]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/commands.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
commands: cleanup macros in lxc_cmd_console()
[mirror_lxc.git] / src / lxc / commands.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #ifndef _GNU_SOURCE
25 #define _GNU_SOURCE 1
26 #endif
27 #include <caps.h>
28 #include <errno.h>
29 #include <fcntl.h>
30 #include <malloc.h>
31 #include <poll.h>
32 #include <signal.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/un.h>
38 #include <unistd.h>
39
40 #include "af_unix.h"
41 #include "cgroup.h"
42 #include "commands.h"
43 #include "commands_utils.h"
44 #include "conf.h"
45 #include "config.h"
46 #include "confile.h"
47 #include "log.h"
48 #include "lxc.h"
49 #include "lxclock.h"
50 #include "mainloop.h"
51 #include "memory_utils.h"
52 #include "monitor.h"
53 #include "start.h"
54 #include "terminal.h"
55 #include "utils.h"
56
57 /*
58 * This file provides the different functions for clients to query/command the
59 * server. The client is typically some lxc tool and the server is typically the
60 * container (ie. lxc-start).
61 *
62 * Each command is transactional, the clients send a request to the server and
63 * the server answers the request with a message giving the request's status
64 * (zero or a negative errno value). Both the request and response may contain
65 * additional data.
66 *
67 * Each command is wrapped in a ancillary message in order to pass a credential
68 * making possible to the server to check if the client is allowed to ask for
69 * this command or not.
70 *
71 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
72 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
73 * information to the end of cmd.data, then you must introduce a new
74 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
75 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
76 *
77 * This is necessary in order to avoid having a newly compiled lxc command
78 * communicating with a running (old) monitor from crashing the running
79 * container.
80 */
81
82 lxc_log_define(commands, lxc);
83
84 static const char *lxc_cmd_str(lxc_cmd_t cmd)
85 {
86 static const char *const cmdname[LXC_CMD_MAX] = {
87 [LXC_CMD_CONSOLE] = "console",
88 [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
89 [LXC_CMD_STOP] = "stop",
90 [LXC_CMD_GET_STATE] = "get_state",
91 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
92 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
93 [LXC_CMD_GET_CGROUP] = "get_cgroup",
94 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
95 [LXC_CMD_GET_NAME] = "get_name",
96 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
97 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
98 [LXC_CMD_CONSOLE_LOG] = "console_log",
99 [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
100 };
101
102 if (cmd >= LXC_CMD_MAX)
103 return "Invalid request";
104
105 return cmdname[cmd];
106 }
107
108 /*
109 * lxc_cmd_rsp_recv: Receive a response to a command
110 *
111 * @sock : the socket connected to the container
112 * @cmd : command to put response in
113 *
114 * Returns the size of the response message or < 0 on failure
115 *
116 * Note that if the command response datalen > 0, then data is
117 * a malloc()ed buffer and should be free()ed by the caller. If
118 * the response data is <= a void * worth of data, it will be
119 * stored directly in data and datalen will be 0.
120 *
121 * As a special case, the response for LXC_CMD_CONSOLE is created
122 * here as it contains an fd for the master pty passed through the
123 * unix socket.
