]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/commands.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
replace all lxc.network* with lxc.net*
[mirror_lxc.git] / src / lxc / commands.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #include <stdio.h>
25 #include <errno.h>
26 #include <unistd.h>
27 #include <signal.h>
28 #include <fcntl.h>
29 #include <poll.h>
30 #include <sys/socket.h>
31 #include <inttypes.h>
32 #include <sys/un.h>
33 #include <sys/param.h>
34 #include <malloc.h>
35 #include <stdlib.h>
36
37 #include "log.h"
38 #include "lxc.h"
39 #include "conf.h"
40 #include "start.h" /* for struct lxc_handler */
41 #include "utils.h"
42 #include "cgroup.h"
43 #include "commands.h"
44 #include "console.h"
45 #include "confile.h"
46 #include "lxclock.h"
47 #include "mainloop.h"
48 #include "monitor.h"
49 #include "af_unix.h"
50 #include "config.h"
51
52 /*
53 * This file provides the different functions for clients to
54 * query/command the server. The client is typically some lxc
55 * tool and the server is typically the container (ie. lxc-start).
56 *
57 * Each command is transactional, the clients send a request to
58 * the server and the server answers the request with a message
59 * giving the request's status (zero or a negative errno value).
60 * Both the request and response may contain additional data.
61 *
62 * Each command is wrapped in a ancillary message in order to pass
63 * a credential making possible to the server to check if the client
64 * is allowed to ask for this command or not.
65 *
66 * IMPORTANTLY: Note that semantics for current commands are fixed. If you
67 * wish to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by
68 * adding information to the end of cmd.data, then you must introduce a new
69 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to
70 * also mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
71 *
72 * This is necessary in order to avoid having a newly compiled lxc command
73 * communicating with a running (old) monitor from crashing the running
74 * container.
75 */
76
77 lxc_log_define(lxc_commands, lxc);
78
79 static int fill_sock_name(char *path, int len, const char *lxcname,
80 const char *lxcpath, const char *hashed_sock_name)
81 {
82 const char *name;
83 char *tmppath;
84 size_t tmplen;
85 uint64_t hash;
86 int ret;
87
88 name = lxcname;
89 if (!name)
90 name = "";
91
92 if (hashed_sock_name != NULL) {
93 ret = snprintf(path, len, "lxc/%s/command", hashed_sock_name);
94 if (ret < 0 || ret >= len) {
95 ERROR("Error writing to command sock path");
96 return -1;
97 }
98 return 0;
99 }
100
101 if (!lxcpath) {
102 lxcpath = lxc_global_config_value("lxc.lxcpath");
103 if (!lxcpath) {
104 ERROR("Out of memory getting lxcpath");
105 return -1;
106 }
107 }
108
109 ret = snprintf(path, len, "%s/%s/command", lxcpath, name);
110 if (ret < 0) {
111 ERROR("Error writing to command sock path");
112 return -1;
113 }
114 if (ret < len)
115 return 0;
116
117 /* ret >= len; lxcpath or name is too long. hash both */
118 tmplen = strlen(name) + strlen(lxcpath) + 2;
119 tmppath = alloca(tmplen);
120 ret = snprintf(tmppath, tmplen, "%s/%s", lxcpath, name);
121 if (ret < 0 || ret >= tmplen) {
122 ERROR("memory error");
123 return -1;
124 }
125 hash = fnv_64a_buf(tmppath, ret, FNV1A_64_INIT);
126 ret = snprintf(path, len, "lxc/%016" PRIx64 "/command", hash);
127 if (ret < 0 || ret >= len) {
128 ERROR("Command socket name too long");
129 return -1;
130 }
131
132 return 0;
133 }
134
135 static const char *lxc_cmd_str(lxc_cmd_t cmd)
136 {
137 static const char * const cmdname[LXC_CMD_MAX] = {
138 [LXC_CMD_CONSOLE] = "console",
139 [LXC_CMD_STOP] = "stop",
140 [LXC_CMD_GET_STATE] = "get_state",
141 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
142 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
143 [LXC_CMD_GET_CGROUP] = "get_cgroup",
144 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
145 [LXC_CMD_GET_NAME] = "get_name",
146 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
147 [LXC_CMD_STATE_SERVER] = "state_server",
148 };
149
150 if (cmd >= LXC_CMD_MAX)
151 return "Unknown cmd";
152 return cmdname[cmd];
153 }
154
155 /*
156 * lxc_cmd_rsp_recv: Receive a response to a command
157 *
158 * @sock : the socket connected to the container
159 * @cmd : command to put response in
160 *
161 * Returns the size of the response message or < 0 on failure
162 *
163 * Note that if the command response datalen > 0, then data is
164 * a malloc()ed buffer and should be free()ed by the caller. If
165 * the response data is <= a void * worth of data, it will be
166 * stored directly in data and datalen will be 0.
