]>
git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/confile_utils.c
3 * Copyright © 2017 Christian Brauner <christian.brauner@ubuntu.com>.
4 * Copyright © 2017 Canonical Ltd.
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License version 2, as
8 * published by the Free Software Foundation.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License along
16 * with this program; if not, write to the Free Software Foundation, Inc.,
17 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 #include <arpa/inet.h>
32 #include "confile_utils.h"
36 #include "lxccontainer.h"
43 #include "include/strlcpy.h"
46 lxc_log_define(confile_utils
, lxc
);
48 int parse_idmaps(const char *idmap
, char *type
, unsigned long *nsid
,
49 unsigned long *hostid
, unsigned long *range
)
52 unsigned long tmp_hostid
, tmp_nsid
, tmp_range
;
57 /* Duplicate string. */
62 /* A prototypical idmap entry would be: "u 1000 1000000 65536" */
67 slide
+= strspn(slide
, " \t\r");
68 if (slide
!= window
&& *slide
== '\0')
72 if (*slide
!= 'u' && *slide
!= 'g') {
73 ERROR("Invalid id mapping type: %c", *slide
);
80 /* move beyond type */
84 /* Validate that only whitespace follows. */
85 slide
+= strspn(slide
, " \t\r");
86 /* There must be whitespace. */
90 /* Mark beginning of nsid. */
92 /* Validate that non-whitespace follows. */
93 slide
+= strcspn(slide
, " \t\r");
94 /* There must be non-whitespace. */
95 if (slide
== window
|| *slide
== '\0')
97 /* Mark end of nsid. */
101 if (lxc_safe_ulong(window
, &tmp_nsid
) < 0) {
102 ERROR("Failed to parse nsid: %s", window
);
106 /* Move beyond \0. */
108 /* Validate that only whitespace follows. */
109 slide
+= strspn(slide
, " \t\r");
110 /* If there was only one whitespace then we whiped it with our \0 above.
111 * So only ensure that we're not at the end of the string.
116 /* Mark beginning of hostid. */
118 /* Validate that non-whitespace follows. */
119 slide
+= strcspn(slide
, " \t\r");
120 /* There must be non-whitespace. */
121 if (slide
== window
|| *slide
== '\0')
123 /* Mark end of nsid. */
127 if (lxc_safe_ulong(window
, &tmp_hostid
) < 0) {
128 ERROR("Failed to parse hostid: %s", window
);
132 /* Move beyond \0. */
134 /* Validate that only whitespace follows. */
135 slide
+= strspn(slide
, " \t\r");
136 /* If there was only one whitespace then we whiped it with our \0 above.
137 * So only ensure that we're not at the end of the string.
142 /* Mark beginning of range. */
144 /* Validate that non-whitespace follows. */
145 slide
+= strcspn(slide
, " \t\r");
146 /* There must be non-whitespace. */
150 /* The range is the last valid entry we expect. So make sure that there
151 * is no trailing garbage and if there is, error out.
153 if (*(slide
+ strspn(slide
, " \t\r\n")) != '\0')
156 /* Mark end of range. */
160 if (lxc_safe_ulong(window
, &tmp_range
) < 0) {
161 ERROR("Failed to parse id mapping range: %s", window
);
167 *hostid
= tmp_hostid
;
170 /* Yay, we survived. */
179 bool lxc_config_value_empty(const char *value
)
181 if (value
&& strlen(value
) > 0)
187 struct lxc_netdev
*lxc_network_add(struct lxc_list
*networks
, int idx
, bool tail
)
189 struct lxc_list
*newlist
;
190 struct lxc_netdev
*netdev
= NULL
;
192 /* network does not exist */
193 netdev
= malloc(sizeof(*netdev
));
197 memset(netdev
, 0, sizeof(*netdev
));
198 lxc_list_init(&netdev
->ipv4
);
199 lxc_list_init(&netdev
->ipv6
);
201 /* give network a unique index */
204 /* prepare new list */
205 newlist
= malloc(sizeof(*newlist
));
211 lxc_list_init(newlist
);
212 newlist
->elem
= netdev
;
215 lxc_list_add_tail(networks
, newlist
);
217 lxc_list_add(networks
, newlist
);
222 /* Takes care of finding the correct netdev struct in the networks list or
223 * allocates a new one if it couldn't be found.
