3 * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
4 * Copyright © 2012 Canonical Ltd.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 #include <arpa/inet.h>
35 #include <sys/mount.h>
36 #include <sys/syscall.h>
37 #include <sys/sysmacros.h>
38 #include <sys/types.h>
46 #include "commands_utils.h"
50 #include "confile_utils.h"
53 #include "initutils.h"
56 #include "lxccontainer.h"
59 #include "namespace.h"
65 #include "storage/btrfs.h"
66 #include "storage/overlay.h"
67 #include "storage_utils.h"
75 #include <sys/mkdev.h>
81 #include <../include/ifaddrs.h>
85 #include <../include/lxcmntent.h>
90 /* Define faccessat() if missing from the C library */
91 #ifndef HAVE_FACCESSAT
92 static int faccessat(int __fd
, const char *__file
, int __type
, int __flag
)
95 return syscall(__NR_faccessat
, __fd
, __file
, __type
, __flag
);
103 lxc_log_define(lxc_container
, lxc
);
105 static bool do_lxcapi_destroy(struct lxc_container
*c
);
106 static const char *lxcapi_get_config_path(struct lxc_container
*c
);
107 #define do_lxcapi_get_config_path(c) lxcapi_get_config_path(c)
108 static bool do_lxcapi_set_config_item(struct lxc_container
*c
, const char *key
, const char *v
);
109 static bool container_destroy(struct lxc_container
*c
,
110 struct lxc_storage
*storage
);
111 static bool get_snappath_dir(struct lxc_container
*c
, char *snappath
);
112 static bool lxcapi_snapshot_destroy_all(struct lxc_container
*c
);
113 static bool do_lxcapi_save_config(struct lxc_container
*c
, const char *alt_file
);
115 static bool config_file_exists(const char *lxcpath
, const char *cname
)
121 /* $lxcpath + '/' + $cname + '/config' + \0 */
122 len
= strlen(lxcpath
) + strlen(cname
) + 9;
124 ret
= snprintf(fname
, len
, "%s/%s/config", lxcpath
, cname
);
125 if (ret
< 0 || (size_t)ret
>= len
)
128 return file_exists(fname
);
131 /* A few functions to help detect when a container creation failed. If a
132 * container creation was killed partway through, then trying to actually start
133 * that container could harm the host. We detect this by creating a 'partial'
134 * file under the container directory, and keeping an advisory lock. When
135 * container creation completes, we remove that file. When we load or try to
136 * start a container, if we find that file, without a flock, we remove the
139 static int ongoing_create(struct lxc_container
*c
)
144 struct flock lk
= {0};
146 len
= strlen(c
->config_path
) + strlen(c
->name
) + 10;
148 ret
= snprintf(path
, len
, "%s/%s/partial", c
->config_path
, c
->name
);
149 if (ret
< 0 || (size_t)ret
>= len
)
152 if (!file_exists(path
))
155 fd
= open(path
, O_RDWR
);
160 lk
.l_whence
= SEEK_SET
;
163 ret
= fcntl(fd
, F_OFD_GETLK
, &lk
);
164 if (ret
< 0 && errno
== EINVAL
)
165 ret
= flock(fd
, LOCK_EX
| LOCK_NB
);
167 if (ret
== 0 && lk
.l_pid
!= -1) {
168 /* create is still ongoing */
172 /* Create completed but partial is still there. */
176 static int create_partial(struct lxc_container
*c
)
181 struct flock lk
= {0};
183 /* $lxcpath + '/' + $name + '/partial' + \0 */
184 len
= strlen(c
->config_path
) + strlen(c
->name
) + 10;
186 ret
= snprintf(path
, len
, "%s/%s/partial", c
->config_path
, c
->name
);
187 if (ret
< 0 || (size_t)ret
>= len
)
190 fd
= open(path
, O_RDWR
| O_CREAT
| O_EXCL
, 0755);
195 lk
.l_whence
= SEEK_SET
;
197 ret
= fcntl(fd
, F_OFD_SETLKW
, &lk
);
199 if (errno
== EINVAL
) {
200 ret
= flock(fd
, LOCK_EX
);
205 SYSERROR("Failed to lock partial file %s", path
);
213 static void remove_partial(struct lxc_container
*c
, int fd
)
220 /* $lxcpath + '/' + $name + '/partial' + \0 */
221 len
= strlen(c
->config_path
) + strlen(c
->name
) + 10;
223 ret
= snprintf(path
, len
, "%s/%s/partial", c
->config_path
, c
->name
);
224 if (ret
< 0 || (size_t)ret
>= len
)
229 SYSERROR("Failed to remove partial file %s", path
);
233 * 1. container_mem_lock(c) protects the struct lxc_container from multiple threads.
234 * 2. container_disk_lock(c) protects the on-disk container data - in particular the
235 * container configuration file.
236 * The container_disk_lock also takes the container_mem_lock.
237 * 3. thread_mutex protects process data (ex: fd table) from multiple threads.
238 * NOTHING mutexes two independent programs with their own struct
239 * lxc_container for the same c->name, between API calls. For instance,
240 * c->config_read(); c->start(); Between those calls, data on disk
241 * could change (which shouldn't bother the caller unless for instance
242 * the rootfs get moved). c->config_read(); update; c->config_write();
243 * Two such updaters could race. The callers should therefore check their
244 * results. Trying to prevent that would necessarily expose us to deadlocks
245 * due to hung callers. So I prefer to keep the locks only within our own
246 * functions, not across functions.
248 * If you're going to clone while holding a lxccontainer, increment
249 * c->numthreads (under privlock) before forking. When deleting,
250 * decrement numthreads under privlock, then if it hits 0 you can delete.
251 * Do not ever use a lxccontainer whose numthreads you did not bump.
254 static void lxc_container_free(struct lxc_container
*c
)
260 c
->configfile
= NULL
;
262 free(c
->error_string
);
263 c
->error_string
= NULL
;
266 lxc_putlock(c
->slock
);
271 lxc_putlock(c
->privlock
);
279 lxc_conf_free(c
->lxc_conf
);
283 free(c
->config_path
);
284 c
->config_path
= NULL
;
289 /* Consider the following case:
291 * |====================================================================|
292 * | freer | racing get()er |
293 * |====================================================================|
294 * | lxc_container_put() | lxc_container_get() |
295 * | \ lxclock(c->privlock) | c->numthreads < 1? (no) |
296 * | \ c->numthreads = 0 | \ lxclock(c->privlock) -> waits |
297 * | \ lxcunlock() | \ |
298 * | \ lxc_container_free() | \ lxclock() returns |
299 * | | \ c->numthreads < 1 -> return 0 |
300 * | \ \ (free stuff) | |
301 * | \ \ sem_destroy(privlock) | |
302 * |_______________________________|____________________________________|
304 * When the get()er checks numthreads the first time, one of the following
306 * 1. freer has set numthreads = 0. get() returns 0
307 * 2. freer is between lxclock and setting numthreads to 0. get()er will
308 * sem_wait on privlock, get lxclock after freer() drops it, then see
309 * numthreads is 0 and exit without touching lxclock again..
310 * 3. freer has not yet locked privlock. If get()er runs first, then put()er
311 * will see --numthreads = 1 and not call lxc_container_free().
314 int lxc_container_get(struct lxc_container
*c
)
319 /* If someone else has already started freeing the container, don't try
320 * to take the lock, which may be invalid.
322 if (c
->numthreads
< 1)
325 if (container_mem_lock(c
))
328 /* Bail without trying to unlock, bc the privlock is now probably in
331 if (c
->numthreads
< 1)
335 container_mem_unlock(c
);
340 int lxc_container_put(struct lxc_container
*c
)
345 if (container_mem_lock(c
))
350 if (c
->numthreads
< 1) {
351 container_mem_unlock(c
);
352 lxc_container_free(c
);
356 container_mem_unlock(c
);
361 static bool do_lxcapi_is_defined(struct lxc_container
*c
)
370 if (container_mem_lock(c
))
376 statret
= stat(c
->configfile
, &statbuf
);
383 container_mem_unlock(c
);
388 #define WRAP_API(rettype, fnname) \
389 static rettype fnname(struct lxc_container *c) \
392 bool reset_config = false; \
394 if (!current_config && c && c->lxc_conf) { \
395 current_config = c->lxc_conf; \
396 reset_config = true; \
399 ret = do_##fnname(c); \
401 current_config = NULL; \
406 #define WRAP_API_1(rettype, fnname, t1) \
407 static rettype fnname(struct lxc_container *c, t1 a1) \
410 bool reset_config = false; \
412 if (!current_config && c && c->lxc_conf) { \
413 current_config = c->lxc_conf; \
414 reset_config = true; \
417 ret = do_##fnname(c, a1); \
419 current_config = NULL; \
424 #define WRAP_API_2(rettype, fnname, t1, t2) \
425 static rettype fnname(struct lxc_container *c, t1 a1, t2 a2) \
428 bool reset_config = false; \
430 if (!current_config && c && c->lxc_conf) { \
431 current_config = c->lxc_conf; \
432 reset_config = true; \
435 ret = do_##fnname(c, a1, a2); \
437 current_config = NULL; \
442 #define WRAP_API_3(rettype, fnname, t1, t2, t3) \
443 static rettype fnname(struct lxc_container *c, t1 a1, t2 a2, t3 a3) \
446 bool reset_config = false; \
448 if (!current_config && c && c->lxc_conf) { \
449 current_config = c->lxc_conf; \
450 reset_config = true; \
453 ret = do_##fnname(c, a1, a2, a3); \
455 current_config = NULL; \
460 WRAP_API(bool, lxcapi_is_defined
)
462 static const char *do_lxcapi_state(struct lxc_container
*c
)
469 s
= lxc_getstate(c
->name
, c
->config_path
);
470 return lxc_state2str(s
);
473 WRAP_API(const char *, lxcapi_state
)
475 static bool is_stopped(struct lxc_container
*c
)
479 s
= lxc_getstate(c
->name
, c
->config_path
);
480 return (s
== STOPPED
);
483 static bool do_lxcapi_is_running(struct lxc_container
*c
)
488 return !is_stopped(c
);
491 WRAP_API(bool, lxcapi_is_running
)
493 static bool do_lxcapi_freeze(struct lxc_container
*c
)
500 ret
= lxc_freeze(c
->name
, c
->config_path
);
507 WRAP_API(bool, lxcapi_freeze
)
509 static bool do_lxcapi_unfreeze(struct lxc_container
*c
)
516 ret
= lxc_unfreeze(c
->name
, c
->config_path
);
523 WRAP_API(bool, lxcapi_unfreeze
)
525 static int do_lxcapi_console_getfd(struct lxc_container
*c
, int *ttynum
, int *masterfd
)
530 return lxc_terminal_getfd(c
, ttynum
, masterfd
);
533 WRAP_API_2(int, lxcapi_console_getfd
, int *, int *)
535 static int lxcapi_console(struct lxc_container
*c
, int ttynum
, int stdinfd
,
536 int stdoutfd
, int stderrfd
, int escape
)
543 current_config
= c
->lxc_conf
;
544 ret
= lxc_console(c
, ttynum
, stdinfd
, stdoutfd
, stderrfd
, escape
);
545 current_config
= NULL
;
550 static int do_lxcapi_console_log(struct lxc_container
*c
, struct lxc_console_log
*log
)
554 ret
= lxc_cmd_console_log(c
->name
, do_lxcapi_get_config_path(c
), log
);
557 NOTICE("The console log is empty");
558 else if (ret
== -EFAULT
)
559 NOTICE("The container does not keep a console log");
560 else if (ret
== -ENOENT
)
561 NOTICE("The container does not keep a console log file");
562 else if (ret
== -EIO
)
563 NOTICE("Failed to write console log to log file");
565 ERROR("Failed to retrieve console log");
571 WRAP_API_1(int, lxcapi_console_log
, struct lxc_console_log
*)
573 static pid_t
do_lxcapi_init_pid(struct lxc_container
*c
)
578 return lxc_cmd_get_init_pid(c
->name
, c
->config_path
);
581 WRAP_API(pid_t
, lxcapi_init_pid
)
583 static bool load_config_locked(struct lxc_container
*c
, const char *fname
)
586 c
->lxc_conf
= lxc_conf_init();
591 if (lxc_config_read(fname
, c
->lxc_conf
, false) != 0)
597 static bool do_lxcapi_load_config(struct lxc_container
*c
, const char *alt_file
)
601 bool need_disklock
= false, ret
= false;
606 fname
= c
->configfile
;
612 /* If we're reading something other than the container's config, we only
613 * need to lock the in-memory container. If loading the container's
614 * config file, take the disk lock.
616 if (strcmp(fname
, c
->configfile
) == 0)
617 need_disklock
= true;
620 lret
= container_disk_lock(c
);
622 lret
= container_mem_lock(c
);
626 ret
= load_config_locked(c
, fname
);
629 container_disk_unlock(c
);
631 container_mem_unlock(c
);
636 WRAP_API_1(bool, lxcapi_load_config
, const char *)
638 static bool do_lxcapi_want_daemonize(struct lxc_container
*c
, bool state
)
640 if (!c
|| !c
->lxc_conf
)
643 if (container_mem_lock(c
))
646 c
->daemonize
= state
;
647 container_mem_unlock(c
);
652 WRAP_API_1(bool, lxcapi_want_daemonize
, bool)
654 static bool do_lxcapi_want_close_all_fds(struct lxc_container
*c
, bool state
)
656 if (!c
|| !c
->lxc_conf
)
659 if (container_mem_lock(c
))
662 c
->lxc_conf
->close_all_fds
= state
;
663 container_mem_unlock(c
);
668 WRAP_API_1(bool, lxcapi_want_close_all_fds
, bool)
670 static bool do_lxcapi_wait(struct lxc_container
*c
, const char *state
,
678 ret
= lxc_wait(c
->name
, state
, timeout
, c
->config_path
);
682 WRAP_API_2(bool, lxcapi_wait
, const char *, int)
684 static bool am_single_threaded(void)
686 struct dirent
*direntp
;
690 dir
= opendir("/proc/self/task");
694 while ((direntp
= readdir(dir
))) {
695 if (!strcmp(direntp
->d_name
, "."))
698 if (!strcmp(direntp
->d_name
, ".."))
709 static void push_arg(char ***argp
, char *arg
, int *nargs
)
719 argv
= realloc(*argp
, (*nargs
+ 2) * sizeof(char *));
728 static char **split_init_cmd(const char *incmd
)
734 char *saveptr
= NULL
;
739 len
= strlen(incmd
) + 1;
741 strncpy(copy
, incmd
, len
);
742 copy
[len
- 1] = '\0';
745 argv
= malloc(sizeof(char *));
749 for (; (p
= strtok_r(copy
, " ", &saveptr
)); copy
= NULL
)
750 push_arg(&argv
, p
, &nargs
);
760 static void free_init_cmd(char **argv
)
773 static int lxc_rcv_status(int state_socket
)
779 /* Receive container state. */
780 ret
= lxc_abstract_unix_rcv_credential(state_socket
, &state
,
785 TRACE("Caught EINTR; retrying");
792 static bool wait_on_daemonized_start(struct lxc_handler
*handler
, int pid
)
796 /* Close write end of the socket pair. */
797 close(handler
->state_socket_pair
[1]);
798 handler
->state_socket_pair
[1] = -1;
800 state
= lxc_rcv_status(handler
->state_socket_pair
[0]);
802 /* Close read end of the socket pair. */
803 close(handler
->state_socket_pair
[0]);
804 handler
->state_socket_pair
[0] = -1;
806 /* The first child is going to fork() again and then exits. So we reap
807 * the first child here.