167 *
168 * As a special case, the response for LXC_CMD_CONSOLE is created
169 * here as it contains an fd for the master pty passed through the
170 * unix socket.
171 */
172 static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
173 {
174 int ret,rspfd;
175 struct lxc_cmd_rsp *rsp = &cmd->rsp;
176
177 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
178 if (ret < 0) {
179 WARN("Command %s failed to receive response: %s.",
180 lxc_cmd_str(cmd->req.cmd), strerror(errno));
181 return -1;
182 }
183
184 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
185 struct lxc_cmd_console_rsp_data *rspdata;
186
187 /* recv() returns 0 bytes when a tty cannot be allocated,
188 * rsp->ret is < 0 when the peer permission check failed
189 */
190 if (ret == 0 || rsp->ret < 0)
191 return 0;
192
193 rspdata = malloc(sizeof(*rspdata));
194 if (!rspdata) {
195 ERROR("Command %s couldn't allocate response buffer.",
196 lxc_cmd_str(cmd->req.cmd));
197 return -1;
198 }
199 rspdata->masterfd = rspfd;
200 rspdata->ttynum = PTR_TO_INT(rsp->data);
201 rsp->data = rspdata;
202 }
203
204 if (rsp->datalen == 0) {
205 DEBUG("command %s response data length is 0",
206 lxc_cmd_str(cmd->req.cmd));
207 return ret;
208 }
209 if (rsp->datalen > LXC_CMD_DATA_MAX) {
210 ERROR("Command %s response data %d too long.",
211 lxc_cmd_str(cmd->req.cmd), rsp->datalen);
212 errno = EFBIG;
213 return -1;
214 }
215
216 rsp->data = malloc(rsp->datalen);
217 if (!rsp->data) {
218 ERROR("Command %s was unable to allocate response buffer.",
219 lxc_cmd_str(cmd->req.cmd));
220 return -1;
221 }
222 ret = recv(sock, rsp->data, rsp->datalen, 0);
223 if (ret != rsp->datalen) {
224 ERROR("Command %s failed to receive response data: %s.",
225 lxc_cmd_str(cmd->req.cmd), strerror(errno));
226 if (ret >= 0)
227 ret = -1;
228 }
229
230 return ret;
231 }
232
233 /*
234 * lxc_cmd_rsp_send: Send a command response
235 *
236 * @fd : file descriptor of socket to send response on
237 * @rsp : response to send
238 *
239 * Returns 0 on success, < 0 on failure
240 */
241 static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
242 {
243 int ret;
244
245 ret = send(fd, rsp, sizeof(*rsp), 0);
246 if (ret != sizeof(*rsp)) {
247 ERROR("Failed to send command response %d: %s.", ret,
248 strerror(errno));
249 return -1;
250 }
251
252 if (rsp->datalen > 0) {
253 ret = send(fd, rsp->data, rsp->datalen, 0);
254 if (ret != rsp->datalen) {
255 WARN("Failed to send command response data %d: %s.",
256 ret, strerror(errno));
257 return -1;
258 }
259 }
260 return 0;
261 }
262
263 /*
264 * lxc_cmd: Connect to the specified running container, send it a command
265 * request and collect the response
266 *
267 * @name : name of container to connect to
268 * @cmd : command with initialized reqest to send
269 * @stopped : output indicator if the container was not running
270 * @lxcpath : the lxcpath in which the container is running
271 *
272 * Returns the size of the response message on success, < 0 on failure
273 *
274 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
275 * the fd cannot be closed because it is used as a placeholder to indicate
276 * that a particular tty slot is in use. The fd is also used as a signal to
277 * the container that when the caller dies or closes the fd, the container
278 * will notice the fd on its side of the socket in its mainloop select and
279 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
280 * returned in the cmd response structure.
