2 * lxc: linux Container library
4 * (C) Copyright IBM Corp. 2007, 2009
7 * Daniel Lezcano <daniel.lezcano at free.fr>
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
35 #include <sys/param.h>
36 #include <sys/socket.h>
43 #include "commands_utils.h"
57 * This file provides the different functions for clients to query/command the
58 * server. The client is typically some lxc tool and the server is typically the
59 * container (ie. lxc-start).
61 * Each command is transactional, the clients send a request to the server and
62 * the server answers the request with a message giving the request's status
63 * (zero or a negative errno value). Both the request and response may contain
66 * Each command is wrapped in a ancillary message in order to pass a credential
67 * making possible to the server to check if the client is allowed to ask for
68 * this command or not.
70 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
71 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
72 * information to the end of cmd.data, then you must introduce a new
73 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
74 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
76 * This is necessary in order to avoid having a newly compiled lxc command
77 * communicating with a running (old) monitor from crashing the running
81 lxc_log_define(commands
, lxc
);
83 static const char *lxc_cmd_str(lxc_cmd_t cmd
)
85 static const char *const cmdname
[LXC_CMD_MAX
] = {
86 [LXC_CMD_CONSOLE
] = "console",
87 [LXC_CMD_TERMINAL_WINCH
] = "terminal_winch",
88 [LXC_CMD_STOP
] = "stop",
89 [LXC_CMD_GET_STATE
] = "get_state",
90 [LXC_CMD_GET_INIT_PID
] = "get_init_pid",
91 [LXC_CMD_GET_CLONE_FLAGS
] = "get_clone_flags",
92 [LXC_CMD_GET_CGROUP
] = "get_cgroup",
93 [LXC_CMD_GET_CONFIG_ITEM
] = "get_config_item",
94 [LXC_CMD_GET_NAME
] = "get_name",
95 [LXC_CMD_GET_LXCPATH
] = "get_lxcpath",
96 [LXC_CMD_ADD_STATE_CLIENT
] = "add_state_client",
97 [LXC_CMD_CONSOLE_LOG
] = "console_log",
98 [LXC_CMD_SERVE_STATE_CLIENTS
] = "serve_state_clients",
101 if (cmd
>= LXC_CMD_MAX
)
102 return "Invalid request";
108 * lxc_cmd_rsp_recv: Receive a response to a command
110 * @sock : the socket connected to the container
111 * @cmd : command to put response in
113 * Returns the size of the response message or < 0 on failure
115 * Note that if the command response datalen > 0, then data is
116 * a malloc()ed buffer and should be free()ed by the caller. If
117 * the response data is <= a void * worth of data, it will be
118 * stored directly in data and datalen will be 0.
120 * As a special case, the response for LXC_CMD_CONSOLE is created
121 * here as it contains an fd for the master pty passed through the
124 static int lxc_cmd_rsp_recv(int sock
, struct lxc_cmd_rr
*cmd
)
127 struct lxc_cmd_rsp
*rsp
= &cmd
->rsp
;
129 ret
= lxc_abstract_unix_recv_fds(sock
, &rspfd
, 1, rsp
, sizeof(*rsp
));
131 SYSWARN("Failed to receive response for command \"%s\"",
132 lxc_cmd_str(cmd
->req
.cmd
));
134 if (errno
== ECONNRESET
)
139 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd
->req
.cmd
));
141 if (cmd
->req
.cmd
== LXC_CMD_CONSOLE
) {
142 struct lxc_cmd_console_rsp_data
*rspdata
;
144 /* recv() returns 0 bytes when a tty cannot be allocated,
145 * rsp->ret is < 0 when the peer permission check failed
147 if (ret
== 0 || rsp
->ret
< 0)
150 rspdata
= malloc(sizeof(*rspdata
));
153 ERROR("Failed to allocate response buffer for command \"%s\"",
154 lxc_cmd_str(cmd
->req
.cmd
));
158 rspdata
->masterfd
= rspfd
;
159 rspdata
->ttynum
= PTR_TO_INT(rsp
->data
);
163 if (rsp
->datalen
== 0) {
164 DEBUG("Response data length for command \"%s\" is 0",
165 lxc_cmd_str(cmd
->req
.cmd
));
169 if ((rsp
->datalen
> LXC_CMD_DATA_MAX
) &&
170 (cmd
->req
.cmd
!= LXC_CMD_CONSOLE_LOG
)) {
171 ERROR("Response data for command \"%s\" is too long: %d bytes > %d",
172 lxc_cmd_str(cmd
->req
.cmd
), rsp
->datalen
, LXC_CMD_DATA_MAX
);
176 if (cmd