225 struct lxc_netdev
*lxc_get_netdev_by_idx(struct lxc_conf
*conf
,
226 unsigned int idx
, bool allocate
)
228 struct lxc_netdev
*netdev
= NULL
;
229 struct lxc_list
*networks
= &conf
->network
;
230 struct lxc_list
*insert
= networks
;
233 if (!lxc_list_empty(networks
)) {
234 lxc_list_for_each(insert
, networks
) {
235 netdev
= insert
->elem
;
236 if (netdev
->idx
== idx
)
238 else if (netdev
->idx
> idx
)
246 return lxc_network_add(insert
, idx
, true);
249 void lxc_log_configured_netdevs(const struct lxc_conf
*conf
)
251 struct lxc_netdev
*netdev
;
252 struct lxc_list
*it
= (struct lxc_list
*)&conf
->network
;;
254 if ((conf
->loglevel
!= LXC_LOG_LEVEL_TRACE
) &&
255 (lxc_log_get_level() != LXC_LOG_LEVEL_TRACE
))
258 if (lxc_list_empty(it
)) {
259 TRACE("container has no networks configured");
263 lxc_list_for_each(it
, &conf
->network
) {
264 struct lxc_list
*cur
, *next
;
265 struct lxc_inetdev
*inet4dev
;
266 struct lxc_inet6dev
*inet6dev
;
267 char bufinet4
[INET_ADDRSTRLEN
], bufinet6
[INET6_ADDRSTRLEN
];
271 TRACE("index: %zd", netdev
->idx
);
272 TRACE("ifindex: %d", netdev
->ifindex
);
274 switch (netdev
->type
) {
278 if (netdev
->priv
.veth_attr
.pair
[0] != '\0')
279 TRACE("veth pair: %s",
280 netdev
->priv
.veth_attr
.pair
);
282 if (netdev
->priv
.veth_attr
.veth1
[0] != '\0')
284 netdev
->priv
.veth_attr
.veth1
);
286 if (netdev
->priv
.veth_attr
.ifindex
> 0)
287 TRACE("host side ifindex for veth device: %d",
288 netdev
->priv
.veth_attr
.ifindex
);
290 case LXC_NET_MACVLAN
:
291 TRACE("type: macvlan");
293 if (netdev
->priv
.macvlan_attr
.mode
> 0) {
296 mode
= lxc_macvlan_flag_to_mode(
297 netdev
->priv
.macvlan_attr
.mode
);
298 TRACE("macvlan mode: %s",
299 mode
? mode
: "(invalid mode)");
303 TRACE("type: ipvlan");
306 mode
= lxc_ipvlan_flag_to_mode(netdev
->priv
.ipvlan_attr
.mode
);
307 TRACE("ipvlan mode: %s", mode
? mode
: "(invalid mode)");
310 isolation
= lxc_ipvlan_flag_to_isolation(netdev
->priv
.ipvlan_attr
.isolation
);
311 TRACE("ipvlan isolation: %s", isolation
? isolation
: "(invalid isolation)");
315 TRACE("vlan id: %d", netdev
->priv
.vlan_attr
.vid
);
320 if (netdev
->priv
.phys_attr
.ifindex
> 0)
321 TRACE("host side ifindex for phys device: %d",
322 netdev
->priv
.phys_attr
.ifindex
);
325 TRACE("type: empty");
331 ERROR("Invalid network type %d", netdev
->type
);
335 if (netdev
->type
!= LXC_NET_EMPTY
) {
337 netdev
->flags
== IFF_UP
? "up" : "none");
339 if (netdev
->link
[0] != '\0')
340 TRACE("link: %s", netdev
->link
);
342 if (netdev
->name
[0] != '\0')
343 TRACE("name: %s", netdev
->name
);
346 TRACE("hwaddr: %s", netdev
->hwaddr
);
349 TRACE("mtu: %s", netdev
->mtu
);
351 if (netdev
->upscript
)
352 TRACE("upscript: %s", netdev
->upscript
);
354 if (netdev
->downscript
)
355 TRACE("downscript: %s", netdev
->downscript
);
357 TRACE("ipv4 gateway auto: %s",
358 netdev
->ipv4_gateway_auto
? "true" : "false");
360 if (netdev
->ipv4_gateway
) {
361 inet_ntop(AF_INET
, netdev
->ipv4_gateway
,
362 bufinet4
, sizeof(bufinet4
));
363 TRACE("ipv4 gateway: %s", bufinet4
);
366 lxc_list_for_each_safe(cur
, &netdev
