]>
git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/confile_utils.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
15 #include "confile_utils.h"
19 #include "lxccontainer.h"
26 #include "include/strlcpy.h"
29 lxc_log_define(confile_utils
, lxc
);
31 int parse_idmaps(const char *idmap
, char *type
, unsigned long *nsid
,
32 unsigned long *hostid
, unsigned long *range
)
35 unsigned long tmp_hostid
, tmp_nsid
, tmp_range
;
40 /* Duplicate string. */
45 /* A prototypical idmap entry would be: "u 1000 1000000 65536" */
50 slide
+= strspn(slide
, " \t\r");
51 if (slide
!= window
&& *slide
== '\0')
55 if (*slide
!= 'u' && *slide
!= 'g') {
56 ERROR("Invalid id mapping type: %c", *slide
);
63 /* move beyond type */
67 /* Validate that only whitespace follows. */
68 slide
+= strspn(slide
, " \t\r");
69 /* There must be whitespace. */
73 /* Mark beginning of nsid. */
75 /* Validate that non-whitespace follows. */
76 slide
+= strcspn(slide
, " \t\r");
77 /* There must be non-whitespace. */
78 if (slide
== window
|| *slide
== '\0')
80 /* Mark end of nsid. */
84 if (lxc_safe_ulong(window
, &tmp_nsid
) < 0) {
85 ERROR("Failed to parse nsid: %s", window
);
91 /* Validate that only whitespace follows. */
92 slide
+= strspn(slide
, " \t\r");
93 /* If there was only one whitespace then we whiped it with our \0 above.
94 * So only ensure that we're not at the end of the string.
99 /* Mark beginning of hostid. */
101 /* Validate that non-whitespace follows. */
102 slide
+= strcspn(slide
, " \t\r");
103 /* There must be non-whitespace. */
104 if (slide
== window
|| *slide
== '\0')
106 /* Mark end of nsid. */
110 if (lxc_safe_ulong(window
, &tmp_hostid
) < 0) {
111 ERROR("Failed to parse hostid: %s", window
);
115 /* Move beyond \0. */
117 /* Validate that only whitespace follows. */
118 slide
+= strspn(slide
, " \t\r");
119 /* If there was only one whitespace then we whiped it with our \0 above.
120 * So only ensure that we're not at the end of the string.
125 /* Mark beginning of range. */
127 /* Validate that non-whitespace follows. */
128 slide
+= strcspn(slide
, " \t\r");
129 /* There must be non-whitespace. */
133 /* The range is the last valid entry we expect. So make sure that there
134 * is no trailing garbage and if there is, error out.
136 if (*(slide
+ strspn(slide
, " \t\r\n")) != '\0')
139 /* Mark end of range. */
143 if (lxc_safe_ulong(window
, &tmp_range
) < 0) {
144 ERROR("Failed to parse id mapping range: %s", window
);
150 *hostid
= tmp_hostid
;
153 /* Yay, we survived. */
162 bool lxc_config_value_empty(const char *value
)
164 if (value
&& strlen(value
) > 0)
170 struct lxc_netdev
*lxc_network_add(struct lxc_list
*networks
, int idx
, bool tail
)
172 struct lxc_list
*newlist
;
173 struct lxc_netdev
*netdev
= NULL
;
175 /* network does not exist */
176 netdev
= malloc(sizeof(*netdev
));
180 memset(netdev
, 0, sizeof(*netdev
));
181 lxc_list_init(&netdev
->ipv4
);
182 lxc_list_init(&netdev
->ipv6
);
184 /* give network a unique index */
187 /* prepare new list */
188 newlist
= malloc(sizeof(*newlist
));
194 lxc_list_init(newlist
);
195 newlist
->elem
= netdev
;
198 lxc_list_add_tail(networks
, newlist
);
200 lxc_list_add(networks
, newlist
);
205 /* Takes care of finding the correct netdev struct in the networks list or
206 * allocates a new one if it couldn't be found.