->req
.cmd
== LXC_CMD_CONSOLE_LOG
) {
177 rsp
->data
= malloc(rsp
->datalen
+ 1);
178 ((char *)rsp
->data
)[rsp
->datalen
] = '\0';
180 rsp
->data
= malloc(rsp
->datalen
);
184 ERROR("Failed to allocate response buffer for command \"%s\"",
185 lxc_cmd_str(cmd
->req
.cmd
));
189 ret
= lxc_recv_nointr(sock
, rsp
->data
, rsp
->datalen
, 0);
190 if (ret
!= rsp
->datalen
) {
191 SYSERROR("Failed to receive response data for command \"%s\"",
192 lxc_cmd_str(cmd
->req
.cmd
));
200 * lxc_cmd_rsp_send: Send a command response
202 * @fd : file descriptor of socket to send response on
203 * @rsp : response to send
205 * Returns 0 on success, < 0 on failure
207 static int lxc_cmd_rsp_send(int fd
, struct lxc_cmd_rsp
*rsp
)
212 ret
= lxc_send_nointr(fd
, rsp
, sizeof(*rsp
), MSG_NOSIGNAL
);
213 if (ret
< 0 || (size_t)ret
!= sizeof(*rsp
)) {
214 SYSERROR("Failed to send command response %zd", ret
);
218 if (!rsp
->data
|| rsp
->datalen
<= 0)
222 ret
= lxc_send_nointr(fd
, rsp
->data
, rsp
->datalen
, MSG_NOSIGNAL
);
223 if (ret
< 0 || ret
!= (ssize_t
)rsp
->datalen
) {
224 SYSWARN("Failed to send command response data %zd", ret
);
231 static int lxc_cmd_send(const char *name
, struct lxc_cmd_rr
*cmd
,
232 const char *lxcpath
, const char *hashed_sock_name
)
234 int client_fd
, saved_errno
;
237 client_fd
= lxc_cmd_connect(name
, lxcpath
, hashed_sock_name
, "command");
241 ret
= lxc_abstract_unix_send_credential(client_fd
, &cmd
->req
,
243 if (ret
< 0 || (size_t)ret
!= sizeof(cmd
->req
))
246 if (cmd
->req
.datalen
<= 0)
250 ret
= lxc_send_nointr(client_fd
, (void *)cmd
->req
.data
,
251 cmd
->req
.datalen
, MSG_NOSIGNAL
);
252 if (ret
< 0 || ret
!= (ssize_t
)cmd
->req
.datalen
)
266 * lxc_cmd: Connect to the specified running container, send it a command
267 * request and collect the response
269 * @name : name of container to connect to
270 * @cmd : command with initialized request to send
271 * @stopped : output indicator if the container was not running
272 * @lxcpath : the lxcpath in which the container is running
274 * Returns the size of the response message on success, < 0 on failure
276 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
277 * the fd cannot be closed because it is used as a placeholder to indicate
278 * that a particular tty slot is in use. The fd is also used as a signal to
279 * the container that when the caller dies or closes the fd, the container
280 * will notice the fd on its side of the socket in its mainloop select and
281 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
282 * returned in the cmd response structure.
284 static int lxc_cmd(const char *name
, struct lxc_cmd_rr
*cmd
, int *stopped
,
285 const char *lxcpath
, const char *hashed_sock_name
)
287 int client_fd
, saved_errno
;
289 bool stay_connected
= false;
291 if (cmd
->req
.cmd
== LXC_CMD_CONSOLE
||
292 cmd
->req
.cmd
== LXC_CMD_ADD_STATE_CLIENT
)
293 stay_connected
= true;
297 client_fd
= lxc_cmd_send(name
, cmd
, lxcpath
, hashed_sock_name
);
299 SYSTRACE("Command \"%s\" failed to connect command socket",
300 lxc_cmd_str(cmd
->req
.cmd
));
302 if (errno
== ECONNREFUSED
)
305 if (errno
== EPIPE
) {
313 ret
= lxc_cmd_rsp_recv(client_fd
, cmd
);
314 if (ret
< 0 && errno
== ECONNRESET
)
317 if (!stay_connected
|| ret
<= 0)
318 if (client_fd
>= 0) {
324 if (stay_connected
&& ret
> 0)
325 cmd
->rsp
.ret
= client_fd
;
330 int lxc_try_cmd(const char *name
, const char *lxcpath
)
333 struct lxc_cmd_rr cmd
= {
334 .req
= { .cmd
= LXC_CMD_GET_INIT_PID
},
337 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
340 if (ret
> 0 && cmd
.rsp
.ret
< 0) {
347 /* At this point we weren't denied access, and the container *was*
348 * started. There was some inexplicable error in the protocol. I'm not
349 * clear on whether we should return -1 here, but we didn't receive a
350 * -EACCES, so technically it's not that we're not allowed to control
351 * the container - it's just not behaving.