->ipv4
, next
) {
367 inet4dev
= cur
->elem
;
368 inet_ntop(AF_INET
, &inet4dev
->addr
, bufinet4
,
370 TRACE("ipv4 addr: %s", bufinet4
);
373 TRACE("ipv6 gateway auto: %s",
374 netdev
->ipv6_gateway_auto
? "true" : "false");
376 if (netdev
->ipv6_gateway
) {
377 inet_ntop(AF_INET6
, netdev
->ipv6_gateway
,
378 bufinet6
, sizeof(bufinet6
));
379 TRACE("ipv6 gateway: %s", bufinet6
);
382 lxc_list_for_each_safe(cur
, &netdev
->ipv6
, next
) {
383 inet6dev
= cur
->elem
;
384 inet_ntop(AF_INET6
, &inet6dev
->addr
, bufinet6
,
386 TRACE("ipv6 addr: %s", bufinet6
);
389 if (netdev
->type
== LXC_NET_VETH
) {
390 lxc_list_for_each_safe(cur
, &netdev
->priv
.veth_attr
.ipv4_routes
, next
) {
391 inet4dev
= cur
->elem
;
392 if (!inet_ntop(AF_INET
, &inet4dev
->addr
, bufinet4
, sizeof(bufinet4
))) {
393 ERROR("Invalid ipv4 veth route");
397 TRACE("ipv4 veth route: %s/%u", bufinet4
, inet4dev
->prefix
);
400 lxc_list_for_each_safe(cur
, &netdev
->priv
.veth_attr
.ipv6_routes
, next
) {
401 inet6dev
= cur
->elem
;
402 if (!inet_ntop(AF_INET6
, &inet6dev
->addr
, bufinet6
, sizeof(bufinet6
))) {
403 ERROR("Invalid ipv6 veth route");
407 TRACE("ipv6 veth route: %s/%u", bufinet6
, inet6dev
->prefix
);
414 static void lxc_free_netdev(struct lxc_netdev
*netdev
)
416 struct lxc_list
*cur
, *next
;
418 free(netdev
->upscript
);
419 free(netdev
->downscript
);
420 free(netdev
->hwaddr
);
423 free(netdev
->ipv4_gateway
);
424 lxc_list_for_each_safe(cur
, &netdev
->ipv4
, next
) {
430 free(netdev
->ipv6_gateway
);
431 lxc_list_for_each_safe(cur
, &netdev
->ipv6
, next
) {
437 if (netdev
->type
== LXC_NET_VETH
) {
438 lxc_list_for_each_safe(cur
, &netdev
->priv
.veth_attr
.ipv4_routes
, next
) {
444 lxc_list_for_each_safe(cur
, &netdev
->priv
.veth_attr
.ipv6_routes
, next
) {
454 bool lxc_remove_nic_by_idx(struct lxc_conf
*conf
, unsigned int idx
)
456 struct lxc_list
*cur
, *next
;
457 struct lxc_netdev
*netdev
;
460 lxc_list_for_each_safe(cur
, &conf
->network
, next
) {
462 if (netdev
->idx
!= idx
)
473 lxc_free_netdev(netdev
);
479 void lxc_free_networks(struct lxc_list
*networks
)
481 struct lxc_list
*cur
, *next
;
482 struct lxc_netdev
*netdev
;
484 lxc_list_for_each_safe(cur
, networks
, next
) {
486 lxc_free_netdev(netdev
);
490 /* prevent segfaults */
491 lxc_list_init(networks
);
494 static struct lxc_macvlan_mode
{
498 { "private", MACVLAN_MODE_PRIVATE
},
499 { "vepa", MACVLAN_MODE_VEPA
},
500 { "bridge", MACVLAN_MODE_BRIDGE
},
501 { "passthru", MACVLAN_MODE_PASSTHRU
},
504 int lxc_macvlan_mode_to_flag(int *mode
, const char *value
)
508 for (i
= 0; i
< sizeof(macvlan_mode
) / sizeof(macvlan_mode
[0]); i
++) {
509 if (strcmp(macvlan_mode
[i
].name
, value
))
512 *mode
= macvlan_mode
[i
].mode
;
519 char *lxc_macvlan_flag_to_mode(int mode
)
523 for (i
= 0; i
< sizeof(macvlan_mode
) / sizeof(macvlan_mode
[0]); i
++) {
524 if (macvlan_mode
[i
].mode
!= mode
)
527 return macvlan_mode
[i
].name
;
533 static struct lxc_ipvlan_mode
{
537 { "l3", IPVLAN_MODE_L3
},
538 { "l3s", IPVLAN_MODE_L3S
},
539 { "l2", IPVLAN_MODE_L2
},
542 int lxc_ipvlan_mode_to_flag(int *mode