208 struct lxc_netdev
*lxc_get_netdev_by_idx(struct lxc_conf
*conf
,
209 unsigned int idx
, bool allocate
)
211 struct lxc_netdev
*netdev
= NULL
;
212 struct lxc_list
*networks
= &conf
->network
;
213 struct lxc_list
*insert
= networks
;
216 if (!lxc_list_empty(networks
)) {
217 lxc_list_for_each(insert
, networks
) {
218 netdev
= insert
->elem
;
219 if (netdev
->idx
== idx
)
221 else if (netdev
->idx
> idx
)
229 return lxc_network_add(insert
, idx
, true);
232 void lxc_log_configured_netdevs(const struct lxc_conf
*conf
)
234 struct lxc_netdev
*netdev
;
235 struct lxc_list
*it
= (struct lxc_list
*)&conf
->network
;;
237 if ((conf
->loglevel
!= LXC_LOG_LEVEL_TRACE
) &&
238 (lxc_log_get_level() != LXC_LOG_LEVEL_TRACE
))
241 if (lxc_list_empty(it
)) {
242 TRACE("container has no networks configured");
246 lxc_list_for_each(it
, &conf
->network
) {
247 struct lxc_list
*cur
, *next
;
248 struct lxc_inetdev
*inet4dev
;
249 struct lxc_inet6dev
*inet6dev
;
250 char bufinet4
[INET_ADDRSTRLEN
], bufinet6
[INET6_ADDRSTRLEN
];
254 TRACE("index: %zd", netdev
->idx
);
255 TRACE("ifindex: %d", netdev
->ifindex
);
257 switch (netdev
->type
) {
261 if (netdev
->priv
.veth_attr
.pair
[0] != '\0')
262 TRACE("veth pair: %s",
263 netdev
->priv
.veth_attr
.pair
);
265 if (netdev
->priv
.veth_attr
.veth1
[0] != '\0')
267 netdev
->priv
.veth_attr
.veth1
);
269 if (netdev
->priv
.veth_attr
.ifindex
> 0)
270 TRACE("host side ifindex for veth device: %d",
271 netdev
->priv
.veth_attr
.ifindex
);
273 case LXC_NET_MACVLAN
:
274 TRACE("type: macvlan");
276 if (netdev
->priv
.macvlan_attr
.mode
> 0) {
279 mode
= lxc_macvlan_flag_to_mode(
280 netdev
->priv
.macvlan_attr
.mode
);
281 TRACE("macvlan mode: %s",
282 mode
? mode
: "(invalid mode)");
286 TRACE("type: ipvlan");
289 mode
= lxc_ipvlan_flag_to_mode(netdev
->priv
.ipvlan_attr
.mode
);
290 TRACE("ipvlan mode: %s", mode
? mode
: "(invalid mode)");
293 isolation
= lxc_ipvlan_flag_to_isolation(netdev
->priv
.ipvlan_attr
.isolation
);
294 TRACE("ipvlan isolation: %s", isolation
? isolation
: "(invalid isolation)");
298 TRACE("vlan id: %d", netdev
->priv
.vlan_attr
.vid
);
303 if (netdev
->priv
.phys_attr
.ifindex
> 0)
304 TRACE("host side ifindex for phys device: %d",
305 netdev
->priv
.phys_attr
.ifindex
);
308 TRACE("type: empty");
314 ERROR("Invalid network type %d", netdev
->type
);
318 if (netdev
->type
!= LXC_NET_EMPTY
) {
320 netdev
->flags
== IFF_UP
? "up" : "none");
322 if (netdev
->link
[0] != '\0')
323 TRACE("link: %s", netdev
->link
);
325 /* l2proxy only used when link is specified */
326 if (netdev
->link
[0] != '\0')
327 TRACE("l2proxy: %s", netdev
->l2proxy
? "true" : "false");
329 if (netdev
->name
[0] != '\0')