281 */
282 static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
283 const char *lxcpath, const char *hashed_sock_name)
284 {
285 int sock, ret = -1;
286 char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = { 0 };
287 char *offset = &path[1];
288 size_t len;
289 bool stay_connected = false;
290
291 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
292 cmd->req.cmd == LXC_CMD_STATE_SERVER)
293 stay_connected = true;
294
295 *stopped = 0;
296
297 /* -2 here because this is an abstract unix socket so it needs a
298 * leading \0, and we null terminate, so it needs a trailing \0.
299 * Although null termination isn't required by the API, we do it anyway
300 * because we print the sockname out sometimes.
301 */
302 len = sizeof(path)-2;
303 if (fill_sock_name(offset, len, name, lxcpath, hashed_sock_name))
304 return -1;
305
306 sock = lxc_abstract_unix_connect(path);
307 TRACE("command %s tries to connect to \"@%s\"",
308 lxc_cmd_str(cmd->req.cmd), offset);
309 if (sock < 0) {
310 if (errno == ECONNREFUSED) {
311 TRACE("command %s failed to connect to \"@%s\": %s",
312 lxc_cmd_str(cmd->req.cmd), offset,
313 strerror(errno));
314 *stopped = 1;
315 } else {
316 SYSERROR("command %s failed to connect to \"@%s\": %s",
317 lxc_cmd_str(cmd->req.cmd), offset,
318 strerror(errno));
319 }
320
321 return -1;
322 }
323
324 ret = lxc_abstract_unix_send_credential(sock, &cmd->req, sizeof(cmd->req));
325 if (ret != sizeof(cmd->req)) {
326 if (errno == EPIPE)
327 goto epipe;
328 SYSERROR("Command %s failed to send req to \"@%s\" %d.",
329 lxc_cmd_str(cmd->req.cmd), offset, ret);
330 if (ret >=0)
331 ret = -1;
332 goto out;
333 }
334
335 if (cmd->req.datalen > 0) {
336 ret = send(sock, cmd->req.data, cmd->req.datalen, MSG_NOSIGNAL);
337 if (ret != cmd->req.datalen) {
338 if (errno == EPIPE)
339 goto epipe;
340 SYSERROR("Command %s failed to send request data to \"@%s\" %d.",
341 lxc_cmd_str(cmd->req.cmd), offset, ret);
342 if (ret >=0)
343 ret = -1;
344 goto out;
345 }
346 }
347
348 ret = lxc_cmd_rsp_recv(sock, cmd);
349 out:
350 if (!stay_connected || ret <= 0)
351 close(sock);
352 if (stay_connected && ret > 0)
353 cmd->rsp.ret = sock;
354
355 return ret;
356
357 epipe:
358 close(sock);
359 *stopped = 1;
360 return 0;
361 }
362
363 int lxc_try_cmd(const char *name, const char *lxcpath)
364 {
365 int stopped, ret;
366 struct lxc_cmd_rr cmd = {
367 .req = { .cmd = LXC_CMD_GET_INIT_PID },
368 };
369
370 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
371
372 if (stopped)
373 return 0;
374 if (ret > 0 && cmd.rsp.ret < 0) {
375 errno = cmd.rsp.ret;
376 return -1;
377 }
378 if (ret > 0)
379 return 0;
380
381 /*
382 * At this point we weren't denied access, and the
383 * container *was* started. There was some inexplicable
384 * error in the protocol.
385 * I'm not clear on whether we should return -1 here, but
386 * we didn't receive a -EACCES, so technically it's not that
387 * we're not allowed to control the container - it's just not
388 * behaving.
389 */
390 return 0;
391 }
392
393 /* Implentations of the commands and their callbacks */
394
395 /*
396 * lxc_cmd_get_init_pid: Get pid of the container's init process
397 *
398 * @name : name of container to connect to
399 * @lxcpath : the lxcpath in which the container is running
400 *
401 * Returns the pid on success, < 0 on failure
402 */
403 pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
404 {
405 int ret, stopped;
406 struct lxc_cmd_rr cmd = {
407 .req = { .cmd = LXC_CMD_GET_INIT_PID },
408 };
409
410 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
411 if (ret < 0)
412 return ret;
413
414 return PTR_TO_INT(cmd.rsp.data);
415 }
416
417 static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
418 struct lxc_handler *handler)
419 {
420 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->pid) };
421
422 return lxc_cmd_rsp_send(fd, &rsp);
423 }
424
425 /*
426 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
427 *
428 * @name : name of container to connect to
429 * @lxcpath : the lxcpath in which the container is running
430 *
431 * Returns the clone flags on success, < 0 on failure
432 */
433 int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
434 {
435 int ret, stopped;
436 struct lxc_cmd_rr cmd = {
437 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
438 };
439
440 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
441 if (ret < 0)
442 return ret;
443
444 return PTR_TO_INT(cmd.rsp.data);
445 }
446
447 static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
448 struct lxc_handler *handler)
449 {
450 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->clone_flags) };
451
452 return lxc_cmd_rsp_send(fd, &rsp);
453 }
454
455 /*
456 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
457 * particular subsystem. This is the cgroup path relative to the root
458 * of the cgroup filesystem.
