src/lxc/start.c

   1 /*
   2  * lxc: linux Container library
   3  *
   4  * (C) Copyright IBM Corp. 2007, 2008
   5  *
   6  * Authors:
   7  * Daniel Lezcano <dlezcano at fr.ibm.com>
   8  *
   9  * This library is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public
  11  * License as published by the Free Software Foundation; either
  12  * version 2.1 of the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful,
  15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  22  */
  23
  24 #define _GNU_SOURCE
  25 #include <stdio.h>
  26 #undef _GNU_SOURCE
  27 #include <string.h>
  28 #include <stdlib.h>
  29 #include <dirent.h>
  30 #include <errno.h>
  31 #include <unistd.h>
  32 #include <signal.h>
  33 #include <sys/param.h>
  34 #include <sys/file.h>
  35 #include <sys/mount.h>
  36 #include <sys/types.h>
  37 #include <sys/prctl.h>
  38 #include <sys/capability.h>
  39 #include <sys/wait.h>
  40
  41 #include "error.h"
  42
  43 #include <lxc/lxc.h>
  44
  45 LXC_TTY_HANDLER(SIGINT);
  46 LXC_TTY_HANDLER(SIGQUIT);
  47
  48 int lxc_start(const char *name, char *argv[])
  49 {
  50         char init[MAXPATHLEN];
  51         char *val = NULL;
  52         char ttyname[MAXPATHLEN];
  53         int fd, lock, sv[2], sync = 0, err = -LXC_ERROR_INTERNAL;
  54         pid_t pid;
  55         int clone_flags;
  56
  57         lock = lxc_get_lock(name);
  58         if (lock < 0) {
  59                 if (lock == -EWOULDBLOCK)
  60                         return -LXC_ERROR_BUSY;
  61                 if (lock == -ENOENT)
  62                         return -LXC_ERROR_NOT_FOUND;
  63                 return -LXC_ERROR_LOCK;
  64         }
  65
  66         /* Begin the set the state to STARTING*/
  67         if (lxc_setstate(name, STARTING)) {
  68                 lxc_log_error("failed to set state '%s'", lxc_state2str(STARTING));
  69                 goto out;
  70         }
  71
  72         if (readlink("/proc/self/fd/0", ttyname, sizeof(ttyname)) < 0) {
  73                 lxc_log_syserror("failed to read '/proc/self/fd/0'");
  74                 goto out;
  75         }
  76
  77         /* Synchro socketpair */
  78         if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sv)) {
  79                 lxc_log_syserror("failed to create communication socketpair");
  80                 goto out;
  81         }
  82
  83         /* Avoid signals from terminal */
  84         LXC_TTY_ADD_HANDLER(SIGINT);
  85         LXC_TTY_ADD_HANDLER(SIGQUIT);
  86
  87         clone_flags = CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
  88         if (conf_has_utsname(name))
  89                 clone_flags |= CLONE_NEWUTS;
  90         if (conf_has_network(name))
  91                 clone_flags |= CLONE_NEWNET;
  92
  93         /* Create a process in a new set of namespaces */
  94         pid = fork_ns(clone_flags);
  95         if (pid < 0) {
  96                 lxc_log_syserror("failed to fork into a new namespace");
  97                 goto err_fork_ns;
  98         }
  99
 100         if (!pid) {
 101
 102                 close(sv[1]);
 103
 104                 /* Be sure we don't inherit this after the exec */
 105                 fcntl(sv[0], F_SETFD, FD_CLOEXEC);
 106
 107                 /* Tell our father he can begin to configure the container */
 108                 if (write(sv[0], &sync, sizeof(sync)) < 0) {
 109                         lxc_log_syserror("failed to write socket");
 110                         goto out_child;
 111                 }
 112
 113                 /* Wait for the father to finish the configuration */
 114                 if (read(sv[0], &sync, sizeof(sync)) < 0) {
 115                         lxc_log_syserror("failed to read socket");
 116                         goto out_child;
 117                 }
 118
 119                 /* Setup the container, ip, names, utsname, ... */
 120                 err = lxc_setup(name);
 121                 if (err) {
 122                         lxc_log_error("failed to setup the container");
 123                         if (write(sv[0], &err, sizeof(err)) < 0)
 124                                 lxc_log_syserror("failed to write the socket");
 125                         goto out_child;
 126                 }
 127
 128                 if (mount(ttyname, "/dev/console", "none", MS_BIND, 0)) {
 129                         lxc_log_syserror("failed to mount '/dev/console'");
 130                         goto out_child;
 131                 }
 132