330 TRACE("name: %s", netdev
->name
);
333 TRACE("hwaddr: %s", netdev
->hwaddr
);
336 TRACE("mtu: %s", netdev
->mtu
);
338 if (netdev
->upscript
)
339 TRACE("upscript: %s", netdev
->upscript
);
341 if (netdev
->downscript
)
342 TRACE("downscript: %s", netdev
->downscript
);
344 TRACE("ipv4 gateway auto: %s",
345 netdev
->ipv4_gateway_auto
? "true" : "false");
347 TRACE("ipv4 gateway dev: %s",
348 netdev
->ipv4_gateway_dev
? "true" : "false");
350 if (netdev
->ipv4_gateway
) {
351 inet_ntop(AF_INET
, netdev
->ipv4_gateway
,
352 bufinet4
, sizeof(bufinet4
));
353 TRACE("ipv4 gateway: %s", bufinet4
);
356 lxc_list_for_each_safe(cur
, &netdev
->ipv4
, next
) {
357 inet4dev
= cur
->elem
;
358 inet_ntop(AF_INET
, &inet4dev
->addr
, bufinet4
,
360 TRACE("ipv4 addr: %s", bufinet4
);
363 TRACE("ipv6 gateway auto: %s",
364 netdev
->ipv6_gateway_auto
? "true" : "false");
366 TRACE("ipv6 gateway dev: %s",
367 netdev
->ipv6_gateway_dev
? "true" : "false");
369 if (netdev
->ipv6_gateway
) {
370 inet_ntop(AF_INET6
, netdev
->ipv6_gateway
,
371 bufinet6
, sizeof(bufinet6
));
372 TRACE("ipv6 gateway: %s", bufinet6
);
375 lxc_list_for_each_safe(cur
, &netdev
->ipv6
, next
) {
376 inet6dev
= cur
->elem
;
377 inet_ntop(AF_INET6
, &inet6dev
->addr
, bufinet6
,
379 TRACE("ipv6 addr: %s", bufinet6
);
382 if (netdev
->type
== LXC_NET_VETH
) {
383 lxc_list_for_each_safe(cur
, &netdev
->priv
.veth_attr
.ipv4_routes
, next
) {
384 inet4dev
= cur
->elem
;
385 if (!inet_ntop(AF_INET
, &inet4dev
->addr
, bufinet4
, sizeof(bufinet4
))) {
386 ERROR("Invalid ipv4 veth route");
390 TRACE("ipv4 veth route: %s/%u", bufinet4
, inet4dev
->prefix
);
393 lxc_list_for_each_safe(cur
, &netdev
->priv
.veth_attr
.ipv6_routes
, next
) {
394 inet6dev
= cur
->elem
;
395 if (!inet_ntop(AF_INET6
, &inet6dev
->addr
, bufinet6
, sizeof(bufinet6
))) {
396 ERROR("Invalid ipv6 veth route");
400 TRACE("ipv6 veth route: %s/%u", bufinet6
, inet6dev
->prefix
);
407 static void lxc_free_netdev(struct lxc_netdev
*netdev
)
409 struct lxc_list
*cur
, *next
;
411 free(netdev
->upscript
);
412 free(netdev
->downscript
);
413 free(netdev
->hwaddr
);
416 free(netdev
->ipv4_gateway
);
417 lxc_list_for_each_safe(cur
, &netdev
->ipv4
, next
) {
423 free(netdev
->ipv6_gateway
);
424 lxc_list_for_each_safe(cur
, &netdev
->ipv6
, next
) {
430 if (netdev
->type
== LXC_NET_VETH
) {
431 lxc_list_for_each_safe(cur
, &netdev
->priv
.veth_attr
.ipv4_routes
, next
) {
437 lxc_list_for_each_safe(cur
, &netdev
->priv
.veth_attr
.ipv6_routes
, next
) {
447 bool lxc_remove_nic_by_idx(struct lxc_conf
*conf
, unsigned int idx
)
449 struct lxc_list
*cur
, *next
;
450 struct lxc_netdev
*netdev
;
453 lxc_list_for_each_safe(cur