459 *
460 * @name : name of container to connect to
461 * @lxcpath : the lxcpath in which the container is running
462 * @subsystem : the subsystem being asked about
463 *
464 * Returns the path on success, NULL on failure. The caller must free() the
465 * returned path.
466 */
467 char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
468 const char *subsystem)
469 {
470 int ret, stopped;
471 struct lxc_cmd_rr cmd = {
472 .req = {
473 .cmd = LXC_CMD_GET_CGROUP,
474 .datalen = strlen(subsystem)+1,
475 .data = subsystem,
476 },
477 };
478
479 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
480 if (ret < 0) {
481 TRACE("command %s failed for container \"%s\": %s.",
482 lxc_cmd_str(cmd.req.cmd), name, strerror(errno));
483 return NULL;
484 }
485
486 if (!ret) {
487 WARN("container \"%s\" has stopped before sending its state", name);
488 return NULL;
489 }
490
491 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0) {
492 ERROR("command %s failed for container \"%s\": %s",
493 lxc_cmd_str(cmd.req.cmd), name, strerror(-cmd.rsp.ret));
494 return NULL;
495 }
496
497 TRACE("command %s successful for container \"%s\"",
498 lxc_cmd_str(cmd.req.cmd), name);
499
500 return cmd.rsp.data;
501 }
502
503 static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
504 struct lxc_handler *handler)
505 {
506 struct lxc_cmd_rsp rsp;
507 const char *path;
508
509 if (req->datalen < 1)
510 return -1;
511
512 path = cgroup_get_cgroup(handler, req->data);
513 if (!path)
514 return -1;
515 rsp.datalen = strlen(path) + 1,
516 rsp.data = (char *)path;
517 rsp.ret = 0;
518
519 return lxc_cmd_rsp_send(fd, &rsp);
520 }
521
522 /*
523 * lxc_cmd_get_config_item: Get config item the running container
524 *
525 * @name : name of container to connect to
526 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
527 * @lxcpath : the lxcpath in which the container is running
528 *
529 * Returns the item on success, NULL on failure. The caller must free() the
530 * returned item.
531 */
532 char *lxc_cmd_get_config_item(const char *name, const char *item,
533 const char *lxcpath)
534 {
535 int ret, stopped;
536 struct lxc_cmd_rr cmd = {
537 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
538 .data = item,
539 .datalen = strlen(item)+1,
540 },
541 };
542
543 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
544 if (ret < 0)
545 return NULL;
546
547 if (cmd.rsp.ret == 0)
548 return cmd.rsp.data;
549 return NULL;
550 }
551
552 static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
553 struct lxc_handler *handler)
554 {
555 int cilen;
556 struct lxc_cmd_rsp rsp;
557 char *cidata;
558 struct lxc_config_t *item;
559
560 memset(&rsp, 0, sizeof(rsp));
561 item = lxc_getconfig(req->data);
562 if (!item)
563 goto err1;
564 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
565 if (cilen <= 0)
566 goto err1;
567
568 cidata = alloca(cilen + 1);
569 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
570 goto err1;
571 cidata[cilen] = '\0';
572 rsp.data = cidata;
573 rsp.datalen = cilen + 1;
574 rsp.ret = 0;
575 goto out;
576
577 err1:
578 rsp.ret = -1;
579 out:
580 return lxc_cmd_rsp_send(fd, &rsp);
581 }
582
583 /*
584 * lxc_cmd_get_state: Get current state of the container
585 *
586 * @name : name of container to connect to
587 * @lxcpath : the lxcpath in which the container is running
588 *
589 * Returns the state on success, < 0 on failure
590 */
591 int lxc_cmd_get_state(const char *name, const char *lxcpath)
592 {
593 int ret, stopped;
594 struct lxc_cmd_rr cmd = {
595 .req = { .cmd = LXC_CMD_GET_STATE }
596 };
597
598 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
599 if (ret < 0 && stopped)
600 return STOPPED;
601
602 if (ret < 0)
603 return -1;
604
605 if (!ret) {
606 WARN("Container \"%s\" has stopped before sending its state.", name);
607 return -1;
608 }
609
610 DEBUG("Container \"%s\" is in \"%s\" state.", name,
611 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
612 return PTR_TO_INT(cmd.rsp.data);
613 }
614
615 static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
616 struct lxc_handler *handler)
617 {
618 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
619
620 return lxc_cmd_rsp_send(fd, &rsp);
621 }
622
623 /*
624 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
625 * the processes running inside this container will be killed.