 133                 if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
 134                         lxc_log_syserror("failed to remove CAP_SYS_BOOT capability");
 135                         goto out_child;
 136                 }
 137
 138                 execvp(argv[0], argv);
 139                 lxc_log_syserror("failed to exec %s", argv[0]);
 140
 141                 /* If the exec fails, tell that to our father */
 142                 if (write(sv[0], &err, sizeof(err)) < 0)
 143                         lxc_log_syserror("failed to write the socket");
 144
 145         out_child:
 146                 exit(err);
 147         }
 148
 149         close(sv[0]);
 150
 151         /* Wait for the child to be ready */
 152         if (read(sv[1], &sync, sizeof(sync)) < 0) {
 153                 lxc_log_syserror("failed to read the socket");
 154                 goto err_pipe_read;
 155         }
 156
 157         if (lxc_link_nsgroup(name, pid))
 158                 lxc_log_warning("cgroupfs not found: cgroup disabled");
 159
 160         /* Create the network configuration */
 161         if (clone_flags & CLONE_NEWNET && conf_create_network(name, pid)) {
 162                 lxc_log_error("failed to create the configured network");
 163                 goto err_create_network;
 164         }
 165
 166         /* Tell the child to continue its initialization */
 167         if (write(sv[1], &sync, sizeof(sync)) < 0) {
 168                 lxc_log_syserror("failed to write the socket");
 169                 goto err_pipe_write;
 170         }
 171
 172         /* Wait for the child to exec or returning an error */
 173         err = read(sv[1], &sync, sizeof(sync));
 174         if (err < 0) {
 175                 lxc_log_error("failed to read the socket");
 176                 goto err_pipe_read2;
 177         }
 178
 179         if (err > 0) {
 180                 err = sync;
 181                 printf("error value is %d\n", err);
 182                 /* TODO : check status etc ... */
 183                 waitpid(pid, NULL, 0);
 184                 goto err_child_failed;
 185         }
 186
 187         asprintf(&val, "%d\n", pid);
 188
 189         snprintf(init, MAXPATHLEN, LXCPATH "/%s/init", name);
 190
 191         fd = open(init, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
 192         if (fd < 0) {
 193                 lxc_log_syserror("failed to open '%s'", init);
 194                 goto err_write;
 195         }
 196
 197         if (write(fd, val, strlen(val)) < 0) {
 198                 lxc_log_syserror("failed to write the init pid");
 199                 goto err_write;
 200         }
 201
 202         close(fd);
 203
 204         if (lxc_setstate(name, RUNNING)) {
 205                 lxc_log_error("failed to set state to %s",
 206                               lxc_state2str(RUNNING));
 207                 goto err_state_failed;
 208         }
 209
 210 wait_again:
 211         if (waitpid(pid, NULL, 0) < 0) {
 212                 if (errno == EINTR)
 213                         goto wait_again;
 214                 lxc_log_syserror("failed to wait the pid %d", pid);
 215                 goto err_waitpid_failed;
 216         }
 217
 218         if (lxc_setstate(name, STOPPING))
 219                 lxc_log_error("failed to set state %s", lxc_state2str(STOPPING));
 220
 221 #ifdef NETWORK_DESTROY
 222         if (clone_flags & CLONE_NEWNET && conf_destroy_network(name))
 223                 lxc_log_error("failed to destroy the network");
 224 #endif
 225
 226         err = 0;
 227 out:
 228         if (lxc_setstate(name, STOPPED))
 229                 lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));
 230
 231         lxc_unlink_nsgroup(name);
 232         unlink(init);
 233         free(val);
 234         lxc_put_lock(lock);
 235         LXC_TTY_DEL_HANDLER(SIGQUIT);
 236         LXC_TTY_DEL_HANDLER(SIGINT);
 237
 238         return err;
 239
 240 err_write:
 241         close(fd);
 242
 243 err_state_failed:
 244 err_child_failed:
 245 err_pipe_read2:
 246 err_pipe_write:
 247 #ifdef NETWORK_DESTROY
 248         if (clone_flags & CLONE_NEWNET)
 249                 conf_destroy_network(name);
 250 #endif
 251 err_create_network:
 252 err_pipe_read:
 253 err_waitpid_failed:
 254         if (lxc_setstate(name, ABORTING))
 255                 lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));
 256
 257         kill(pid, SIGKILL);
 258 err_fork_ns:
 259         close(sv[0]);
 260         close(sv[1]);
 261         goto out;
 262 }