]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/monitor.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
pam_cgfs: remove dependency from cap & log
[mirror_lxc.git] / src / lxc / monitor.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 * Dwight Engen <dwight.engen@oracle.com>
9 *
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2.1 of the License, or (at your option) any later version.
14 *
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
19 *
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23 */
24
25 #ifndef _GNU_SOURCE
26 #define _GNU_SOURCE 1
27 #endif
28 #include <errno.h>
29 #include <fcntl.h>
30 #include <inttypes.h>
31 #include <net/if.h>
32 #include <netinet/in.h>
33 #include <poll.h>
34 #include <stddef.h>
35 #include <stdint.h>
36 #include <stdio.h>
37 #include <stdlib.h>
38 #include <string.h>
39 #include <sys/param.h>
40 #include <sys/socket.h>
41 #include <sys/stat.h>
42 #include <sys/types.h>
43 #include <sys/wait.h>
44 #include <unistd.h>
45
46 #include "af_unix.h"
47 #include "config.h"
48 #include "error.h"
49 #include "log.h"
50 #include "lxclock.h"
51 #include "macro.h"
52 #include "monitor.h"
53 #include "state.h"
54 #include "utils.h"
55
56 #ifndef HAVE_STRLCPY
57 #include "include/strlcpy.h"
58 #endif
59
60 lxc_log_define(monitor, lxc);
61
62 /* routines used by monitor publishers (containers) */
63 int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path, size_t fifo_path_sz,
64 int do_mkdirp)
65 {
66 int ret;
67 char *rundir;
68
69 rundir = get_rundir();
70 if (!rundir)
71 return -1;
72
73 if (do_mkdirp) {
74 ret = snprintf(fifo_path, fifo_path_sz, "%s/lxc/%s", rundir, lxcpath);
75 if (ret < 0 || (size_t)ret >= fifo_path_sz) {
76 ERROR("rundir/lxcpath (%s/%s) too long for monitor fifo", rundir, lxcpath);
77 free(rundir);
78 return -1;
79 }
80 ret = mkdir_p(fifo_path, 0755);
81 if (ret < 0) {
82 ERROR("Unable to create monitor fifo directory %s", fifo_path);
83 free(rundir);
84 return ret;
85 }
86 }
87 ret = snprintf(fifo_path, fifo_path_sz, "%s/lxc/%s/monitor-fifo", rundir, lxcpath);
88 if (ret < 0 || (size_t)ret >= fifo_path_sz) {
89 ERROR("rundir/lxcpath (%s/%s) too long for monitor fifo", rundir, lxcpath);
90 free(rundir);
91 return -1;
92 }
93 free(rundir);
94 return 0;
95 }
96
97 static void lxc_monitor_fifo_send(struct lxc_msg *msg, const char *lxcpath)
98 {
99 int fd,ret;
100 char fifo_path[PATH_MAX];
101
102 BUILD_BUG_ON(sizeof(*msg) > PIPE_BUF); /* write not guaranteed atomic */
103
104 ret = lxc_monitor_fifo_name(lxcpath, fifo_path, sizeof(fifo_path), 0);
105 if (ret < 0)
106 return;
107
108 /* Open the fifo nonblock in case the monitor is dead, we don't want the
109 * open to wait for a reader since it may never come.
110 */
111 fd = open(fifo_path, O_WRONLY | O_NONBLOCK);
112 if (fd < 0) {
113 /* It is normal for this open() to fail with ENXIO when there is
114 * no monitor running, so we don't log it.
115 */
116 if (errno == ENXIO || errno == ENOENT)
117 return;
118
119 SYSWARN("Failed to open fifo to send message");
120 return;
121 }
122
123 if (fcntl(fd, F_SETFL, O_WRONLY) < 0) {
124 close(fd);
125 return;
126 }
127
128 ret = lxc_write_nointr(fd, msg, sizeof(*msg));
129 if (ret != sizeof(*msg)) {
130 close(fd);
131 SYSERROR("Failed to write to monitor fifo \"%s\"", fifo_path);
132 return;
133 }
134
135 close(fd);
136 }
137
138 void lxc_monitor_send_state(const char *name, lxc_state_t state,
139 const char *lxcpath)
140 {
141 struct lxc_msg msg = {.type = lxc_msg_state, .value = state};
142
143 (void)strlcpy(msg.name, name, sizeof(msg.name));
144 lxc_monitor_fifo_send(&msg, lxcpath);
145 }
146
147 void lxc_monitor_send_exit_code(const char *name, int exit_code,
148 const char *lxcpath)
149 {
150 struct lxc_msg msg = {.type = lxc_msg_exit_code, .value = exit_code};
151
152 (void)strlcpy(msg.name, name, sizeof(msg.name));
153 lxc_monitor_fifo_send(&msg, lxcpath);
154 }
155
156 /* routines used by monitor subscribers (lxc-monitor) */
157 int lxc_monitor_close(int fd)
158 {
159 return close(fd);
160 }
161
162 /* Enforces \0-termination for the abstract unix socket. This is not required
163 * but allows us to print it out.
