1027
1028 ret = lxc_serve_state_clients(handler->name, handler, state);
1029 if (ret < 0)
1030 goto reap_client_fd;
1031
1032 ret = lxc_cmd_rsp_send(fd, &rsp);
1033 if (ret < 0)
1034 goto reap_client_fd;
1035
1036 return 0;
1037
1038 reap_client_fd:
1039 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1040 * cleanup.
1041 */
1042 return 1;
1043 }
1044
1045 static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
1046 struct lxc_handler *handler)
1047 {
1048 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1049
1050 callback cb[LXC_CMD_MAX] = {
1051 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
1052 [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
1053 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1054 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1055 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1056 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1057 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1058 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1059 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1060 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1061 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
1062 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
1063 [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
1064 };
1065
1066 if (req->cmd >= LXC_CMD_MAX) {
1067 ERROR("Undefined command id %d", req->cmd);
1068 return -1;
1069 }
1070 return cb[req->cmd](fd, req, handler);
1071 }
1072
1073 static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
1074 struct lxc_epoll_descr *descr,
1075 const lxc_cmd_t cmd)
1076 {
1077 struct lxc_state_client *client;
1078 struct lxc_list *cur, *next;
1079
1080 lxc_terminal_free(handler->conf, fd);
1081 lxc_mainloop_del_handler(descr, fd);
1082 if (cmd != LXC_CMD_ADD_STATE_CLIENT) {
1083 close(fd);
1084 return;
1085 }
1086
1087 lxc_list_for_each_safe(cur, &handler->conf->state_clients, next) {
1088 client = cur->elem;
1089 if (client->clientfd != fd)
1090 continue;
1091
1092 /* kick client from list */
1093 lxc_list_del(cur);
1094 close(client->clientfd);
1095 free(cur->elem);
1096 free(cur);
1097 /* No need to walk the whole list. If we found the state client
1098 * fd there can't be a second one.
1099 */
1100 break;
1101 }
1102 }
1103
1104 static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1105 struct lxc_epoll_descr *descr)
1106 {
1107 __do_free void *reqdata = NULL;
1108 int ret;
1109 struct lxc_cmd_req req;
1110 struct lxc_handler *handler = data;
1111
1112 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
1113 if (ret < 0) {
1114 SYSERROR("Failed to receive data on command socket for command "
1115 "\"%s\"", lxc_cmd_str(req.cmd));
1116
1117 if (errno == EACCES) {
1118 /* We don't care for the peer, just send and close. */
1119 struct lxc_cmd_rsp rsp = {.ret = ret};
1120
1121 lxc_cmd_rsp_send(fd, &rsp);
1122 }
1123
1124 goto out_close;
1125 }
1126
1127 if (ret == 0)
1128 goto out_close;
1129
1130 if (ret != sizeof(req)) {
1131 WARN("Failed to receive full command request. Ignoring request "
1132 "for \"%s\"", lxc_cmd_str(req.cmd));
1133 ret = -1;
1134 goto out_close;
1135 }
1136
1137 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1138 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
1139 ERROR("Received command data length %d is too large for "
1140 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1141 errno = EFBIG;
1142 ret = -EFBIG;
1143 goto out_close;
1144 }
1145
1146 if (req.datalen > 0) {
1147 reqdata = must_realloc(NULL, req.datalen);
1148 ret = lxc_recv_nointr(fd, reqdata, req.datalen, 0);
1149 if (ret != req.datalen) {
1150 WARN("Failed to receive full command request. Ignoring "
1151 "request for \"%s\"", lxc_cmd_str(req.cmd));
1152 ret = LXC_MAINLOOP_ERROR;
1153 goto out_close;
1154 }
1155
1156 req.data = reqdata;
1157 }
1158
1159 ret = lxc_cmd_process(fd, &req, handler);
1160 if (ret) {
1161 /* This is not an error, but only a request to close fd. */
1162 ret = LXC_MAINLOOP_CONTINUE;
1163 goto out_close;
1164 }
1165
1166 out:
1167 return ret;
1168
1169 out_close:
1170 lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);
1171 goto out;
1172 }
1173
1174 static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1175 struct lxc_epoll_descr *descr)
1176 {
1177 int connection;
1178 int opt = 1, ret = -1;
1179
1180 connection = accept(fd, NULL, 0);
1181 if (connection < 0) {
1182 SYSERROR("Failed to accept connection to run command");
1183 return LXC_MAINLOOP_ERROR;
1184 }
1185
1186 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1187 if (ret < 0) {
1188 SYSERROR("Failed to set close-on-exec on incoming command connection");
1189 goto out_close;
1190 }
1191
1192 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1193 if (ret < 0) {
1194 SYSERROR("Failed to enable necessary credentials on command socket");
1195 goto out_close;
1196 }
1197
1198 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
1199 if (ret) {
1200 ERROR("Failed to add command handler");
1201 goto out_close;
1202 }
1203
1204 out:
1205 return ret;
1206
1207 out_close:
1208 close(connection);
1209 goto out;
1210 }
1211
1212 int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
1213 {
1214 int fd, ret;
1215 char path[LXC_AUDS_ADDR_LEN] = {0};
1216
1217 ret = lxc_make_abstract_socket_name(path, sizeof(path), name, lxcpath, NULL, suffix);
1218 if (ret < 0)
1219 return -1;
1220 TRACE("Creating abstract unix socket \"%s\"", &path[1]);
1221
1222 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
1223 if (fd < 0) {
1224 SYSERROR("Failed to create command socket %s", &path[1]);
1225 if (errno == EADDRINUSE)
1226 ERROR("Container \"%s\" appears to be already running", name);
1227
1228 return -1;
1229 }
1230
1231 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1232 if (ret < 0) {
1233 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
1234 close(fd);
1235 return -1;
1236 }
1237
1238 return fd;
1239 }
1240
1241 int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
1242 struct lxc_handler *handler)
1243 {
1244 int ret;
1245 int fd = handler->conf->maincmd_fd;
1246
1247 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
1248 if (ret < 0) {
1249 ERROR("Failed to add handler for command socket");
1250 close(fd);
1251 }
1252
1253 return ret;
1254 }
LXC mirror