, &conf
->network
, next
) {
455 if (netdev
->idx
!= idx
)
466 lxc_free_netdev(netdev
);
472 void lxc_free_networks(struct lxc_list
*networks
)
474 struct lxc_list
*cur
, *next
;
475 struct lxc_netdev
*netdev
;
477 lxc_list_for_each_safe(cur
, networks
, next
) {
479 lxc_free_netdev(netdev
);
483 /* prevent segfaults */
484 lxc_list_init(networks
);
488 static struct lxc_veth_mode
{
492 { "bridge", VETH_MODE_BRIDGE
},
493 { "router", VETH_MODE_ROUTER
},
496 int lxc_veth_mode_to_flag(int *mode
, const char *value
)
498 for (size_t i
= 0; i
< sizeof(veth_mode
) / sizeof(veth_mode
[0]); i
++) {
499 if (strcmp(veth_mode
[i
].name
, value
) != 0)
502 *mode
= veth_mode
[i
].mode
;
506 return ret_set_errno(-1, EINVAL
);
509 static struct lxc_macvlan_mode
{
513 { "private", MACVLAN_MODE_PRIVATE
},
514 { "vepa", MACVLAN_MODE_VEPA
},
515 { "bridge", MACVLAN_MODE_BRIDGE
},
516 { "passthru", MACVLAN_MODE_PASSTHRU
},
519 int lxc_macvlan_mode_to_flag(int *mode
, const char *value
)
523 for (i
= 0; i
< sizeof(macvlan_mode
) / sizeof(macvlan_mode
[0]); i
++) {
524 if (strcmp(macvlan_mode
[i
].name
, value
))
527 *mode
= macvlan_mode
[i
].mode
;
534 char *lxc_macvlan_flag_to_mode(int mode
)
538 for (i
= 0; i
< sizeof(macvlan_mode
) / sizeof(macvlan_mode
[0]); i
++) {
539 if (macvlan_mode
[i
].mode
!= mode
)
542 return macvlan_mode
[i
].name
;
548 static struct lxc_ipvlan_mode
{
552 { "l3", IPVLAN_MODE_L3
},
553 { "l3s", IPVLAN_MODE_L3S
},
554 { "l2", IPVLAN_MODE_L2
},
557 int lxc_ipvlan_mode_to_flag(int *mode
, const char *value
)
559 for (size_t i
= 0; i
< sizeof(ipvlan_mode
) / sizeof(ipvlan_mode
[0]); i
++) {
560 if (strcmp(ipvlan_mode
[i
].name
, value
) != 0)
563 *mode
= ipvlan_mode
[i
].mode
;
570 char *lxc_ipvlan_flag_to_mode(int mode
)
572 for (size_t i
= 0; i
< sizeof(ipvlan_mode
) / sizeof(ipvlan_mode
[0]); i
++) {
573 if (ipvlan_mode
[i
].mode
!= mode
)
576 return ipvlan_mode
[i
].name
;
582 static struct lxc_ipvlan_isolation
{
585 } ipvlan_isolation
[] = {
586 { "bridge", IPVLAN_ISOLATION_BRIDGE
},
587 { "private", IPVLAN_ISOLATION_PRIVATE
},
588 { "vepa", IPVLAN_ISOLATION_VEPA
},
591 int lxc_ipvlan_isolation_to_flag(int *flag
, const char *value
)
593 for (size_t i
= 0; i
< sizeof(ipvlan_isolation
) / sizeof(ipvlan_isolation
[0]); i
++) {
594 if (strcmp(ipvlan_isolation
[i
].name
, value
) != 0)
597 *flag
= ipvlan_isolation
[i
].flag
;
604 char *lxc_ipvlan_flag_to_isolation(int flag
)
606 for (size_t i
= 0; i
< sizeof(ipvlan_isolation
) / sizeof(ipvlan_isolation
[0]); i
++) {
607 if (ipvlan_isolation
[i
].flag
!= flag
)
610 return ipvlan_isolation
[i
].name
;
616 int set_config_string_item(char **conf_item
, const char *value
)