356 /* Implentations of the commands and their callbacks */
359 * lxc_cmd_get_init_pid: Get pid of the container's init process
361 * @name : name of container to connect to
362 * @lxcpath : the lxcpath in which the container is running
364 * Returns the pid on success, < 0 on failure
366 pid_t
lxc_cmd_get_init_pid(const char *name
, const char *lxcpath
)
370 struct lxc_cmd_rr cmd
= {
372 .cmd
= LXC_CMD_GET_INIT_PID
375 .data
= INTMAX_TO_PTR((intmax_t){-1})
379 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
383 pid
= PTR_TO_INTMAX(cmd
.rsp
.data
);
387 /* We need to assume that pid_t can actually hold any pid given to us
388 * by the kernel. If it can't it's a libc bug.
393 static int lxc_cmd_get_init_pid_callback(int fd
, struct lxc_cmd_req
*req
,
394 struct lxc_handler
*handler
)
396 intmax_t pid
= handler
->pid
;
398 struct lxc_cmd_rsp rsp
= {
399 .data
= INTMAX_TO_PTR(pid
)
402 return lxc_cmd_rsp_send(fd
, &rsp
);
406 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
408 * @name : name of container to connect to
409 * @lxcpath : the lxcpath in which the container is running
411 * Returns the clone flags on success, < 0 on failure
413 int lxc_cmd_get_clone_flags(const char *name
, const char *lxcpath
)
416 struct lxc_cmd_rr cmd
= {
417 .req
= { .cmd
= LXC_CMD_GET_CLONE_FLAGS
},
420 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
424 return PTR_TO_INT(cmd
.rsp
.data
);
427 static int lxc_cmd_get_clone_flags_callback(int fd
, struct lxc_cmd_req
*req
,
428 struct lxc_handler
*handler
)
430 struct lxc_cmd_rsp rsp
= { .data
= INT_TO_PTR(handler
->ns_clone_flags
) };
432 return lxc_cmd_rsp_send(fd
, &rsp
);
436 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
437 * particular subsystem. This is the cgroup path relative to the root
438 * of the cgroup filesystem.
440 * @name : name of container to connect to
441 * @lxcpath : the lxcpath in which the container is running
442 * @subsystem : the subsystem being asked about
444 * Returns the path on success, NULL on failure. The caller must free() the
447 char *lxc_cmd_get_cgroup_path(const char *name
, const char *lxcpath
,
448 const char *subsystem
)
451 struct lxc_cmd_rr cmd
= {
453 .cmd
= LXC_CMD_GET_CGROUP
,
459 cmd
.req
.data
= subsystem
;
462 cmd
.req
.datalen
= strlen(subsystem
) + 1;
464 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
471 if (cmd
.rsp
.ret
< 0 || cmd
.rsp
.datalen
< 0)
477 static int lxc_cmd_get_cgroup_callback(int fd
, struct lxc_cmd_req
*req
,
478 struct lxc_handler
*handler
)
481 struct lxc_cmd_rsp rsp
;
482 struct cgroup_ops
*cgroup_ops
= handler
->cgroup_ops
;
484 if (req
->datalen
> 0)
485 path
= cgroup_ops
->get_cgroup(cgroup_ops
, req
->data
);
487 path
= cgroup_ops
->get_cgroup(cgroup_ops
, NULL
);
492 rsp
.datalen
= strlen(path
) + 1;
493 rsp
.data
= (char *)path
;
495 return lxc_cmd_rsp_send(fd
, &rsp
);
499 * lxc_cmd_get_config_item: Get config item the running container
501 * @name : name of container to connect to
502 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
503 * @lxcpath : the lxcpath in which the container is running
505 * Returns the item on success, NULL on failure. The caller must free() the
508 char *lxc_cmd_get_config_item(const char *name