124 */
125 static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
126 {
127 int ret, rspfd;
128 struct lxc_cmd_rsp *rsp = &cmd->rsp;
129
130 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
131 if (ret < 0) {
132 SYSWARN("Failed to receive response for command \"%s\"",
133 lxc_cmd_str(cmd->req.cmd));
134
135 if (errno == ECONNRESET)
136 return -1;
137
138 return -1;
139 }
140 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
141
142 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
143 struct lxc_cmd_console_rsp_data *rspdata;
144
145 /* recv() returns 0 bytes when a tty cannot be allocated,
146 * rsp->ret is < 0 when the peer permission check failed
147 */
148 if (ret == 0 || rsp->ret < 0)
149 return 0;
150
151 rspdata = malloc(sizeof(*rspdata));
152 if (!rspdata) {
153 errno = ENOMEM;
154 ERROR("Failed to allocate response buffer for command \"%s\"",
155 lxc_cmd_str(cmd->req.cmd));
156 return -1;
157 }
158
159 rspdata->masterfd = rspfd;
160 rspdata->ttynum = PTR_TO_INT(rsp->data);
161 rsp->data = rspdata;
162 }
163
164 if (rsp->datalen == 0) {
165 DEBUG("Response data length for command \"%s\" is 0",
166 lxc_cmd_str(cmd->req.cmd));
167 return ret;
168 }
169
170 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
171 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
172 ERROR("Response data for command \"%s\" is too long: %d bytes > %d",
173 lxc_cmd_str(cmd->req.cmd), rsp->datalen, LXC_CMD_DATA_MAX);
174 return -1;
175 }
176
177 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
178 rsp->data = malloc(rsp->datalen + 1);
179 ((char *)rsp->data)[rsp->datalen] = '\0';
180 } else {
181 rsp->data = malloc(rsp->datalen);
182 }
183 if (!rsp->data) {
184 errno = ENOMEM;
185 ERROR("Failed to allocate response buffer for command \"%s\"",
186 lxc_cmd_str(cmd->req.cmd));
187 return -1;
188 }
189
190 ret = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
191 if (ret != rsp->datalen) {
192 SYSERROR("Failed to receive response data for command \"%s\"",
193 lxc_cmd_str(cmd->req.cmd));
194 return -1;
195 }
196
197 return ret;
198 }
199
200 /*
201 * lxc_cmd_rsp_send: Send a command response
202 *
203 * @fd : file descriptor of socket to send response on
204 * @rsp : response to send
205 *
206 * Returns 0 on success, < 0 on failure
207 */
208 static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
209 {
210 ssize_t ret;
211
212 errno = EMSGSIZE;
213 ret = lxc_send_nointr(fd, rsp, sizeof(*rsp), MSG_NOSIGNAL);
214 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
215 SYSERROR("Failed to send command response %zd", ret);
216 return -1;
217 }
218
219 if (!rsp->data || rsp->datalen <= 0)
220 return 0;
221
222 errno = EMSGSIZE;
223 ret = lxc_send_nointr(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
224 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
225 SYSWARN("Failed to send command response data %zd", ret);
226 return -1;
227 }
228
229 return 0;
230 }
231
232 static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
233 const char *lxcpath, const char *hashed_sock_name)
234 {
235 int client_fd, saved_errno;
236 ssize_t ret = -1;
237
238 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
239 if (client_fd < 0)
240 return -1;
241
242 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
243 sizeof(cmd->req));
244 if (ret < 0 || (size_t)ret != sizeof(cmd->req))
245 goto on_error;
246
247 if (cmd->req.datalen <= 0)
248 return client_fd;
249
250 errno = EMSGSIZE;
251 ret = lxc_send_nointr(client_fd, (void *)cmd->req.data,
252 cmd->req.datalen, MSG_NOSIGNAL);
253 if (ret < 0 || ret != (ssize_t)cmd->req.datalen)
254 goto on_error;
255
256 return client_fd;
257
258 on_error:
259 saved_errno = errno;
260 close(client_fd);
261 errno = saved_errno;
262
263 return -1;
264 }
265
266 /*
267 * lxc_cmd: Connect to the specified running container, send it a command
268 * request and collect the response
269 *
270 * @name : name of container to connect to
271 * @cmd : command with initialized request to send
272 * @stopped : output indicator if the container was not running
273 * @lxcpath : the lxcpath in which the container is running
274 *
275 * Returns the size of the response message on success, < 0 on failure
276 *
277 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
278 * the fd cannot be closed because it is used as a placeholder to indicate
279 * that a particular tty slot is in use. The fd is also used as a signal to
280 * the container that when the caller dies or closes the fd, the container
281 * will notice the fd on its side of the socket in its mainloop select and
282 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
283 * returned in the cmd response structure.