620 if (lxc_config_value_empty(value
)) {
626 new_value
= strdup(value
);
628 SYSERROR("Failed to duplicate string \"%s\"", value
);
633 *conf_item
= new_value
;
637 int set_config_string_item_max(char **conf_item
, const char *value
, size_t max
)
639 if (strlen(value
) >= max
) {
640 ERROR("%s is too long (>= %lu)", value
, (unsigned long)max
);
644 return set_config_string_item(conf_item
, value
);
647 int set_config_path_item(char **conf_item
, const char *value
)
649 return set_config_string_item_max(conf_item
, value
, PATH_MAX
);
652 int set_config_bool_item(bool *conf_item
, const char *value
, bool empty_conf_action
)
654 unsigned int val
= 0;
656 if (lxc_config_value_empty(value
)) {
657 *conf_item
= empty_conf_action
;
661 if (lxc_safe_uint(value
, &val
) < 0)
676 int config_ip_prefix(struct in_addr
*addr
)
678 if (IN_CLASSA(addr
->s_addr
))
679 return 32 - IN_CLASSA_NSHIFT
;
681 if (IN_CLASSB(addr
->s_addr
))
682 return 32 - IN_CLASSB_NSHIFT
;
684 if (IN_CLASSC(addr
->s_addr
))
685 return 32 - IN_CLASSC_NSHIFT
;
690 int network_ifname(char *valuep
, const char *value
, size_t size
)
694 if (!valuep
|| !value
)
697 retlen
= strlcpy(valuep
, value
, size
);
699 ERROR("Network device name \"%s\" is too long (>= %zu)", value
,
705 bool lxc_config_net_is_hwaddr(const char *line
)
710 if (strncmp(line
, "lxc.net", 7) != 0)
713 if (strncmp(line
, "lxc.net.hwaddr", 14) == 0)
716 if (strncmp(line
, "lxc.network.hwaddr", 18) == 0)
719 if (sscanf(line
, "lxc.net.%u.%6s", &index
, tmp
) == 2 ||
720 sscanf(line
, "lxc.network.%u.%6s", &index
, tmp
) == 2)
721 return strncmp(tmp
, "hwaddr", 6) == 0;
726 void rand_complete_hwaddr(char *hwaddr
)
728 const char hex
[] = "0123456789abcdef";
733 seed
= randseed(false);
736 (void)randseed(true);
739 while (*curs
!= '\0' && *curs
!= '\n') {
740 if (*curs
== 'x' || *curs
== 'X') {
741 if (curs
- hwaddr
== 1) {
742 /* ensure address is unicast */
744 *curs
= hex
[rand_r(&seed
) & 0x0E];
746 *curs
= hex
[rand_r(&seed
) & 0x0F];
748 *curs
= hex
[rand() & 0x0E];
750 *curs
= hex
[rand() & 0x0F];
758 bool new_hwaddr(char *hwaddr
)
764 seed
= randseed(false);
766 ret
= snprintf(hwaddr
, 18, "00:16:3e:%02x:%02x:%02x", rand_r(&seed
) % 255,
767 rand_r(&seed
) % 255, rand_r(&seed
) % 255);
770 (void)randseed(true);
772 ret
= snprintf(hwaddr
, 18, "00:16:3e:%02x:%02x:%02x", rand() % 255,
773 rand() % 255, rand() % 255);
775 if (ret
< 0 || ret
>= 18) {
776 SYSERROR("Failed to call snprintf()");
783 int lxc_get_conf_str(char *retv
, int inlen
, const char *value
)
790 value_len
= strlen(value
);
791 if (retv
&& inlen
>= value_len
+ 1)
792 memcpy(retv
, value
, value_len
+ 1);
797 int lxc_get_conf_bool(struct lxc_conf
*c
, char *retv