, const char *item
,
512 struct lxc_cmd_rr cmd
= {
513 .req
= { .cmd
= LXC_CMD_GET_CONFIG_ITEM
,
515 .datalen
= strlen(item
) + 1,
519 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
523 if (cmd
.rsp
.ret
== 0)
529 static int lxc_cmd_get_config_item_callback(int fd
, struct lxc_cmd_req
*req
,
530 struct lxc_handler
*handler
)
534 struct lxc_config_t
*item
;
535 struct lxc_cmd_rsp rsp
;
537 memset(&rsp
, 0, sizeof(rsp
));
538 item
= lxc_get_config(req
->data
);
542 cilen
= item
->get(req
->data
, NULL
, 0, handler
->conf
, NULL
);
546 cidata
= alloca(cilen
+ 1);
547 if (item
->get(req
->data
, cidata
, cilen
+ 1, handler
->conf
, NULL
) != cilen
)
550 cidata
[cilen
] = '\0';
552 rsp
.datalen
= cilen
+ 1;
559 return lxc_cmd_rsp_send(fd
, &rsp
);
563 * lxc_cmd_get_state: Get current state of the container
565 * @name : name of container to connect to
566 * @lxcpath : the lxcpath in which the container is running
568 * Returns the state on success, < 0 on failure
570 int lxc_cmd_get_state(const char *name
, const char *lxcpath
)
573 struct lxc_cmd_rr cmd
= {
574 .req
= { .cmd
= LXC_CMD_GET_STATE
}
577 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
578 if (ret
< 0 && stopped
)
585 WARN("Container \"%s\" has stopped before sending its state", name
);
589 DEBUG("Container \"%s\" is in \"%s\" state", name
,
590 lxc_state2str(PTR_TO_INT(cmd
.rsp
.data
)));
592 return PTR_TO_INT(cmd
.rsp
.data
);
595 static int lxc_cmd_get_state_callback(int fd
, struct lxc_cmd_req
*req
,
596 struct lxc_handler
*handler
)
598 struct lxc_cmd_rsp rsp
= { .data
= INT_TO_PTR(handler
->state
) };
600 return lxc_cmd_rsp_send(fd
, &rsp
);
604 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
605 * the processes running inside this container will be killed.
607 * @name : name of container to connect to
608 * @lxcpath : the lxcpath in which the container is running
610 * Returns 0 on success, < 0 on failure
612 int lxc_cmd_stop(const char *name
, const char *lxcpath
)
615 struct lxc_cmd_rr cmd
= {
616 .req
= { .cmd
= LXC_CMD_STOP
},
619 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
622 INFO("Container \"%s\" is already stopped", name
);
629 /* We do not expect any answer, because we wait for the connection to be
633 errno
= -cmd
.rsp
.ret
;
634 SYSERROR("Failed to stop container \"%s\"", name
);
638 INFO("Container \"%s\" has stopped", name
);
642 static int lxc_cmd_stop_callback(int fd
, struct lxc_cmd_req
*req
,
643 struct lxc_handler
*handler
)
645 struct lxc_cmd_rsp rsp
;
646 int stopsignal
= SIGKILL
;
647 struct cgroup_ops
*cgroup_ops
= handler
->cgroup_ops
;
649 if (handler
->conf
->stopsignal
)
650 stopsignal
= handler
->conf
->stopsignal
;
651 memset(&rsp
, 0, sizeof(rsp
));
652 rsp
.ret
= kill(handler
->pid
, stopsignal
);
654 /* We can't just use lxc_unfreeze() since we are already in the
655 * context of handling the STOP cmd in lxc-start, and calling
656 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
659 if (!cgroup_ops
->get_cgroup(cgroup_ops
, "freezer"))
662 if (cgroup_ops
->unfreeze(cgroup_ops
))
665 ERROR("Failed to unfreeze container \"%s\"", handler
->name
);
669 return lxc_cmd_rsp_send(fd
, &rsp
);
