2 * lxc: linux Container library
4 * Copyright © 2012 Oracle.
7 * Dwight Engen <dwight.engen@oracle.com>
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
33 #include <netinet/in.h>
35 #include <sys/epoll.h>
36 #include <sys/param.h>
37 #include <sys/socket.h>
39 #include <sys/types.h>
48 #define CLIENTFDS_CHUNK 64
50 lxc_log_define(lxc_monitord
, lxc
);
54 static void lxc_monitord_cleanup(void);
57 * Defines the structure to store the monitor information
58 * @lxcpath : the path being monitored
59 * @fifofd : the file descriptor for publishers (containers) to write state
60 * @listenfd : the file descriptor for subscribers (lxc-monitors) to connect
61 * @clientfds : accepted client file descriptors
62 * @clientfds_size : number of file descriptors clientfds can hold
63 * @clientfds_cnt : the count of valid fds in clientfds
64 * @descr : the lxc_mainloop state
73 struct lxc_epoll_descr descr
;
76 static struct lxc_monitor mon
;
79 static int lxc_monitord_fifo_create(struct lxc_monitor
*mon
)
82 char fifo_path
[PATH_MAX
];
85 ret
= lxc_monitor_fifo_name(mon
->lxcpath
, fifo_path
, sizeof(fifo_path
), 1);
89 ret
= mknod(fifo_path
, S_IFIFO
|S_IRUSR
|S_IWUSR
, 0);
90 if (ret
< 0 && errno
!= EEXIST
) {
91 INFO("Failed to mknod monitor fifo %s: %s.", fifo_path
, strerror(errno
));
95 mon
->fifofd
= open(fifo_path
, O_RDWR
);
96 if (mon
->fifofd
< 0) {
98 ERROR("Failed to open monitor fifo.");
103 lk
.l_whence
= SEEK_SET
;
106 if (fcntl(mon
->fifofd
, F_SETLK
, &lk
) != 0) {
107 /* another lxc-monitord is already running, don't start up */
108 DEBUG("lxc-monitord already running on lxcpath %s.", mon
->lxcpath
);
115 static int lxc_monitord_fifo_delete(struct lxc_monitor
*mon
)
117 char fifo_path
[PATH_MAX
];
120 ret
= lxc_monitor_fifo_name(mon
->lxcpath
, fifo_path
, sizeof(fifo_path
), 0);
128 static void lxc_monitord_sockfd_remove(struct lxc_monitor
*mon
, int fd
) {
131 if (lxc_mainloop_del_handler(&mon
->descr
, fd
))
132 CRIT("File descriptor %d not found in mainloop.", fd
);
135 for (i
= 0; i
< mon
->clientfds_cnt
; i
++) {
136 if (mon
->clientfds
[i
] == fd
)
139 if (i
>= mon
->clientfds_cnt
) {
140 CRIT("File descriptor %d not found in clients array.", fd
);
141 lxc_monitord_cleanup();
145 memmove(&mon
->clientfds
[i
], &mon
->clientfds
[i
+1],
146 (mon
->clientfds_cnt
- i
- 1) * sizeof(mon
->clientfds
[0]));
147 mon
->clientfds_cnt
--;
150 static int lxc_monitord_sock_handler(int fd
, uint32_t events
, void *data
,
151 struct lxc_epoll_descr
*descr
)
153 struct lxc_monitor
*mon
= data
;
155 if (events
& EPOLLIN
) {
159 rc
= read(fd
, buf
, sizeof(buf
));
160 if (rc
> 0 && !strncmp(buf
, "quit", 4))
164 if (events
& EPOLLHUP
)
165 lxc_monitord_sockfd_remove(mon
, fd
);
169 static int lxc_monitord_sock_accept(int fd
, uint32_t events
, void *data
,
170 struct lxc_epoll_descr
*descr
)
173 struct lxc_monitor