, const char *value
)
544 for (size_t i
= 0; i
< sizeof(ipvlan_mode
) / sizeof(ipvlan_mode
[0]); i
++) {
545 if (strcmp(ipvlan_mode
[i
].name
, value
) != 0)
548 *mode
= ipvlan_mode
[i
].mode
;
555 char *lxc_ipvlan_flag_to_mode(int mode
)
557 for (size_t i
= 0; i
< sizeof(ipvlan_mode
) / sizeof(ipvlan_mode
[0]); i
++) {
558 if (ipvlan_mode
[i
].mode
!= mode
)
561 return ipvlan_mode
[i
].name
;
567 static struct lxc_ipvlan_isolation
{
570 } ipvlan_isolation
[] = {
571 { "bridge", IPVLAN_ISOLATION_BRIDGE
},
572 { "private", IPVLAN_ISOLATION_PRIVATE
},
573 { "vepa", IPVLAN_ISOLATION_VEPA
},
576 int lxc_ipvlan_isolation_to_flag(int *flag
, const char *value
)
578 for (size_t i
= 0; i
< sizeof(ipvlan_isolation
) / sizeof(ipvlan_isolation
[0]); i
++) {
579 if (strcmp(ipvlan_isolation
[i
].name
, value
) != 0)
582 *flag
= ipvlan_isolation
[i
].flag
;
589 char *lxc_ipvlan_flag_to_isolation(int flag
)
591 for (size_t i
= 0; i
< sizeof(ipvlan_isolation
) / sizeof(ipvlan_isolation
[0]); i
++) {
592 if (ipvlan_isolation
[i
].flag
!= flag
)
595 return ipvlan_isolation
[i
].name
;
601 int set_config_string_item(char **conf_item
, const char *value
)
605 if (lxc_config_value_empty(value
)) {
611 new_value
= strdup(value
);
613 SYSERROR("Failed to duplicate string \"%s\"", value
);
618 *conf_item
= new_value
;
622 int set_config_string_item_max(char **conf_item
, const char *value
, size_t max
)
624 if (strlen(value
) >= max
) {
625 ERROR("%s is too long (>= %lu)", value
, (unsigned long)max
);
629 return set_config_string_item(conf_item
, value
);
632 int set_config_path_item(char **conf_item
, const char *value
)
634 return set_config_string_item_max(conf_item
, value
, PATH_MAX
);
637 int config_ip_prefix(struct in_addr
*addr
)
639 if (IN_CLASSA(addr
->s_addr
))
640 return 32 - IN_CLASSA_NSHIFT
;
642 if (IN_CLASSB(addr
->s_addr
))
643 return 32 - IN_CLASSB_NSHIFT
;
645 if (IN_CLASSC(addr
->s_addr
))
646 return 32 - IN_CLASSC_NSHIFT
;
651 int network_ifname(char *valuep
, const char *value
, size_t size
)
655 if (!valuep
|| !value
)
658 retlen
= strlcpy(valuep
, value
, size
);
660 ERROR("Network device name \"%s\" is too long (>= %zu)", value
,
666 bool lxc_config_net_is_hwaddr(const char *line
)
671 if (strncmp(line
, "lxc.net", 7) != 0)
674 if (strncmp(line
, "lxc.net.hwaddr", 14) == 0)
677 if (strncmp(line
, "lxc.network.hwaddr", 18) == 0)
680 if (sscanf(line
, "lxc.net.%u.%6s", &index
, tmp
) == 2 ||
681 sscanf(line
, "lxc.network.%u.%6s", &index
, tmp
) == 2)
682 return strncmp(tmp
, "hwaddr", 6) == 0;
687 void rand_complete_hwaddr(char *hwaddr
)
689 const char hex
[] = "0123456789abcdef";
694 seed
= randseed(false);
697 (void)randseed(true);
700 while (*curs
!= '\0' && *curs
!= '\n') {
701 if (*curs
== 'x' || *curs
== 'X') {
702 if (curs
- hwaddr
== 1) {
703 /* ensure address is unicast */
705 *curs
= hex
[rand_r(&seed
) & 0x0E];
707 *curs
= hex
[rand_r(&seed
) & 0x0F];
709 *curs
= hex
[rand() & 0x0E];
711 *curs
= hex
[rand() & 0x0F];
719 bool new_hwaddr(char *hwaddr
)
725 seed
= randseed(false);
727 ret
= snprintf(hwaddr
, 18, "00:16:3e:%02x:%02x:%02x", rand_r(&seed