164 *
165 * Older version of liblxc only allowed for 105 bytes to be used for the
166 * abstract unix domain socket name because the code for our abstract unix
167 * socket handling performed invalid checks. Since we \0-terminate we could now
168 * have a maximum of 106 chars. But to not break backwards compatibility we keep
169 * the limit at 105.
170 */
171 int lxc_monitor_sock_name(const char *lxcpath, struct sockaddr_un *addr)
172 {
173 size_t len;
174 int ret;
175 char *path;
176 uint64_t hash;
177
178 /* addr.sun_path is only 108 bytes, so we hash the full name and
179 * then append as much of the name as we can fit.
180 */
181 memset(addr, 0, sizeof(*addr));
182 addr->sun_family = AF_UNIX;
183
184 /* strlen("lxc/") + strlen("/monitor-sock") + 1 = 18 */
185 len = strlen(lxcpath) + 18;
186 path = alloca(len);
187 ret = snprintf(path, len, "lxc/%s/monitor-sock", lxcpath);
188 if (ret < 0 || (size_t)ret >= len) {
189 ERROR("Failed to create name for monitor socket");
190 return -1;
191 }
192
193 /* Note: snprintf() will \0-terminate addr->sun_path on the 106th byte
194 * and so the abstract socket name has 105 "meaningful" characters. This
195 * is absolutely intentional. For further info read the comment for this
196 * function above!
197 */
198 len = sizeof(addr->sun_path) - 1;
199 hash = fnv_64a_buf(path, ret, FNV1A_64_INIT);
200 ret = snprintf(addr->sun_path, len, "@lxc/%016" PRIx64 "/%s", hash, lxcpath);
201 if (ret < 0) {
202 ERROR("Failed to create hashed name for monitor socket");
203 goto on_error;
204 } else if ((size_t)ret >= len) {
205 errno = ENAMETOOLONG;
206 SYSERROR("The name of monitor socket too long (%d bytes)", ret);
207 goto on_error;
208 }
209
210 /* replace @ with \0 */
211 addr->sun_path[0] = '\0';
212 INFO("Using monitor socket name \"%s\" (length of socket name %zu must be <= %zu)", &addr->sun_path[1], strlen(&addr->sun_path[1]), sizeof(addr->sun_path) - 3);
213
214 return 0;
215
216 on_error:
217 return -1;
218 }
219
220 int lxc_monitor_open(const char *lxcpath)
221 {
222 struct sockaddr_un addr;
223 int fd;
224 size_t retry;
225 int backoff_ms[] = {10, 50, 100};
226
227 if (lxc_monitor_sock_name(lxcpath, &addr) < 0)
228 return -1;
229
230 DEBUG("Opening monitor socket %s with len %zu", &addr.sun_path[1], strlen(&addr.sun_path[1]));
231
232 for (retry = 0; retry < sizeof(backoff_ms) / sizeof(backoff_ms[0]); retry++) {
233 fd = lxc_abstract_unix_connect(addr.sun_path);
234 if (fd != -1 || errno != ECONNREFUSED)
235 break;
236
237 SYSERROR("Failed to connect to monitor socket. Retrying in %d ms", backoff_ms[retry]);
238 usleep(backoff_ms[retry] * 1000);
239 }
240
241 if (fd < 0) {
242 SYSERROR("Failed to connect to monitor socket");
243 return -1;
244 }
245
246 return fd;
247 }
248
249 int lxc_monitor_read_fdset(struct pollfd *fds, nfds_t nfds, struct lxc_msg *msg,
250 int timeout)
251 {
252 long i;
253 int ret;
254
255 ret = poll(fds, nfds, timeout * 1000);
256 if (ret == -1)
257 return -1;
258 else if (ret == 0)
259 return -2; /* timed out */
260
261 /* Only read from the first ready fd, the others will remain ready for
262 * when this routine is called again.