626 *
627 * @name : name of container to connect to
628 * @lxcpath : the lxcpath in which the container is running
629 *
630 * Returns 0 on success, < 0 on failure
631 */
632 int lxc_cmd_stop(const char *name, const char *lxcpath)
633 {
634 int ret, stopped;
635 struct lxc_cmd_rr cmd = {
636 .req = { .cmd = LXC_CMD_STOP },
637 };
638
639 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
640 if (ret < 0) {
641 if (stopped) {
642 INFO("Container \"%s\" is already stopped.", name);
643 return 0;
644 }
645 return -1;
646 }
647
648 /* we do not expect any answer, because we wait for the connection to be
649 * closed
650 */
651 if (ret > 0) {
652 ERROR("Failed to stop container \"%s\": %s.", name,
653 strerror(-cmd.rsp.ret));
654 return -1;
655 }
656
657 INFO("Container \"%s\" has stopped.", name);
658 return 0;
659 }
660
661 static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
662 struct lxc_handler *handler)
663 {
664 struct lxc_cmd_rsp rsp;
665 int stopsignal = SIGKILL;
666
667 if (handler->conf->stopsignal)
668 stopsignal = handler->conf->stopsignal;
669 memset(&rsp, 0, sizeof(rsp));
670 rsp.ret = kill(handler->pid, stopsignal);
671 if (!rsp.ret) {
672 /* we can't just use lxc_unfreeze() since we are already in the
673 * context of handling the STOP cmd in lxc-start, and calling
674 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
675 * deadlock us
676 */
677 if (cgroup_unfreeze(handler))
678 return 0;
679 ERROR("Failed to unfreeze container \"%s\".", handler->name);
680 rsp.ret = -1;
681 }
682
683 return lxc_cmd_rsp_send(fd, &rsp);
684 }
685
686 /*
687 * lxc_cmd_console_winch: To process as if a SIGWINCH were received
688 *
689 * @name : name of container to connect to
690 * @lxcpath : the lxcpath in which the container is running
691 *
692 * Returns 0 on success, < 0 on failure
693 */
694 int lxc_cmd_console_winch(const char *name, const char *lxcpath)
695 {
696 int ret, stopped;
697 struct lxc_cmd_rr cmd = {
698 .req = { .cmd = LXC_CMD_CONSOLE_WINCH },
699 };
700
701 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
702 if (ret < 0)
703 return ret;
704
705 return 0;
706 }
707
708 static int lxc_cmd_console_winch_callback(int fd, struct lxc_cmd_req *req,
709 struct lxc_handler *handler)
710 {
711 struct lxc_cmd_rsp rsp = { .data = 0 };
712
713 lxc_console_sigwinch(SIGWINCH);
714 return lxc_cmd_rsp_send(fd, &rsp);
715 }
716
717 /*
718 * lxc_cmd_console: Open an fd to a tty in the container
719 *
720 * @name : name of container to connect to
721 * @ttynum : in: the tty to open or -1 for next available
722 * : out: the tty allocated
723 * @fd : out: file descriptor for master side of pty
724 * @lxcpath : the lxcpath in which the container is running
725 *
726 * Returns fd holding tty allocated on success, < 0 on failure
727 */
728 int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
729 {
730 int ret, stopped;
731 struct lxc_cmd_console_rsp_data *rspdata;
732 struct lxc_cmd_rr cmd = {
733 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
734 };
735
736 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
737 if (ret < 0)
738 return ret;
739
740 if (cmd.rsp.ret < 0) {
741 ERROR("Console access denied: %s.", strerror(-cmd.rsp.ret));
742 ret = -1;
743 goto out;
744 }
745
746 if (ret == 0) {
747 ERROR("Console %d invalid, busy or all consoles busy.", *ttynum);
748 ret = -1;
749 goto out;
750 }
751
752 rspdata = cmd.rsp.data;
753 if (rspdata->masterfd < 0) {