809 ret
= wait_for_pid(pid
);
811 DEBUG("Failed waiting on first child %d", pid
);
813 DEBUG("First child %d exited", pid
);
816 SYSERROR("Failed to receive the container state");
820 /* If we receive anything else then running we know that the container
823 if (state
!= RUNNING
) {
824 ERROR("Received container state \"%s\" instead of \"RUNNING\"",
825 lxc_state2str(state
));
829 TRACE("Container is in \"RUNNING\" state");
833 static bool do_lxcapi_start(struct lxc_container
*c
, int useinit
, char * const argv
[])
836 struct lxc_handler
*handler
;
837 struct lxc_conf
*conf
;
838 bool daemonize
= false;
840 char *default_args
[] = {
844 char **init_cmd
= NULL
;
845 int keepfds
[3] = {-1, -1, -1};
847 /* container does exist */
851 /* If anything fails before we set error_num, we want an error in there.
855 /* Container has not been setup. */
859 ret
= ongoing_create(c
);
861 ERROR("Failed checking for incomplete container creation");
863 } else if (ret
== 1) {
864 ERROR("Ongoing container creation detected");
866 } else if (ret
== 2) {
867 ERROR("Failed to create container");
868 do_lxcapi_destroy(c
);
872 if (container_mem_lock(c
))
875 daemonize
= c
->daemonize
;
877 /* initialize handler */
878 handler
= lxc_init_handler(c
->name
, conf
, c
->config_path
, daemonize
);
879 container_mem_unlock(c
);
884 if (useinit
&& conf
->execute_cmd
)
885 argv
= init_cmd
= split_init_cmd(conf
->execute_cmd
);
887 argv
= init_cmd
= split_init_cmd(conf
->init_cmd
);
890 /* ... otherwise use default_args. */
893 ERROR("No valid init detected");
894 lxc_free_handler(handler
);
900 /* I'm not sure what locks we want here.Any? Is liblxc's locking enough
901 * here to protect the on disk container? We don't want to exclude
902 * things like lxc_info while the container is running.
911 free_init_cmd(init_cmd
);
912 lxc_free_handler(handler
);
918 /* Set to NULL because we don't want father unlink
919 * the PID file, child will do the free and unlink.
923 /* Wait for container to tell us whether it started
926 started
= wait_on_daemonized_start(handler
, pid
);
928 free_init_cmd(init_cmd
);
929 lxc_free_handler(handler
);
935 /* We don't really care if this doesn't print all the
936 * characters. All that it means is that the proctitle will be
937 * ugly. Similarly, we also don't care if setproctitle() fails.
939 snprintf(title
, sizeof(title
), "[lxc monitor] %s %s", c
->config_path
, c
->name
);
940 INFO("Attempting to set proc title to %s", title
);
943 /* We fork() a second time to be reparented to init. Like
944 * POSIX's daemon() function we change to "/" and redirect
945 * std{in,out,err} to /dev/null.
949 SYSERROR("Failed to fork first child process");
955 free_init_cmd(init_cmd
);
956 lxc_free_handler(handler
);
962 /* change to / directory */
965 SYSERROR("Failed to change to \"/\" directory");
969 keepfds
[0] = handler
->conf
->maincmd_fd
;
970 keepfds
[1] = handler
->state_socket_pair
[0];
971 keepfds
[2] = handler
->state_socket_pair
[1];
972 ret
= lxc_check_inherited(conf
, true, keepfds
,
973 sizeof(keepfds
) / sizeof(keepfds
[0]));
977 /* redirect std{in,out,err} to /dev/null */
980 ERROR("Failed to redirect std{in,out,err} to /dev/null");
984 /* become session leader */
987 TRACE("Process %d is already process group leader", lxc_raw_getpid());
989 if (!am_single_threaded()) {
990 ERROR("Cannot start non-daemonized container when threaded");
991 free_init_cmd(init_cmd
);
992 lxc_free_handler(handler
);
997 /* We need to write PID file after daemonize, so we always
998 * write the right PID.
1001 pid_fp
= fopen(c
->pidfile
, "w");
1002 if (pid_fp
== NULL
) {
1003 SYSERROR("Failed to create pidfile '%s' for '%s'",
1004 c
->pidfile
, c
->name
);
1005 free_init_cmd(init_cmd
);
1006 lxc_free_handler(handler
);
1008 _exit(EXIT_FAILURE
);
1012 if (fprintf(pid_fp
, "%d\n", lxc_raw_getpid()) < 0) {
1013 SYSERROR("Failed to write '%s'", c
->pidfile
);
1016 free_init_cmd(init_cmd
);
1017 lxc_free_handler(handler
);
1019 _exit(EXIT_FAILURE
);
1029 /* Unshare the mount namespace if requested */
1030 if (conf
->monitor_unshare
) {
1031 ret
= unshare(CLONE_NEWNS
);
1033 SYSERROR("failed to unshare mount namespace");
1034 lxc_free_handler(handler
);
1039 ret
= mount(NULL
, "/", NULL
, MS_SLAVE
|MS_REC
, NULL
);
1041 SYSERROR("Failed to make / rslave at startup");
1042 lxc_free_handler(handler
);
1049 if (conf
->reboot
== 2) {
1050 /* initialize handler */
1051 handler
= lxc_init_handler(c
->name
, conf
, c
->config_path
, daemonize
);
1058 keepfds
[0] = handler
->conf
->maincmd_fd
;
1059 keepfds
[1] = handler
->state_socket_pair
[0];
1060 keepfds
[2] = handler
->state_socket_pair
[1];
1061 ret
= lxc_check_inherited(conf
, daemonize
, keepfds
,
1062 sizeof(keepfds
) / sizeof(keepfds
[0]));
1064 lxc_free_handler(handler
);
1070 ret
= lxc_execute(c
->name
, argv
, 1, handler
, c
->config_path
, daemonize
, &c
->error_num
);
1072 ret
= lxc_start(c
->name
, argv
, handler
, c
->config_path
, daemonize
, &c
->error_num
);
1074 if (conf
->reboot
== 1) {
1075 INFO("Container requested reboot");
1086 free_init_cmd(init_cmd
);
1088 if (daemonize
&& ret
!= 0)
1089 _exit(EXIT_FAILURE
);
1091 _exit(EXIT_SUCCESS
);
1099 static bool lxcapi_start(struct lxc_container
*c
, int useinit
,
1104 current_config
= c
? c
->lxc_conf
: NULL
;
1105 ret
= do_lxcapi_start(c
, useinit
, argv
);
1106 current_config
= NULL
;
1111 /* Note, there MUST be an ending NULL. */
1112 static bool lxcapi_startl(struct lxc_container
*c
, int useinit
, ...)
1115 char **inargs
= NULL
;
1118 /* container exists */
1122 current_config
= c
->lxc_conf
;
1124 va_start(ap
, useinit
);
1125 inargs
= lxc_va_arg_list_to_argv(ap
, 0, 1);
1130 /* pass NULL if no arguments were supplied */
1131 bret
= do_lxcapi_start(c
, useinit
, *inargs
? inargs
: NULL
);
1136 for (arg
= inargs
; *arg
; arg
++)
1141 current_config
= NULL
;
1146 static bool do_lxcapi_stop(struct lxc_container
*c
)
1153 ret
= lxc_cmd_stop(c
->name
, c
->config_path
);
1158 WRAP_API(bool, lxcapi_stop
)
1160 static int do_create_container_dir(const char *path
, struct lxc_conf
*conf
)
1167 mode_t mask
= umask(0002);
1168 ret
= mkdir(path
, 0770);
1173 if (errno
!= EEXIST
)
1180 p
= alloca(len
+ 1);
1182 if (!lxc_list_empty(&conf
->id_map
)) {
1183 ret
= chown_mapped_root(p
, conf
);
1191 /* Create the standard expected container dir. */
1192 static bool create_container_dir(struct lxc_container
*c
)
1198 len
= strlen(c
->config_path
) + strlen(c
->name
) + 2;
1203 ret
= snprintf(s
, len
, "%s/%s", c
->config_path
, c
->name
);
1204 if (ret
< 0 || (size_t)ret
>= len
) {
1209 ret
= do_create_container_dir(s
, c
->lxc_conf
);
1215 /* do_storage_create: thin wrapper around storage_create(). Like
1216 * storage_create(), it returns a mounted bdev on success, NULL on error.
1218 static struct lxc_storage
*do_storage_create(struct lxc_container
*c
,
1220 struct bdev_specs
*specs
)
1225 struct lxc_storage
*bdev
;
1227 /* rootfs.path or lxcpath/lxcname/rootfs */
1228 if (c
->lxc_conf
->rootfs
.path
&&
1229 (access(c
->lxc_conf
->rootfs
.path
, F_OK
) == 0)) {
1230 const char *rpath
= c
->lxc_conf
->rootfs
.path
;
1231 len
= strlen(rpath
) + 1;
1233 ret
= snprintf(dest
, len
, "%s", rpath
);
1235 const char *lxcpath
= do_lxcapi_get_config_path(c
);
1236 len
= strlen(c
->name
) + strlen(lxcpath
) + 9;
1238 ret
= snprintf(dest
, len
, "%s/%s/rootfs", lxcpath
, c
->name
);
1240 if (ret
< 0 || (size_t)ret
>= len
)
1243 bdev
= storage_create(dest
, type
, c
->name
, specs
);
1245 ERROR("Failed to create \"%s\" storage", type
);
1249 if (!c
->set_config_item(c
, "lxc.rootfs.path", bdev
->src
)) {
1250 ERROR("Failed to set \"lxc.rootfs.path = %s\"", bdev
->src
);
1254 /* If we are not root, chown the rootfs dir to root in the target user
1258 if (ret
!= 0 || (c
->lxc_conf
&& !lxc_list_empty(&c
->lxc_conf
->id_map
))) {
1259 ret
= chown_mapped_root(bdev
->dest
, c
->lxc_conf
);
1261 ERROR("Error chowning \"%s\" to container root", bdev
->dest
);
1262 suggest_default_idmap();
1271 static char *lxcbasename(char *path
)
1275 p
= path
+ strlen(path
) - 1;
1276 while (*p
!= '/' && p
> path
)
1282 static bool create_run_template(struct lxc_container
*c
, char *tpath
,
1283 bool need_null_stdfds
, char *const argv
[])
1293 SYSERROR("Failed to fork task for container creation template");
1297 if (pid
== 0) { /* child */
1299 char *namearg
, *patharg
, *rootfsarg
;
1302 struct lxc_storage
*bdev
= NULL
;
1303 struct lxc_conf
*conf
= c
->lxc_conf
;
1306 if (need_null_stdfds
) {
1307 ret
= null_stdfds();
1309 _exit(EXIT_FAILURE
);
1312 bdev
= storage_init(c
->lxc_conf
);
1314 ERROR("Failed to initialize storage");
1315 _exit(EXIT_FAILURE
);
1320 ret
= unshare(CLONE_NEWNS
);
1322 ERROR("Failed to unshare CLONE_NEWNS");
1323 _exit(EXIT_FAILURE
);
1326 ret
= detect_shared_rootfs();
1328 ret
= mount(NULL
, "/", NULL
, MS_SLAVE
| MS_REC
, NULL
);
1330 SYSERROR("Failed to make \"/\" rslave");
1331 ERROR("Continuing...");
1336 if (strcmp(bdev
->type
, "dir") != 0 && strcmp(bdev
->type
, "btrfs") != 0) {
1338 ERROR("Unprivileged users can only create "
1339 "btrfs and directory-backed containers");
1340 _exit(EXIT_FAILURE
);
1343 if (strcmp(bdev
->type
, "overlay") == 0 ||
1344 strcmp(bdev
->type
, "overlayfs") == 0) {
1345 /* If we create an overlay container we need to
1346 * rsync the contents into
1347 * <container-path>/<container-name>/rootfs.
1348 * However, the overlay mount function will
1350 * <container-path>/<container-name>/delta0
1352 * <container-path>/<container-name>/rootfs
1353 * which means we would rsync the rootfs into
1354 * the delta directory. That doesn't make sense
1355 * since the delta directory only exists to
1356 * record the differences to
1357 * <container-path>/<container-name>/rootfs. So
1358 * let's simply bind-mount here and then rsync
1360 * <container-path>/<container-name>/rootfs.
1364 src
= ovl_get_rootfs(bdev
->src
, &(size_t){0});
1366 ERROR("Failed to get rootfs");
1367 _exit(EXIT_FAILURE
);
1370 ret
= mount(src
, bdev
->dest
, "bind", MS_BIND
| MS_REC
, NULL
);
1372 ERROR("Failed to mount rootfs");
1376 ret
= bdev
->ops
->mount(bdev
);
1378 ERROR("Failed to mount rootfs");
1379 _exit(EXIT_FAILURE
);
1382 } else { /* TODO come up with a better way here! */
1385 src
= lxc_storage_get_path(bdev
->src
, bdev
->type
);
1386 bdev
->dest
= strdup(src
);
1389 /* Create our new array, pre-pend the template name and base
1393 for (nargs
= 0; argv
[nargs
]; nargs
++) {
1396 /* template, path, rootfs and name args */
1399 newargv
= malloc(nargs
* sizeof(*newargv
));
1401 _exit(EXIT_FAILURE
);
1402 newargv
[0] = lxcbasename(tpath
);
1405 len
= strlen(c
->config_path
) + strlen(c
->name
) + strlen("--path=") + 2;
1406 patharg
= malloc(len
);
1408 _exit(EXIT_FAILURE
);
1409 ret
= snprintf(patharg
, len
, "--path=%s/%s", c
->config_path
, c
->name
);
1410 if (ret
< 0 || ret
>= len
)
1411 _exit(EXIT_FAILURE
);
1412 newargv
[1] = patharg
;
1415 len
= strlen("--name=") + strlen(c
->name
) + 1;
1416 namearg
= malloc(len
);
1418 _exit(EXIT_FAILURE
);
1419 ret
= snprintf(namearg
, len
, "--name=%s", c
->name
);
1420 if (ret
< 0 || ret
>= len
)
1421 _exit(EXIT_FAILURE
);
1422 newargv
[2] = namearg
;
1425 len
= strlen("--rootfs=") + 1 + strlen(bdev
->dest
);
1426 rootfsarg
= malloc(len
);
1428 _exit(EXIT_FAILURE
);
1429 ret
= snprintf(rootfsarg
, len
, "--rootfs=%s", bdev
->dest
);
1430 if (ret
< 0 || ret
>= len
)
1431 _exit(EXIT_FAILURE
);
1432 newargv
[3] = rootfsarg
;
1434 /* add passed-in args */
1436 for (i
= 4; i
< nargs
; i
++)
1437 newargv
[i
] = argv
[i
- 4];
1439 /* add trailing NULL */
1441 newargv
= realloc(newargv
, nargs
* sizeof(*newargv
));
1443 _exit(EXIT_FAILURE
);
1444 newargv
[nargs
- 1] = NULL
;
1446 /* If we're running the template in a mapped userns, then we
1447 * prepend the template command with: lxc-usernsexec <-m map1>
1448 * ... <-m mapn> -- and we append "--mapped-uid x", where x is
1449 * the mapped uid for our geteuid()
1451 if (!lxc_list_empty(&conf
->id_map
)) {
1452 int extraargs
, hostuid_mapped
, hostgid_mapped
;
1454 char txtuid
[20], txtgid
[20];
1455 struct lxc_list
*it
;
1459 n2
= malloc(n2args
* sizeof(*n2
));
1461 _exit(EXIT_FAILURE
);
1464 tpath
= "lxc-usernsexec";
1465 n2
[0] = "lxc-usernsexec";
1466 lxc_list_for_each(it
, &conf
->id_map
) {
1469 n2
= realloc(n2
, n2args
* sizeof(char *));
1471 _exit(EXIT_FAILURE
);
1473 n2
[n2args
- 2] = "-m";
1474 n2
[n2args
- 1] = malloc(200);
1475 if (!n2
[n2args
- 1])
1476 _exit(EXIT_FAILURE
);
1478 ret
= snprintf(n2
[n2args
- 1], 200, "%c:%lu:%lu:%lu",
1479 map
->idtype
== ID_TYPE_UID
? 'u' : 'g',
1480 map
->nsid
, map
->hostid
, map
->range
);
1481 if (ret
< 0 || ret
>= 200)
1482 _exit(EXIT_FAILURE
);
1485 hostuid_mapped
= mapped_hostid(geteuid(), conf
, ID_TYPE_UID
);
1486 extraargs
= hostuid_mapped
>= 0 ? 1 : 3;
1487 n2
= realloc(n2
, (nargs
+ n2args
+ extraargs
) * sizeof(char *));
1489 _exit(EXIT_FAILURE
);
1491 if (hostuid_mapped
< 0) {
1492 hostuid_mapped
= find_unmapped_nsid(conf
, ID_TYPE_UID
);
1493 n2
[n2args
++] = "-m";
1494 if (hostuid_mapped
< 0) {
1495 ERROR("Failed to find free uid to map");
1496 _exit(EXIT_FAILURE
);
1499 n2
[n2args
++] = malloc(200);
1500 if (!n2
[n2args
- 1]) {
1501 SYSERROR("out of memory");
1502 _exit(EXIT_FAILURE
);
1504 ret
= snprintf(n2
[n2args
- 1], 200, "u:%d:%d:1",
1505 hostuid_mapped
, geteuid());
1506 if (ret
< 0 || ret
>= 200)
1507 _exit(EXIT_FAILURE
);
1510 hostgid_mapped
= mapped_hostid(getegid(), conf
, ID_TYPE_GID
);
1511 extraargs
= hostgid_mapped
>= 0 ? 1 : 3;
1512 n2
= realloc(n2
, (nargs
+ n2args
+ extraargs
) * sizeof(char *));
1514 _exit(EXIT_FAILURE
);
1516 if (hostgid_mapped
< 0) {
1517 hostgid_mapped
= find_unmapped_nsid(conf
, ID_TYPE_GID
);
1518 n2
[n2args
++] = "-m";
1519 if (hostgid_mapped
< 0) {
1520 ERROR("Failed to find free gid to map");
1521 _exit(EXIT_FAILURE
);
1524 n2
[n2args
++] = malloc(200);
1525 if (!n2
[n2args
- 1]) {
1526 SYSERROR("out of memory");
1527 _exit(EXIT_FAILURE
);
1530 ret
= snprintf(n2
[n2args
- 1], 200, "g:%d:%d:1",
1531 hostgid_mapped
, getegid());
1532 if (ret
< 0 || ret
>= 200)
1533 _exit(EXIT_FAILURE
);
1535 n2
[n2args
++] = "--";
1536 for (i
= 0; i
< nargs
; i
++)
1537 n2
[i
+ n2args
] = newargv
[i
];
1540 /* Finally add "--mapped-uid $uid" to tell template what
1541 * to chown cached images to.