673 * lxc_cmd_terminal_winch: To process as if a SIGWINCH were received
675 * @name : name of container to connect to
676 * @lxcpath : the lxcpath in which the container is running
678 * Returns 0 on success, < 0 on failure
680 int lxc_cmd_terminal_winch(const char *name
, const char *lxcpath
)
683 struct lxc_cmd_rr cmd
= {
684 .req
= { .cmd
= LXC_CMD_TERMINAL_WINCH
},
687 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
694 static int lxc_cmd_terminal_winch_callback(int fd
, struct lxc_cmd_req
*req
,
695 struct lxc_handler
*handler
)
697 struct lxc_cmd_rsp rsp
= { .data
= 0 };
699 lxc_terminal_sigwinch(SIGWINCH
);
701 return lxc_cmd_rsp_send(fd
, &rsp
);
705 * lxc_cmd_console: Open an fd to a tty in the container
707 * @name : name of container to connect to
708 * @ttynum : in: the tty to open or -1 for next available
709 * : out: the tty allocated
710 * @fd : out: file descriptor for master side of pty
711 * @lxcpath : the lxcpath in which the container is running
713 * Returns fd holding tty allocated on success, < 0 on failure
715 int lxc_cmd_console(const char *name
, int *ttynum
, int *fd
, const char *lxcpath
)
718 struct lxc_cmd_console_rsp_data
*rspdata
;
719 struct lxc_cmd_rr cmd
= {
720 .req
= { .cmd
= LXC_CMD_CONSOLE
, .data
= INT_TO_PTR(*ttynum
) },
723 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
727 if (cmd
.rsp
.ret
< 0) {
728 errno
= -cmd
.rsp
.ret
;
729 SYSERROR("Denied access to tty");
735 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum
);
740 rspdata
= cmd
.rsp
.data
;
741 if (rspdata
->masterfd
< 0) {
742 ERROR("Unable to allocate fd for tty %d", rspdata
->ttynum
);
746 ret
= cmd
.rsp
.ret
; /* socket fd */
747 *fd
= rspdata
->masterfd
;
748 *ttynum
= rspdata
->ttynum
;
749 INFO("Alloced fd %d for tty %d via socket %d", *fd
, rspdata
->ttynum
, ret
);
756 static int lxc_cmd_console_callback(int fd
, struct lxc_cmd_req
*req
,
757 struct lxc_handler
*handler
)
760 struct lxc_cmd_rsp rsp
;
761 int ttynum
= PTR_TO_INT(req
->data
);
763 masterfd
= lxc_terminal_allocate(handler
->conf
, fd
, &ttynum
);
767 memset(&rsp
, 0, sizeof(rsp
));
768 rsp
.data
= INT_TO_PTR(ttynum
);
769 ret
= lxc_abstract_unix_send_fds(fd
, &masterfd
, 1, &rsp
, sizeof(rsp
));
771 SYSERROR("Failed to send tty to client");
772 lxc_terminal_free(handler
->conf
, fd
);
779 /* Special indicator to lxc_cmd_handler() to close the fd and do
786 * lxc_cmd_get_name: Returns the name of the container
788 * @hashed_sock_name: hashed socket name
790 * Returns the name on success, NULL on failure.
792 char *lxc_cmd_get_name(const char *hashed_sock_name
)
795 struct lxc_cmd_rr cmd
= {
796 .req
= { .cmd
= LXC_CMD_GET_NAME
},
799 ret
= lxc_cmd(NULL
, &cmd
, &stopped
, NULL
, hashed_sock_name
);
803 if (cmd
.rsp
.ret
== 0)
809 static int lxc_cmd_get_name_callback(int fd
, struct lxc_cmd_req
*req
,
810 struct lxc_handler
*handler
)
812 struct lxc_cmd_rsp rsp
;
814 memset(&rsp
, 0, sizeof(rsp
));
816 rsp
.data
= (char *)handler
->name
;
817 rsp
.datalen
= strlen(handler
->name
) + 1;
820 return lxc_cmd_rsp_send(fd
, &rsp
);
824 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
826 * @hashed_sock_name: hashed socket name
828 * Returns the lxcpath on success, NULL on failure.