754 ERROR("Unable to allocate fd for tty %d.", rspdata->ttynum);
755 goto out;
756 }
757
758 ret = cmd.rsp.ret; /* sock fd */
759 *fd = rspdata->masterfd;
760 *ttynum = rspdata->ttynum;
761 INFO("tty %d allocated fd %d sock %d.", rspdata->ttynum, *fd, ret);
762 out:
763 free(cmd.rsp.data);
764 return ret;
765 }
766
767 static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
768 struct lxc_handler *handler)
769 {
770 int ttynum = PTR_TO_INT(req->data);
771 int masterfd;
772 struct lxc_cmd_rsp rsp;
773
774 masterfd = lxc_console_allocate(handler->conf, fd, &ttynum);
775 if (masterfd < 0)
776 goto out_close;
777
778 memset(&rsp, 0, sizeof(rsp));
779 rsp.data = INT_TO_PTR(ttynum);
780 if (lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp)) < 0) {
781 ERROR("Failed to send tty to client.");
782 lxc_console_free(handler->conf, fd);
783 goto out_close;
784 }
785
786 return 0;
787
788 out_close:
789 /* special indicator to lxc_cmd_handler() to close the fd and do
790 * related cleanup
791 */
792 return 1;
793 }
794
795 /*
796 * lxc_cmd_get_name: Returns the name of the container
797 *
798 * @hashed_sock_name: hashed socket name
799 *
800 * Returns the name on success, NULL on failure.
801 */
802 char *lxc_cmd_get_name(const char *hashed_sock_name)
803 {
804 int ret, stopped;
805 struct lxc_cmd_rr cmd = {
806 .req = { .cmd = LXC_CMD_GET_NAME},
807 };
808
809 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
810 if (ret < 0) {
811 return NULL;
812 }
813
814 if (cmd.rsp.ret == 0)
815 return cmd.rsp.data;
816 return NULL;
817 }
818
819 static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
820 struct lxc_handler *handler)
821 {
822 struct lxc_cmd_rsp rsp;
823
824 memset(&rsp, 0, sizeof(rsp));
825
826 rsp.data = handler->name;
827 rsp.datalen = strlen(handler->name) + 1;
828 rsp.ret = 0;
829
830 return lxc_cmd_rsp_send(fd, &rsp);
831 }
832
833 /*
834 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
835 *
836 * @hashed_sock_name: hashed socket name
837 *
838 * Returns the lxcpath on success, NULL on failure.
839 */
840 char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
841 {
842 int ret, stopped;
843 struct lxc_cmd_rr cmd = {
844 .req = { .cmd = LXC_CMD_GET_LXCPATH},
845 };
846
847 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
848 if (ret < 0) {
849 return NULL;
850 }
851
852 if (cmd.rsp.ret == 0)
853 return cmd.rsp.data;
854 return NULL;
855 }
856
857 static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
858 struct lxc_handler *handler)
859 {
860 struct lxc_cmd_rsp rsp;
861
862 memset(&rsp, 0, sizeof(rsp));
863
864 rsp.data = (char *)handler->lxcpath;
865 rsp.datalen = strlen(handler->lxcpath) + 1;
866 rsp.ret = 0;
867
868 return lxc_cmd_rsp_send(fd, &rsp);
869 }
870
871 /*
872 * lxc_cmd_state_server: register a client fd in the handler list
873 *
874 * @name : name of container to connect to
875 * @lxcpath : the lxcpath in which the container is running
876 *
877 * Returns the lxcpath on success, NULL on failure.
878 */
879 int lxc_cmd_state_server(const char *name, const char *lxcpath,
880 lxc_state_t states[MAX_STATE])
881 {
882 int stopped;
883 ssize_t ret;
884 int state = -1;
885 struct lxc_msg msg = {0};
886 struct lxc_cmd_rr cmd = {
887 .req = {
888 .cmd = LXC_CMD_STATE_SERVER,
889 .data = states,
890 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
891 },
892 };
893
894 /* Lock the whole lxc_cmd_state_server_callback() call to ensure that
895 * lxc_set_state() doesn't cause us to miss a state.