1544 n2
= realloc(n2
, n2args
* sizeof(char *));
1546 _exit(EXIT_FAILURE
);
1548 /* note n2[n2args-1] is NULL */
1549 n2
[n2args
- 5] = "--mapped-uid";
1550 snprintf(txtuid
, 20, "%d", hostuid_mapped
);
1551 n2
[n2args
- 4] = txtuid
;
1552 n2
[n2args
- 3] = "--mapped-gid";
1553 snprintf(txtgid
, 20, "%d", hostgid_mapped
);
1554 n2
[n2args
- 2] = txtgid
;
1555 n2
[n2args
- 1] = NULL
;
1560 execvp(tpath
, newargv
);
1561 SYSERROR("Failed to execute template %s", tpath
);
1562 _exit(EXIT_FAILURE
);
1565 ret
= wait_for_pid(pid
);
1567 ERROR("Failed to create container from template");
1574 static bool prepend_lxc_header(char *path
, const char *t
, char *const argv
[])
1582 unsigned char md_value
[SHA_DIGEST_LENGTH
];
1586 f
= fopen(path
, "r");
1590 if (fseek(f
, 0, SEEK_END
) < 0)
1592 if ((flen
= ftell(f
)) < 0)
1594 if (fseek(f
, 0, SEEK_SET
) < 0)
1596 if ((contents
= malloc(flen
+ 1)) == NULL
)
1598 if (fread(contents
, 1, flen
, f
) != flen
)
1599 goto out_free_contents
;
1601 contents
[flen
] = '\0';
1605 goto out_free_contents
;
1608 tpath
= get_template_path(t
);
1610 ERROR("bad template: %s", t
);
1611 goto out_free_contents
;
1614 ret
= sha1sum_file(tpath
, md_value
);
1616 ERROR("Error getting sha1sum of %s", tpath
);
1618 goto out_free_contents
;
1623 f
= fopen(path
, "w");
1625 SYSERROR("reopening config for writing");
1629 fprintf(f
, "# Template used to create this container: %s\n", t
);
1631 fprintf(f
, "# Parameters passed to the template:");
1633 fprintf(f
, " %s", *argv
);
1639 fprintf(f
, "# Template script checksum (SHA-1): ");
1640 for (i
=0; i
<SHA_DIGEST_LENGTH
; i
++)
1641 fprintf(f
, "%02x", md_value
[i
]);
1644 fprintf(f
, "# For additional config options, please look at lxc.container.conf(5)\n");
1645 fprintf(f
, "\n# Uncomment the following line to support nesting containers:\n");
1646 fprintf(f
, "#lxc.include = " LXCTEMPLATECONFIG
"/nesting.conf\n");
1647 fprintf(f
, "# (Be aware this has security implications)\n\n");
1648 if (fwrite(contents
, 1, flen
, f
) != flen
) {
1649 SYSERROR("Writing original contents");
1665 SYSERROR("Error prepending header");
1671 static void lxcapi_clear_config(struct lxc_container
*c
)
1675 lxc_conf_free(c
->lxc_conf
);
1681 #define do_lxcapi_clear_config(c) lxcapi_clear_config(c)
1685 * create a container with the given parameters.
1686 * @c: container to be created. It has the lxcpath, name, and a starting
1687 * configuration already set
1688 * @t: the template to execute to instantiate the root filesystem and
1689 * adjust the configuration.
1690 * @bdevtype: backing store type to use. If NULL, dir will be used.
1691 * @specs: additional parameters for the backing store, i.e. LVM vg to
1694 * @argv: the arguments to pass to the template, terminated by NULL. If no
1695 * arguments, you can just pass NULL.
1697 static bool do_lxcapi_create(struct lxc_container
*c
, const char *t
,
1698 const char *bdevtype
, struct bdev_specs
*specs
,
1699 int flags
, char *const argv
[])
1711 tpath
= get_template_path(t
);
1713 ERROR("Unknown template \"%s\"", t
);
1718 /* If a template is passed in, and the rootfs already is defined in the
1719 * container config and exists, then the caller is trying to create an
1720 * existing container. Return an error, but do NOT delete the container.
1722 if (do_lxcapi_is_defined(c
) && c
->lxc_conf
&& c
->lxc_conf
->rootfs
.path
&&
1723 access(c
->lxc_conf
->rootfs
.path
, F_OK
) == 0 && tpath
) {
1724 ERROR("Container \"%s\" already exists in \"%s\"", c
->name
,
1730 if (!do_lxcapi_load_config(c
, lxc_global_config_value("lxc.default_config"))) {
1731 ERROR("Error loading default configuration file %s",
1732 lxc_global_config_value("lxc.default_config"));
1737 if (!create_container_dir(c
))
1740 /* If both template and rootfs.path are set, template is setup as
1741 * rootfs.path. The container is already created if we have a config and
1742 * rootfs.path is accessible
1744 if (!c
->lxc_conf
->rootfs
.path
&& !tpath
) {
1745 /* No template passed in and rootfs does not exist. */
1746 if (!c
->save_config(c
, NULL
)) {
1747 ERROR("Failed to save initial config for \"%s\"", c
->name
);
1754 /* Rootfs passed into configuration, but does not exist. */
1755 if (c
->lxc_conf
->rootfs
.path
&& access(c
->lxc_conf
->rootfs
.path
, F_OK
) != 0)
1758 if (do_lxcapi_is_defined(c
) && c
->lxc_conf
->rootfs
.path
&& !tpath
) {
1759 /* Rootfs already existed, user just wanted to save the loaded
1762 if (!c
->save_config(c
, NULL
))
1763 ERROR("Failed to save initial config for \"%s\"", c
->name
);
1768 /* Mark that this container is being created */
1769 partial_fd
= create_partial(c
);
1773 /* No need to get disk lock bc we have the partial lock. */
1777 /* Create the storage.
1778 * Note we can't do this in the same task as we use to execute the
1779 * template because of the way zfs works.
1780 * After you 'zfs create', zfs mounts the fs only in the initial
1785 SYSERROR("Failed to fork task for container creation template");
1789 if (pid
== 0) { /* child */
1790 struct lxc_storage
*bdev
= NULL
;
1792 bdev
= do_storage_create(c
, bdevtype
, specs
);
1794 ERROR("Failed to create %s storage for %s",
1795 bdevtype
? bdevtype
: "(none)", c
->name
);
1796 _exit(EXIT_FAILURE
);
1799 /* Save config file again to store the new rootfs location. */
1800 if (!do_lxcapi_save_config(c
, NULL
)) {
1801 ERROR("Failed to save initial config for %s", c
->name
);
1802 /* Parent task won't see the storage driver in the
1803 * config so we delete it.
1805 bdev
->ops
->umount(bdev
);
1806 bdev
->ops
->destroy(bdev
);
1807 _exit(EXIT_FAILURE
);
1809 _exit(EXIT_SUCCESS
);
1811 if (wait_for_pid(pid
) != 0)
1814 /* Reload config to get the rootfs. */
1815 lxc_conf_free(c
->lxc_conf
);
1817 if (!load_config_locked(c
, c
->configfile
))
1820 if (!create_run_template(c
, tpath
, !!(flags
& LXC_CREATE_QUIET
), argv
))
1823 /* Now clear out the lxc_conf we have, reload from the created
1826 do_lxcapi_clear_config(c
);
1829 if (!prepend_lxc_header(c
->configfile
, tpath
, argv
)) {
1830 ERROR("Failed to prepend header to config file");
1834 ret
= load_config_locked(c
, c
->configfile
);
1838 if (partial_fd
>= 0)
1839 remove_partial(c
, partial_fd
);
1842 container_destroy(c
, NULL
);
1848 static bool lxcapi_create(struct lxc_container
*c
, const char *t
,
1849 const char *bdevtype
, struct bdev_specs
*specs
,
1850 int flags
, char *const argv
[])
1853 current_config
= c
? c
->lxc_conf
: NULL
;
1854 ret
= do_lxcapi_create(c
, t
, bdevtype
, specs
, flags
, argv
);
1855 current_config
= NULL
;
1859 static bool do_lxcapi_reboot(struct lxc_container
*c
)
1862 int rebootsignal
= SIGINT
;
1866 if (!do_lxcapi_is_running(c
))
1868 pid
= do_lxcapi_init_pid(c
);
1871 if (c
->lxc_conf
&& c
->lxc_conf
->rebootsignal
)
1872 rebootsignal
= c
->lxc_conf
->rebootsignal
;
1873 if (kill(pid
, rebootsignal
) < 0) {
1874 WARN("Could not send signal %d to pid %d.", rebootsignal
, pid
);
1881 WRAP_API(bool, lxcapi_reboot
)
1883 static bool do_lxcapi_reboot2(struct lxc_container
*c
, int timeout
)
1887 int rebootsignal
= SIGINT
, state_client_fd
= -1;
1888 lxc_state_t states
[MAX_STATE
] = {0};
1893 if (!do_lxcapi_is_running(c
))
1896 pid
= do_lxcapi_init_pid(c
);
1900 if (c
->lxc_conf
&& c
->lxc_conf
->rebootsignal
)
1901 rebootsignal
= c
->lxc_conf
->rebootsignal
;
1903 /* Add a new state client before sending the shutdown signal so that we
1904 * don't miss a state.
1907 states
[RUNNING
] = 2;
1908 ret
= lxc_cmd_add_state_client(c
->name
, c
->config_path
, states
,
1913 if (state_client_fd
< 0)
1919 if (ret
< MAX_STATE
)
1923 /* Send reboot signal to container. */
1924 killret
= kill(pid
, rebootsignal
);
1926 WARN("Could not send signal %d to pid %d", rebootsignal
, pid
);
1927 if (state_client_fd
>= 0)
1928 close(state_client_fd
);
1931 TRACE("Sent signal %d to pid %d", rebootsignal
, pid
);
1936 ret
= lxc_cmd_sock_rcv_state(state_client_fd
, timeout
);
1937 close(state_client_fd
);
1941 TRACE("Received state \"%s\"", lxc_state2str(ret
));
1948 WRAP_API_1(bool, lxcapi_reboot2
, int)
1950 static bool do_lxcapi_shutdown(struct lxc_container
*c
, int timeout
)
1954 int haltsignal
= SIGPWR
, state_client_fd
= -1;
1955 lxc_state_t states
[MAX_STATE
] = {0};
1960 if (!do_lxcapi_is_running(c
))
1963 pid
= do_lxcapi_init_pid(c
);
1967 /* Detect whether we should send SIGRTMIN + 3 (e.g. systemd). */
1968 if (task_blocking_signal(pid
, (SIGRTMIN
+ 3)))
1969 haltsignal
= (SIGRTMIN
+ 3);
1971 if (c
->lxc_conf
&& c
->lxc_conf
->haltsignal
)
1972 haltsignal
= c
->lxc_conf
->haltsignal
;
1974 /* Add a new state client before sending the shutdown signal so that we
1975 * don't miss a state.
1978 states
[STOPPED
] = 1;
1979 ret
= lxc_cmd_add_state_client(c
->name
, c
->config_path
, states
,
1984 if (state_client_fd
< 0)
1990 if (ret
< MAX_STATE
)
1994 /* Send shutdown signal to container. */
1995 killret
= kill(pid
, haltsignal
);
1997 WARN("Could not send signal %d to pid %d", haltsignal
, pid
);
1998 if (state_client_fd
>= 0)
1999 close(state_client_fd
);
2002 TRACE("Sent signal %d to pid %d", haltsignal
, pid
);
2007 ret
= lxc_cmd_sock_rcv_state(state_client_fd
, timeout
);
2008 close(state_client_fd
);
2012 TRACE("Received state \"%s\"", lxc_state2str(ret
));
2019 WRAP_API_1(bool, lxcapi_shutdown
, int)
2021 static bool lxcapi_createl(struct lxc_container
*c
, const char *t
,
2022 const char *bdevtype
, struct bdev_specs
*specs
, int flags
, ...)
2031 current_config
= c
->lxc_conf
;
2034 * since we're going to wait for create to finish, I don't think we
2035 * need to get a copy of the arguments.
