]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/commands.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
commands: cleanup macros lxc_cmd_init()
[mirror_lxc.git] / src / lxc / commands.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #ifndef _GNU_SOURCE
25 #define _GNU_SOURCE 1
26 #endif
27 #include <caps.h>
28 #include <errno.h>
29 #include <fcntl.h>
30 #include <malloc.h>
31 #include <poll.h>
32 #include <signal.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/un.h>
38 #include <unistd.h>
39
40 #include "af_unix.h"
41 #include "cgroup.h"
42 #include "commands.h"
43 #include "commands_utils.h"
44 #include "conf.h"
45 #include "config.h"
46 #include "confile.h"
47 #include "log.h"
48 #include "lxc.h"
49 #include "lxclock.h"
50 #include "mainloop.h"
51 #include "memory_utils.h"
52 #include "monitor.h"
53 #include "start.h"
54 #include "terminal.h"
55 #include "utils.h"
56
57 /*
58 * This file provides the different functions for clients to query/command the
59 * server. The client is typically some lxc tool and the server is typically the
60 * container (ie. lxc-start).
61 *
62 * Each command is transactional, the clients send a request to the server and
63 * the server answers the request with a message giving the request's status
64 * (zero or a negative errno value). Both the request and response may contain
65 * additional data.
66 *
67 * Each command is wrapped in a ancillary message in order to pass a credential
68 * making possible to the server to check if the client is allowed to ask for
69 * this command or not.
70 *
71 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
72 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
73 * information to the end of cmd.data, then you must introduce a new
74 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
75 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
76 *
77 * This is necessary in order to avoid having a newly compiled lxc command
78 * communicating with a running (old) monitor from crashing the running
79 * container.
80 */
81
82 lxc_log_define(commands, lxc);
83
84 static const char *lxc_cmd_str(lxc_cmd_t cmd)
85 {
86 static const char *const cmdname[LXC_CMD_MAX] = {
87 [LXC_CMD_CONSOLE] = "console",
88 [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
89 [LXC_CMD_STOP] = "stop",
90 [LXC_CMD_GET_STATE] = "get_state",
91 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
92 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
93 [LXC_CMD_GET_CGROUP] = "get_cgroup",
94 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
95 [LXC_CMD_GET_NAME] = "get_name",
96 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
97 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
98 [LXC_CMD_CONSOLE_LOG] = "console_log",
99 [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
100 };
101
102 if (cmd >= LXC_CMD_MAX)
103 return "Invalid request";
104
105 return cmdname[cmd];
106 }
107
108 /*
109 * lxc_cmd_rsp_recv: Receive a response to a command
110 *
111 * @sock : the socket connected to the container
112 * @cmd : command to put response in
113 *
114 * Returns the size of the response message or < 0 on failure
115 *
116 * Note that if the command response datalen > 0, then data is
117 * a malloc()ed buffer and should be free()ed by the caller. If
118 * the response data is <= a void * worth of data, it will be
119 * stored directly in data and datalen will be 0.
120 *
121 * As a special case, the response for LXC_CMD_CONSOLE is created
122 * here as it contains an fd for the master pty passed through the
123 * unix socket.