896 */
897 process_lock();
898 /* Check if already in requested state. */
899 state = lxc_getstate(name, lxcpath);
900 if (state < 0) {
901 process_unlock();
902 TRACE("failed to retrieve state of container: %s",
903 strerror(errno));
904 return -1;
905 } else if (states[state]) {
906 process_unlock();
907 TRACE("container is %s state", lxc_state2str(state));
908 return state;
909 }
910
911 if ((state == STARTING) && !states[RUNNING] && !states[STOPPING] && !states[STOPPED]) {
912 process_unlock();
913 TRACE("container is in %s state and caller requested to be "
914 "informed about a previous state",
915 lxc_state2str(state));
916 return state;
917 } else if ((state == RUNNING) && !states[STOPPING] && !states[STOPPED]) {
918 process_unlock();
919 TRACE("container is in %s state and caller requested to be "
920 "informed about a previous state",
921 lxc_state2str(state));
922 return state;
923 } else if ((state == STOPPING) && !states[STOPPED]) {
924 process_unlock();
925 TRACE("container is in %s state and caller requested to be "
926 "informed about a previous state",
927 lxc_state2str(state));
928 return state;
929 } else if ((state == STOPPED) || (state == ABORTING)) {
930 process_unlock();
931 TRACE("container is in %s state and caller requested to be "
932 "informed about a previous state",
933 lxc_state2str(state));
934 return state;
935 }
936
937 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
938 process_unlock();
939 if (ret < 0) {
940 ERROR("failed to execute command: %s", strerror(errno));
941 return -1;
942 }
943 /* We should now be guaranteed to get an answer from the state sending
944 * function.
945 */
946
947 if (cmd.rsp.ret < 0) {
948 ERROR("failed to receive socket fd");
949 return -1;
950 }
951
952 again:
953 ret = recv(cmd.rsp.ret, &msg, sizeof(msg), 0);
954 if (ret < 0) {
955 if (errno == EINTR)
956 goto again;
957
958 ERROR("failed to receive message: %s", strerror(errno));
959 return -1;
960 }
961 if (ret == 0) {
962 ERROR("length of message was 0");
963 return -1;
964 }
965
966 TRACE("received state %s from state client %d",
967 lxc_state2str(msg.value), cmd.rsp.ret);
968 return msg.value;
969 }
970
971 static int lxc_cmd_state_server_callback(int fd, struct lxc_cmd_req *req,
972 struct lxc_handler *handler)
973 {
974 struct lxc_cmd_rsp rsp = {0};
975 struct state_client *newclient;
976 struct lxc_list *tmplist;
977
978 if (req->datalen < 0) {
979 TRACE("requested datalen was < 0");
980 return -1;
981 }
982
983 if (!req->data) {
984 TRACE("no states requested");
985 return -1;
986 }
987
988 newclient = malloc(sizeof(*newclient));
989 if (!newclient)
990 return -1;
991
992 /* copy requested states */
993 memcpy(newclient->states, req->data, sizeof(newclient->states));
994 newclient->clientfd = fd;
995
996 tmplist = malloc(sizeof(*tmplist));
997 if (!tmplist) {
998 free(newclient);
999 return -1;
1000 }
1001
1002 lxc_list_add_elem(tmplist, newclient);
1003 lxc_list_add_tail(&handler->state_clients, tmplist);
1004
1005 TRACE("added state client %d to state client list", fd);
1006
1007 return lxc_cmd_rsp_send(fd, &rsp);
1008 }
1009
1010 static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
1011 struct lxc_handler *handler)
1012 {
1013 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1014
1015 callback cb[LXC_CMD_MAX] = {
1016 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
1017 [LXC_CMD_CONSOLE_WINCH] = lxc_cmd_console_winch_callback,
1018 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1019 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1020 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1021 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1022 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1023 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1024 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1025 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1026 [LXC_CMD_STATE_SERVER] = lxc_cmd_state_server_callback,
1027 };
1028
1029 if (req->cmd >= LXC_CMD_MAX) {
1030 ERROR("Undefined command id %d received.", req->cmd);
1031 return -1;
1032 }
1033 return cb[req->cmd](fd, req, handler);
1034 }
1035
1036 static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