830 char *lxc_cmd_get_lxcpath(const char *hashed_sock_name
)
833 struct lxc_cmd_rr cmd
= {
834 .req
= { .cmd
= LXC_CMD_GET_LXCPATH
},
837 ret
= lxc_cmd(NULL
, &cmd
, &stopped
, NULL
, hashed_sock_name
);
841 if (cmd
.rsp
.ret
== 0)
847 static int lxc_cmd_get_lxcpath_callback(int fd
, struct lxc_cmd_req
*req
,
848 struct lxc_handler
*handler
)
850 struct lxc_cmd_rsp rsp
;
852 memset(&rsp
, 0, sizeof(rsp
));
855 rsp
.data
= (char *)handler
->lxcpath
;
856 rsp
.datalen
= strlen(handler
->lxcpath
) + 1;
858 return lxc_cmd_rsp_send(fd
, &rsp
);
861 int lxc_cmd_add_state_client(const char *name
, const char *lxcpath
,
862 lxc_state_t states
[MAX_STATE
],
863 int *state_client_fd
)
867 struct lxc_cmd_rr cmd
= {
869 .cmd
= LXC_CMD_ADD_STATE_CLIENT
,
871 .datalen
= (sizeof(lxc_state_t
) * MAX_STATE
)
875 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
876 if (states
[STOPPED
] != 0 && stopped
!= 0)
880 if (errno
!= ECONNREFUSED
)
881 SYSERROR("Failed to execute command");
886 /* We should now be guaranteed to get an answer from the state sending
889 if (cmd
.rsp
.ret
< 0) {
890 errno
= -cmd
.rsp
.ret
;
891 SYSERROR("Failed to receive socket fd");
895 state
= PTR_TO_INT(cmd
.rsp
.data
);
896 if (state
< MAX_STATE
) {
897 TRACE("Container is already in requested state %s", lxc_state2str(state
));
902 *state_client_fd
= cmd
.rsp
.ret
;
903 TRACE("Added state client %d to state client list", cmd
.rsp
.ret
);
907 static int lxc_cmd_add_state_client_callback(int fd
, struct lxc_cmd_req
*req
,
908 struct lxc_handler
*handler
)
911 struct lxc_cmd_rsp rsp
= {0};
913 if (req
->datalen
< 0)
916 if (req
->datalen
> (sizeof(lxc_state_t
) * MAX_STATE
))
922 rsp
.ret
= lxc_add_state_client(fd
, handler
, (lxc_state_t
*)req
->data
);
926 rsp
.data
= INT_TO_PTR(rsp
.ret
);
928 ret
= lxc_cmd_rsp_send(fd
, &rsp
);
935 /* Special indicator to lxc_cmd_handler() to close the fd and do related
941 int lxc_cmd_console_log(const char *name
, const char *lxcpath
,
942 struct lxc_console_log
*log
)
945 struct lxc_cmd_console_log data
;
946 struct lxc_cmd_rr cmd
;
948 data
.clear
= log
->clear
;
949 data
.read
= log
->read
;
950 data
.read_max
= *log
->read_max
;
952 cmd
.req
.cmd
= LXC_CMD_CONSOLE_LOG
;
953 cmd
.req
.data
= &data
;
954 cmd
.req
.datalen
= sizeof(struct lxc_cmd_console_log
);
956 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
960 /* There is nothing to be read from the buffer. So clear any values we
961 * where passed to clearly indicate to the user that nothing went wrong.
963 if (cmd
.rsp
.ret
== -ENODATA
|| cmd
.rsp
.ret
== -EFAULT
|| cmd
.rsp
.ret
== -ENOENT
) {
968 /* This is a proper error so don't touch any values we were passed. */
972 *log
->read_max
= cmd
.rsp
.datalen
;
973 log
->data
= cmd
.rsp
.data
;
978 static int lxc_cmd_console_log_callback(int fd
, struct lxc_cmd_req
*req
,
979 struct lxc_handler
*handler
)
981 struct lxc_cmd_rsp rsp
;
982 uint64_t buffer_size
= handler
->conf
->console
.buffer_size
;
983 const struct lxc_cmd_console_log
*log
= req
->data
;
984 struct lxc_ringbuf
*buf
= &handler
->conf