2037 va_start(ap
, flags
);
2038 args
= lxc_va_arg_list_to_argv(ap
, 0, 0);
2041 ERROR("Failed to allocate memory");
2045 bret
= do_lxcapi_create(c
, t
, bdevtype
, specs
, flags
, args
);
2049 current_config
= NULL
;
2053 static void do_clear_unexp_config_line(struct lxc_conf
*conf
, const char *key
)
2055 if (!strcmp(key
, "lxc.cgroup"))
2056 return clear_unexp_config_line(conf
, key
, true);
2058 if (!strcmp(key
, "lxc.network"))
2059 return clear_unexp_config_line(conf
, key
, true);
2061 if (!strcmp(key
, "lxc.net"))
2062 return clear_unexp_config_line(conf
, key
, true);
2064 /* Clear a network with a specific index. */
2065 if (!strncmp(key
, "lxc.net.", 8)) {
2070 ret
= lxc_safe_uint(idx
, &(unsigned int){0});
2072 return clear_unexp_config_line(conf
, key
, true);
2075 if (!strcmp(key
, "lxc.hook"))
2076 return clear_unexp_config_line(conf
, key
, true);
2078 return clear_unexp_config_line(conf
, key
, false);
2081 static bool do_lxcapi_clear_config_item(struct lxc_container
*c
,
2085 struct lxc_config_t
*config
;
2087 if (!c
|| !c
->lxc_conf
)
2090 if (container_mem_lock(c
))
2093 config
= lxc_get_config(key
);
2094 /* Verify that the config key exists and that it has a callback
2097 if (config
&& config
->clr
)
2098 ret
= config
->clr(key
, c
->lxc_conf
, NULL
);
2100 do_clear_unexp_config_line(c
->lxc_conf
, key
);
2102 container_mem_unlock(c
);
2106 WRAP_API_1(bool, lxcapi_clear_config_item
, const char *)
2108 static inline bool enter_net_ns(struct lxc_container
*c
)
2110 pid_t pid
= do_lxcapi_init_pid(c
);
2112 if ((geteuid() != 0 || (c
->lxc_conf
&& !lxc_list_empty(&c
->lxc_conf
->id_map
))) && access("/proc/self/ns/user", F_OK
) == 0) {
2113 if (!switch_to_ns(pid
, "user"))
2116 return switch_to_ns(pid
, "net");
2119 /* Used by qsort and bsearch functions for comparing names. */
2120 static inline int string_cmp(char **first
, char **second
)
2122 return strcmp(*first
, *second
);
2125 /* Used by qsort and bsearch functions for comparing container names. */
2126 static inline int container_cmp(struct lxc_container
**first
,
2127 struct lxc_container
**second
)
2129 return strcmp((*first
)->name
, (*second
)->name
);
2132 static bool add_to_array(char ***names
, char *cname
, int pos
)
2134 char **newnames
= realloc(*names
, (pos
+1) * sizeof(char *));
2136 ERROR("Out of memory");
2141 newnames
[pos
] = strdup(cname
);
2145 /* Sort the arrray as we will use binary search on it. */
2146 qsort(newnames
, pos
+ 1, sizeof(char *),
2147 (int (*)(const void *, const void *))string_cmp
);
2152 static bool add_to_clist(struct lxc_container
***list
, struct lxc_container
*c
,
2155 struct lxc_container
**newlist
= realloc(*list
, (pos
+ 1) * sizeof(struct lxc_container
*));
2157 ERROR("Out of memory");
2164 /* Sort the arrray as we will use binary search on it. */
2166 qsort(newlist
, pos
+ 1, sizeof(struct lxc_container
*),
2167 (int (*)(const void *, const void *))container_cmp
);
2172 static char** get_from_array(char ***names
, char *cname
, int size
)
2174 return (char **)bsearch(&cname
, *names
, size
, sizeof(char *), (int (*)(const void *, const void *))string_cmp
);
2178 static bool array_contains(char ***names
, char *cname
, int size
) {
2179 if(get_from_array(names
, cname
, size
) != NULL
)
2184 static bool remove_from_array(char ***names
, char *cname
, int size
)
2186 char **result
= get_from_array(names
, cname
, size
);
2187 if (result
!= NULL
) {
2194 static char ** do_lxcapi_get_interfaces(struct lxc_container
*c
)
2197 int i
, count
= 0, pipefd
[2];
2198 char **interfaces
= NULL
;
2199 char interface
[IFNAMSIZ
];
2201 if(pipe(pipefd
) < 0) {
2202 SYSERROR("pipe failed");
2208 SYSERROR("failed to fork task to get interfaces information");
2214 if (pid
== 0) { /* child */
2215 int ret
= 1, nbytes
;
2216 struct ifaddrs
*interfaceArray
= NULL
, *tempIfAddr
= NULL
;
2218 /* close the read-end of the pipe */
2221 if (!enter_net_ns(c
)) {
2222 SYSERROR("failed to enter namespace");
2226 /* Grab the list of interfaces */
2227 if (getifaddrs(&interfaceArray
)) {
2228 SYSERROR("failed to get interfaces list");
2232 /* Iterate through the interfaces */
2233 for (tempIfAddr
= interfaceArray
; tempIfAddr
!= NULL
; tempIfAddr
= tempIfAddr
->ifa_next
) {
2234 nbytes
= write(pipefd
[1], tempIfAddr
->ifa_name
, IFNAMSIZ
);
2236 ERROR("write failed");
2245 freeifaddrs(interfaceArray
);
2247 /* close the write-end of the pipe, thus sending EOF to the reader */
2252 /* close the write-end of the pipe */
2255 while (read(pipefd
[0], &interface
, IFNAMSIZ
) == IFNAMSIZ
) {
2256 interface
[IFNAMSIZ
- 1] = '\0';
2258 if (array_contains(&interfaces
, interface
, count
))
2261 if(!add_to_array(&interfaces
, interface
, count
))
2262 ERROR("Failed to add \"%s\" to array", interface
);
2267 if (wait_for_pid(pid
) != 0) {
2268 for(i
=0;i
<count
;i
++)
2269 free(interfaces
[i
]);
2274 /* close the read-end of the pipe */
2277 /* Append NULL to the array */
2279 interfaces
= (char **)lxc_append_null_to_array((void **)interfaces
, count
);
2284 WRAP_API(char **, lxcapi_get_interfaces
)
2286 static char** do_lxcapi_get_ips(struct lxc_container
*c
, const char* interface
, const char* family
, int scope
)
2289 int i
, count
= 0, pipefd
[2];
2290 char **addresses
= NULL
;
2291 char address
[INET6_ADDRSTRLEN
];
2293 if(pipe(pipefd
) < 0) {
2294 SYSERROR("pipe failed");
2300 SYSERROR("failed to fork task to get container ips");
2306 if (pid
== 0) { /* child */
2307 int ret
= 1, nbytes
;
2308 struct ifaddrs
*interfaceArray
= NULL
, *tempIfAddr
= NULL
;
2309 char addressOutputBuffer
[INET6_ADDRSTRLEN
];
2310 void *tempAddrPtr
= NULL
;
2311 char *address
= NULL
;
2313 /* close the read-end of the pipe */
2316 if (!enter_net_ns(c
)) {
2317 SYSERROR("failed to enter namespace");
2321 /* Grab the list of interfaces */
2322 if (getifaddrs(&interfaceArray
)) {
2323 SYSERROR("failed to get interfaces list");
2327 /* Iterate through the interfaces */
2328 for (tempIfAddr
= interfaceArray
; tempIfAddr
!= NULL
; tempIfAddr
= tempIfAddr
->ifa_next
) {
2329 if (tempIfAddr
->ifa_addr
== NULL
)
2332 if(tempIfAddr
->ifa_addr
->sa_family
== AF_INET
) {
2333 if (family
&& strcmp(family
, "inet"))
2335 tempAddrPtr
= &((struct sockaddr_in
*)tempIfAddr
->ifa_addr
)->sin_addr
;
2338 if (family
&& strcmp(family
, "inet6"))
2341 if (((struct sockaddr_in6
*)tempIfAddr
->ifa_addr
)->sin6_scope_id
!= scope
)
2344 tempAddrPtr
= &((struct sockaddr_in6
*)tempIfAddr
->ifa_addr
)->sin6_addr
;
2347 if (interface
&& strcmp(interface
, tempIfAddr
->ifa_name
))
2349 else if (!interface
&& strcmp("lo", tempIfAddr
->ifa_name
) == 0)
2352 address
= (char *)inet_ntop(tempIfAddr
->ifa_addr
->sa_family
,
2354 addressOutputBuffer
,
2355 sizeof(addressOutputBuffer
));
2359 nbytes
= write(pipefd
[1], address
, INET6_ADDRSTRLEN
);
2361 ERROR("write failed");
2370 freeifaddrs(interfaceArray
);
2372 /* close the write-end of the pipe, thus sending EOF to the reader */
2377 /* close the write-end of the pipe */
2380 while (read(pipefd
[0], &address
, INET6_ADDRSTRLEN
) == INET6_ADDRSTRLEN
) {
2381 if(!add_to_array(&addresses
, address
, count
))
2382 ERROR("PARENT: add_to_array failed");
2386 if (wait_for_pid(pid
) != 0) {
2387 for(i
=0;i
<count
;i
++)
2393 /* close the read-end of the pipe */
2396 /* Append NULL to the array */
2398 addresses
= (char **)lxc_append_null_to_array((void **)addresses
, count
);
2403 WRAP_API_3(char **, lxcapi_get_ips
, const char *, const char *, int)
2405 static int do_lxcapi_get_config_item(struct lxc_container
*c
, const char *key
, char *retv
, int inlen
)
2408 struct lxc_config_t
*config
;
2410 if (!c
|| !c
->lxc_conf
)
2413 if (container_mem_lock(c
))
2416 config
= lxc_get_config(key
);
2417 /* Verify that the config key exists and that it has a callback
2420 if (config
&& config
->get
)
2421 ret
= config
->get(key
, retv
, inlen
, c
->lxc_conf
, NULL
);
2423 container_mem_unlock(c
);
2427 WRAP_API_3(int, lxcapi_get_config_item
, const char *, char *, int)
2429 static char* do_lxcapi_get_running_config_item(struct lxc_container
*c
, const char *key
)
2433 if (!c
|| !c
->lxc_conf
)
2435 if (container_mem_lock(c
))
2437 ret
= lxc_cmd_get_config_item(c
->name
, key
, do_lxcapi_get_config_path(c
));
2438 container_mem_unlock(c
);
2442 WRAP_API_1(char *, lxcapi_get_running_config_item
, const char *)
2444 static int do_lxcapi_get_keys(struct lxc_container
*c
, const char *key
, char *retv
, int inlen
)
2448 /* List all config items. */
2450 return lxc_list_config_items(retv
, inlen
);
2452 if (!c
|| !c
->lxc_conf
)
2455 if (container_mem_lock(c
))
2458 /* Support 'lxc.net.<idx>', i.e. 'lxc.net.0'
2459 * This is an intelligent result to show which keys are valid given the
2460 * type of nic it is.
2462 if (strncmp(key
, "lxc.net.", 8) == 0)
2463 ret
= lxc_list_net(c
->lxc_conf
, key
, retv
, inlen
);
2465 ret
= lxc_list_subkeys(c
->lxc_conf
, key
, retv
, inlen
);
2467 container_mem_unlock(c
);
2471 WRAP_API_3(int, lxcapi_get_keys
, const char *, char *, int)
2473 static bool do_lxcapi_save_config(struct lxc_container
*c
, const char *alt_file
)
2476 bool ret
= false, need_disklock
= false;
2479 alt_file
= c
->configfile
;
2483 /* If we haven't yet loaded a config, load the stock config. */
2485 if (!do_lxcapi_load_config(c
, lxc_global_config_value("lxc.default_config"))) {
2486 ERROR("Error loading default configuration file %s "
2488 lxc_global_config_value("lxc.default_config"),
2494 if (!create_container_dir(c
))
2497 /* If we're writing to the container's config file, take the disk lock.
2498 * Otherwise just take the memlock to protect the struct lxc_container
2499 * while we're traversing it.
2501 if (strcmp(c
->configfile
, alt_file
) == 0)
2502 need_disklock
= true;
2505 lret
= container_disk_lock(c
);
2507 lret
= container_mem_lock(c
);
2511 fd
= open(alt_file
, O_WRONLY
| O_CREAT
| O_TRUNC
| O_CLOEXEC
,
2512 S_IRUSR
| S_IWUSR
| S_IRGRP
| S_IWGRP
| S_IROTH
| S_IWOTH
);
2516 lret
= write_config(fd
, c
->lxc_conf
);
2525 container_disk_unlock(c
);
2527 container_mem_unlock(c
);
2532 WRAP_API_1(bool, lxcapi_save_config
, const char *)
2535 static bool mod_rdep(struct lxc_container
*c0
, struct lxc_container
*c
, bool inc
)
2541 char path
[MAXPATHLEN
];
2542 char newpath
[MAXPATHLEN
];
2543 int fd
, ret
, n
= 0, v
= 0;
2545 size_t len
= 0, bytes
= 0;
2547 if (container_disk_lock(c0
))
2550 ret
= snprintf(path
, MAXPATHLEN
, "%s/%s/lxc_snapshots", c0
->config_path
, c0
->name
);
2551 if (ret
< 0 || ret
> MAXPATHLEN
)
2553 ret
= snprintf(newpath
, MAXPATHLEN
, "%s\n%s\n", c
->config_path
, c
->name
);
2554 if (ret
< 0 || ret
> MAXPATHLEN
)
2557 /* If we find an lxc-snapshot file using the old format only listing the
2558 * number of snapshots we will keep using it. */
2559 f1
= fopen(path
, "r");
2561 n
= fscanf(f1
, "%d", &v
);
2563 if (n
== 1 && v
== 0) {
2570 f1
= fopen(path
, "w");
2573 if (fprintf(f1
, "%d\n", v
) < 0) {
2574 ERROR("Error writing new snapshots value");
2580 SYSERROR("Error writing to or closing snapshots file");
2584 /* Here we know that we have or can use an lxc-snapshot file
2585 * using the new format. */
2587 f1
= fopen(path
, "a");
2591 if (fprintf(f1
, "%s", newpath
) < 0) {
2592 ERROR("Error writing new snapshots entry");
2595 SYSERROR("Error writing to or closing snapshots file");
2601 SYSERROR("Error writing to or closing snapshots file");
2605 if ((fd
= open(path
, O_RDWR
| O_CLOEXEC
)) < 0)
2608 if (fstat(fd
, &fbuf
) < 0) {
2613 if (fbuf
.st_size
!= 0) {
2615 buf
= lxc_strmmap(NULL
, fbuf
.st_size
, PROT_READ
| PROT_WRITE
, MAP_SHARED
, fd
, 0);
2616 if (buf
== MAP_FAILED
) {
2617 SYSERROR("Failed to create mapping %s", path
);
2622 len
= strlen(newpath
);
2623 while ((del
= strstr((char *)buf
, newpath
))) {
2624 memmove(del
, del
+ len
, strlen(del
) - len
+ 1);
2628 lxc_strmunmap(buf
, fbuf
.st_size
);
2629 if (ftruncate(fd
, fbuf
.st_size
- bytes
) < 0) {
2630 SYSERROR("Failed to truncate file %s", path
);
2638 /* If the lxc-snapshot file is empty, remove it. */
2639 if (stat(path
, &fbuf
) < 0)
2641 if (!fbuf
.st_size
) {
2649 container_disk_unlock(c0
);
2653 static void strip_newline(char *p
)
2655 size_t len
= strlen(p
);
2658 if (p
[len
-1] == '\n')
2662 void mod_all_rdeps(struct lxc_container
*c
, bool inc
)
2664 struct lxc_container
*p
;
2665 char *lxcpath
= NULL
, *lxcname
= NULL
, path
[MAXPATHLEN
];
2666 size_t pathlen
= 0, namelen
= 0;
2670 ret
= snprintf(path
, MAXPATHLEN
, "%s/%s/lxc_rdepends",
2671 c
->config_path
, c
->name
);
2672 if (ret
< 0 || ret
>= MAXPATHLEN
) {
2673 ERROR("Path name too long");
2676 f
= fopen(path
, "r");
2679 while (getline(&lxcpath
, &pathlen
, f
) != -1) {
2680 if (getline(&lxcname
, &namelen
, f
) == -1) {
2681 ERROR("badly formatted file %s", path
);
2684 strip_newline(lxcpath
);
2685 strip_newline(lxcname
);
2686 if ((p
= lxc_container_new(lxcname
, lxcpath
)) == NULL
) {
2687 ERROR("Unable to find dependent container %s:%s",
2691 if (!mod_rdep(p
, c
, inc
))
2692 ERROR("Failed to update snapshots file for %s:%s",
2694 lxc_container_put(p
);
2702 static bool has_fs_snapshots(struct lxc_container
*c
)
2705 char path
[MAXPATHLEN
];
2710 ret
= snprintf(path
, MAXPATHLEN
, "%s/%s/lxc_snapshots", c
->config_path
,
2712 if (ret
< 0 || ret
> MAXPATHLEN
)
2714 /* If the file doesn't exist there are no snapshots. */
2715 if (stat(path
, &fbuf
) < 0)
2719 f
= fopen(path
, "r");
2722 ret
= fscanf(f
, "%d", &v
);
2724 /* TODO: Figure out what to do with the return value of fscanf. */
2726 INFO("Container uses new lxc-snapshots format %s", path
);
2734 static bool has_snapshots(struct lxc_container
*c
)
2736 char path
[MAXPATHLEN
];
2737 struct dirent
*direntp
;
2741 if (!get_snappath_dir(c
, path
))
2743 dir
= opendir(path
);
2746 while ((direntp
= readdir(dir
))) {
2750 if (!strcmp(direntp
->d_name
, "."))