284 */
285 static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
286 const char *lxcpath, const char *hashed_sock_name)
287 {
288 int client_fd, saved_errno;
289 int ret = -1;
290 bool stay_connected = false;
291
292 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
293 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
294 stay_connected = true;
295
296 *stopped = 0;
297
298 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
299 if (client_fd < 0) {
300 SYSTRACE("Command \"%s\" failed to connect command socket",
301 lxc_cmd_str(cmd->req.cmd));
302
303 if (errno == ECONNREFUSED || errno == EPIPE)
304 *stopped = 1;
305
306 return -1;
307 }
308
309 ret = lxc_cmd_rsp_recv(client_fd, cmd);
310 if (ret < 0 && errno == ECONNRESET)
311 *stopped = 1;
312
313 if (!stay_connected || ret <= 0) {
314 saved_errno = errno;
315 close(client_fd);
316 errno = saved_errno;
317 return ret;
318 }
319
320 if (stay_connected)
321 cmd->rsp.ret = client_fd;
322
323 return ret;
324 }
325
326 int lxc_try_cmd(const char *name, const char *lxcpath)
327 {
328 int stopped, ret;
329 struct lxc_cmd_rr cmd = {
330 .req = { .cmd = LXC_CMD_GET_INIT_PID },
331 };
332
333 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
334 if (stopped)
335 return 0;
336 if (ret > 0 && cmd.rsp.ret < 0) {
337 errno = cmd.rsp.ret;
338 return -1;
339 }
340 if (ret > 0)
341 return 0;
342
343 /* At this point we weren't denied access, and the container *was*
344 * started. There was some inexplicable error in the protocol. I'm not
345 * clear on whether we should return -1 here, but we didn't receive a
346 * -EACCES, so technically it's not that we're not allowed to control
347 * the container - it's just not behaving.
348 */
349 return 0;
350 }
351
352 /* Implementations of the commands and their callbacks */
353
354 /*
355 * lxc_cmd_get_init_pid: Get pid of the container's init process
356 *
357 * @name : name of container to connect to
358 * @lxcpath : the lxcpath in which the container is running
359 *
360 * Returns the pid on success, < 0 on failure
361 */
362 pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
363 {
364 int ret, stopped;
365 intmax_t pid;
366 struct lxc_cmd_rr cmd = {
367 .req = {
368 .cmd = LXC_CMD_GET_INIT_PID
369 },
370 .rsp = {
371 .data = INTMAX_TO_PTR((intmax_t){-1})
372 }
373 };
374
375 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
376 if (ret < 0)
377 return -1;
378
379 pid = PTR_TO_INTMAX(cmd.rsp.data);
380 if (pid < 0)
381 return -1;
382
383 /* We need to assume that pid_t can actually hold any pid given to us
384 * by the kernel. If it can't it's a libc bug.
385 */
386 return (pid_t)pid;
387 }
388
389 static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
390 struct lxc_handler *handler)
391 {
392 intmax_t pid = handler->pid;
393
394 struct lxc_cmd_rsp rsp = {
395 .data = INTMAX_TO_PTR(pid)
396 };
397
398 return lxc_cmd_rsp_send(fd, &rsp);
399 }
400
401 /*
402 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
403 *
404 * @name : name of container to connect to
405 * @lxcpath : the lxcpath in which the container is running
406 *
407 * Returns the clone flags on success, < 0 on failure
408 */
409 int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
410 {
411 int ret, stopped;
412 struct lxc_cmd_rr cmd = {
413 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
414 };
415
416 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
417 if (ret < 0)
418 return ret;
419
420 return PTR_TO_INT(cmd.rsp.data);
421 }
422
423 static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
424 struct lxc_handler *handler)
425 {
426 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->ns_clone_flags) };
427
428 return lxc_cmd_rsp_send(fd, &rsp);
429 }
430
431 /*
432 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
433 * particular subsystem. This is the cgroup path relative to the root
434 * of the cgroup filesystem.
435 *
436 * @name : name of container to connect to
437 * @lxcpath : the lxcpath in which the container is running
438 * @subsystem : the subsystem being asked about
439 *
440 * Returns the path on success, NULL on failure. The caller must free() the
441 * returned path.