) % 255,
728 rand_r(&seed
) % 255, rand_r(&seed
) % 255);
731 (void)randseed(true);
733 ret
= snprintf(hwaddr
, 18, "00:16:3e:%02x:%02x:%02x", rand() % 255,
734 rand() % 255, rand() % 255);
736 if (ret
< 0 || ret
>= 18) {
737 SYSERROR("Failed to call snprintf()");
744 int lxc_get_conf_str(char *retv
, int inlen
, const char *value
)
751 value_len
= strlen(value
);
752 if (retv
&& inlen
>= value_len
+ 1)
753 memcpy(retv
, value
, value_len
+ 1);
758 int lxc_get_conf_bool(struct lxc_conf
*c
, char *retv
, int inlen
, bool v
)
766 memset(retv
, 0, inlen
);
768 strprint(retv
, inlen
, "%d", v
);
773 int lxc_get_conf_int(struct lxc_conf
*c
, char *retv
, int inlen
, int v
)
781 memset(retv
, 0, inlen
);
783 strprint(retv
, inlen
, "%d", v
);
788 int lxc_get_conf_size_t(struct lxc_conf
*c
, char *retv
, int inlen
, size_t v
)
796 memset(retv
, 0, inlen
);
798 strprint(retv
, inlen
, "%zu", v
);
803 int lxc_get_conf_uint64(struct lxc_conf
*c
, char *retv
, int inlen
, uint64_t v
)
811 memset(retv
, 0, inlen
);
813 strprint(retv
, inlen
, "%"PRIu64
, v
);
818 static int lxc_container_name_to_pid(const char *lxcname_or_pid
,
825 pid
= strtol(lxcname_or_pid
, &err
, 10);
826 if (*err
!= '\0' || pid
< 1) {
827 struct lxc_container
*c
;
829 c
= lxc_container_new(lxcname_or_pid
, lxcpath
);
831 ERROR("\"%s\" is not a valid pid nor a container name",
836 if (!c
->may_control(c
)) {
837 ERROR("Insufficient privileges to control container "
839 lxc_container_put(c
);
843 pid
= c
->init_pid(c
);
845 ERROR("Container \"%s\" is not running", c
->name
);
846 lxc_container_put(c
);
850 lxc_container_put(c
);
855 SYSERROR("Failed to send signal to pid %d", (int)pid
);
862 int lxc_inherit_namespace(const char *nsfd_path
, const char *lxcpath
,
863 const char *namespace)
866 char *dup
, *lastslash
;
868 if (nsfd_path
[0] == '/') {
869 return open(nsfd_path
, O_RDONLY
| O_CLOEXEC
);
872 lastslash
= strrchr(nsfd_path
, '/');
874 dup
= strdup(nsfd_path
);
878 dup
[lastslash
- nsfd_path
] = '\0';
879 pid
= lxc_container_name_to_pid(lastslash
+ 1, dup
);
882 pid
= lxc_container_name_to_pid(nsfd_path
, lxcpath
);
888 fd
= lxc_preserve_ns(pid
, namespace);
900 static const struct signame signames
[] = {
933 { SIGSTKFLT
, "STKFLT" },
948 { SIGVTALRM
, "VTALRM" },
954 { SIGWINCH
, "WINCH" },
972 { SIGUNUSED
, "UNUSED" },
979 static int sig_num(const char *sig
)
983 if (lxc_safe_uint(sig
, &signum
) < 0)
989 static int rt_sig_num(const char *signame
)
991 int rtmax
= 0, sig_n
= 0;
993 if (strncasecmp(signame
, "max-", 4) == 0)
997 if (!isdigit(*signame
))
1000 sig_n
= sig_num(signame
);
1001 sig_n
= rtmax
? SIGRTMAX
- sig_n
: SIGRTMIN
+ sig_n
;
1002 if (sig_n
> SIGRTMAX
|| sig_n
< SIGRTMIN
)
1008 int sig_parse(const char *signame
)
1012 if (isdigit(*signame
)) {
1013 return sig_num(signame
);
1014 } else if (strncasecmp(signame
, "sig", 3) == 0) {
1016 if (strncasecmp(signame
, "rt", 2) == 0)
1017 return rt_sig_num(signame
+ 2);
1019 for (n
= 0; n
< sizeof(signames
) / sizeof((signames
)[0]); n
++)
1020 if (strcasecmp(signames
[n
].name
, signame
) == 0)
1021 return signames
[n
].num
;