2753 if (!strcmp(direntp
->d_name
, ".."))
2762 static bool do_destroy_container(struct lxc_conf
*conf
) {
2765 if (am_guest_unpriv()) {
2766 ret
= userns_exec_full(conf
, storage_destroy_wrapper
, conf
,
2767 "storage_destroy_wrapper");
2774 return storage_destroy(conf
);
2777 static int lxc_rmdir_onedev_wrapper(void *data
)
2779 char *arg
= (char *) data
;
2780 return lxc_rmdir_onedev(arg
, "snaps");
2783 static int lxc_unlink_exec_wrapper(void *data
)
2789 static bool container_destroy(struct lxc_container
*c
,
2790 struct lxc_storage
*storage
)
2794 struct lxc_conf
*conf
;
2799 if (!c
|| !do_lxcapi_is_defined(c
))
2803 if (container_disk_lock(c
))
2806 if (!is_stopped(c
)) {
2807 /* We should queue some sort of error - in c->error_string? */
2808 ERROR("container %s is not stopped", c
->name
);
2812 if (conf
&& !lxc_list_empty(&conf
->hooks
[LXCHOOK_DESTROY
])) {
2813 /* Start of environment variable setup for hooks */
2814 if (setenv("LXC_NAME", c
->name
, 1))
2815 SYSERROR("Failed to set environment variable for container name");
2817 if (conf
->rcfile
&& setenv("LXC_CONFIG_FILE", conf
->rcfile
, 1))
2818 SYSERROR("Failed to set environment variable for config path");
2820 if (conf
->rootfs
.mount
&& setenv("LXC_ROOTFS_MOUNT", conf
->rootfs
.mount
, 1))
2821 SYSERROR("Failed to set environment variable for rootfs mount");
2823 if (conf
->rootfs
.path
&& setenv("LXC_ROOTFS_PATH", conf
->rootfs
.path
, 1))
2824 SYSERROR("Failed to set environment variable for rootfs mount");
2826 if (conf
->console
.path
&& setenv("LXC_CONSOLE", conf
->console
.path
, 1))
2827 SYSERROR("Failed to set environment variable for console path");
2829 if (conf
->console
.log_path
&& setenv("LXC_CONSOLE_LOGPATH", conf
->console
.log_path
, 1))
2830 SYSERROR("Failed to set environment variable for console log");
2831 /* End of environment variable setup for hooks */
2833 if (run_lxc_hooks(c
->name
, "destroy", conf
, NULL
)) {
2834 ERROR("Failed to execute clone hook for \"%s\"", c
->name
);
2839 if (current_config
&& conf
== current_config
) {
2840 current_config
= NULL
;
2841 if (conf
->logfd
!= -1) {
2847 if (conf
&& conf
->rootfs
.path
&& conf
->rootfs
.mount
) {
2848 if (!do_destroy_container(conf
)) {
2849 ERROR("Error destroying rootfs for %s", c
->name
);
2852 INFO("Destroyed rootfs for %s", c
->name
);
2855 mod_all_rdeps(c
, false);
2857 p1
= do_lxcapi_get_config_path(c
);
2866 * strlen("config") = 6
2870 len
= strlen(p1
) + 1 + strlen(c
->name
) + 1 + 6 + 1;
2873 ERROR("Failed to allocate memory");
2877 /* For an overlay container the rootfs is considered immutable and
2878 * cannot be removed when restoring from a snapshot.
2880 if (storage
&& (!strcmp(storage
->type
, "overlay") ||
2881 !strcmp(storage
->type
, "overlayfs")) &&
2882 (storage
->flags
& LXC_STORAGE_INTERNAL_OVERLAY_RESTORE
)) {
2883 ret
= snprintf(path
, len
, "%s/%s/config", p1
, c
->name
);
2884 if (ret
< 0 || (size_t)ret
>= len
)
2887 if (am_guest_unpriv())
2888 ret
= userns_exec_1(conf
, lxc_unlink_exec_wrapper
, path
,
2889 "lxc_unlink_exec_wrapper");
2893 SYSERROR("Failed to destroy config file \"%s\" for \"%s\"",
2897 INFO("Destroyed config file \"%s\" for \"%s\"", path
, c
->name
);
2903 ret
= snprintf(path
, len
, "%s/%s", p1
, c
->name
);
2904 if (ret
< 0 || (size_t)ret
>= len
)
2906 if (am_guest_unpriv())
2907 ret
= userns_exec_full(conf
, lxc_rmdir_onedev_wrapper
, path
,
2908 "lxc_rmdir_onedev_wrapper");
2910 ret
= lxc_rmdir_onedev(path
, "snaps");
2912 ERROR("Failed to destroy directory \"%s\" for \"%s\"", path
,
2916 INFO("Destroyed directory \"%s\" for \"%s\"", path
, c
->name
);
2923 container_disk_unlock(c
);
2927 static bool do_lxcapi_destroy(struct lxc_container
*c
)
2929 if (!c
|| !lxcapi_is_defined(c
))
2931 if (has_snapshots(c
)) {
2932 ERROR("Container %s has snapshots; not removing", c
->name
);
2936 if (has_fs_snapshots(c
)) {
2937 ERROR("container %s has snapshots on its rootfs", c
->name
);
2941 return container_destroy(c
, NULL
);
2944 WRAP_API(bool, lxcapi_destroy
)
2946 static bool do_lxcapi_destroy_with_snapshots(struct lxc_container
*c
)
2948 if (!c
|| !lxcapi_is_defined(c
))
2950 if (!lxcapi_snapshot_destroy_all(c
)) {
2951 ERROR("Error deleting all snapshots");
2954 return lxcapi_destroy(c
);
2957 WRAP_API(bool, lxcapi_destroy_with_snapshots
)
2959 int lxc_set_config_item_locked(struct lxc_conf
*conf
, const char *key
,
2963 struct lxc_config_t
*config
;
2966 config
= lxc_get_config(key
);
2970 ret
= config
->set(key
, v
, conf
, NULL
);
2974 if (lxc_config_value_empty(v
))
2975 do_clear_unexp_config_line(conf
, key
);
2977 bret
= do_append_unexp_config_line(conf
, key
, v
);
2984 static bool do_set_config_item_locked(struct lxc_container
*c
, const char *key
,
2990 c
->lxc_conf
= lxc_conf_init();
2995 ret
= lxc_set_config_item_locked(c
->lxc_conf
, key
, v
);
3002 static bool do_lxcapi_set_config_item(struct lxc_container
*c
, const char *key
, const char *v
)
3009 if (container_mem_lock(c
))
3012 b
= do_set_config_item_locked(c
, key
, v
);
3014 container_mem_unlock(c
);
3018 WRAP_API_2(bool, lxcapi_set_config_item
, const char *, const char *)
3020 static char *lxcapi_config_file_name(struct lxc_container
*c
)
3022 if (!c
|| !c
->configfile
)
3024 return strdup(c
->configfile
);
3027 static const char *lxcapi_get_config_path(struct lxc_container
*c
)
3029 if (!c
|| !c
->config_path
)
3031 return (const char *)(c
->config_path
);
3036 * Just recalculate the c->configfile based on the
3037 * c->config_path, which must be set.
3038 * The lxc_container must be locked or not yet public.
3040 static bool set_config_filename(struct lxc_container
*c
)
3045 if (!c
->config_path
)
3048 /* $lxc_path + "/" + c->name + "/" + "config" + '\0' */
3049 len
= strlen(c
->config_path
) + strlen(c
->name
) + strlen("config") + 3;
3050 newpath
= malloc(len
);
3054 ret
= snprintf(newpath
, len
, "%s/%s/config", c
->config_path
, c
->name
);
3055 if (ret
< 0 || ret
>= len
) {
3056 fprintf(stderr
, "Error printing out config file name\n");
3061 free(c
->configfile
);
3062 c
->configfile
= newpath
;
3067 static bool do_lxcapi_set_config_path(struct lxc_container
*c
, const char *path
)
3071 char *oldpath
= NULL
;
3076 if (container_mem_lock(c
))
3081 ERROR("Out of memory setting new lxc path");
3087 oldpath
= c
->config_path
;
3090 /* Since we've changed the config path, we have to change the
3091 * config file name too */
3092 if (!set_config_filename(c
)) {
3093 ERROR("Out of memory setting new config filename");
3095 free(c
->config_path
);
3096 c
->config_path
= oldpath
;
3101 container_mem_unlock(c
);
3105 WRAP_API_1(bool, lxcapi_set_config_path
, const char *)
3107 static bool do_lxcapi_set_cgroup_item(struct lxc_container
*c
, const char *subsys
, const char *value
)
3117 if (container_disk_lock(c
))
3120 ret
= lxc_cgroup_set(subsys
, value
, c
->name
, c
->config_path
);
3122 container_disk_unlock(c
);
3126 WRAP_API_2(bool, lxcapi_set_cgroup_item
, const char *, const char *)
3128 static int do_lxcapi_get_cgroup_item(struct lxc_container
*c
, const char *subsys
, char *retv
, int inlen
)
3138 if (container_disk_lock(c
))
3141 ret
= lxc_cgroup_get(subsys
, retv
, inlen
, c
->name
, c
->config_path
);
3143 container_disk_unlock(c
);
3147 WRAP_API_3(int, lxcapi_get_cgroup_item
, const char *, char *, int)
3149 const char *lxc_get_global_config_item(const char *key
)
3151 return lxc_global_config_value(key
);
3154 const char *lxc_get_version(void)
3159 static int copy_file(const char *old
, const char *new)
3166 if (file_exists(new)) {
3167 ERROR("copy destination %s exists", new);
3170 ret
= stat(old
, &sbuf
);
3172 INFO("Error stat'ing %s", old
);
3176 in
= open(old
, O_RDONLY
);
3178 SYSERROR("Error opening original file %s", old
);
3181 out
= open(new, O_CREAT
| O_EXCL
| O_WRONLY
, 0644);
3183 SYSERROR("Error opening new file %s", new);
3189 len
= read(in
, buf
, 8096);
3191 SYSERROR("Error reading old file %s", old
);
3196 ret
= write(out
, buf
, len
);
3197 if (ret
< len
) { /* should we retry? */
3198 SYSERROR("Error: write to new file %s was interrupted", new);
3205 /* We set mode, but not owner/group. */
3206 ret
= chmod(new, sbuf
.st_mode
);
3208 SYSERROR("Error setting mode on %s", new);
3220 static int copyhooks(struct lxc_container
*oldc
, struct lxc_container
*c
)
3223 struct lxc_list
*it
;
3226 len
= strlen(oldc
->config_path
) + strlen(oldc
->name
) + 3;
3227 cpath
= alloca(len
);
3228 ret
= snprintf(cpath
, len
, "%s/%s/", oldc
->config_path
, oldc
->name
);
3229 if (ret
< 0 || ret
>= len
)
3232 for (i
=0; i
<NUM_LXC_HOOKS
; i
++) {
3233 lxc_list_for_each(it
, &c
->lxc_conf
->hooks
[i
]) {
3234 char *hookname
= it
->elem
;
3235 char *fname
= strrchr(hookname
, '/');
3236 char tmppath
[MAXPATHLEN
];
3237 if (!fname
) /* relative path - we don't support, but maybe we should */
3239 if (strncmp(hookname
, cpath
, len
- 1) != 0) {
3240 /* this hook is public - ignore */
3243 /* copy the script, and change the entry in confile */
3244 ret
= snprintf(tmppath
, MAXPATHLEN
, "%s/%s/%s",
3245 c
->config_path
, c
->name
, fname
+1);
3246 if (ret
< 0 || ret
>= MAXPATHLEN
)
3248 ret
= copy_file(it
->elem
, tmppath
);
3252 it
->elem
= strdup(tmppath
);
3254 ERROR("out of memory copying hook path");
3260 if (!clone_update_unexp_hooks(c
->lxc_conf
, oldc
->config_path
,
3261 c
->config_path
, oldc
->name
, c
->name
)) {
3262 ERROR("Error saving new hooks in clone");
3265 do_lxcapi_save_config(c
, NULL
);
3270 static int copy_fstab(struct lxc_container
*oldc
, struct lxc_container
*c
)
3272 char newpath
[MAXPATHLEN
];
3273 char *oldpath
= oldc
->lxc_conf
->fstab
;
3279 clear_unexp_config_line(c
->lxc_conf
, "lxc.mount.fstab", false);
3281 char *p
= strrchr(oldpath
, '/');
3284 ret
= snprintf(newpath
, MAXPATHLEN
, "%s/%s%s",
3285 c
->config_path
, c
->name
, p
);
3286 if (ret
< 0 || ret
>= MAXPATHLEN
) {
3287 ERROR("error printing new path for %s", oldpath
);
3290 if (file_exists(newpath
)) {
3291 ERROR("error: fstab file %s exists", newpath
);
3295 if (copy_file(oldpath
, newpath
) < 0) {
3296 ERROR("error: copying %s to %s", oldpath
, newpath
);
3299 free(c
->lxc_conf
->fstab
);
3300 c
->lxc_conf
->fstab
= strdup(newpath
);
3301 if (!c
->lxc_conf
->fstab
) {
3302 ERROR("error: allocating pathname");
3305 if (!do_append_unexp_config_line(c
->lxc_conf
, "lxc.mount.fstab", newpath
)) {
3306 ERROR("error saving new lxctab");
3313 static void copy_rdepends(struct lxc_container
*c
, struct lxc_container
*c0
)
3315 char path0
[MAXPATHLEN
], path1
[MAXPATHLEN
];
3318 ret
= snprintf(path0
, MAXPATHLEN
, "%s/%s/lxc_rdepends", c0
->config_path
,
3320 if (ret
< 0 || ret
>= MAXPATHLEN
) {
3321 WARN("Error copying reverse dependencies");
3324 ret
= snprintf(path1
, MAXPATHLEN
, "%s/%s/lxc_rdepends", c
->config_path
,
3326 if (ret
< 0 || ret
>= MAXPATHLEN
) {
3327 WARN("Error copying reverse dependencies");
3330 if (copy_file(path0
, path1
) < 0) {
3331 INFO("Error copying reverse dependencies");
3336 static bool add_rdepends(struct lxc_container
*c
, struct lxc_container
*c0
)
3339 char path
[MAXPATHLEN
];
3343 ret
= snprintf(path
, MAXPATHLEN
, "%s/%s/lxc_rdepends", c
->config_path
,
3345 if (ret
< 0 || ret
>= MAXPATHLEN
)
3347 f
= fopen(path
, "a");
3351 /* If anything goes wrong, just return an error. */
3352 if (fprintf(f
, "%s\n%s\n", c0
->config_path
, c0
->name
) < 0)
3360 * If the fs natively supports snapshot clones with no penalty,
3361 * then default to those even if not requested.
3362 * Currently we only do this for btrfs.
