]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/storage/storage_utils.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #1718 from agaida/patch-1
[mirror_lxc.git] / src / lxc / storage / storage_utils.c
1 /*
2 * lxc: linux Container library
3 *
4 * Copyright © 2017 Canonical Ltd.
5 *
6 * Authors:
7 * Christian Brauner <christian.brauner@ubuntu.com>
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #define _GNU_SOURCE
25 #include <dirent.h>
26 #include <errno.h>
27 #include <fcntl.h>
28 #include <grp.h>
29 #include <inttypes.h>
30 #include <libgen.h>
31 #include <sched.h>
32 #include <stdint.h>
33 #include <stdio.h>
34 #include <string.h>
35 #include <unistd.h>
36 #include <sys/mount.h>
37 #include <sys/prctl.h>
38 #include <sys/types.h>
39 #include <sys/stat.h>
40 #include <sys/wait.h>
41
42 #include "log.h"
43 #include "nbd.h"
44 #include "parse.h"
45 #include "storage.h"
46 #include "storage_utils.h"
47 #include "utils.h"
48
49 #ifndef BLKGETSIZE64
50 #define BLKGETSIZE64 _IOR(0x12, 114, size_t)
51 #endif
52
53 lxc_log_define(storage_utils, lxc);
54
55 /* the bulk of this needs to become a common helper */
56 char *dir_new_path(char *src, const char *oldname, const char *name,
57 const char *oldpath, const char *lxcpath)
58 {
59 char *ret, *p, *p2;
60 int l1, l2, nlen;
61
62 nlen = strlen(src) + 1;
63 l1 = strlen(oldpath);
64 p = src;
65 /* if src starts with oldpath, look for oldname only after
66 * that path */
67 if (strncmp(src, oldpath, l1) == 0) {
68 p += l1;
69 nlen += (strlen(lxcpath) - l1);
70 }
71 l2 = strlen(oldname);
72 while ((p = strstr(p, oldname)) != NULL) {
73 p += l2;
74 nlen += strlen(name) - l2;
75 }
76
77 ret = malloc(nlen);
78 if (!ret)
79 return NULL;
80
81 p = ret;
82 if (strncmp(src, oldpath, l1) == 0) {
83 p += sprintf(p, "%s", lxcpath);
84 src += l1;
85 }
86
87 while ((p2 = strstr(src, oldname)) != NULL) {
88 /* copy text up to oldname */
89 strncpy(p, src, p2 - src);
90 /* move target pointer (p) */
91 p += p2 - src;
92 /* print new name in place of oldname */
93 p += sprintf(p, "%s", name);
94 /* move src to end of oldname */
95 src = p2 + l2;
96 }
97 /* copy the rest of src */
98 sprintf(p, "%s", src);
99 return ret;
100 }
101
102 /*
103 * attach_block_device returns true if all went well,
104 * meaning either a block device was attached or was not
105 * needed. It returns false if something went wrong and
106 * container startup should be stopped.
107 */
108 bool attach_block_device(struct lxc_conf *conf)
109 {
110 char *path;
111
112 if (!conf->rootfs.path)
113 return true;
114
115 path = conf->rootfs.path;
116 if (!requires_nbd(path))
117 return true;
118
119 path = strchr(path, ':');
120 if (!path)
121 return false;
122
123 path++;
124 if (!attach_nbd(path, conf))
125 return false;
126
127 return true;
128 }
129
130 /*
131 * return block size of dev->src in units of bytes
132 */
133 int blk_getsize(struct lxc_storage *bdev, uint64_t *size)
134 {
135 int fd, ret;
136 char *src;
137
138 src = lxc_storage_get_path(bdev->src, bdev->type);
139 fd = open(src, O_RDONLY);
140 if (fd < 0)
141 return -1;
142
143 /* size of device in bytes */
144 ret = ioctl(fd, BLKGETSIZE64, size);
145 close(fd);
146 return ret;
147 }
148
149 void detach_block_device(struct lxc_conf *conf)
150 {
151 if (conf->nbd_idx != -1)
152 detach_nbd_idx(conf->nbd_idx);
153 }
154
155 /*
156 * Given a lxc_storage (presumably blockdev-based), detect the fstype
157 * by trying mounting (in a private mntns) it.