442 */
443 char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
444 const char *subsystem)
445 {
446 int ret, stopped;
447 struct lxc_cmd_rr cmd = {
448 .req = {
449 .cmd = LXC_CMD_GET_CGROUP,
450 .data = subsystem,
451 .datalen = 0,
452 },
453 };
454
455 cmd.req.data = subsystem;
456 cmd.req.datalen = 0;
457 if (subsystem)
458 cmd.req.datalen = strlen(subsystem) + 1;
459
460 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
461 if (ret < 0)
462 return NULL;
463
464 if (ret == 0)
465 return NULL;
466
467 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
468 return NULL;
469
470 return cmd.rsp.data;
471 }
472
473 static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
474 struct lxc_handler *handler)
475 {
476 const char *path;
477 struct lxc_cmd_rsp rsp;
478 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
479
480 if (req->datalen > 0)
481 path = cgroup_ops->get_cgroup(cgroup_ops, req->data);
482 else
483 path = cgroup_ops->get_cgroup(cgroup_ops, NULL);
484 if (!path)
485 return -1;
486
487 rsp.ret = 0;
488 rsp.datalen = strlen(path) + 1;
489 rsp.data = (char *)path;
490
491 return lxc_cmd_rsp_send(fd, &rsp);
492 }
493
494 /*
495 * lxc_cmd_get_config_item: Get config item the running container
496 *
497 * @name : name of container to connect to
498 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
499 * @lxcpath : the lxcpath in which the container is running
500 *
501 * Returns the item on success, NULL on failure. The caller must free() the
502 * returned item.
503 */
504 char *lxc_cmd_get_config_item(const char *name, const char *item,
505 const char *lxcpath)
506 {
507 int ret, stopped;
508 struct lxc_cmd_rr cmd = {
509 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
510 .data = item,
511 .datalen = strlen(item) + 1,
512 },
513 };
514
515 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
516 if (ret < 0)
517 return NULL;
518
519 if (cmd.rsp.ret == 0)
520 return cmd.rsp.data;
521
522 return NULL;
523 }
524
525 static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
526 struct lxc_handler *handler)
527 {
528 __do_free char *cidata = NULL;
529 int cilen;
530 struct lxc_config_t *item;
531 struct lxc_cmd_rsp rsp;
532
533 memset(&rsp, 0, sizeof(rsp));
534 item = lxc_get_config(req->data);
535 if (!item)
536 goto err1;
537
538 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
539 if (cilen <= 0)
540 goto err1;
541
542 cidata = must_realloc(NULL, cilen + 1);
543 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
544 goto err1;
545
546 cidata[cilen] = '\0';
547 rsp.data = cidata;
548 rsp.datalen = cilen + 1;
549 rsp.ret = 0;
550 goto out;
551
552 err1:
553 rsp.ret = -1;
554 out:
555 return lxc_cmd_rsp_send(fd, &rsp);
556 }
557
558 /*
559 * lxc_cmd_get_state: Get current state of the container
560 *
561 * @name : name of container to connect to
562 * @lxcpath : the lxcpath in which the container is running
563 *
564 * Returns the state on success, < 0 on failure
565 */
566 int lxc_cmd_get_state(const char *name, const char *lxcpath)
567 {
568 int ret, stopped;
569 struct lxc_cmd_rr cmd = {
570 .req = { .cmd = LXC_CMD_GET_STATE }
571 };
572
573 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
574 if (ret < 0 && stopped)
575 return STOPPED;
576
577 if (ret < 0)
578 return -1;
579
580 if (!ret) {
581 WARN("Container \"%s\" has stopped before sending its state", name);
582 return -1;
583 }
584
585 DEBUG("Container \"%s\" is in \"%s\" state", name,
586 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
587
588 return PTR_TO_INT(cmd.rsp.data);
589 }
590
591 static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
592 struct lxc_handler *handler)
593 {
594 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
595
596 return lxc_cmd_rsp_send(fd, &rsp);
597 }
598
599 /*
600 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
601 * the processes running inside this container will be killed.
602 *
603 * @name : name of container to connect to
604 * @lxcpath : the lxcpath in which the container is running
605 *
606 * Returns 0 on success, < 0 on failure
607 */
608 int lxc_cmd_stop(const char *name, const char *lxcpath)
609 {
610 int ret, stopped;
611 struct lxc_cmd_rr cmd = {
612 .req = { .cmd = LXC_CMD_STOP },
613 };
614
615 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
616 if (ret < 0) {
617 if (stopped) {
618 INFO("Container \"%s\" is already stopped", name);
619 return 0;
620 }
621
622 return -1;
623 }
624
625 /* We do not expect any answer, because we wait for the connection to be
626 * closed.