263 */
264 for (i = 0; i < nfds; i++) {
265 if (fds[i].revents != 0) {
266 fds[i].revents = 0;
267 ret = recv(fds[i].fd, msg, sizeof(*msg), 0);
268 if (ret <= 0) {
269 SYSERROR("Failed to receive message. Did monitord die?");
270 return -1;
271 }
272 return ret;
273 }
274 }
275
276 SYSERROR("No ready fd found");
277
278 return -1;
279 }
280
281 int lxc_monitor_read_timeout(int fd, struct lxc_msg *msg, int timeout)
282 {
283 struct pollfd fds;
284
285 fds.fd = fd;
286 fds.events = POLLIN | POLLPRI;
287 fds.revents = 0;
288
289 return lxc_monitor_read_fdset(&fds, 1, msg, timeout);
290 }
291
292 int lxc_monitor_read(int fd, struct lxc_msg *msg)
293 {
294 return lxc_monitor_read_timeout(fd, msg, -1);
295 }
296
297 #define LXC_MONITORD_PATH LIBEXECDIR "/lxc/lxc-monitord"
298
299 /* Used to spawn a monitord either on startup of a daemon container, or when
300 * lxc-monitor starts.
301 */
302 int lxc_monitord_spawn(const char *lxcpath)
303 {
304 int ret;
305 int pipefd[2];
306 char pipefd_str[INTTYPE_TO_STRLEN(int)];
307 pid_t pid1, pid2;
308
309 char *const args[] = {
310 LXC_MONITORD_PATH,
311 (char *)lxcpath,
312 pipefd_str,
313 NULL,
314 };
315
316 /* double fork to avoid zombies when monitord exits */
317 pid1 = fork();
318 if (pid1 < 0) {
319 SYSERROR("Failed to fork()");
320 return -1;
321 }
322
323 if (pid1) {
324 DEBUG("Going to wait for pid %d", pid1);
325
326 if (waitpid(pid1, NULL, 0) != pid1)
327 return -1;
328
329 DEBUG("Finished waiting on pid %d", pid1);
330 return 0;
331 }
332
333 if (pipe(pipefd) < 0) {
334 SYSERROR("Failed to create pipe");
335 _exit(EXIT_FAILURE);
336 }
337
338 pid2 = fork();
339 if (pid2 < 0) {
340 SYSERROR("Failed to fork()");
341 _exit(EXIT_FAILURE);
342 }
343
344 if (pid2) {
345 DEBUG("Trying to sync with child process");
346 char c;
347 /* Wait for daemon to create socket. */
348 close(pipefd[1]);
349
350 /* Sync with child, we're ignoring the return from read
351 * because regardless if it works or not, either way we've
352 * synced with the child process. the if-empty-statement
353 * construct is to quiet the warn-unused-result warning.
354 */
355 if (lxc_read_nointr(pipefd[0], &c, 1))
356 ;
357
358 close(pipefd[0]);
359
360 DEBUG("Successfully synced with child process");
361 _exit(EXIT_SUCCESS);
362 }
363
364 if (setsid() < 0) {
365 SYSERROR("Failed to setsid()");
366 _exit(EXIT_FAILURE);
367 }
368
369 lxc_check_inherited(NULL, true, &pipefd[1], 1);
370 if (null_stdfds() < 0) {
371 SYSERROR("Failed to dup2() standard file descriptors to /dev/null");
372 _exit(EXIT_FAILURE);
373 }
374
375 close(pipefd[0]);
376
377 ret = snprintf(pipefd_str, sizeof(pipefd_str), "%d", pipefd[1]);
378 if (ret < 0 || ret >= sizeof(pipefd_str)) {
379 ERROR("Failed to create pid argument to pass to monitord");
380 _exit(EXIT_FAILURE);
381 }
382
383 DEBUG("Using pipe file descriptor %d for monitord", pipefd[1]);
384
385 execvp(args[0], args);
386 SYSERROR("Failed to exec lxc-monitord");
387
388 _exit(EXIT_FAILURE);
389 }
LXC mirror