->console
.ringbuf
;
989 if (buffer_size
<= 0)
992 if (log
->read
|| log
->write_logfile
)
993 rsp
.datalen
= lxc_ringbuf_used(buf
);
996 rsp
.data
= lxc_ringbuf_get_read_addr(buf
);
998 if (log
->read_max
> 0 && (log
->read_max
<= rsp
.datalen
))
999 rsp
.datalen
= log
->read_max
;
1001 /* there's nothing to read */
1003 if (log
->read
&& (buf
->r_off
== buf
->w_off
))
1008 lxc_ringbuf_clear(buf
); /* clear the ringbuffer */
1009 else if (rsp
.datalen
> 0)
1010 lxc_ringbuf_move_read_addr(buf
, rsp
.datalen
);
1013 return lxc_cmd_rsp_send(fd
, &rsp
);
1016 int lxc_cmd_serve_state_clients(const char *name
, const char *lxcpath
,
1021 struct lxc_cmd_rr cmd
= {
1023 .cmd
= LXC_CMD_SERVE_STATE_CLIENTS
,
1024 .data
= INT_TO_PTR(state
)
1028 ret
= lxc_cmd(name
, &cmd
, &stopped
, lxcpath
, NULL
);
1030 SYSERROR("Failed to execute command");
1037 static int lxc_cmd_serve_state_clients_callback(int fd
, struct lxc_cmd_req
*req
,
1038 struct lxc_handler
*handler
)
1041 lxc_state_t state
= PTR_TO_INT(req
->data
);
1042 struct lxc_cmd_rsp rsp
= {0};
1044 ret
= lxc_serve_state_clients(handler
->name
, handler
, state
);
1046 goto reap_client_fd
;
1048 ret
= lxc_cmd_rsp_send(fd
, &rsp
);
1050 goto reap_client_fd
;
1055 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1061 static int lxc_cmd_process(int fd
, struct lxc_cmd_req
*req
,
1062 struct lxc_handler
*handler
)
1064 typedef int (*callback
)(int, struct lxc_cmd_req
*, struct lxc_handler
*);
1066 callback cb
[LXC_CMD_MAX
] = {
1067 [LXC_CMD_CONSOLE
] = lxc_cmd_console_callback
,
1068 [LXC_CMD_TERMINAL_WINCH
] = lxc_cmd_terminal_winch_callback
,
1069 [LXC_CMD_STOP
] = lxc_cmd_stop_callback
,
1070 [LXC_CMD_GET_STATE
] = lxc_cmd_get_state_callback
,
1071 [LXC_CMD_GET_INIT_PID
] = lxc_cmd_get_init_pid_callback
,
1072 [LXC_CMD_GET_CLONE_FLAGS
] = lxc_cmd_get_clone_flags_callback
,
1073 [LXC_CMD_GET_CGROUP
] = lxc_cmd_get_cgroup_callback
,
1074 [LXC_CMD_GET_CONFIG_ITEM
] = lxc_cmd_get_config_item_callback
,
1075 [LXC_CMD_GET_NAME
] = lxc_cmd_get_name_callback
,
1076 [LXC_CMD_GET_LXCPATH
] = lxc_cmd_get_lxcpath_callback
,
1077 [LXC_CMD_ADD_STATE_CLIENT
] = lxc_cmd_add_state_client_callback
,
1078 [LXC_CMD_CONSOLE_LOG
] = lxc_cmd_console_log_callback
,
1079 [LXC_CMD_SERVE_STATE_CLIENTS
] = lxc_cmd_serve_state_clients_callback
,
1082 if (req
->cmd
>= LXC_CMD_MAX
) {
1083 ERROR("Undefined command id %d", req
->cmd
);
1086 return cb
[req
->cmd
](fd
, req
, handler
);
1089 static void lxc_cmd_fd_cleanup(int fd
, struct lxc_handler
*handler
,
1090 struct lxc_epoll_descr
*descr
,
1091 const lxc_cmd_t cmd
)
1093 struct lxc_state_client
*client
;
1094 struct lxc_list
*cur
, *next
;
1096 lxc_terminal_free(handler
->conf
, fd
);
1097 lxc_mainloop_del_handler(descr
, fd
);
1098 if (cmd
!= LXC_CMD_ADD_STATE_CLIENT
) {
1103 lxc_list_for_each_safe(cur
, &handler
->conf
->state_clients
, next
) {
1105 if (client
->clientfd
!= fd
)
1108 /* kick client from list */
1110 close(client
->clientfd
);
1113 /* No need to walk the whole list. If we found the state client
1114 * fd there can't be a second one.