158 * @lxc_storage: bdev to investigate
159 * @type: preallocated char* in which to write the fstype
160 * @len: length of passed in char*
161 * Returns length of fstype, of -1 on error
162 */
163 int detect_fs(struct lxc_storage *bdev, char *type, int len)
164 {
165 int p[2], ret;
166 size_t linelen;
167 pid_t pid;
168 FILE *f;
169 char *sp1, *sp2, *sp3, *srcdev, *line = NULL;
170
171 if (!bdev || !bdev->src || !bdev->dest)
172 return -1;
173
174 srcdev = lxc_storage_get_path(bdev->src, bdev->type);
175
176 ret = pipe(p);
177 if (ret < 0)
178 return -1;
179
180 if ((pid = fork()) < 0)
181 return -1;
182
183 if (pid > 0) {
184 int status;
185 close(p[1]);
186 memset(type, 0, len);
187 ret = read(p[0], type, len - 1);
188 close(p[0]);
189 if (ret < 0) {
190 SYSERROR("error reading from pipe");
191 wait(&status);
192 return -1;
193 } else if (ret == 0) {
194 ERROR("child exited early - fstype not found");
195 wait(&status);
196 return -1;
197 }
198 wait(&status);
199 type[len - 1] = '\0';
200 INFO("detected fstype %s for %s", type, srcdev);
201 return ret;
202 }
203
204 if (unshare(CLONE_NEWNS) < 0)
205 exit(1);
206
207 if (detect_shared_rootfs()) {
208 if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL)) {
209 SYSERROR("Failed to make / rslave");
210 ERROR("Continuing...");
211 }
212 }
213
214 ret = mount_unknown_fs(srcdev, bdev->dest, bdev->mntopts);
215 if (ret < 0) {
216 ERROR("failed mounting %s onto %s to detect fstype", srcdev,
217 bdev->dest);
218 exit(1);
219 }
220
221 /* if symlink, get the real dev name */
222 char devpath[MAXPATHLEN];
223 char *l = linkderef(srcdev, devpath);
224 if (!l)
225 exit(1);
226 f = fopen("/proc/self/mounts", "r");
227 if (!f)
228 exit(1);
229
230 while (getline(&line, &linelen, f) != -1) {
231 sp1 = strchr(line, ' ');
232 if (!sp1)
233 exit(1);
234 *sp1 = '\0';
235 if (strcmp(line, l))
236 continue;
237 sp2 = strchr(sp1 + 1, ' ');
238 if (!sp2)
239 exit(1);
240 *sp2 = '\0';
241 sp3 = strchr(sp2 + 1, ' ');
242 if (!sp3)
243 exit(1);
244 *sp3 = '\0';
245 sp2++;
246 if (write(p[1], sp2, strlen(sp2)) != strlen(sp2))
247 exit(1);
248
249 exit(0);
250 }
251
252 exit(1);
253 }
254
255 int do_mkfs_exec_wrapper(void *args)
256 {
257 int ret;
258 char *mkfs;
259 char **data = args;
260 /* strlen("mkfs.")
261 * +
262 * strlen(data[0])
263 * +
264 * \0
265 */
266 size_t len = 5 + strlen(data[0]) + 1;
267
268 mkfs = malloc(len);
269 if (!mkfs)
270 return -1;
271
272 ret = snprintf(mkfs, len, "mkfs.%s", data[0]);
273 if (ret < 0 || (size_t)ret >= len) {
274 free(mkfs);
275 return -1;
276 }
277
278 TRACE("executing \"%s %s\"", mkfs, data[1]);
279 execlp(mkfs, mkfs, data[1], (char *)NULL);
280 SYSERROR("failed to run \"%s %s \"", mkfs, data[1]);
281 return -1;
282 }
283
284 /*
285 * This will return 1 for physical disks, qemu-nbd, loop, etc right now only lvm
286 * is a block device.