124 */
125 static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
126 {
127 int ret, rspfd;
128 struct lxc_cmd_rsp *rsp = &cmd->rsp;
129
130 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
131 if (ret < 0) {
132 SYSWARN("Failed to receive response for command \"%s\"",
133 lxc_cmd_str(cmd->req.cmd));
134
135 if (errno == ECONNRESET)
136 return -1;
137
138 return -1;
139 }
140 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
141
142 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
143 struct lxc_cmd_console_rsp_data *rspdata;
144
145 /* recv() returns 0 bytes when a tty cannot be allocated,
146 * rsp->ret is < 0 when the peer permission check failed
147 */
148 if (ret == 0 || rsp->ret < 0)
149 return 0;
150
151 rspdata = malloc(sizeof(*rspdata));
152 if (!rspdata) {
153 errno = ENOMEM;
154 ERROR("Failed to allocate response buffer for command \"%s\"",
155 lxc_cmd_str(cmd->req.cmd));
156 return -1;
157 }
158
159 rspdata->masterfd = rspfd;
160 rspdata->ttynum = PTR_TO_INT(rsp->data);
161 rsp->data = rspdata;
162 }
163
164 if (rsp->datalen == 0) {
165 DEBUG("Response data length for command \"%s\" is 0",
166 lxc_cmd_str(cmd->req.cmd));
167 return ret;
168 }
169
170 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
171 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
172 ERROR("Response data for command \"%s\" is too long: %d bytes > %d",
173 lxc_cmd_str(cmd->req.cmd), rsp->datalen, LXC_CMD_DATA_MAX);
174 return -1;
175 }
176
177 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
178 rsp->data = malloc(rsp->datalen + 1);
179 ((char *)rsp->data)[rsp->datalen] = '\0';
180 } else {
181 rsp->data = malloc(rsp->datalen);
182 }
183 if (!rsp->data) {
184 errno = ENOMEM;
185 ERROR("Failed to allocate response buffer for command \"%s\"",
186 lxc_cmd_str(cmd->req.cmd));
187 return -1;
188 }
189
190 ret = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
191 if (ret != rsp->datalen) {
192 SYSERROR("Failed to receive response data for command \"%s\"",
193 lxc_cmd_str(cmd->req.cmd));
194 return -1;
195 }
196
197 return ret;
198 }
199
200 /*
201 * lxc_cmd_rsp_send: Send a command response
202 *
203 * @fd : file descriptor of socket to send response on
204 * @rsp : response to send
205 *
206 * Returns 0 on success, < 0 on failure
207 */
208 static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
209 {
210 ssize_t ret;
211
212 errno = EMSGSIZE;
213 ret = lxc_send_nointr(fd, rsp, sizeof(*rsp), MSG_NOSIGNAL);
214 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
215 SYSERROR("Failed to send command response %zd", ret);
216 return -1;
217 }
218
219 if (!rsp->data || rsp->datalen <= 0)
220 return 0;
221
222 errno = EMSGSIZE;
223 ret = lxc_send_nointr(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
224 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
225 SYSWARN("Failed to send command response data %zd", ret);
226 return -1;
227 }
228
229 return 0;
230 }
231
232 static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
233 const char *lxcpath, const char *hashed_sock_name)
234 {
235 __do_close_prot_errno int client_fd = -EBADF;
236 ssize_t ret = -1;
237
238 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
239 if (client_fd < 0)
240 return -1;
241
242 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
243 sizeof(cmd->req));
244 if (ret < 0 || (size_t)ret != sizeof(cmd->req))
245 return -1;
246
247 if (cmd->req.datalen <= 0)
248 return steal_fd(client_fd);
249
250 errno = EMSGSIZE;
251 ret = lxc_send_nointr(client_fd, (void *)cmd->req.data,
252 cmd->req.datalen, MSG_NOSIGNAL);
253 if (ret < 0 || ret != (ssize_t)cmd->req.datalen)
254 return -1;
255
256 return steal_fd(client_fd);
257 }
258
259 /*
260 * lxc_cmd: Connect to the specified running container, send it a command
261 * request and collect the response
262 *
263 * @name : name of container to connect to
264 * @cmd : command with initialized request to send
265 * @stopped : output indicator if the container was not running
266 * @lxcpath : the lxcpath in which the container is running
267 *
268 * Returns the size of the response message on success, < 0 on failure
269 *
270 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
271 * the fd cannot be closed because it is used as a placeholder to indicate
272 * that a particular tty slot is in use. The fd is also used as a signal to
273 * the container that when the caller dies or closes the fd, the container
274 * will notice the fd on its side of the socket in its mainloop select and
275 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
276 * returned in the cmd response structure.