627 */
628 if (ret > 0) {
629 errno = -cmd.rsp.ret;
630 SYSERROR("Failed to stop container \"%s\"", name);
631 return -1;
632 }
633
634 INFO("Container \"%s\" has stopped", name);
635 return 0;
636 }
637
638 static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
639 struct lxc_handler *handler)
640 {
641 struct lxc_cmd_rsp rsp;
642 int stopsignal = SIGKILL;
643 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
644
645 if (handler->conf->stopsignal)
646 stopsignal = handler->conf->stopsignal;
647 memset(&rsp, 0, sizeof(rsp));
648 rsp.ret = kill(handler->pid, stopsignal);
649 if (!rsp.ret) {
650 /* We can't just use lxc_unfreeze() since we are already in the
651 * context of handling the STOP cmd in lxc-start, and calling
652 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
653 * deadlock us.
654 */
655 if (!cgroup_ops->get_cgroup(cgroup_ops, "freezer"))
656 return 0;
657
658 if (cgroup_ops->unfreeze(cgroup_ops))
659 return 0;
660
661 ERROR("Failed to unfreeze container \"%s\"", handler->name);
662 rsp.ret = -1;
663 }
664
665 return lxc_cmd_rsp_send(fd, &rsp);
666 }
667
668 /*
669 * lxc_cmd_terminal_winch: noop
670 *
671 * @name : name of container to connect to
672 * @lxcpath : the lxcpath in which the container is running
673 *
674 * Returns 0 on success, < 0 on failure
675 */
676 int lxc_cmd_terminal_winch(const char *name, const char *lxcpath)
677 {
678 return 0;
679 }
680
681 static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
682 struct lxc_handler *handler)
683 {
684 /* should never be called */
685 return -1;
686 }
687
688 /*
689 * lxc_cmd_console: Open an fd to a tty in the container
690 *
691 * @name : name of container to connect to
692 * @ttynum : in: the tty to open or -1 for next available
693 * : out: the tty allocated
694 * @fd : out: file descriptor for master side of pty
695 * @lxcpath : the lxcpath in which the container is running
696 *
697 * Returns fd holding tty allocated on success, < 0 on failure
698 */
699 int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
700 {
701 __do_free struct lxc_cmd_console_rsp_data *rspdata = NULL;
702 int ret, stopped;
703 struct lxc_cmd_rr cmd = {
704 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
705 };
706
707 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
708 if (ret < 0)
709 return ret;
710
711 rspdata = cmd.rsp.data;
712 if (cmd.rsp.ret < 0) {
713 errno = -cmd.rsp.ret;
714 SYSERROR("Denied access to tty");
715 return -1;
716 }
717
718 if (ret == 0) {
719 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
720 return -1;
721 }
722
723 if (rspdata->masterfd < 0) {
724 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
725 return -1;
726 }
727
728 ret = cmd.rsp.ret; /* socket fd */
729 *fd = rspdata->masterfd;
730 *ttynum = rspdata->ttynum;
731 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
732
733 return ret;
734 }
735
736 static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
737 struct lxc_handler *handler)
738 {
739 int masterfd, ret;
740 struct lxc_cmd_rsp rsp;
741 int ttynum = PTR_TO_INT(req->data);
742
743 masterfd = lxc_terminal_allocate(handler->conf, fd, &ttynum);
744 if (masterfd < 0)
745 goto out_close;
746
747 memset(&rsp, 0, sizeof(rsp));
748 rsp.data = INT_TO_PTR(ttynum);
749 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
750 if (ret < 0) {
751 SYSERROR("Failed to send tty to client");
752 lxc_terminal_free(handler->conf, fd);
753 goto out_close;
754 }
755
756 return 0;
757
758 out_close:
759 /* Special indicator to lxc_cmd_handler() to close the fd and do
760 * related cleanup.
761 */
762 return 1;
763 }
764
765 /*
766 * lxc_cmd_get_name: Returns the name of the container
767 *
768 * @hashed_sock_name: hashed socket name
769 *
770 * Returns the name on success, NULL on failure.
