src/lxc/start.h

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2
   3 #ifndef __LXC_START_H
   4 #define __LXC_START_H
   5
   6 #include <linux/sched.h>
   7 #include <sched.h>
   8 #include <signal.h>
   9 #include <stdbool.h>
  10 #include <sys/param.h>
  11 #include <sys/socket.h>
  12 #include <sys/un.h>
  13
  14 #include "compiler.h"
  15 #include "conf.h"
  16 #include "macro.h"
  17 #include "namespace.h"
  18 #include "state.h"
  19
  20 struct lxc_handler {
  21         /* Record the clone for namespaces flags that the container requested.
  22          *
  23          * @ns_clone_flags
  24          * - All clone flags that were requested.
  25          *
  26          * @ns_on_clone_flags
  27          * - The clone flags for namespaces to actually use when calling
  28          *   lxc_clone(): After the container has started ns_on_clone_flags will
  29          *   list the clone flags that were unshare()ed rather then clone()ed
  30          *   because of ordering requirements (e.g. e.g. CLONE_NEWNET and
  31          *   CLONE_NEWUSER) or implementation details.
  32          *
  33          * @ns_unshare_flags
  34          * - Flags for namespaces that were unshared, not cloned.
  35          *
  36          * @clone_flags
  37          * - ns_on_clone flags | other flags used to create container.
  38          */
  39         struct /* lxc_ns */ {
  40                 unsigned int ns_clone_flags;
  41                 unsigned int ns_on_clone_flags;
  42                 unsigned int ns_unshare_flags;
  43                 __aligned_u64 clone_flags;
  44         };
  45
  46         /* Signal file descriptor. */
  47         int sigfd;
  48
  49         /* List of file descriptors referring to the namespaces of the
  50          * container. Note that these are not necessarily identical to
  51          * the "clone_flags" handler field in case namespace inheritance is
  52          * requested.
  53          */
  54         int nsfd[LXC_NS_MAX];
  55
  56         /* Abstract unix domain SOCK_DGRAM socketpair to pass arbitrary data
  57          * between child and parent.
  58          */
  59         int data_sock[2];
  60
  61         /* The socketpair() fds used to wait on successful daemonized startup. */
  62         int state_socket_pair[2];
  63
  64         /* Socketpair to synchronize processes during container creation. */
  65         int sync_sock[2];
  66
  67         /* Pointer to the name of the container. Do not free! */
  68         const char *name;
  69
  70         /* Pointer to the path the container. Do not free! */
  71         const char *lxcpath;
  72
  73         /* Whether the container's startup process euid is 0. */
  74         bool am_root;
  75
  76         /* Indicates whether should we close std{in,out,err} on start. */
  77         bool daemonize;
  78
  79         /* The child's pid. */
  80         pid_t pid;
  81
  82         /* The child's pidfd. */
  83         int pidfd;
  84
  85         /* The grandfather's pid when double-forking. */
  86         pid_t transient_pid;
  87
  88         /* The monitor's pid. */
  89         pid_t monitor_pid;
  90
  91         int monitor_status_fd;
  92
  93         /* Whether the child has already exited. */
  94         bool init_died;
  95
  96         /* The signal mask prior to setting up the signal file descriptor. */
  97         sigset_t oldmask;
  98
  99         /* The container's in-memory configuration. */
 100         struct lxc_conf *conf;
 101
 102         /* A set of operations to be performed at various stages of the
 103          * container's life.
 104          */
 105         struct lxc_operations *ops;
 106
 107         /* This holds the cgroup information. Note that the data here is
 108          * specific to the cgroup driver used.
 109          */
 110         void *cgroup_data;
 111
 112         /* Data to be passed to handler ops. */
 113         void *data;
 114
 115         /* Current state of the container. */
 116         lxc_state_t state;
 117
 118         /* The exit status of the container; not defined unless ->init_died ==
 119          * true.
 120          */
 121         int exit_status;
 122
 123         struct cgroup_ops *cgroup_ops;
 124
 125         /* Internal fds that always need to stay open. */
 126         int keep_fds[3];
 127
 128         /* Static memory, don't free. */
 129         struct lsm_ops *lsm_ops;
 130
 131         /* The namespace idx is guaranteed to match the stashed namespace path. */
 132         char nsfd_paths[LXC_NS_MAX + 1][LXC_EXPOSE_NAMESPACE_LEN];
 133         /* The namesace idx is _not_ guaranteed to match the stashed namespace path. */
 134         lxc_namespace_t hook_argc;
 135         char *hook_argv[LXC_NS_MAX + 1];
 136 };
 137
 138 struct execute_args {
 139         char *const *argv;
 140         int quiet;
 141 };
 142
 143 struct lxc_operations {
 144         int (*start)(struct lxc_handler *, void *);
 145         int (*post_start)(struct lxc_handler *, void *);
 146 };
 147
 148 __hidden extern int lxc_poll(const char *name, struct lxc_handler *handler);
 149 __hidden extern int lxc_set_state(const char *name, struct lxc_handler *handler, lxc_state_t state);
 150 __hidden extern int lxc_serve_state_clients(const char *name, struct lxc_handler *handler,
 151                                             lxc_state_t state);
 152 __hidden extern void lxc_abort(struct lxc_handler *handler);
 153 __hidden extern struct lxc_handler *lxc_init_handler(struct lxc_handler *old, const char *name,
 154                                                      struct lxc_conf *conf, const char *lxcpath,
 155                                                      bool daemonize);
 156 __hidden extern void lxc_put_handler(struct lxc_handler *handler);
 157 __hidden extern int lxc_init(const char *name, struct lxc_handler *handler);
 158 __hidden extern void lxc_end(struct lxc_handler *handler);
 159
 160 /* lxc_check_inherited: Check for any open file descriptors and close them if
 161  *                      requested.
 162  * @param[in] conf          The container's configuration.
 163  * @param[in] closeall      Whether we should close all open file descriptors.
 164  * @param[in] fds_to_ignore Array of file descriptors to ignore.
 165  * @param[in] len_fds       Length of fds_to_ignore array.
 166  */
 167 __hidden extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall, int *fds_to_ignore,
 168                                         size_t len_fds);
 169 static inline int inherit_fds(struct lxc_handler *handler, bool closeall)
 170 {
 171         return lxc_check_inherited(handler->conf, closeall, handler->keep_fds,
 172                                    ARRAY_SIZE(handler->keep_fds));
 173 }
 174
 175 __hidden extern int __lxc_start(struct lxc_handler *, struct lxc_operations *, void *, const char *,
 176                                 bool, int *);
 177
 178 __hidden extern int resolve_clone_flags(struct lxc_handler *handler);
 179 __hidden extern void lxc_expose_namespace_environment(const struct lxc_handler *handler);
 180
 181 static inline bool container_uses_namespace(const struct lxc_handler *handler,
 182                                             unsigned int ns_flag)
 183 {
 184         return (handler->ns_clone_flags & ns_flag);
 185 }
 186
 187 #endif