277 */
278 static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
279 const char *lxcpath, const char *hashed_sock_name)
280 {
281 __do_close_prot_errno int client_fd = -EBADF;
282 int ret = -1;
283 bool stay_connected = false;
284
285 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
286 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
287 stay_connected = true;
288
289 *stopped = 0;
290
291 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
292 if (client_fd < 0) {
293 SYSTRACE("Command \"%s\" failed to connect command socket",
294 lxc_cmd_str(cmd->req.cmd));
295
296 if (errno == ECONNREFUSED || errno == EPIPE)
297 *stopped = 1;
298
299 return -1;
300 }
301
302 ret = lxc_cmd_rsp_recv(client_fd, cmd);
303 if (ret < 0 && errno == ECONNRESET)
304 *stopped = 1;
305
306 if (stay_connected && ret > 0)
307 cmd->rsp.ret = steal_fd(client_fd);
308
309 return ret;
310 }
311
312 int lxc_try_cmd(const char *name, const char *lxcpath)
313 {
314 int stopped, ret;
315 struct lxc_cmd_rr cmd = {
316 .req = { .cmd = LXC_CMD_GET_INIT_PID },
317 };
318
319 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
320 if (stopped)
321 return 0;
322 if (ret > 0 && cmd.rsp.ret < 0) {
323 errno = cmd.rsp.ret;
324 return -1;
325 }
326 if (ret > 0)
327 return 0;
328
329 /* At this point we weren't denied access, and the container *was*
330 * started. There was some inexplicable error in the protocol. I'm not
331 * clear on whether we should return -1 here, but we didn't receive a
332 * -EACCES, so technically it's not that we're not allowed to control
333 * the container - it's just not behaving.
334 */
335 return 0;
336 }
337
338 /* Implementations of the commands and their callbacks */
339
340 /*
341 * lxc_cmd_get_init_pid: Get pid of the container's init process
342 *
343 * @name : name of container to connect to
344 * @lxcpath : the lxcpath in which the container is running
345 *
346 * Returns the pid on success, < 0 on failure
347 */
348 pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
349 {
350 int ret, stopped;
351 intmax_t pid;
352 struct lxc_cmd_rr cmd = {
353 .req = {
354 .cmd = LXC_CMD_GET_INIT_PID
355 },
356 .rsp = {
357 .data = INTMAX_TO_PTR((intmax_t){-1})
358 }
359 };
360
361 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
362 if (ret < 0)
363 return -1;
364
365 pid = PTR_TO_INTMAX(cmd.rsp.data);
366 if (pid < 0)
367 return -1;
368
369 /* We need to assume that pid_t can actually hold any pid given to us
370 * by the kernel. If it can't it's a libc bug.
371 */
372 return (pid_t)pid;
373 }
374
375 static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
376 struct lxc_handler *handler)
377 {
378 intmax_t pid = handler->pid;
379
380 struct lxc_cmd_rsp rsp = {
381 .data = INTMAX_TO_PTR(pid)
382 };
383
384 return lxc_cmd_rsp_send(fd, &rsp);
385 }
386
387 /*
388 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
389 *
390 * @name : name of container to connect to
391 * @lxcpath : the lxcpath in which the container is running
392 *
393 * Returns the clone flags on success, < 0 on failure
394 */
395 int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
396 {
397 int ret, stopped;
398 struct lxc_cmd_rr cmd = {
399 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
400 };
401
402 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
403 if (ret < 0)
404 return ret;
405
406 return PTR_TO_INT(cmd.rsp.data);
407 }
408
409 static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
410 struct lxc_handler *handler)
411 {
412 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->ns_clone_flags) };
413
414 return lxc_cmd_rsp_send(fd, &rsp);
415 }
416
417 /*
418 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
419 * particular subsystem. This is the cgroup path relative to the root
420 * of the cgroup filesystem.
421 *
422 * @name : name of container to connect to
423 * @lxcpath : the lxcpath in which the container is running
424 * @subsystem : the subsystem being asked about
425 *
426 * Returns the path on success, NULL on failure. The caller must free() the
427 * returned path.
428 */
429 char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
430 const char *subsystem)
431 {
432 int ret, stopped;
433 struct lxc_cmd_rr cmd = {
434 .req = {
435 .cmd = LXC_CMD_GET_CGROUP,
436 .data = subsystem,
437 .datalen = 0,
438 },
439 };
440
441 cmd.req.data = subsystem;
442 cmd.req.datalen = 0;
443 if (subsystem)
444 cmd.req.datalen = strlen(subsystem) + 1;
445
446 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
447 if (ret < 0)
448 return NULL;
449
450 if (ret == 0)
451 return NULL;
452
453 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
454 return NULL;
455
456 return cmd.rsp.data;
457 }
458
459 static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
460 struct lxc_handler *handler)
461 {
462 const char *path;
463 struct lxc_cmd_rsp rsp;
464 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
465
466 if (req->datalen > 0)
467 path = cgroup_ops->get_cgroup(cgroup_ops, req->data);
468 else
469 path = cgroup_ops->get_cgroup(cgroup_ops, NULL);
470 if (!path)
471 return -1;
472
473 rsp.ret = 0;
474 rsp.datalen = strlen(path) + 1;
475 rsp.data = (char *)path;
476
477 return lxc_cmd_rsp_send(fd, &rsp);
478 }
479
480 /*
481 * lxc_cmd_get_config_item: Get config item the running container
482 *
483 * @name : name of container to connect to
484 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
485 * @lxcpath : the lxcpath in which the container is running
486 *
487 * Returns the item on success, NULL on failure. The caller must free() the
488 * returned item.