1037 struct lxc_epoll_descr *descr)
1038 {
1039 lxc_console_free(handler->conf, fd);
1040 lxc_mainloop_del_handler(descr, fd);
1041 close(fd);
1042 }
1043
1044 static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1045 struct lxc_epoll_descr *descr)
1046 {
1047 int ret;
1048 struct lxc_cmd_req req;
1049 struct lxc_handler *handler = data;
1050
1051 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
1052 if (ret == -EACCES) {
1053 /* we don't care for the peer, just send and close */
1054 struct lxc_cmd_rsp rsp = { .ret = ret };
1055
1056 lxc_cmd_rsp_send(fd, &rsp);
1057 goto out_close;
1058 }
1059
1060 if (ret < 0) {
1061 SYSERROR("Failed to receive data on command socket.");
1062 goto out_close;
1063 }
1064
1065 if (!ret) {
1066 DEBUG("Peer has disconnected.");
1067 goto out_close;
1068 }
1069
1070 if (ret != sizeof(req)) {
1071 WARN("Failed to receive full command request. Ignoring request.");
1072 ret = -1;
1073 goto out_close;
1074 }
1075
1076 if (req.datalen > LXC_CMD_DATA_MAX) {
1077 ERROR("Received command data length %d is too large.", req.datalen);
1078 ret = -1;
1079 goto out_close;
1080 }
1081
1082 if (req.datalen > 0) {
1083 void *reqdata;
1084
1085 reqdata = alloca(req.datalen);
1086 ret = recv(fd, reqdata, req.datalen, 0);
1087 if (ret != req.datalen) {
1088 WARN("Failed to receive full command request. Ignoring request.");
1089 ret = -1;
1090 goto out_close;
1091 }
1092 req.data = reqdata;
1093 }
1094
1095 ret = lxc_cmd_process(fd, &req, handler);
1096 if (ret) {
1097 /* this is not an error, but only a request to close fd */
1098 ret = 0;
1099 goto out_close;
1100 }
1101
1102 out:
1103 return ret;
1104 out_close:
1105 lxc_cmd_fd_cleanup(fd, handler, descr);
1106 goto out;
1107 }
1108
1109 static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1110 struct lxc_epoll_descr *descr)
1111 {
1112 int opt = 1, ret = -1, connection;
1113
1114 connection = accept(fd, NULL, 0);
1115 if (connection < 0) {
1116 SYSERROR("Failed to accept connection to run command.");
1117 return -1;
1118 }
1119
1120 if (fcntl(connection, F_SETFD, FD_CLOEXEC)) {
1121 SYSERROR("Failed to set close-on-exec on incoming command connection.");
1122 goto out_close;
1123 }
1124
1125 if (setsockopt(connection, SOL_SOCKET,
1126 SO_PASSCRED, &opt, sizeof(opt))) {
1127 SYSERROR("Failed to enable necessary credentials on command socket.");
1128 goto out_close;
1129 }
1130
1131 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
1132 if (ret) {
1133 ERROR("Failed to add command handler.");
1134 goto out_close;
1135 }
1136
1137 out:
1138 return ret;
1139
1140 out_close:
1141 close(connection);
1142 goto out;
1143 }
1144
1145 int lxc_cmd_init(const char *name, struct lxc_handler *handler,
1146 const char *lxcpath)
1147 {
1148 int fd;
1149 char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = { 0 };
1150 char *offset = &path[1];
1151 int len;
1152
1153 /* -2 here because this is an abstract unix socket so it needs a
1154 * leading \0, and we null terminate, so it needs a trailing \0.
1155 * Although null termination isn't required by the API, we do it anyway
1156 * because we print the sockname out sometimes.
1157 */
1158 len = sizeof(path) - 2;
1159 if (fill_sock_name(offset, len, name, lxcpath, NULL))
1160 return -1;
1161
1162 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
1163 if (fd < 0) {
1164 ERROR("Failed to create the command service point %s: %s.",
1165 offset, strerror(errno));
1166 if (errno == EADDRINUSE)
1167 ERROR("Container \"%s\" appears to be already running!", name);
1168 return -1;
1169 }
1170
1171 if (fcntl(fd, F_SETFD, FD_CLOEXEC)) {
1172 SYSERROR("Failed to set FD_CLOEXEC on signal file descriptor.");
1173 close(fd);
1174 return -1;
1175 }
1176
1177 handler->conf->maincmd_fd = fd;
1178 return 0;
1179 }
1180
1181 int lxc_cmd_mainloop_add(const char *name,
1182 struct lxc_epoll_descr *descr,
1183 struct lxc_handler *handler)
1184 {
1185 int ret, fd = handler->conf->maincmd_fd;
1186
1187 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
1188 if (ret) {
1189 ERROR("Failed to add handler for command socket.");
1190 close(fd);
1191 }
1192
1193 return ret;
1194 }
LXC mirror