1120 static int lxc_cmd_handler(int fd
, uint32_t events
, void *data
,
1121 struct lxc_epoll_descr
*descr
)
1124 struct lxc_cmd_req req
;
1125 void *reqdata
= NULL
;
1126 struct lxc_handler
*handler
= data
;
1128 ret
= lxc_abstract_unix_rcv_credential(fd
, &req
, sizeof(req
));
1130 SYSERROR("Failed to receive data on command socket for command "
1131 "\"%s\"", lxc_cmd_str(req
.cmd
));
1133 if (errno
== EACCES
) {
1134 /* We don't care for the peer, just send and close. */
1135 struct lxc_cmd_rsp rsp
= {.ret
= ret
};
1137 lxc_cmd_rsp_send(fd
, &rsp
);
1146 if (ret
!= sizeof(req
)) {
1147 WARN("Failed to receive full command request. Ignoring request "
1148 "for \"%s\"", lxc_cmd_str(req
.cmd
));
1153 if ((req
.datalen
> LXC_CMD_DATA_MAX
) &&
1154 (req
.cmd
!= LXC_CMD_CONSOLE_LOG
)) {
1155 ERROR("Received command data length %d is too large for "
1156 "command \"%s\"", req
.datalen
, lxc_cmd_str(req
.cmd
));
1162 if (req
.datalen
> 0) {
1163 /* LXC_CMD_CONSOLE_LOG needs to be able to allocate data
1164 * that exceeds LXC_CMD_DATA_MAX: use malloc() for that.
1166 if (req
.cmd
== LXC_CMD_CONSOLE_LOG
)
1167 reqdata
= malloc(req
.datalen
);
1169 reqdata
= alloca(req
.datalen
);
1171 ERROR("Failed to allocate memory for \"%s\" command",
1172 lxc_cmd_str(req
.cmd
));
1178 ret
= lxc_recv_nointr(fd
, reqdata
, req
.datalen
, 0);
1179 if (ret
!= req
.datalen
) {
1180 WARN("Failed to receive full command request. Ignoring "
1181 "request for \"%s\"", lxc_cmd_str(req
.cmd
));
1182 ret
= LXC_MAINLOOP_ERROR
;
1189 ret
= lxc_cmd_process(fd
, &req
, handler
);
1191 /* This is not an error, but only a request to close fd. */
1192 ret
= LXC_MAINLOOP_CONTINUE
;
1197 if (req
.cmd
== LXC_CMD_CONSOLE_LOG
&& reqdata
)
1203 lxc_cmd_fd_cleanup(fd
, handler
, descr
, req
.cmd
);
1207 static int lxc_cmd_accept(int fd
, uint32_t events
, void *data
,
1208 struct lxc_epoll_descr
*descr
)
1211 int opt
= 1, ret
= -1;
1213 connection
= accept(fd
, NULL
, 0);
1214 if (connection
< 0) {
1215 SYSERROR("Failed to accept connection to run command.");
1216 return LXC_MAINLOOP_ERROR
;
1219 ret
= fcntl(connection
, F_SETFD
, FD_CLOEXEC
);
1221 SYSERROR("Failed to set close-on-exec on incoming command connection");
1225 ret
= setsockopt(connection
, SOL_SOCKET
, SO_PASSCRED
, &opt
, sizeof(opt
));
1227 SYSERROR("Failed to enable necessary credentials on command socket");
1231 ret
= lxc_mainloop_add_handler(descr
, connection
, lxc_cmd_handler
, data
);
1233 ERROR("Failed to add command handler");
1245 int lxc_cmd_init(const char *name
, const char *lxcpath
, const char *suffix
)
1248 char path
[LXC_AUDS_ADDR_LEN
] = {0};
1249 char *offset
= &path
[1];
1251 /* -2 here because this is an abstract unix socket so it needs a
1252 * leading \0, and we null terminate, so it needs a trailing \0.
1253 * Although null termination isn't required by the API, we do it anyway
1254 * because we print the sockname out sometimes.
1256 len
= sizeof(path
) - 2;
1257 ret
= lxc_make_abstract_socket_name(offset
, len
, name
, lxcpath
, NULL
, suffix
);
1260 TRACE("Creating abstract unix socket \"%s\"", offset
);
1262 fd
= lxc_abstract_unix_open(path
, SOCK_STREAM
, 0);
1264 SYSERROR("Failed to create command socket %s", offset
);
1265 if (errno
== EADDRINUSE
)
1266 ERROR("Container \"%s\" appears to be already running", name
);
1271 ret
= fcntl(fd
, F_SETFD
, FD_CLOEXEC
);
1273 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
1281 int lxc_cmd_mainloop_add(const char *name
, struct lxc_epoll_descr
*descr
,
1282 struct lxc_handler
*handler
)
1285 int fd
= handler
->conf
->maincmd_fd
;
1287 ret
= lxc_mainloop_add_handler(descr
, fd
, lxc_cmd_accept
, handler
);
1289 ERROR("Failed to add handler for command socket");