489 */
490 char *lxc_cmd_get_config_item(const char *name, const char *item,
491 const char *lxcpath)
492 {
493 int ret, stopped;
494 struct lxc_cmd_rr cmd = {
495 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
496 .data = item,
497 .datalen = strlen(item) + 1,
498 },
499 };
500
501 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
502 if (ret < 0)
503 return NULL;
504
505 if (cmd.rsp.ret == 0)
506 return cmd.rsp.data;
507
508 return NULL;
509 }
510
511 static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
512 struct lxc_handler *handler)
513 {
514 __do_free char *cidata = NULL;
515 int cilen;
516 struct lxc_config_t *item;
517 struct lxc_cmd_rsp rsp;
518
519 memset(&rsp, 0, sizeof(rsp));
520 item = lxc_get_config(req->data);
521 if (!item)
522 goto err1;
523
524 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
525 if (cilen <= 0)
526 goto err1;
527
528 cidata = must_realloc(NULL, cilen + 1);
529 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
530 goto err1;
531
532 cidata[cilen] = '\0';
533 rsp.data = cidata;
534 rsp.datalen = cilen + 1;
535 rsp.ret = 0;
536 goto out;
537
538 err1:
539 rsp.ret = -1;
540 out:
541 return lxc_cmd_rsp_send(fd, &rsp);
542 }
543
544 /*
545 * lxc_cmd_get_state: Get current state of the container
546 *
547 * @name : name of container to connect to
548 * @lxcpath : the lxcpath in which the container is running
549 *
550 * Returns the state on success, < 0 on failure
551 */
552 int lxc_cmd_get_state(const char *name, const char *lxcpath)
553 {
554 int ret, stopped;
555 struct lxc_cmd_rr cmd = {
556 .req = { .cmd = LXC_CMD_GET_STATE }
557 };
558
559 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
560 if (ret < 0 && stopped)
561 return STOPPED;
562
563 if (ret < 0)
564 return -1;
565
566 if (!ret) {
567 WARN("Container \"%s\" has stopped before sending its state", name);
568 return -1;
569 }
570
571 DEBUG("Container \"%s\" is in \"%s\" state", name,
572 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
573
574 return PTR_TO_INT(cmd.rsp.data);
575 }
576
577 static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
578 struct lxc_handler *handler)
579 {
580 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
581
582 return lxc_cmd_rsp_send(fd, &rsp);
583 }
584
585 /*
586 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
587 * the processes running inside this container will be killed.
588 *
589 * @name : name of container to connect to
590 * @lxcpath : the lxcpath in which the container is running
591 *
592 * Returns 0 on success, < 0 on failure
593 */
594 int lxc_cmd_stop(const char *name, const char *lxcpath)
595 {
596 int ret, stopped;
597 struct lxc_cmd_rr cmd = {
598 .req = { .cmd = LXC_CMD_STOP },
599 };
600
601 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
602 if (ret < 0) {
603 if (stopped) {
604 INFO("Container \"%s\" is already stopped", name);
605 return 0;
606 }
607
608 return -1;
609 }
610
611 /* We do not expect any answer, because we wait for the connection to be
612 * closed.