, int inlen
, bool v
)
805 memset(retv
, 0, inlen
);
807 strprint(retv
, inlen
, "%d", v
);
812 int lxc_get_conf_int(struct lxc_conf
*c
, char *retv
, int inlen
, int v
)
820 memset(retv
, 0, inlen
);
822 strprint(retv
, inlen
, "%d", v
);
827 int lxc_get_conf_size_t(struct lxc_conf
*c
, char *retv
, int inlen
, size_t v
)
835 memset(retv
, 0, inlen
);
837 strprint(retv
, inlen
, "%zu", v
);
842 int lxc_get_conf_uint64(struct lxc_conf
*c
, char *retv
, int inlen
, uint64_t v
)
850 memset(retv
, 0, inlen
);
852 strprint(retv
, inlen
, "%"PRIu64
, v
);
857 static int lxc_container_name_to_pid(const char *lxcname_or_pid
,
864 pid
= strtol(lxcname_or_pid
, &err
, 10);
865 if (*err
!= '\0' || pid
< 1) {
866 struct lxc_container
*c
;
868 c
= lxc_container_new(lxcname_or_pid
, lxcpath
);
870 ERROR("\"%s\" is not a valid pid nor a container name",
875 if (!c
->may_control(c
)) {
876 ERROR("Insufficient privileges to control container "
878 lxc_container_put(c
);
882 pid
= c
->init_pid(c
);
884 ERROR("Container \"%s\" is not running", c
->name
);
885 lxc_container_put(c
);
889 lxc_container_put(c
);
894 SYSERROR("Failed to send signal to pid %d", (int)pid
);
901 int lxc_inherit_namespace(const char *nsfd_path
, const char *lxcpath
,
902 const char *namespace)
905 char *dup
, *lastslash
;
907 if (nsfd_path
[0] == '/') {
908 return open(nsfd_path
, O_RDONLY
| O_CLOEXEC
);
911 lastslash
= strrchr(nsfd_path
, '/');
913 dup
= strdup(nsfd_path
);
917 dup
[lastslash
- nsfd_path
] = '\0';
918 pid
= lxc_container_name_to_pid(lastslash
+ 1, dup
);
921 pid
= lxc_container_name_to_pid(nsfd_path
, lxcpath
);
927 fd
= lxc_preserve_ns(pid
, namespace);
939 static const struct signame signames
[] = {
972 { SIGSTKFLT
, "STKFLT" },
987 { SIGVTALRM
, "VTALRM" },
993 { SIGWINCH
, "WINCH" },
1002 { SIGINFO
, "INFO" },
1005 { SIGLOST
, "LOST" },
1011 { SIGUNUSED
, "UNUSED" },
1018 static int sig_num(const char *sig
)
1020 unsigned int signum
;
1022 if (lxc_safe_uint(sig
, &signum
) < 0)
1028 static int rt_sig_num(const char *signame
)
1030 int rtmax
= 0, sig_n
= 0;
1032 if (strncasecmp(signame
, "max-", 4) == 0)
1036 if (!isdigit(*signame
))
1039 sig_n
= sig_num(signame
);
1040 sig_n
= rtmax
? SIGRTMAX
- sig_n
: SIGRTMIN
+ sig_n
;
1041 if (sig_n
> SIGRTMAX
|| sig_n
< SIGRTMIN
)
1047 int sig_parse(const char *signame
)
1051 if (isdigit(*signame
)) {
1052 return sig_num(signame
);
1053 } else if (strncasecmp(signame
, "sig", 3) == 0) {
1055 if (strncasecmp(signame
, "rt", 2) == 0)
1056 return rt_sig_num(signame
+ 2);
1058 for (n
= 0; n
< sizeof(signames
) / sizeof((signames
)[0]); n
++)
1059 if (strcasecmp(signames
[n
].name
, signame
) == 0)
1060 return signames
[n
].num
;