3364 bool should_default_to_snapshot(struct lxc_container
*c0
,
3365 struct lxc_container
*c1
)
3367 size_t l0
= strlen(c0
->config_path
) + strlen(c0
->name
) + 2;
3368 size_t l1
= strlen(c1
->config_path
) + strlen(c1
->name
) + 2;
3369 char *p0
= alloca(l0
+ 1);
3370 char *p1
= alloca(l1
+ 1);
3371 char *rootfs
= c0
->lxc_conf
->rootfs
.path
;
3373 snprintf(p0
, l0
, "%s/%s", c0
->config_path
, c0
->name
);
3374 snprintf(p1
, l1
, "%s/%s", c1
->config_path
, c1
->name
);
3376 if (!is_btrfs_fs(p0
) || !is_btrfs_fs(p1
))
3379 if (is_btrfs_subvol(rootfs
) <= 0)
3382 return btrfs_same_fs(p0
, p1
) == 0;
3385 static int copy_storage(struct lxc_container
*c0
, struct lxc_container
*c
,
3386 const char *newtype
, int flags
, const char *bdevdata
,
3389 struct lxc_storage
*bdev
;
3392 if (should_default_to_snapshot(c0
, c
))
3393 flags
|= LXC_CLONE_SNAPSHOT
;
3395 bdev
= storage_copy(c0
, c
->name
, c
->config_path
, newtype
, flags
,
3396 bdevdata
, newsize
, &need_rdep
);
3398 ERROR("Error copying storage.");
3402 /* Set new rootfs. */
3403 free(c
->lxc_conf
->rootfs
.path
);
3404 c
->lxc_conf
->rootfs
.path
= strdup(bdev
->src
);
3407 if (!c
->lxc_conf
->rootfs
.path
) {
3408 ERROR("Out of memory while setting storage path.");
3412 /* Append a new lxc.rootfs.path entry to the unexpanded config. */
3413 clear_unexp_config_line(c
->lxc_conf
, "lxc.rootfs.path", false);
3414 if (!do_append_unexp_config_line(c
->lxc_conf
, "lxc.rootfs.path",
3415 c
->lxc_conf
->rootfs
.path
)) {
3416 ERROR("Error saving new rootfs to cloned config.");
3420 if (flags
& LXC_CLONE_SNAPSHOT
)
3421 copy_rdepends(c
, c0
);
3423 if (!add_rdepends(c
, c0
))
3424 WARN("Error adding reverse dependency from %s to %s",
3428 mod_all_rdeps(c
, true);
3433 struct clone_update_data
{
3434 struct lxc_container
*c0
;
3435 struct lxc_container
*c1
;
3440 static int clone_update_rootfs(struct clone_update_data
*data
)
3442 struct lxc_container
*c0
= data
->c0
;
3443 struct lxc_container
*c
= data
->c1
;
3444 int flags
= data
->flags
;
3445 char **hookargs
= data
->hookargs
;
3447 char path
[MAXPATHLEN
];
3448 struct lxc_storage
*bdev
;
3450 struct lxc_conf
*conf
= c
->lxc_conf
;
3452 /* update hostname in rootfs */
3453 /* we're going to mount, so run in a clean namespace to simplify cleanup */
3455 if (setgid(0) < 0) {
3456 ERROR("Failed to setgid to 0");
3459 if (setuid(0) < 0) {
3460 ERROR("Failed to setuid to 0");
3463 if (setgroups(0, NULL
) < 0)
3464 WARN("Failed to clear groups");
3466 if (unshare(CLONE_NEWNS
) < 0)
3468 bdev
= storage_init(c
->lxc_conf
);
3471 if (strcmp(bdev
->type
, "dir") != 0) {
3472 if (unshare(CLONE_NEWNS
) < 0) {
3473 ERROR("error unsharing mounts");
3477 if (detect_shared_rootfs()) {
3478 if (mount(NULL
, "/", NULL
, MS_SLAVE
|MS_REC
, NULL
)) {
3479 SYSERROR("Failed to make / rslave");
3480 ERROR("Continuing...");
3483 if (bdev
->ops
->mount(bdev
) < 0) {
3487 } else { /* TODO come up with a better way */
3489 bdev
->dest
= strdup(bdev
->src
);
3492 if (!lxc_list_empty(&conf
->hooks
[LXCHOOK_CLONE
])) {
3493 /* Start of environment variable setup for hooks */
3494 if (c0
->name
&& setenv("LXC_SRC_NAME", c0
->name
, 1)) {
3495 SYSERROR("failed to set environment variable for source container name");
3497 if (setenv("LXC_NAME", c
->name
, 1)) {
3498 SYSERROR("failed to set environment variable for container name");
3500 if (conf
->rcfile
&& setenv("LXC_CONFIG_FILE", conf
->rcfile
, 1)) {
3501 SYSERROR("failed to set environment variable for config path");
3503 if (bdev
->dest
&& setenv("LXC_ROOTFS_MOUNT", bdev
->dest
, 1)) {
3504 SYSERROR("failed to set environment variable for rootfs mount");
3506 if (conf
->rootfs
.path
&& setenv("LXC_ROOTFS_PATH", conf
->rootfs
.path
, 1)) {
3507 SYSERROR("failed to set environment variable for rootfs mount");
3510 if (run_lxc_hooks(c
->name
, "clone", conf
, hookargs
)) {
3511 ERROR("Error executing clone hook for %s", c
->name
);
3517 if (!(flags
& LXC_CLONE_KEEPNAME
)) {
3518 ret
= snprintf(path
, MAXPATHLEN
, "%s/etc/hostname", bdev
->dest
);
3521 if (ret
< 0 || ret
>= MAXPATHLEN
)
3523 if (!file_exists(path
))
3525 if (!(fout
= fopen(path
, "w"))) {
3526 SYSERROR("unable to open %s: ignoring", path
);
3529 if (fprintf(fout
, "%s", c
->name
) < 0) {
3533 if (fclose(fout
) < 0)
3542 static int clone_update_rootfs_wrapper(void *data
)
3544 struct clone_update_data
*arg
= (struct clone_update_data
*) data
;
3545 return clone_update_rootfs(arg
);
3549 * We want to support:
3550 sudo lxc-clone -o o1 -n n1 -s -L|-fssize fssize -v|--vgname vgname \
3551 -p|--lvprefix lvprefix -t|--fstype fstype -B backingstore
3553 -s [ implies overlay]
3556 only rootfs gets converted (copied/snapshotted) on clone.
3559 static int create_file_dirname(char *path
, struct lxc_conf
*conf
)
3561 char *p
= strrchr(path
, '/');
3567 ret
= do_create_container_dir(path
, conf
);
3572 static struct lxc_container
*do_lxcapi_clone(struct lxc_container
*c
, const char *newname
,
3573 const char *lxcpath
, int flags
,
3574 const char *bdevtype
, const char *bdevdata
, uint64_t newsize
,
3577 char newpath
[MAXPATHLEN
];
3579 struct clone_update_data data
;
3580 size_t saved_unexp_len
;
3582 int storage_copied
= 0;
3583 char *origroot
= NULL
, *saved_unexp_conf
= NULL
;
3584 struct lxc_container
*c2
= NULL
;
3586 if (!c
|| !do_lxcapi_is_defined(c
))
3589 if (container_mem_lock(c
))
3592 if (!is_stopped(c
)) {
3593 ERROR("error: Original container (%s) is running", c
->name
);
3597 /* Make sure the container doesn't yet exist. */
3601 lxcpath
= do_lxcapi_get_config_path(c
);
3602 ret
= snprintf(newpath
, MAXPATHLEN
, "%s/%s/config", lxcpath
, newname
);
3603 if (ret
< 0 || ret
>= MAXPATHLEN
) {
3604 SYSERROR("clone: failed making config pathname");
3608 if (file_exists(newpath
)) {
3609 ERROR("error: clone: %s exists", newpath
);
3613 ret
= create_file_dirname(newpath
, c
->lxc_conf
);
3614 if (ret
< 0 && errno
!= EEXIST
) {
3615 ERROR("Error creating container dir for %s", newpath
);
3619 /* Copy the configuration. Tweak it as needed. */
3620 if (c
->lxc_conf
->rootfs
.path
) {
3621 origroot
= c
->lxc_conf
->rootfs
.path
;
3622 c
->lxc_conf
->rootfs
.path
= NULL
;
3625 fd
= open(newpath
, O_WRONLY
| O_CREAT
| O_CLOEXEC
,
3626 S_IRUSR
| S_IWUSR
| S_IRGRP
| S_IWGRP
| S_IROTH
| S_IWOTH
);
3628 SYSERROR("Failed to open \"%s\"", newpath
);
3632 saved_unexp_conf
= c
->lxc_conf
->unexpanded_config
;
3633 saved_unexp_len
= c
->lxc_conf
->unexpanded_len
;
3634 c
->lxc_conf
->unexpanded_config
= strdup(saved_unexp_conf
);
3635 if (!c
->lxc_conf
->unexpanded_config
) {
3640 clear_unexp_config_line(c
->lxc_conf
, "lxc.rootfs.path", false);
3641 write_config(fd
, c
->lxc_conf
);
3643 c
->lxc_conf
->rootfs
.path
= origroot
;
3644 free(c
->lxc_conf
->unexpanded_config
);
3645 c
->lxc_conf
->unexpanded_config
= saved_unexp_conf
;
3646 saved_unexp_conf
= NULL
;
3647 c
->lxc_conf
->unexpanded_len
= saved_unexp_len
;
3649 ret
= snprintf(newpath
, MAXPATHLEN
, "%s/%s/rootfs", lxcpath
, newname
);
3650 if (ret
< 0 || ret
>= MAXPATHLEN
) {
3651 SYSERROR("clone: failed making rootfs pathname");
3655 ret
= mkdir(newpath
, 0755);
3657 /* For an overlay container the rootfs is considered immutable
3658 * and will not have been removed when restoring from a
3661 if (errno
!= ENOENT
&&
3662 !(flags
& LXC_STORAGE_INTERNAL_OVERLAY_RESTORE
)) {
3663 SYSERROR("Failed to create directory \"%s\"", newpath
);
3668 if (am_guest_unpriv()) {
3669 if (chown_mapped_root(newpath
, c
->lxc_conf
) < 0) {
3670 ERROR("Error chowning %s to container root", newpath
);
3675 c2
= lxc_container_new(newname
, lxcpath
);
3677 ERROR("clone: failed to create new container (%s %s)", newname
,
3682 /* copy/snapshot rootfs's */
3683 ret
= copy_storage(c
, c2
, bdevtype
, flags
, bdevdata
, newsize
);
3688 /* update utsname */
3689 if (!(flags
& LXC_CLONE_KEEPNAME
)) {
3690 clear_unexp_config_line(c2
->lxc_conf
, "lxc.utsname", false);
3691 clear_unexp_config_line(c2
->lxc_conf
, "lxc.uts.name", false);
3693 if (!do_set_config_item_locked(c2
, "lxc.uts.name", newname
)) {
3694 ERROR("Error setting new hostname");
3700 ret
= copyhooks(c
, c2
);
3702 ERROR("error copying hooks");
3706 if (copy_fstab(c
, c2
) < 0) {
3707 ERROR("error copying fstab");
3711 /* update macaddrs */
3712 if (!(flags
& LXC_CLONE_KEEPMACADDR
)) {
3713 if (!network_new_hwaddrs(c2
->lxc_conf
)) {
3714 ERROR("Error updating mac addresses");
3719 /* Update absolute paths for overlay mount directories. */
3720 if (ovl_update_abs_paths(c2
->lxc_conf
, c
->config_path
, c
->name
, lxcpath
, newname
) < 0)
3723 /* We've now successfully created c2's storage, so clear it out if we
3728 if (!c2
->save_config(c2
, NULL
))
3731 if ((pid
= fork()) < 0) {
3736 ret
= wait_for_pid(pid
);
3739 container_mem_unlock(c
);
3745 data
.hookargs
= hookargs
;
3746 if (am_guest_unpriv())
3747 ret
= userns_exec_full(c
->lxc_conf
, clone_update_rootfs_wrapper
,
3748 &data
, "clone_update_rootfs_wrapper");
3750 ret
= clone_update_rootfs(&data
);
3752 _exit(EXIT_FAILURE
);
3754 container_mem_unlock(c
);
3755 _exit(EXIT_SUCCESS
);
3758 container_mem_unlock(c
);
3760 if (!storage_copied
)
3761 c2
->lxc_conf
->rootfs
.path
= NULL
;
3763 lxc_container_put(c2
);
3769 static struct lxc_container
*lxcapi_clone(struct lxc_container
*c
, const char *newname
,
3770 const char *lxcpath
, int flags
,
3771 const char *bdevtype
, const char *bdevdata
, uint64_t newsize
,
3774 struct lxc_container
* ret
;
3775 current_config
= c
? c
->lxc_conf
: NULL
;
3776 ret
= do_lxcapi_clone(c
, newname
, lxcpath
, flags
, bdevtype
, bdevdata
, newsize
, hookargs
);
3777 current_config
= NULL
;
3781 static bool do_lxcapi_rename(struct lxc_container
*c
, const char *newname
)
3783 struct lxc_storage
*bdev
;
3784 struct lxc_container
*newc
;
3786 if (!c
|| !c
->name
|| !c
->config_path
|| !c
->lxc_conf
)
3789 if (has_fs_snapshots(c
) || has_snapshots(c
)) {
3790 ERROR("Renaming a container with snapshots is not supported");
3793 bdev
= storage_init(c
->lxc_conf
);
3795 ERROR("Failed to find original backing store type");
3799 newc
= lxcapi_clone(c
, newname
, c
->config_path
, LXC_CLONE_KEEPMACADDR
, NULL
, bdev
->type
, 0, NULL
);
3802 lxc_container_put(newc
);
3806 if (newc
&& lxcapi_is_defined(newc
))
3807 lxc_container_put(newc
);
3809 if (!container_destroy(c
, NULL
)) {
3810 ERROR("Could not destroy existing container %s", c
->name
);
3816 WRAP_API_1(bool, lxcapi_rename
, const char *)
3818 static int lxcapi_attach(struct lxc_container
*c
, lxc_attach_exec_t exec_function
, void *exec_payload
, lxc_attach_options_t
*options
, pid_t
*attached_process
)
3825 current_config
= c
->lxc_conf
;
3827 ret
= lxc_attach(c
->name
, c
->config_path
, exec_function
, exec_payload
, options
, attached_process
);
3828 current_config
= NULL
;
3832 static int do_lxcapi_attach_run_wait(struct lxc_container
*c
, lxc_attach_options_t
*options
, const char *program
, const char * const argv
[])
3834 lxc_attach_command_t command
;
3841 command
.program
= (char*)program
;
3842 command
.argv
= (char**)argv
;
3843 r
= lxc_attach(c
->name
, c
->config_path
, lxc_attach_run_command
, &command
, options
, &pid
);
3848 return lxc_wait_for_pid_status(pid
);
3851 static int lxcapi_attach_run_wait(struct lxc_container
*c
, lxc_attach_options_t
*options
, const char *program
, const char * const argv
[])
3854 current_config
= c
? c
->lxc_conf
: NULL
;
3855 ret
= do_lxcapi_attach_run_wait(c
, options
, program
, argv
);
3856 current_config
= NULL
;
3860 static int get_next_index(const char *lxcpath
, char *cname
)
3866 fname
= alloca(strlen(lxcpath
) + 20);
3868 sprintf(fname
, "%s/snap%d", lxcpath
, i
);
3869 ret
= stat(fname
, &sb
);
3876 static bool get_snappath_dir(struct lxc_container
*c
, char *snappath
)
3880 * If the old style snapshot path exists, use it
3881 * /var/lib/lxc -> /var/lib/lxcsnaps
3883 ret
= snprintf(snappath
, MAXPATHLEN
, "%ssnaps", c
->config_path
);
3884 if (ret
< 0 || ret
>= MAXPATHLEN
)
3886 if (dir_exists(snappath
)) {
3887 ret
= snprintf(snappath
, MAXPATHLEN
, "%ssnaps/%s", c
->config_path
, c
->name
);
3888 if (ret
< 0 || ret
>= MAXPATHLEN
)
3894 * Use the new style path
3895 * /var/lib/lxc -> /var/lib/lxc + c->name + /snaps + \0
3897 ret
= snprintf(snappath
, MAXPATHLEN
, "%s/%s/snaps", c
->config_path
, c
->name
);
3898 if (ret
< 0 || ret
>= MAXPATHLEN
)
3903 static int do_lxcapi_snapshot(struct lxc_container
*c
, const char *commentfile
)
3906 struct lxc_container
*c2
;
3907 char snappath
[MAXPATHLEN
], newname
[20];
3909 if (!c
|| !lxcapi_is_defined(c
))
3912 if (!storage_can_backup(c
->lxc_conf
)) {
3913 ERROR("%s's backing store cannot be backed up.", c
->name
);
3914 ERROR("Your container must use another backing store type.");
3918 if (!get_snappath_dir(c
, snappath
))
3921 i
= get_next_index(snappath
, c
->name
);
3923 if (mkdir_p(snappath
, 0755) < 0) {
3924 ERROR("Failed to create snapshot directory %s", snappath
);
3928 ret
= snprintf(newname
, 20, "snap%d", i
);
3929 if (ret
< 0 || ret
>= 20)
3933 * We pass LXC_CLONE_SNAPSHOT to make sure that a rdepends file entry is
3934 * created in the original container
3936 flags
= LXC_CLONE_SNAPSHOT
| LXC_CLONE_KEEPMACADDR
| LXC_CLONE_KEEPNAME
|
3937 LXC_CLONE_KEEPBDEVTYPE
| LXC_CLONE_MAYBE_SNAPSHOT
;
3938 if (storage_is_dir(c
->lxc_conf
)) {
3939 ERROR("Snapshot of directory-backed container requested.");
3940 ERROR("Making a copy-clone. If you do want snapshots, then");
3941 ERROR("please create overlay clone first, snapshot that");
3942 ERROR("and keep the original container pristine.");
3943 flags
&= ~LXC_CLONE_SNAPSHOT
| LXC_CLONE_MAYBE_SNAPSHOT
;
3945 c2
= do_lxcapi_clone(c
, newname
, snappath
, flags
, NULL
, NULL
, 0, NULL
);
3947 ERROR("clone of %s:%s failed", c
->config_path
, c
->name
);
3951 lxc_container_put(c2
);
3953 /* Now write down the creation time. */
3960 tm_info
= localtime(&timer
);
3962 strftime(buffer
, 25, "%Y:%m:%d %H:%M:%S", tm_info
);
3964 char *dfnam
= alloca(strlen(snappath
) + strlen(newname
) + 5);
3965 sprintf(dfnam
, "%s/%s/ts", snappath
, newname
);
3966 f
= fopen(dfnam
, "w");
3968 ERROR("Failed to open %s", dfnam
);
3971 if (fprintf(f
, "%s", buffer
) < 0) {
3972 SYSERROR("Writing timestamp");
3978 SYSERROR("Writing timestamp");
3983 /* $p / $name / comment \0 */
3984 int len
= strlen(snappath
) + strlen(newname
) + 10;
3985 char *path
= alloca(len
);
3986 sprintf(path
, "%s/%s/comment", snappath
, newname
);
3987 return copy_file(commentfile
, path
) < 0 ? -1 : i
;
3993 WRAP_API_1(int, lxcapi_snapshot
, const char *)
3995 static void lxcsnap_free(struct lxc_snapshot
*s
)
3998 free(s
->comment_pathname
);
4003 static char *get_snapcomment_path(char* snappath
, char *name
)
4005 /* $snappath/$name/comment */
4006 int ret
, len
= strlen(snappath
) + strlen(name
) + 10;
4007 char *s
= malloc(len
);
4010 ret
= snprintf(s
, len
, "%s/%s/comment", snappath
, name
);
4011 if (ret
< 0 || ret
>= len
) {
4019 static char *get_timestamp(char* snappath
, char *name
)
4021 char path
[MAXPATHLEN
], *s
= NULL
;
4025 ret
= snprintf(path
, MAXPATHLEN
, "%s/%s/ts", snappath
, name
);
4026 if (ret
< 0 || ret
>= MAXPATHLEN
)
4028 fin
= fopen(path
, "r");
4031 (void) fseek(fin
, 0, SEEK_END
);
4033 (void) fseek(fin
, 0, SEEK_SET
);
4038 if (fread(s
, 1, len
, fin
) != len
) {
4039 SYSERROR("reading timestamp");
4049 static int do_lxcapi_snapshot_list(struct lxc_container
*c
, struct lxc_snapshot
**ret_snaps
)
4051 char snappath
[MAXPATHLEN
], path2
[MAXPATHLEN
];
4053 struct dirent
*direntp
;
4054 struct lxc_snapshot
*snaps
=NULL
, *nsnaps
;
4057 if (!c
|| !lxcapi_is_defined(c
))
4060 if (!get_snappath_dir(c
, snappath
)) {
4061 ERROR("path name too long");
4064 dir
= opendir(snappath
);
4066 INFO("failed to open %s - assuming no snapshots", snappath
);
4070 while ((direntp
= readdir(dir
))) {
4074 if (!strcmp(direntp
->d_name
, "."))