613 */
614 if (ret > 0) {
615 errno = -cmd.rsp.ret;
616 SYSERROR("Failed to stop container \"%s\"", name);
617 return -1;
618 }
619
620 INFO("Container \"%s\" has stopped", name);
621 return 0;
622 }
623
624 static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
625 struct lxc_handler *handler)
626 {
627 struct lxc_cmd_rsp rsp;
628 int stopsignal = SIGKILL;
629 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
630
631 if (handler->conf->stopsignal)
632 stopsignal = handler->conf->stopsignal;
633 memset(&rsp, 0, sizeof(rsp));
634 rsp.ret = kill(handler->pid, stopsignal);
635 if (!rsp.ret) {
636 /* We can't just use lxc_unfreeze() since we are already in the
637 * context of handling the STOP cmd in lxc-start, and calling
638 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
639 * deadlock us.
640 */
641 if (!cgroup_ops->get_cgroup(cgroup_ops, "freezer"))
642 return 0;
643
644 if (cgroup_ops->unfreeze(cgroup_ops))
645 return 0;
646
647 ERROR("Failed to unfreeze container \"%s\"", handler->name);
648 rsp.ret = -1;
649 }
650
651 return lxc_cmd_rsp_send(fd, &rsp);
652 }
653
654 /*
655 * lxc_cmd_terminal_winch: noop
656 *
657 * @name : name of container to connect to
658 * @lxcpath : the lxcpath in which the container is running
659 *
660 * Returns 0 on success, < 0 on failure
661 */
662 int lxc_cmd_terminal_winch(const char *name, const char *lxcpath)
663 {
664 return 0;
665 }
666
667 static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
668 struct lxc_handler *handler)
669 {
670 /* should never be called */
671 return -1;
672 }
673
674 /*
675 * lxc_cmd_console: Open an fd to a tty in the container
676 *
677 * @name : name of container to connect to
678 * @ttynum : in: the tty to open or -1 for next available
679 * : out: the tty allocated
680 * @fd : out: file descriptor for master side of pty
681 * @lxcpath : the lxcpath in which the container is running
682 *
683 * Returns fd holding tty allocated on success, < 0 on failure
684 */
685 int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
686 {
687 __do_free struct lxc_cmd_console_rsp_data *rspdata = NULL;
688 int ret, stopped;
689 struct lxc_cmd_rr cmd = {
690 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
691 };
692
693 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
694 if (ret < 0)
695 return ret;
696
697 rspdata = cmd.rsp.data;
698 if (cmd.rsp.ret < 0) {
699 errno = -cmd.rsp.ret;
700 SYSERROR("Denied access to tty");
701 return -1;
702 }
703
704 if (ret == 0) {
705 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
706 return -1;
707 }
708
709 if (rspdata->masterfd < 0) {
710 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
711 return -1;
712 }
713
714 ret = cmd.rsp.ret; /* socket fd */
715 *fd = rspdata->masterfd;
716 *ttynum = rspdata->ttynum;
717 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
718
719 return ret;
720 }
721
722 static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
723 struct lxc_handler *handler)
724 {
725 int masterfd, ret;
726 struct lxc_cmd_rsp rsp;
727 int ttynum = PTR_TO_INT(req->data);
728
729 masterfd = lxc_terminal_allocate(handler->conf, fd, &ttynum);
730 if (masterfd < 0)
731 goto out_close;
732
733 memset(&rsp, 0, sizeof(rsp));
734 rsp.data = INT_TO_PTR(ttynum);
735 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
736 if (ret < 0) {
737 SYSERROR("Failed to send tty to client");
738 lxc_terminal_free(handler->conf, fd);
739 goto out_close;
740 }
741
742 return 0;
743
744 out_close:
745 /* Special indicator to lxc_cmd_handler() to close the fd and do
746 * related cleanup.
747 */
748 return 1;
749 }
750
751 /*
752 * lxc_cmd_get_name: Returns the name of the container
753 *
754 * @hashed_sock_name: hashed socket name
755 *
756 * Returns the name on success, NULL on failure.
757 */
758 char *lxc_cmd_get_name(const char *hashed_sock_name)
759 {
760 int ret, stopped;
761 struct lxc_cmd_rr cmd = {
762 .req = { .cmd = LXC_CMD_GET_NAME},
763 };
764
765 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
766 if (ret < 0)
767 return NULL;
768
769 if (cmd.rsp.ret == 0)
770 return cmd.rsp.data;
771
772 return NULL;
773 }
774
775 static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
776 struct lxc_handler *handler)
777 {
778 struct lxc_cmd_rsp rsp;
779
780 memset(&rsp, 0, sizeof(rsp));
781
782 rsp.data = (char *)handler->name;
783 rsp.datalen = strlen(handler->name) + 1;
784 rsp.ret = 0;
785
786 return lxc_cmd_rsp_send(fd, &rsp);
787 }
788
789 /*
790 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
791 *
792 * @hashed_sock_name: hashed socket name
793 *
794 * Returns the lxcpath on success, NULL on failure.