771 */
772 char *lxc_cmd_get_name(const char *hashed_sock_name)
773 {
774 int ret, stopped;
775 struct lxc_cmd_rr cmd = {
776 .req = { .cmd = LXC_CMD_GET_NAME},
777 };
778
779 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
780 if (ret < 0)
781 return NULL;
782
783 if (cmd.rsp.ret == 0)
784 return cmd.rsp.data;
785
786 return NULL;
787 }
788
789 static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
790 struct lxc_handler *handler)
791 {
792 struct lxc_cmd_rsp rsp;
793
794 memset(&rsp, 0, sizeof(rsp));
795
796 rsp.data = (char *)handler->name;
797 rsp.datalen = strlen(handler->name) + 1;
798 rsp.ret = 0;
799
800 return lxc_cmd_rsp_send(fd, &rsp);
801 }
802
803 /*
804 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
805 *
806 * @hashed_sock_name: hashed socket name
807 *
808 * Returns the lxcpath on success, NULL on failure.
809 */
810 char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
811 {
812 int ret, stopped;
813 struct lxc_cmd_rr cmd = {
814 .req = { .cmd = LXC_CMD_GET_LXCPATH},
815 };
816
817 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
818 if (ret < 0)
819 return NULL;
820
821 if (cmd.rsp.ret == 0)
822 return cmd.rsp.data;
823
824 return NULL;
825 }
826
827 static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
828 struct lxc_handler *handler)
829 {
830 struct lxc_cmd_rsp rsp;
831
832 memset(&rsp, 0, sizeof(rsp));
833
834 rsp.ret = 0;
835 rsp.data = (char *)handler->lxcpath;
836 rsp.datalen = strlen(handler->lxcpath) + 1;
837
838 return lxc_cmd_rsp_send(fd, &rsp);
839 }
840
841 int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
842 lxc_state_t states[MAX_STATE],
843 int *state_client_fd)
844 {
845 int state, stopped;
846 ssize_t ret;
847 struct lxc_cmd_rr cmd = {
848 .req = {
849 .cmd = LXC_CMD_ADD_STATE_CLIENT,
850 .data = states,
851 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
852 },
853 };
854
855 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
856 if (states[STOPPED] != 0 && stopped != 0)
857 return STOPPED;
858
859 if (ret < 0) {
860 if (errno != ECONNREFUSED)
861 SYSERROR("Failed to execute command");
862
863 return -1;
864 }
865
866 /* We should now be guaranteed to get an answer from the state sending
867 * function.
868 */
869 if (cmd.rsp.ret < 0) {
870 errno = -cmd.rsp.ret;
871 SYSERROR("Failed to receive socket fd");
872 return -1;
873 }
874
875 state = PTR_TO_INT(cmd.rsp.data);
876 if (state < MAX_STATE) {
877 TRACE("Container is already in requested state %s", lxc_state2str(state));
878 close(cmd.rsp.ret);
879 return state;
880 }
881
882 *state_client_fd = cmd.rsp.ret;
883 TRACE("Added state client %d to state client list", cmd.rsp.ret);
884 return MAX_STATE;
885 }
886
887 static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
888 struct lxc_handler *handler)
889 {
890 int ret;
891 struct lxc_cmd_rsp rsp = {0};
892
893 if (req->datalen < 0)
894 goto reap_client_fd;
895
896 if (req->datalen != (sizeof(lxc_state_t) * MAX_STATE))
897 goto reap_client_fd;
898
899 if (!req->data)
900 goto reap_client_fd;
901
902 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
903 if (rsp.ret < 0)
904 goto reap_client_fd;
905
906 rsp.data = INT_TO_PTR(rsp.ret);
907
908 ret = lxc_cmd_rsp_send(fd, &rsp);
909 if (ret < 0)
910 goto reap_client_fd;
911
912 return 0;
913
914 reap_client_fd:
915 /* Special indicator to lxc_cmd_handler() to close the fd and do related
916 * cleanup.
917 */
918 return 1;
919 }
920
921 int lxc_cmd_console_log(const char *name, const char *lxcpath,
922 struct lxc_console_log *log)
923 {
924 int ret, stopped;
925 struct lxc_cmd_console_log data;
926 struct lxc_cmd_rr cmd;
927
928 data.clear = log->clear;
929 data.read = log->read;
930 data.read_max = *log->read_max;
931
932 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
933 cmd.req.data = &data;
934 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
935
936 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
937 if (ret < 0)
938 return ret;
939
940 /* There is nothing to be read from the buffer. So clear any values we
941 * where passed to clearly indicate to the user that nothing went wrong.