4077 if (!strcmp(direntp
->d_name
, ".."))
4080 ret
= snprintf(path2
, MAXPATHLEN
, "%s/%s/config", snappath
, direntp
->d_name
);
4081 if (ret
< 0 || ret
>= MAXPATHLEN
) {
4082 ERROR("pathname too long");
4085 if (!file_exists(path2
))
4087 nsnaps
= realloc(snaps
, (count
+ 1)*sizeof(*snaps
));
4089 SYSERROR("Out of memory");
4093 snaps
[count
].free
= lxcsnap_free
;
4094 snaps
[count
].name
= strdup(direntp
->d_name
);
4095 if (!snaps
[count
].name
)
4097 snaps
[count
].lxcpath
= strdup(snappath
);
4098 if (!snaps
[count
].lxcpath
) {
4099 free(snaps
[count
].name
);
4102 snaps
[count
].comment_pathname
= get_snapcomment_path(snappath
, direntp
->d_name
);
4103 snaps
[count
].timestamp
= get_timestamp(snappath
, direntp
->d_name
);
4108 WARN("failed to close directory");
4116 for (i
=0; i
<count
; i
++)
4117 lxcsnap_free(&snaps
[i
]);
4121 WARN("failed to close directory");
4125 WRAP_API_1(int, lxcapi_snapshot_list
, struct lxc_snapshot
**)
4127 static bool do_lxcapi_snapshot_restore(struct lxc_container
*c
, const char *snapname
, const char *newname
)
4129 char clonelxcpath
[MAXPATHLEN
];
4131 struct lxc_container
*snap
, *rest
;
4132 struct lxc_storage
*bdev
;
4135 if (!c
|| !c
->name
|| !c
->config_path
)
4138 if (has_fs_snapshots(c
)) {
4139 ERROR("container rootfs has dependent snapshots");
4143 bdev
= storage_init(c
->lxc_conf
);
4145 ERROR("Failed to find original backing store type");
4149 /* For an overlay container the rootfs is considered immutable
4150 * and cannot be removed when restoring from a snapshot. We pass this
4151 * internal flag along to communicate this to various parts of the
4154 if (!strcmp(bdev
->type
, "overlay") || !strcmp(bdev
->type
, "overlayfs"))
4155 bdev
->flags
|= LXC_STORAGE_INTERNAL_OVERLAY_RESTORE
;
4160 if (!get_snappath_dir(c
, clonelxcpath
)) {
4164 /* how should we lock this? */
4166 snap
= lxc_container_new(snapname
, clonelxcpath
);
4167 if (!snap
|| !lxcapi_is_defined(snap
)) {
4168 ERROR("Could not open snapshot %s", snapname
);
4170 lxc_container_put(snap
);
4175 if (!strcmp(c
->name
, newname
)) {
4176 if (!container_destroy(c
, bdev
)) {
4177 ERROR("Could not destroy existing container %s", newname
);
4178 lxc_container_put(snap
);
4184 if (strcmp(bdev
->type
, "dir") != 0 && strcmp(bdev
->type
, "loop") != 0)
4185 flags
= LXC_CLONE_SNAPSHOT
| LXC_CLONE_MAYBE_SNAPSHOT
;
4187 if (!strcmp(bdev
->type
, "overlay") || !strcmp(bdev
->type
, "overlayfs"))
4188 flags
|= LXC_STORAGE_INTERNAL_OVERLAY_RESTORE
;
4189 rest
= lxcapi_clone(snap
, newname
, c
->config_path
, flags
, bdev
->type
,
4192 if (rest
&& lxcapi_is_defined(rest
))
4195 lxc_container_put(rest
);
4197 lxc_container_put(snap
);
4201 WRAP_API_2(bool, lxcapi_snapshot_restore
, const char *, const char *)
4203 static bool do_snapshot_destroy(const char *snapname
, const char *clonelxcpath
)
4205 struct lxc_container
*snap
= NULL
;
4208 snap
= lxc_container_new(snapname
, clonelxcpath
);
4210 ERROR("Could not find snapshot %s", snapname
);
4214 if (!do_lxcapi_destroy(snap
)) {
4215 ERROR("Could not destroy snapshot %s", snapname
);
4222 lxc_container_put(snap
);
4226 static bool remove_all_snapshots(const char *path
)
4229 struct dirent
*direntp
;
4232 dir
= opendir(path
);
4234 SYSERROR("opendir on snapshot path %s", path
);
4237 while ((direntp
= readdir(dir
))) {
4238 if (!strcmp(direntp
->d_name
, "."))
4240 if (!strcmp(direntp
->d_name
, ".."))
4242 if (!do_snapshot_destroy(direntp
->d_name
, path
)) {
4251 SYSERROR("Error removing directory %s", path
);
4256 static bool do_lxcapi_snapshot_destroy(struct lxc_container
*c
, const char *snapname
)
4258 char clonelxcpath
[MAXPATHLEN
];
4260 if (!c
|| !c
->name
|| !c
->config_path
|| !snapname
)
4263 if (!get_snappath_dir(c
, clonelxcpath
))
4266 return do_snapshot_destroy(snapname
, clonelxcpath
);
4269 WRAP_API_1(bool, lxcapi_snapshot_destroy
, const char *)
4271 static bool do_lxcapi_snapshot_destroy_all(struct lxc_container
*c
)
4273 char clonelxcpath
[MAXPATHLEN
];
4275 if (!c
|| !c
->name
|| !c
->config_path
)
4278 if (!get_snappath_dir(c
, clonelxcpath
))
4281 return remove_all_snapshots(clonelxcpath
);
4284 WRAP_API(bool, lxcapi_snapshot_destroy_all
)
4286 static bool do_lxcapi_may_control(struct lxc_container
*c
)
4288 return lxc_try_cmd(c
->name
, c
->config_path
) == 0;
4291 WRAP_API(bool, lxcapi_may_control
)
4293 static bool do_add_remove_node(pid_t init_pid
, const char *path
, bool add
,
4299 char chrootpath
[MAXPATHLEN
];
4300 char *directory_path
= NULL
;
4304 SYSERROR("Failed to fork()");
4309 ret
= wait_for_pid(pid
);
4311 ERROR("Failed to create device node");
4318 /* prepare the path */
4319 ret
= snprintf(chrootpath
, MAXPATHLEN
, "/proc/%d/root", init_pid
);
4320 if (ret
< 0 || ret
>= MAXPATHLEN
)
4323 ret
= chroot(chrootpath
);
4325 _exit(EXIT_FAILURE
);
4329 _exit(EXIT_FAILURE
);
4331 /* remove path if it exists */
4332 ret
= faccessat(AT_FDCWD
, path
, F_OK
, AT_SYMLINK_NOFOLLOW
);
4336 ERROR("%s - Failed to remove \"%s\"", strerror(errno
), path
);
4337 _exit(EXIT_FAILURE
);
4342 _exit(EXIT_SUCCESS
);
4344 /* create any missing directories */
4347 _exit(EXIT_FAILURE
);
4349 directory_path
= dirname(tmp
);
4350 ret
= mkdir_p(directory_path
, 0755);
4351 if (ret
< 0 && errno
!= EEXIST
) {
4352 ERROR("%s - Failed to create path \"%s\"", strerror(errno
), directory_path
);
4354 _exit(EXIT_FAILURE
);
4357 /* create the device node */
4358 ret
= mknod(path
, st
->st_mode
, st
->st_rdev
);
4361 ERROR("%s - Failed to create device node at \"%s\"", strerror(errno
), path
);
4362 _exit(EXIT_FAILURE
);
4365 _exit(EXIT_SUCCESS
);
4368 static bool add_remove_device_node(struct lxc_container
*c
, const char *src_path
, const char *dest_path
, bool add
)
4372 char value
[LXC_MAX_BUFFER
];
4375 /* make sure container is running */
4376 if (!do_lxcapi_is_running(c
)) {
4377 ERROR("container is not running");
4381 /* use src_path if dest_path is NULL otherwise use dest_path */
4382 p
= dest_path
? dest_path
: src_path
;
4384 /* make sure we can access p */
4385 if(access(p
, F_OK
) < 0 || stat(p
, &st
) < 0)
4388 /* continue if path is character device or block device */
4389 if (S_ISCHR(st
.st_mode
))
4390 ret
= snprintf(value
, LXC_MAX_BUFFER
, "c %d:%d rwm", major(st
.st_rdev
), minor(st
.st_rdev
));
4391 else if (S_ISBLK(st
.st_mode
))
4392 ret
= snprintf(value
, LXC_MAX_BUFFER
, "b %d:%d rwm", major(st
.st_rdev
), minor(st
.st_rdev
));
4396 /* check snprintf return code */
4397 if (ret
< 0 || ret
>= LXC_MAX_BUFFER
)
4400 if (!do_add_remove_node(do_lxcapi_init_pid(c
), p
, add
, &st
))
4403 /* add or remove device to/from cgroup access list */
4405 if (!do_lxcapi_set_cgroup_item(c
, "devices.allow", value
)) {
4406 ERROR("set_cgroup_item failed while adding the device node");
4410 if (!do_lxcapi_set_cgroup_item(c
, "devices.deny", value
)) {
4411 ERROR("set_cgroup_item failed while removing the device node");
4419 static bool do_lxcapi_add_device_node(struct lxc_container
*c
, const char *src_path
, const char *dest_path
)
4421 // cannot mknod if we're not privileged wrt init_user_ns
4422 if (am_host_unpriv()) {
4423 ERROR(LXC_UNPRIV_EOPNOTSUPP
, __FUNCTION__
);
4426 return add_remove_device_node(c
, src_path
, dest_path
, true);
4429 WRAP_API_2(bool, lxcapi_add_device_node
, const char *, const char *)
4431 static bool do_lxcapi_remove_device_node(struct lxc_container
*c
, const char *src_path
, const char *dest_path
)
4433 if (am_guest_unpriv()) {
4434 ERROR(LXC_UNPRIV_EOPNOTSUPP
, __FUNCTION__
);
4437 return add_remove_device_node(c
, src_path
, dest_path
, false);
4440 WRAP_API_2(bool, lxcapi_remove_device_node
, const char *, const char *)
4442 static bool do_lxcapi_attach_interface(struct lxc_container
*c
,
4444 const char *dst_ifname
)
4449 if (am_guest_unpriv()) {
4450 ERROR(LXC_UNPRIV_EOPNOTSUPP
, __FUNCTION__
);
4455 ERROR("No source interface name given");
4459 ret
= lxc_netdev_isup(ifname
);
4461 /* netdev of ifname is up. */
4462 ret
= lxc_netdev_down(ifname
);
4467 init_pid
= do_lxcapi_init_pid(c
);
4468 ret
= lxc_netdev_move_by_name(ifname
, init_pid
, dst_ifname
);
4472 INFO("Moved network device \"%s\" to network namespace of %d", ifname
, init_pid
);
4479 WRAP_API_2(bool, lxcapi_attach_interface
, const char *, const char *)
4481 static bool do_lxcapi_detach_interface(struct lxc_container
*c
,
4483 const char *dst_ifname
)
4486 pid_t pid
, pid_outside
;
4489 * TODO - if this is a physical device, then we need am_host_unpriv.
4490 * But for other types guest privilege suffices.