*mon
= data
;
175 socklen_t credsz
= sizeof(cred
);
178 clientfd
= accept(fd
, NULL
, 0);
180 SYSERROR("Failed to accept connection for client file descriptor %d.", fd
);
184 if (fcntl(clientfd
, F_SETFD
, FD_CLOEXEC
)) {
185 SYSERROR("Failed to set FD_CLOEXEC on client socket connection %d.", clientfd
);
189 if (getsockopt(clientfd
, SOL_SOCKET
, SO_PEERCRED
, &cred
, &credsz
))
191 ERROR("Failed to get credentials on client socket connection %d.", clientfd
);
194 if (cred
.uid
&& cred
.uid
!= geteuid()) {
195 WARN("Monitor denied for uid %d on client socket connection %d.", cred
.uid
, clientfd
);
200 if (mon
->clientfds_cnt
+ 1 > mon
->clientfds_size
) {
202 clientfds
= realloc(mon
->clientfds
,
203 (mon
->clientfds_size
+ CLIENTFDS_CHUNK
) * sizeof(mon
->clientfds
[0]));
204 if (clientfds
== NULL
) {
205 ERROR("Failed to realloc memory for %d client file "
207 mon
->clientfds_size
+ CLIENTFDS_CHUNK
);
210 mon
->clientfds
= clientfds
;
211 mon
->clientfds_size
+= CLIENTFDS_CHUNK
;
214 ret
= lxc_mainloop_add_handler(&mon
->descr
, clientfd
,
215 lxc_monitord_sock_handler
, mon
);
217 ERROR("Failed to add socket handler.");
221 mon
->clientfds
[mon
->clientfds_cnt
++] = clientfd
;
222 INFO("Accepted client file descriptor %d. Number of accepted file descriptors is now %d.", clientfd
, mon
->clientfds_cnt
);
231 static int lxc_monitord_sock_create(struct lxc_monitor
*mon
)
233 struct sockaddr_un addr
;
236 if (lxc_monitor_sock_name(mon
->lxcpath
, &addr
) < 0)
239 fd
= lxc_abstract_unix_open(addr
.sun_path
, SOCK_STREAM
, O_TRUNC
);
241 ERROR("Failed to open unix socket: %s.", strerror(errno
));
249 static int lxc_monitord_sock_delete(struct lxc_monitor
*mon
)
251 struct sockaddr_un addr
;
253 if (lxc_monitor_sock_name(mon
->lxcpath
, &addr
) < 0)
255 if (addr
.sun_path
[0])
256 unlink(addr
.sun_path
);
260 static int lxc_monitord_create(struct lxc_monitor
*mon
)
264 ret
= lxc_monitord_fifo_create(mon
);
268 ret
= lxc_monitord_sock_create(mon
);
272 static void lxc_monitord_delete(struct lxc_monitor
*mon
)
276 lxc_mainloop_del_handler(&mon
->descr
, mon
->listenfd
);
277 close(mon
->listenfd
);
278 lxc_monitord_sock_delete(mon
);
280 lxc_mainloop_del_handler(&mon
->descr
, mon
->fifofd
);
281 lxc_monitord_fifo_delete(mon
);
284 for (i
= 0; i
< mon
->clientfds_cnt
; i
++) {
285 lxc_mainloop_del_handler(&mon
->descr
, mon
->clientfds
[i
]);
286 close(mon
->clientfds
[i
]);
288 mon
->clientfds_cnt
= 0;
291 static int lxc_monitord_fifo_handler(int fd
, uint32_t events
, void *data
,
292 struct lxc_epoll_descr
*descr
)
295 struct lxc_msg msglxc
;
296 struct lxc_monitor
*mon
= data
;
298 ret
= read(fd
, &msglxc
, sizeof(msglxc
));
299 if (ret
!= sizeof(msglxc
)) {
300 SYSERROR("Reading from fifo failed: %s.", strerror(errno
));
304 for (i
= 0; i
< mon
->clientfds_cnt
; i
++) {
305 ret
= write(mon
->clientfds
[i
], &msglxc