795 */
796 char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
797 {
798 int ret, stopped;
799 struct lxc_cmd_rr cmd = {
800 .req = { .cmd = LXC_CMD_GET_LXCPATH},
801 };
802
803 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
804 if (ret < 0)
805 return NULL;
806
807 if (cmd.rsp.ret == 0)
808 return cmd.rsp.data;
809
810 return NULL;
811 }
812
813 static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
814 struct lxc_handler *handler)
815 {
816 struct lxc_cmd_rsp rsp;
817
818 memset(&rsp, 0, sizeof(rsp));
819
820 rsp.ret = 0;
821 rsp.data = (char *)handler->lxcpath;
822 rsp.datalen = strlen(handler->lxcpath) + 1;
823
824 return lxc_cmd_rsp_send(fd, &rsp);
825 }
826
827 int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
828 lxc_state_t states[MAX_STATE],
829 int *state_client_fd)
830 {
831 __do_close_prot_errno int clientfd = -EBADF;
832 int state, stopped;
833 ssize_t ret;
834 struct lxc_cmd_rr cmd = {
835 .req = {
836 .cmd = LXC_CMD_ADD_STATE_CLIENT,
837 .data = states,
838 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
839 },
840 };
841
842 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
843 if (states[STOPPED] != 0 && stopped != 0)
844 return STOPPED;
845
846 if (ret < 0) {
847 if (errno != ECONNREFUSED)
848 SYSERROR("Failed to execute command");
849
850 return -1;
851 }
852
853 /* We should now be guaranteed to get an answer from the state sending
854 * function.
855 */
856 clientfd = cmd.rsp.ret;
857 if (clientfd < 0) {
858 errno = -clientfd;
859 SYSERROR("Failed to receive socket fd");
860 return -1;
861 }
862
863 state = PTR_TO_INT(cmd.rsp.data);
864 if (state < MAX_STATE) {
865 TRACE("Container is already in requested state %s", lxc_state2str(state));
866 return state;
867 }
868
869 *state_client_fd = steal_fd(clientfd);
870 TRACE("Added state client %d to state client list", *state_client_fd);
871 return MAX_STATE;
872 }
873
874 static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
875 struct lxc_handler *handler)
876 {
877 int ret;
878 struct lxc_cmd_rsp rsp = {0};
879
880 if (req->datalen < 0)
881 goto reap_client_fd;
882
883 if (req->datalen != (sizeof(lxc_state_t) * MAX_STATE))
884 goto reap_client_fd;
885
886 if (!req->data)
887 goto reap_client_fd;
888
889 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
890 if (rsp.ret < 0)
891 goto reap_client_fd;
892
893 rsp.data = INT_TO_PTR(rsp.ret);
894
895 ret = lxc_cmd_rsp_send(fd, &rsp);
896 if (ret < 0)
897 goto reap_client_fd;
898
899 return 0;
900
901 reap_client_fd:
902 /* Special indicator to lxc_cmd_handler() to close the fd and do related
903 * cleanup.
904 */
905 return 1;
906 }
907
908 int lxc_cmd_console_log(const char *name, const char *lxcpath,
909 struct lxc_console_log *log)
910 {
911 int ret, stopped;
912 struct lxc_cmd_console_log data;
913 struct lxc_cmd_rr cmd;
914
915 data.clear = log->clear;
916 data.read = log->read;
917 data.read_max = *log->read_max;
918
919 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
920 cmd.req.data = &data;
921 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
922
923 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
924 if (ret < 0)
925 return ret;
926
927 /* There is nothing to be read from the buffer. So clear any values we
928 * where passed to clearly indicate to the user that nothing went wrong.