4492 if (am_guest_unpriv()) {
4493 ERROR(LXC_UNPRIV_EOPNOTSUPP
, __FUNCTION__
);
4498 ERROR("No source interface name given");
4502 pid_outside
= lxc_raw_getpid();
4505 ERROR("Failed to fork");
4509 if (pid
== 0) { /* child */
4512 init_pid
= do_lxcapi_init_pid(c
);
4513 if (!switch_to_ns(init_pid
, "net")) {
4514 ERROR("Failed to enter network namespace");
4515 _exit(EXIT_FAILURE
);
4518 ret
= lxc_netdev_isup(ifname
);
4520 ERROR("Failed to determine whether network device \"%s\" is up", ifname
);
4521 _exit(EXIT_FAILURE
);
4524 /* netdev of ifname is up. */
4526 ret
= lxc_netdev_down(ifname
);
4528 ERROR("Failed to set network device \"%s\" down", ifname
);
4529 _exit(EXIT_FAILURE
);
4533 ret
= lxc_netdev_move_by_name(ifname
, pid_outside
, dst_ifname
);
4534 /* -EINVAL means there is no netdev named as ifname. */
4537 ERROR("Network device \"%s\" not found", ifname
);
4539 ERROR("Failed to remove network device \"%s\"", ifname
);
4540 _exit(EXIT_FAILURE
);
4543 _exit(EXIT_SUCCESS
);
4546 ret
= wait_for_pid(pid
);
4550 INFO("Moved network device \"%s\" to network namespace of %d", ifname
, pid_outside
);
4554 WRAP_API_2(bool, lxcapi_detach_interface
, const char *, const char *)
4556 static int do_lxcapi_migrate(struct lxc_container
*c
, unsigned int cmd
,
4557 struct migrate_opts
*opts
, unsigned int size
)
4560 struct migrate_opts
*valid_opts
= opts
;
4561 uint64_t features_to_check
= 0;
4563 /* If the caller has a bigger (newer) struct migrate_opts, let's make
4564 * sure that the stuff on the end is zero, i.e. that they didn't ask us
4565 * to do anything special.
4567 if (size
> sizeof(*opts
)) {
4568 unsigned char *addr
;
4571 addr
= (void *)opts
+ sizeof(*opts
);
4572 end
= (void *)opts
+ size
;
4573 for (; addr
< end
; addr
++) {
4580 /* If the caller has a smaller struct, let's zero out the end for them
4581 * so we don't accidentally use bits of it that they didn't know about
4584 if (size
< sizeof(*opts
)) {
4585 valid_opts
= malloc(sizeof(*opts
));
4589 memset(valid_opts
, 0, sizeof(*opts
));
4590 memcpy(valid_opts
, opts
, size
);
4594 case MIGRATE_PRE_DUMP
:
4595 if (!do_lxcapi_is_running(c
)) {
4596 ERROR("container is not running");
4599 ret
= !__criu_pre_dump(c
, valid_opts
);
4602 if (!do_lxcapi_is_running(c
)) {
4603 ERROR("container is not running");
4606 ret
= !__criu_dump(c
, valid_opts
);
4608 case MIGRATE_RESTORE
:
4609 if (do_lxcapi_is_running(c
)) {
4610 ERROR("container is already running");
4613 ret
= !__criu_restore(c
, valid_opts
);
4615 case MIGRATE_FEATURE_CHECK
:
4616 features_to_check
= valid_opts
->features_to_check
;
4617 ret
= !__criu_check_feature(&features_to_check
);
4619 /* Something went wrong. Let's let the caller
4620 * know which feature checks failed. */
4621 valid_opts
->features_to_check
= features_to_check
;
4625 ERROR("invalid migrate command %u", cmd
);
4630 if (size
< sizeof(*opts
))
4636 WRAP_API_3(int, lxcapi_migrate
, unsigned int, struct migrate_opts
*, unsigned int)
4638 static bool do_lxcapi_checkpoint(struct lxc_container
*c
, char *directory
, bool stop
, bool verbose
)
4640 struct migrate_opts opts
;
4642 memset(&opts
, 0, sizeof(opts
));
4644 opts
.directory
= directory
;
4646 opts
.verbose
= verbose
;
4648 return !do_lxcapi_migrate(c
, MIGRATE_DUMP
, &opts
, sizeof(opts
));
4651 WRAP_API_3(bool, lxcapi_checkpoint
, char *, bool, bool)
4653 static bool do_lxcapi_restore(struct lxc_container
*c
, char *directory
, bool verbose
)
4655 struct migrate_opts opts
;
4657 memset(&opts
, 0, sizeof(opts
));
4659 opts
.directory
= directory
;
4660 opts
.verbose
= verbose
;
4662 return !do_lxcapi_migrate(c
, MIGRATE_RESTORE
, &opts
, sizeof(opts
));
4665 WRAP_API_2(bool, lxcapi_restore
, char *, bool)
4667 static int lxcapi_attach_run_waitl(struct lxc_container
*c
, lxc_attach_options_t
*options
, const char *program
, const char *arg
, ...)
4676 current_config
= c
->lxc_conf
;
4679 argv
= lxc_va_arg_list_to_argv_const(ap
, 1);
4683 ERROR("Memory allocation error.");
4689 ret
= do_lxcapi_attach_run_wait(c
, options
, program
, (const char * const *)argv
);
4692 current_config
= NULL
;
4696 struct lxc_container
*lxc_container_new(const char *name
, const char *configpath
)
4698 struct lxc_container
*c
;
4703 c
= malloc(sizeof(*c
));
4705 fprintf(stderr
, "Failed to allocate memory for %s\n", name
);
4708 memset(c
, 0, sizeof(*c
));
4711 c
->config_path
= strdup(configpath
);
4713 c
->config_path
= strdup(lxc_global_config_value("lxc.lxcpath"));
4715 if (!c
->config_path
) {
4716 fprintf(stderr
, "Failed to allocate memory for %s\n", name
);
4720 remove_trailing_slashes(c
->config_path
);
4721 c
->name
= malloc(strlen(name
)+1);
4723 fprintf(stderr
, "Failed to allocate memory for %s\n", name
);
4726 strcpy(c
->name
, name
);
4729 c
->slock
= lxc_newlock(c
->config_path
, name
);
4731 fprintf(stderr
, "Failed to create lock for %s\n", name
);
4735 c
->privlock
= lxc_newlock(NULL
, NULL
);
4737 fprintf(stderr
, "Failed to create private lock for %s\n", name
);
4741 if (!set_config_filename(c
)) {
4742 fprintf(stderr
, "Failed to create config file name for %s\n", name
);
4746 if (file_exists(c
->configfile
) && !lxcapi_load_config(c
, NULL
)) {
4747 fprintf(stderr
, "Failed to load config for %s\n", name
);
4751 if (ongoing_create(c
) == 2) {
4752 ERROR("Failed to complete container creation for %s", c
->name
);
4753 container_destroy(c
, NULL
);
4754 lxcapi_clear_config(c
);
4756 c
->daemonize
= true;
4759 /* Assign the member functions. */
4760 c
->is_defined
= lxcapi_is_defined
;
4761 c
->state
= lxcapi_state
;
4762 c
->is_running
= lxcapi_is_running
;
4763 c
->freeze
= lxcapi_freeze
;
4764 c
->unfreeze
= lxcapi_unfreeze
;
4765 c
->console
= lxcapi_console
;
4766 c
->console_getfd
= lxcapi_console_getfd
;
4767 c
->init_pid
= lxcapi_init_pid
;
4768 c
->load_config
= lxcapi_load_config
;
4769 c
->want_daemonize
= lxcapi_want_daemonize
;
4770 c
->want_close_all_fds
= lxcapi_want_close_all_fds
;
4771 c
->start
= lxcapi_start
;
4772 c
->startl
= lxcapi_startl
;
4773 c
->stop
= lxcapi_stop
;
4774 c
->config_file_name
= lxcapi_config_file_name
;
4775 c
->wait
= lxcapi_wait
;
4776 c
->set_config_item
= lxcapi_set_config_item
;
4777 c
->destroy
= lxcapi_destroy
;
4778 c
->destroy_with_snapshots
= lxcapi_destroy_with_snapshots
;
4779 c
->rename
= lxcapi_rename
;
4780 c
->save_config
= lxcapi_save_config
;
4781 c
->get_keys
= lxcapi_get_keys
;
4782 c
->create
= lxcapi_create
;
4783 c
->createl
= lxcapi_createl
;
4784 c
->shutdown
= lxcapi_shutdown
;
4785 c
->reboot
= lxcapi_reboot
;
4786 c
->reboot2
= lxcapi_reboot2
;
4787 c
->clear_config
= lxcapi_clear_config
;
4788 c
->clear_config_item
= lxcapi_clear_config_item
;
4789 c
->get_config_item
= lxcapi_get_config_item
;
4790 c
->get_running_config_item
= lxcapi_get_running_config_item
;
4791 c
->get_cgroup_item
= lxcapi_get_cgroup_item
;
4792 c
->set_cgroup_item
= lxcapi_set_cgroup_item
;
4793 c
->get_config_path
= lxcapi_get_config_path
;
4794 c
->set_config_path
= lxcapi_set_config_path
;
4795 c
->clone
= lxcapi_clone
;
4796 c
->get_interfaces
= lxcapi_get_interfaces
;
4797 c
->get_ips
= lxcapi_get_ips
;
4798 c
->attach
= lxcapi_attach
;
4799 c
->attach_run_wait
= lxcapi_attach_run_wait
;
4800 c
->attach_run_waitl
= lxcapi_attach_run_waitl
;
4801 c
->snapshot
= lxcapi_snapshot
;
4802 c
->snapshot_list
= lxcapi_snapshot_list
;
4803 c
->snapshot_restore
= lxcapi_snapshot_restore
;
4804 c
->snapshot_destroy
= lxcapi_snapshot_destroy
;
4805 c
->snapshot_destroy_all
= lxcapi_snapshot_destroy_all
;
4806 c
->may_control
= lxcapi_may_control
;
4807 c
->add_device_node
= lxcapi_add_device_node
;
4808 c
->remove_device_node
= lxcapi_remove_device_node
;
4809 c
->attach_interface
= lxcapi_attach_interface
;
4810 c
->detach_interface
= lxcapi_detach_interface
;
4811 c
->checkpoint
= lxcapi_checkpoint
;
4812 c
->restore
= lxcapi_restore
;
4813 c
->migrate
= lxcapi_migrate
;
4814 c
->console_log
= lxcapi_console_log
;
4819 lxc_container_free(c
);
4823 int lxc_get_wait_states(const char **states
)
4828 for (i
=0; i
<MAX_STATE
; i
++)
4829 states
[i
] = lxc_state2str(i
);
4834 * These next two could probably be done smarter with reusing a common function
4835 * with different iterators and tests...
4837 int list_defined_containers(const char *lxcpath
, char ***names
, struct lxc_container
***cret
)
4840 int i
, cfound
= 0, nfound
= 0;
4841 struct dirent
*direntp
;
4842 struct lxc_container
*c
;
4845 lxcpath
= lxc_global_config_value("lxc.lxcpath");
4847 dir
= opendir(lxcpath
);
4849 SYSERROR("opendir on lxcpath");
4858 while ((direntp
= readdir(dir
))) {
4862 /* Ignore '.', '..' and any hidden directory. */
4863 if (!strncmp(direntp
->d_name
, ".", 1))
4866 if (!config_file_exists(lxcpath
, direntp
->d_name
))
4870 if (!add_to_array(names
, direntp
->d_name
, cfound
))
4880 c
= lxc_container_new(direntp
->d_name
, lxcpath
);
4882 INFO("Container %s:%s has a config but could not be loaded",
4883 lxcpath
, direntp
->d_name
);
4885 if(!remove_from_array(names
, direntp
->d_name
, cfound
--))
4889 if (!do_lxcapi_is_defined(c
)) {
4890 INFO("Container %s:%s has a config but is not defined",
4891 lxcpath
, direntp
->d_name
);
4893 if(!remove_from_array(names
, direntp
->d_name
, cfound
--))
4895 lxc_container_put(c
);
4899 if (!add_to_clist(cret
, c
, nfound
, true)) {
4900 lxc_container_put(c
);
4910 if (names
&& *names
) {
4911 for (i
=0; i
<cfound
; i
++)
4915 if (cret
&& *cret
) {
4916 for (i
=0; i
<nfound
; i
++)
4917 lxc_container_put((*cret
)[i
]);
4924 int list_active_containers(const char *lxcpath
, char ***nret
,
4925 struct lxc_container
***cret
)
4927 int i
, ret
= -1, cret_cnt
= 0, ct_name_cnt
= 0;
4930 char **ct_name
= NULL
;
4932 struct lxc_container
*c
= NULL
;
4936 lxcpath
= lxc_global_config_value("lxc.lxcpath");
4937 lxcpath_len
= strlen(lxcpath
);
4944 FILE *f
= fopen("/proc/net/unix", "r");
4948 while (getline(&line
, &len
, f
) != -1) {
4950 char *p
= strrchr(line
, ' '), *p2
;
4959 if (strncmp(p
, lxcpath
, lxcpath_len
) == 0) {
4961 } else if (strncmp(p
, "lxc/", 4) == 0) {
4971 /* Now p is the start of lxc_name. */
4972 p2
= strchr(p
, '/');
4973 if (!p2
|| strncmp(p2
, "/command", 8) != 0)
4978 char *recvpath
= lxc_cmd_get_lxcpath(p
);
4981 if (strncmp(lxcpath
, recvpath
, lxcpath_len
) != 0) {
4986 p
= lxc_cmd_get_name(p
);
4991 if (array_contains(&ct_name
, p
, ct_name_cnt
)) {
4997 if (!add_to_array(&ct_name
, p
, ct_name_cnt
)) {
5000 goto free_cret_list
;
5011 c
= lxc_container_new(p
, lxcpath
);
5013 INFO("Container %s:%s is running but could not be loaded",
5015 remove_from_array(&ct_name
, p
, ct_name_cnt
--);
5025 * If this is an anonymous container, then is_defined *can*
5026 * return false. So we don't do that check. Count on the
5027 * fact that the command socket exists.
5030 if (!add_to_clist(cret
, c
, cret_cnt
, true)) {
5031 lxc_container_put(c
);
5032 goto free_cret_list
;
5037 if (nret
&& cret
&& cret_cnt
!= ct_name_cnt
) {
5039 lxc_container_put(c
);
5040 goto free_cret_list
;
5051 if (cret
&& *cret
) {
5052 for (i
= 0; i
< cret_cnt
; i
++)
5053 lxc_container_put((*cret
)[i
]);
5059 for (i
= 0; i
< ct_name_cnt
; i
++)
5071 int list_all_containers(const char *lxcpath
, char ***nret
,
5072 struct lxc_container
***cret
)
5074 int i
, ret
, active_cnt
, ct_cnt
, ct_list_cnt
;
5077 struct lxc_container
**ct_list
= NULL
;
5079 ct_cnt
= list_defined_containers(lxcpath
, &ct_name
, NULL
);
5083 active_cnt
= list_active_containers(lxcpath
, &active_name
, NULL
);
5084 if (active_cnt
< 0) {
5089 for (i
= 0; i
< active_cnt
; i
++) {
5090 if (!array_contains(&ct_name
, active_name
[i
], ct_cnt
)) {
5091 if (!add_to_array(&ct_name
, active_name
[i
], ct_cnt
)) {
5093 goto free_active_name
;
5097 free(active_name
[i
]);
5098 active_name
[i
] = NULL
;
5104 for (i
= 0, ct_list_cnt
= 0; i
< ct_cnt
&& cret
; i
++) {
5105 struct lxc_container
*c
;
5107 c
= lxc_container_new(ct_name
[i
], lxcpath
);
5109 WARN("Container %s:%s could not be loaded", lxcpath
, ct_name
[i
]);
5110 remove_from_array(&ct_name
, ct_name
[i
], ct_cnt
--);
5114 if (!add_to_clist(&ct_list
, c
, ct_list_cnt
, false)) {
5115 lxc_container_put(c
);
5134 for (i
= 0; i
< ct_list_cnt
; i
++) {
5135 lxc_container_put(ct_list
[i
]);
5140 for (i
= 0; i
< active_cnt
; i
++) {
5141 free(active_name
[i
]);
5146 for (i
= 0; i
< ct_cnt
; i
++) {
5153 bool lxc_config_item_is_supported(const char *key
)
5155 return !!lxc_get_config(key
);