, sizeof(msglxc
));
307 ERROR("Failed to send message to client file descriptor %d: %s.",
308 mon
->clientfds
[i
], strerror(errno
));
314 static int lxc_monitord_mainloop_add(struct lxc_monitor
*mon
)
318 ret
= lxc_mainloop_add_handler(&mon
->descr
, mon
->fifofd
,
319 lxc_monitord_fifo_handler
, mon
);
321 ERROR("Failed to add to mainloop monitor handler for fifo.");
325 ret
= lxc_mainloop_add_handler(&mon
->descr
, mon
->listenfd
,
326 lxc_monitord_sock_accept
, mon
);
328 ERROR("Failed to add to mainloop monitor handler for listen socket.");
335 static void lxc_monitord_cleanup(void)
337 lxc_monitord_delete(&mon
);
340 static void lxc_monitord_sig_handler(int sig
)
345 int main(int argc
, char *argv
[])
348 char logpath
[PATH_MAX
];
350 char *lxcpath
= argv
[1];
351 bool mainloop_opened
= false;
352 bool monitord_created
= false;
356 "Usage: lxc-monitord lxcpath sync-pipe-fd\n\n"
357 "NOTE: lxc-monitord is intended for use by lxc internally\n"
358 " and does not need to be run by hand\n\n");
362 ret
= snprintf(logpath
, sizeof(logpath
), "%s/lxc-monitord.log",
363 (strcmp(LXCPATH
, lxcpath
) ? lxcpath
: LOGPATH
));
364 if (ret
< 0 || ret
>= sizeof(logpath
))
367 ret
= lxc_log_init(NULL
, logpath
, "DEBUG", "lxc-monitord", 0, lxcpath
);
369 INFO("Failed to open log file %s, log will be lost.", lxcpath
);
370 lxc_log_options_no_override();
372 if (lxc_safe_int(argv
[2], &pipefd
) < 0)
375 if (sigfillset(&mask
) ||
376 sigdelset(&mask
, SIGILL
) ||
377 sigdelset(&mask
, SIGSEGV
) ||
378 sigdelset(&mask
, SIGBUS
) ||
379 sigdelset(&mask
, SIGTERM
) ||
380 sigprocmask(SIG_BLOCK
, &mask
, NULL
)) {
381 SYSERROR("Failed to set signal mask.");
385 signal(SIGILL
, lxc_monitord_sig_handler
);
386 signal(SIGSEGV
, lxc_monitord_sig_handler
);
387 signal(SIGBUS
, lxc_monitord_sig_handler
);
388 signal(SIGTERM
, lxc_monitord_sig_handler
);
390 if (sigsetjmp(mark
, 1) != 0)
394 memset(&mon
, 0, sizeof(mon
));
395 mon
.lxcpath
= lxcpath
;
396 if (lxc_mainloop_open(&mon
.descr
)) {
397 ERROR("Failed to create mainloop.");
400 mainloop_opened
= true;
402 if (lxc_monitord_create(&mon
))
404 monitord_created
= true;
406 /* sync with parent, we're ignoring the return from write
407 * because regardless if it works or not, the following
408 * close will sync us with the parent process. the
409 * if-empty-statement construct is to quiet the
410 * warn-unused-result warning.
412 if (write(pipefd
, "S", 1))
416 if (lxc_monitord_mainloop_add(&mon
)) {
417 ERROR("Failed to add mainloop handlers.");
421 NOTICE("lxc-monitord with pid %d is now monitoring lxcpath %s.",
422 getpid(), mon
.lxcpath
);
424 ret
= lxc_mainloop(&mon
.descr
, 1000 * 30);
425 if (mon
.clientfds_cnt
<= 0) {
426 NOTICE("No remaining clients. lxc-monitord is exiting.");
434 if (monitord_created
)
435 lxc_monitord_cleanup();
437 lxc_mainloop_close(&mon
.descr
);