929 */
930 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
931 *log->read_max = 0;
932 log->data = NULL;
933 }
934
935 /* This is a proper error so don't touch any values we were passed. */
936 if (cmd.rsp.ret < 0)
937 return cmd.rsp.ret;
938
939 *log->read_max = cmd.rsp.datalen;
940 log->data = cmd.rsp.data;
941
942 return 0;
943 }
944
945 static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
946 struct lxc_handler *handler)
947 {
948 struct lxc_cmd_rsp rsp;
949 uint64_t buffer_size = handler->conf->console.buffer_size;
950 const struct lxc_cmd_console_log *log = req->data;
951 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
952
953 rsp.ret = -EFAULT;
954 rsp.datalen = 0;
955 rsp.data = NULL;
956 if (buffer_size <= 0)
957 goto out;
958
959 if (log->read || log->write_logfile)
960 rsp.datalen = lxc_ringbuf_used(buf);
961
962 if (log->read)
963 rsp.data = lxc_ringbuf_get_read_addr(buf);
964
965 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
966 rsp.datalen = log->read_max;
967
968 /* there's nothing to read */
969 rsp.ret = -ENODATA;
970 if (log->read && (buf->r_off == buf->w_off))
971 goto out;
972
973 rsp.ret = 0;
974 if (log->clear)
975 lxc_ringbuf_clear(buf); /* clear the ringbuffer */
976 else if (rsp.datalen > 0)
977 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
978
979 out:
980 return lxc_cmd_rsp_send(fd, &rsp);
981 }
982
983 int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
984 lxc_state_t state)
985 {
986 int stopped;
987 ssize_t ret;
988 struct lxc_cmd_rr cmd = {
989 .req = {
990 .cmd = LXC_CMD_SERVE_STATE_CLIENTS,
991 .data = INT_TO_PTR(state)
992 },
993 };
994
995 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
996 if (ret < 0) {
997 SYSERROR("Failed to execute command");
998 return -1;
999 }
1000
1001 return 0;
1002 }
1003
1004 static int lxc_cmd_serve_state_clients_callback(int fd, struct lxc_cmd_req *req,
1005 struct lxc_handler *handler)
1006 {
1007 int ret;
1008 lxc_state_t state = PTR_TO_INT(req->data);
1009 struct lxc_cmd_rsp rsp = {0};
1010
1011 ret = lxc_serve_state_clients(handler->name, handler, state);
1012 if (ret < 0)
1013 goto reap_client_fd;
1014
1015 ret = lxc_cmd_rsp_send(fd, &rsp);
1016 if (ret < 0)
1017 goto reap_client_fd;
1018
1019 return 0;
1020
1021 reap_client_fd:
1022 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1023 * cleanup.
1024 */
1025 return 1;
1026 }
1027
1028 static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
1029 struct lxc_handler *handler)
1030 {
1031 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1032
1033 callback cb[LXC_CMD_MAX] = {
1034 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
1035 [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
1036 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1037 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1038 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1039 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1040 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1041 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1042 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1043 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1044 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
1045 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
1046 [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
1047 };
1048
1049 if (req->cmd >= LXC_CMD_MAX) {
1050 ERROR("Undefined command id %d", req->cmd);
1051 return -1;
1052 }
1053 return cb[req->cmd](fd, req, handler);
1054 }
1055
1056 static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
1057 struct lxc_epoll_descr *descr,
1058 const lxc_cmd_t cmd)
1059 {
1060 struct lxc_list *cur, *next;
1061
1062 lxc_terminal_free(handler->conf, fd);
1063 lxc_mainloop_del_handler(descr, fd);
1064 if (cmd != LXC_CMD_ADD_STATE_CLIENT) {
1065 close(fd);
1066 return;
1067 }
1068
1069 lxc_list_for_each_safe(cur, &handler->conf->state_clients, next) {
1070 struct lxc_state_client *client = cur->elem;
1071
1072 if (client->clientfd != fd)
1073 continue;
1074
1075 /* kick client from list */
1076 lxc_list_del(cur);
1077 close(client->clientfd);
1078 free(cur->elem);
1079 free(cur);
1080 /* No need to walk the whole list. If we found the state client
1081 * fd there can't be a second one.