942 */
943 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
944 *log->read_max = 0;
945 log->data = NULL;
946 }
947
948 /* This is a proper error so don't touch any values we were passed. */
949 if (cmd.rsp.ret < 0)
950 return cmd.rsp.ret;
951
952 *log->read_max = cmd.rsp.datalen;
953 log->data = cmd.rsp.data;
954
955 return 0;
956 }
957
958 static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
959 struct lxc_handler *handler)
960 {
961 struct lxc_cmd_rsp rsp;
962 uint64_t buffer_size = handler->conf->console.buffer_size;
963 const struct lxc_cmd_console_log *log = req->data;
964 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
965
966 rsp.ret = -EFAULT;
967 rsp.datalen = 0;
968 rsp.data = NULL;
969 if (buffer_size <= 0)
970 goto out;
971
972 if (log->read || log->write_logfile)
973 rsp.datalen = lxc_ringbuf_used(buf);
974
975 if (log->read)
976 rsp.data = lxc_ringbuf_get_read_addr(buf);
977
978 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
979 rsp.datalen = log->read_max;
980
981 /* there's nothing to read */
982 rsp.ret = -ENODATA;
983 if (log->read && (buf->r_off == buf->w_off))
984 goto out;
985
986 rsp.ret = 0;
987 if (log->clear)
988 lxc_ringbuf_clear(buf); /* clear the ringbuffer */
989 else if (rsp.datalen > 0)
990 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
991
992 out:
993 return lxc_cmd_rsp_send(fd, &rsp);
994 }
995
996 int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
997 lxc_state_t state)
998 {
999 int stopped;
1000 ssize_t ret;
1001 struct lxc_cmd_rr cmd = {
1002 .req = {
1003 .cmd = LXC_CMD_SERVE_STATE_CLIENTS,
1004 .data = INT_TO_PTR(state)
1005 },
1006 };
1007
1008 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
1009 if (ret < 0) {
1010 SYSERROR("Failed to execute command");
1011 return -1;
1012 }
1013
1014 return 0;
1015 }
1016
1017 static int lxc_cmd_serve_state_clients_callback(int fd, struct lxc_cmd_req *req,
1018 struct lxc_handler *handler)
1019 {
1020 int ret;
1021 lxc_state_t state = PTR_TO_INT(req->data);
1022 struct lxc_cmd_rsp rsp = {0};
1023
1024 ret = lxc_serve_state_clients(handler->name, handler, state);
1025 if (ret < 0)
1026 goto reap_client_fd;
1027
1028 ret = lxc_cmd_rsp_send(fd, &rsp);
1029 if (ret < 0)
1030 goto reap_client_fd;
1031
1032 return 0;
1033
1034 reap_client_fd:
1035 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1036 * cleanup.
1037 */
1038 return 1;
1039 }
1040
1041 static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
1042 struct lxc_handler *handler)
1043 {
1044 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1045
1046 callback cb[LXC_CMD_MAX] = {
1047 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
1048 [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
1049 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1050 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1051 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1052 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1053 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1054 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1055 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1056 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1057 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
1058 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
1059 [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
1060 };
1061
1062 if (req->cmd >= LXC_CMD_MAX) {
1063 ERROR("Undefined command id %d", req->cmd);
1064 return -1;
1065 }
1066 return cb[req->cmd](fd, req, handler);
1067 }
1068
1069 static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
1070 struct lxc_epoll_descr *descr,
1071 const lxc_cmd_t cmd)
1072 {
1073 struct lxc_list *cur, *next;
1074
1075 lxc_terminal_free(handler->conf, fd);
1076 lxc_mainloop_del_handler(descr, fd);
1077 if (cmd != LXC_CMD_ADD_STATE_CLIENT) {
1078 close(fd);
1079 return;
1080 }
1081
1082 lxc_list_for_each_safe(cur, &handler->conf->state_clients, next) {
1083 struct lxc_state_client *client = cur->elem;
1084
1085 if (client->clientfd != fd)
1086 continue;
1087
1088 /* kick client from list */
1089 lxc_list_del(cur);
1090 close(client->clientfd);
1091 free(cur->elem);
1092 free(cur);
1093 /* No need to walk the whole list. If we found the state client
1094 * fd there can't be a second one.