287 */
288 int is_blktype(struct lxc_storage *b)
289 {
290 if (strcmp(b->type, "lvm") == 0)
291 return 1;
292
293 return 0;
294 }
295
296 int mount_unknown_fs(const char *rootfs, const char *target,
297 const char *options)
298 {
299 size_t i;
300 int ret;
301 struct cbarg {
302 const char *rootfs;
303 const char *target;
304 const char *options;
305 } cbarg = {
306 .rootfs = rootfs,
307 .target = target,
308 .options = options,
309 };
310
311 /*
312 * find the filesystem type with brute force:
313 * first we check with /etc/filesystems, in case the modules
314 * are auto-loaded and fall back to the supported kernel fs
315 */
316 char *fsfile[] = {
317 "/etc/filesystems",
318 "/proc/filesystems",
319 };
320
321 for (i = 0; i < sizeof(fsfile) / sizeof(fsfile[0]); i++) {
322 if (access(fsfile[i], F_OK))
323 continue;
324
325 ret = lxc_file_for_each_line(fsfile[i], find_fstype_cb, &cbarg);
326 if (ret < 0) {
327 ERROR("failed to parse '%s'", fsfile[i]);
328 return -1;
329 }
330
331 if (ret)
332 return 0;
333 }
334
335 ERROR("failed to determine fs type for '%s'", rootfs);
336 return -1;
337 }
338
339 /*
340 * These are copied from conf.c. However as conf.c will be moved to using
341 * the callback system, they can be pulled from there eventually, so we
342 * don't need to pollute utils.c with these low level functions
343 */
344 int find_fstype_cb(char *buffer, void *data)
345 {
346 struct cbarg {
347 const char *rootfs;
348 const char *target;
349 const char *options;
350 } *cbarg = data;
351
352 unsigned long mntflags;
353 char *mntdata;
354 char *fstype;
355
356 /* we don't try 'nodev' entries */
357 if (strstr(buffer, "nodev"))
358 return 0;
359
360 fstype = buffer;
361 fstype += lxc_char_left_gc(fstype, strlen(fstype));
362 fstype[lxc_char_right_gc(fstype, strlen(fstype))] = '\0';
363
364 DEBUG("trying to mount '%s'->'%s' with fstype '%s'", cbarg->rootfs,
365 cbarg->target, fstype);
366
367 if (parse_mntopts(cbarg->options, &mntflags, &mntdata) < 0) {
368 free(mntdata);
369 return 0;
370 }
371
372 if (mount(cbarg->rootfs, cbarg->target, fstype, mntflags, mntdata)) {
373 DEBUG("mount failed with error: %s", strerror(errno));
374 free(mntdata);
375 return 0;
376 }
377
378 free(mntdata);
379
380 INFO("mounted '%s' on '%s', with fstype '%s'", cbarg->rootfs,
381 cbarg->target, fstype);
382
383 return 1;
384 }
385
386 char *linkderef(char *path, char *dest)
387 {
388 struct stat sbuf;
389 ssize_t ret;
390
391 ret = stat(path, &sbuf);
392 if (ret < 0)
393 return NULL;
394
395 if (!S_ISLNK(sbuf.st_mode))
396 return path;
397
398 ret = readlink(path, dest, MAXPATHLEN);
399 if (ret < 0) {
400 SYSERROR("error reading link %s", path);
401 return NULL;
402 } else if (ret >= MAXPATHLEN) {
403 ERROR("link in %s too long", path);
404 return NULL;
405 }
406 dest[ret] = '\0';
407
408 return dest;
409 }
410
411 /*
412 * is an unprivileged user allowed to make this kind of snapshot
413 */
414 bool unpriv_snap_allowed(struct lxc_storage *b, const char *t, bool snap,
415 bool maybesnap)
416 {
417 if (!t) {
418 /* New type will be same as original (unless snap && b->type ==
419 * dir, in which case it will be overlayfs -- which is also
420 * allowed).
421 */
422 if (strcmp(b->type, "dir") == 0 ||
423 strcmp(b->type, "aufs") == 0 ||
424 strcmp(b->type, "overlay") == 0 ||
425 strcmp(b->type, "overlayfs") == 0 ||
426 strcmp(b->type, "btrfs") == 0 ||
427 strcmp(b->type, "loop") == 0)
428 return true;
429
430 return false;
431 }
432
433 /* Unprivileged users can copy and snapshot dir, overlayfs, and loop.
434 * In particular, not zfs, btrfs, or lvm.
435 */
436 if (strcmp(t, "dir") == 0 ||
437 strcmp(t, "aufs") == 0 ||
438 strcmp(t, "overlay") == 0 ||
439 strcmp(t, "overlayfs") == 0 ||
440 strcmp(t, "btrfs") == 0 ||
441 strcmp(t, "loop") == 0)
442 return true;
443
444 return false;
445 }
446
447 bool is_valid_storage_type(const char *type)
448 {
449 if (strcmp(type, "dir") == 0 ||
450 strcmp(type, "btrfs") == 0 ||
451 strcmp(type, "aufs") == 0 ||
452 strcmp(type, "loop") == 0 ||
453 strcmp(type, "lvm") == 0 ||
454 strcmp(type, "nbd") == 0 ||
455 strcmp(type, "overlay") == 0 ||
456 strcmp(type, "overlayfs") == 0 ||
457 strcmp(type, "rbd") == 0 ||
458 strcmp(type, "zfs") == 0)
459 return true;
460
461 return false;
462 }
463
464 int storage_destroy_wrapper(void *data)
465 {
466 struct lxc_conf *conf = data;
467
468 if (setgid(0) < 0) {
469 ERROR("Failed to setgid to 0");
470 return -1;
471 }
472
473 if (setgroups(0, NULL) < 0)
474 WARN("Failed to clear groups");
475
476 if (setuid(0) < 0) {
477 ERROR("Failed to setuid to 0");
478 return -1;
479 }
480
481 if (!storage_destroy(conf))
482 return -1;
483
484 return 0;
485 }
LXC mirror