1082 */
1083 break;
1084 }
1085 }
1086
1087 static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1088 struct lxc_epoll_descr *descr)
1089 {
1090 __do_free void *reqdata = NULL;
1091 int ret;
1092 struct lxc_cmd_req req;
1093 struct lxc_handler *handler = data;
1094
1095 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
1096 if (ret < 0) {
1097 SYSERROR("Failed to receive data on command socket for command "
1098 "\"%s\"", lxc_cmd_str(req.cmd));
1099
1100 if (errno == EACCES) {
1101 /* We don't care for the peer, just send and close. */
1102 struct lxc_cmd_rsp rsp = {.ret = ret};
1103
1104 lxc_cmd_rsp_send(fd, &rsp);
1105 }
1106
1107 goto out_close;
1108 }
1109
1110 if (ret == 0)
1111 goto out_close;
1112
1113 if (ret != sizeof(req)) {
1114 WARN("Failed to receive full command request. Ignoring request "
1115 "for \"%s\"", lxc_cmd_str(req.cmd));
1116 ret = -1;
1117 goto out_close;
1118 }
1119
1120 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1121 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
1122 ERROR("Received command data length %d is too large for "
1123 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1124 errno = EFBIG;
1125 ret = -EFBIG;
1126 goto out_close;
1127 }
1128
1129 if (req.datalen > 0) {
1130 reqdata = must_realloc(NULL, req.datalen);
1131 ret = lxc_recv_nointr(fd, reqdata, req.datalen, 0);
1132 if (ret != req.datalen) {
1133 WARN("Failed to receive full command request. Ignoring "
1134 "request for \"%s\"", lxc_cmd_str(req.cmd));
1135 ret = LXC_MAINLOOP_ERROR;
1136 goto out_close;
1137 }
1138
1139 req.data = reqdata;
1140 }
1141
1142 ret = lxc_cmd_process(fd, &req, handler);
1143 if (ret) {
1144 /* This is not an error, but only a request to close fd. */
1145 ret = LXC_MAINLOOP_CONTINUE;
1146 goto out_close;
1147 }
1148
1149 out:
1150 return ret;
1151
1152 out_close:
1153 lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);
1154 goto out;
1155 }
1156
1157 static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1158 struct lxc_epoll_descr *descr)
1159 {
1160 __do_close_prot_errno int connection = -EBADF;
1161 int opt = 1, ret = -1;
1162
1163 connection = accept(fd, NULL, 0);
1164 if (connection < 0) {
1165 SYSERROR("Failed to accept connection to run command");
1166 return LXC_MAINLOOP_ERROR;
1167 }
1168
1169 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1170 if (ret < 0) {
1171 SYSERROR("Failed to set close-on-exec on incoming command connection");
1172 return ret;
1173 }
1174
1175 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1176 if (ret < 0) {
1177 SYSERROR("Failed to enable necessary credentials on command socket");
1178 return ret;
1179 }
1180
1181 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
1182 if (ret) {
1183 ERROR("Failed to add command handler");
1184 return ret;
1185 }
1186
1187 steal_fd(connection);
1188 return ret;
1189 }
1190
1191 int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
1192 {
1193 __do_close_prot_errno int fd = -EBADF;
1194 int ret;
1195 char path[LXC_AUDS_ADDR_LEN] = {0};
1196
1197 ret = lxc_make_abstract_socket_name(path, sizeof(path), name, lxcpath, NULL, suffix);
1198 if (ret < 0)
1199 return -1;
1200
1201 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
1202 if (fd < 0) {
1203 SYSERROR("Failed to create command socket %s", &path[1]);
1204 if (errno == EADDRINUSE)
1205 ERROR("Container \"%s\" appears to be already running", name);
1206
1207 return -1;
1208 }
1209
1210 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1211 if (ret < 0) {
1212 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
1213 return -1;
1214 }
1215
1216 TRACE("Created abstract unix socket \"%s\"", &path[1]);
1217 return steal_fd(fd);
1218 }
1219
1220 int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
1221 struct lxc_handler *handler)
1222 {
1223 __do_close_prot_errno int fd = handler->conf->maincmd_fd;
1224 int ret;
1225
1226 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
1227 if (ret < 0) {
1228 ERROR("Failed to add handler for command socket");
1229 return ret;
1230 }
1231
1232 steal_fd(fd);
1233 return ret;
1234 }
LXC mirror