1095 */
1096 break;
1097 }
1098 }
1099
1100 static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1101 struct lxc_epoll_descr *descr)
1102 {
1103 __do_free void *reqdata = NULL;
1104 int ret;
1105 struct lxc_cmd_req req;
1106 struct lxc_handler *handler = data;
1107
1108 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
1109 if (ret < 0) {
1110 SYSERROR("Failed to receive data on command socket for command "
1111 "\"%s\"", lxc_cmd_str(req.cmd));
1112
1113 if (errno == EACCES) {
1114 /* We don't care for the peer, just send and close. */
1115 struct lxc_cmd_rsp rsp = {.ret = ret};
1116
1117 lxc_cmd_rsp_send(fd, &rsp);
1118 }
1119
1120 goto out_close;
1121 }
1122
1123 if (ret == 0)
1124 goto out_close;
1125
1126 if (ret != sizeof(req)) {
1127 WARN("Failed to receive full command request. Ignoring request "
1128 "for \"%s\"", lxc_cmd_str(req.cmd));
1129 ret = -1;
1130 goto out_close;
1131 }
1132
1133 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1134 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
1135 ERROR("Received command data length %d is too large for "
1136 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1137 errno = EFBIG;
1138 ret = -EFBIG;
1139 goto out_close;
1140 }
1141
1142 if (req.datalen > 0) {
1143 reqdata = must_realloc(NULL, req.datalen);
1144 ret = lxc_recv_nointr(fd, reqdata, req.datalen, 0);
1145 if (ret != req.datalen) {
1146 WARN("Failed to receive full command request. Ignoring "
1147 "request for \"%s\"", lxc_cmd_str(req.cmd));
1148 ret = LXC_MAINLOOP_ERROR;
1149 goto out_close;
1150 }
1151
1152 req.data = reqdata;
1153 }
1154
1155 ret = lxc_cmd_process(fd, &req, handler);
1156 if (ret) {
1157 /* This is not an error, but only a request to close fd. */
1158 ret = LXC_MAINLOOP_CONTINUE;
1159 goto out_close;
1160 }
1161
1162 out:
1163 return ret;
1164
1165 out_close:
1166 lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);
1167 goto out;
1168 }
1169
1170 static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1171 struct lxc_epoll_descr *descr)
1172 {
1173 int connection;
1174 int opt = 1, ret = -1;
1175
1176 connection = accept(fd, NULL, 0);
1177 if (connection < 0) {
1178 SYSERROR("Failed to accept connection to run command");
1179 return LXC_MAINLOOP_ERROR;
1180 }
1181
1182 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1183 if (ret < 0) {
1184 SYSERROR("Failed to set close-on-exec on incoming command connection");
1185 goto out_close;
1186 }
1187
1188 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1189 if (ret < 0) {
1190 SYSERROR("Failed to enable necessary credentials on command socket");
1191 goto out_close;
1192 }
1193
1194 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
1195 if (ret) {
1196 ERROR("Failed to add command handler");
1197 goto out_close;
1198 }
1199
1200 out:
1201 return ret;
1202
1203 out_close:
1204 close(connection);
1205 goto out;
1206 }
1207
1208 int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
1209 {
1210 int fd, ret;
1211 char path[LXC_AUDS_ADDR_LEN] = {0};
1212
1213 ret = lxc_make_abstract_socket_name(path, sizeof(path), name, lxcpath, NULL, suffix);
1214 if (ret < 0)
1215 return -1;
1216 TRACE("Creating abstract unix socket \"%s\"", &path[1]);
1217
1218 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
1219 if (fd < 0) {
1220 SYSERROR("Failed to create command socket %s", &path[1]);
1221 if (errno == EADDRINUSE)
1222 ERROR("Container \"%s\" appears to be already running", name);
1223
1224 return -1;
1225 }
1226
1227 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1228 if (ret < 0) {
1229 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
1230 close(fd);
1231 return -1;
1232 }
1233
1234 return fd;
1235 }
1236
1237 int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
1238 struct lxc_handler *handler)
1239 {
1240 int ret;
1241 int fd = handler->conf->maincmd_fd;
1242
1243 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
1244 if (ret < 0) {
1245 ERROR("Failed to add handler for command socket");
1246 close(fd);
1247 }
1248
1249 return ret;
1250 }
LXC mirror