]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/tools/lxc_attach.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
attach: rename to LXC_ATTACH_TERMINAL
[mirror_lxc.git] / src / lxc / tools / lxc_attach.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2010
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #define _GNU_SOURCE
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <termios.h>
31 #include <unistd.h>
32 #include <sys/ioctl.h>
33 #include <sys/stat.h>
34 #include <sys/types.h>
35 #include <sys/wait.h>
36
37 #include <lxc/lxccontainer.h>
38
39 #include "arguments.h"
40 #include "tool_utils.h"
41
42 static const struct option my_longopts[] = {
43 {"elevated-privileges", optional_argument, 0, 'e'},
44 {"arch", required_argument, 0, 'a'},
45 {"namespaces", required_argument, 0, 's'},
46 {"remount-sys-proc", no_argument, 0, 'R'},
47 /* TODO: decide upon short option names */
48 {"clear-env", no_argument, 0, 500},
49 {"keep-env", no_argument, 0, 501},
50 {"keep-var", required_argument, 0, 502},
51 {"set-var", required_argument, 0, 'v'},
52 {"pty-log", required_argument, 0, 'L'},
53 {"rcfile", required_argument, 0, 'f'},
54 LXC_COMMON_OPTIONS
55 };
56
57 static int elevated_privileges = 0;
58 static signed long new_personality = -1;
59 static int namespace_flags = -1;
60 static int remount_sys_proc = 0;
61 static lxc_attach_env_policy_t env_policy = LXC_ATTACH_KEEP_ENV;
62 static char **extra_env = NULL;
63 static ssize_t extra_env_size = 0;
64 static char **extra_keep = NULL;
65 static ssize_t extra_keep_size = 0;
66
67 static int add_to_simple_array(char ***array, ssize_t *capacity, char *value)
68 {
69 ssize_t count = 0;
70
71 if (!array)
72 return -1;
73
74 if (*array)
75 for (; (*array)[count]; count++);
76
77 /* we have to reallocate */
78 if (count >= *capacity - 1) {
79 ssize_t new_capacity = ((count + 1) / 32 + 1) * 32;
80 char **new_array = realloc((void*)*array, sizeof(char *) * new_capacity);
81 if (!new_array)
82 return -1;
83 memset(&new_array[count], 0, sizeof(char*)*(new_capacity - count));
84 *array = new_array;
85 *capacity = new_capacity;
86 }
87
88 if (!(*array))
89 return -1;
90
91 (*array)[count] = value;
92 return 0;
93 }
94
95 static int my_parser(struct lxc_arguments* args, int c, char* arg)
96 {
97 char **it;
98 char *del;
99 int ret;
100
101 switch (c) {
102 case 'e':
103 ret = lxc_fill_elevated_privileges(arg, &elevated_privileges);
104 if (ret)
105 return -1;
106 break;
107 case 'R': remount_sys_proc = 1; break;
108 case 'a':
109 new_personality = lxc_config_parse_arch(arg);
110 if (new_personality < 0) {
111 lxc_error(args, "invalid architecture specified: %s", arg);
112 return -1;
113 }
114 break;
115 case 's':
116 namespace_flags = 0;
117
118 /* The identifiers for namespaces used with lxc-attach as given
119 * on the manpage do not align with the standard identifiers.
120 * This affects network, mount, and uts namespaces. The standard
121 * identifiers are: "mnt", "uts", and "net" whereas lxc-attach
122 * uses "MOUNT", "UTSNAME", and "NETWORK". So let's use some
123 * cheap memmove()s to replace them by their standard
124 * identifiers. Let's illustrate this with an example:
125 * Assume the string:
126 *
127 * "IPC|MOUNT|PID"
128 *
129 * then we memmove()
130 *
131 * dest: del + 1 == OUNT|PID
132 * src: del + 3 == NT|PID
133 */
134 while ((del = strstr(arg, "MOUNT")))
135 memmove(del + 1, del + 3, strlen(del) - 2);
136
137 for (it = (char *[]){"NETWORK", "UTSNAME", NULL}; it && *it; it++)
138 while ((del = strstr(arg, *it)))
139 memmove(del + 3, del + 7, strlen(del) - 6);
140
141 ret = lxc_fill_namespace_flags(arg, &namespace_flags);
142 if (ret)
143 return -1;
144 /* -s implies -e */
145 lxc_fill_elevated_privileges(NULL, &elevated_privileges);
146 break;
147 case 500: /* clear-env */
148 env_policy = LXC_ATTACH_CLEAR_ENV;
149 break;
150 case 501: /* keep-env */
151 env_policy = LXC_ATTACH_KEEP_ENV;
152 break;
153 case 502: /* keep-var */
154 ret = add_to_simple_array(&extra_keep, &extra_keep_size, arg);
155 if (ret < 0) {
156 lxc_error(args, "memory allocation error");
157 return -1;
158 }
159 break;
160 case 'v':
161 ret = add_to_simple_array(&extra_env, &extra_env_size, arg);
162 if (ret < 0) {
163 lxc_error(args, "memory allocation error");
164 return -1;
165 }
166 break;
167 case 'L':
168 args->console_log = arg;
169 break;
170 case 'f':
171 args->rcfile = arg;
172 break;
173 }
174
175 return 0;
176 }
177
178 static struct lxc_arguments my_args = {
179 .progname = "lxc-attach",
180 .help = "\
181 --name=NAME [-- COMMAND]\n\
182 \n\
183 Execute the specified COMMAND - enter the container NAME\n\
184 \n\
185 Options :\n\
186 -n, --name=NAME NAME of the container\n\
187 -e, --elevated-privileges=PRIVILEGES\n\
188 Use elevated privileges instead of those of the\n\
189 container. If you don't specify privileges to be\n\
190 elevated as OR'd list: CAP, CGROUP and LSM (capabilities,\n\
191 cgroup and restrictions, respectively) then all of them\n\
192 will be elevated.\n\
193 WARNING: This may leak privileges into the container.\n\
194 Use with care.\n\
195 -a, --arch=ARCH Use ARCH for program instead of container's own\n\
196 architecture.\n\
197 -s, --namespaces=FLAGS\n\
198 Don't attach to all the namespaces of the container\n\
199 but just to the following OR'd list of flags:\n\
200 MOUNT, PID, UTSNAME, IPC, USER or NETWORK.\n\
201 WARNING: Using -s implies -e with all privileges\n\
202 elevated, it may therefore leak privileges into the\n\
203 container. Use with care.\n\
204 -R, --remount-sys-proc\n\
205 Remount /sys and /proc if not attaching to the\n\
206 mount namespace when using -s in order to properly\n\
207 reflect the correct namespace context. See the\n\
208 lxc-attach(1) manual page for details.\n\
209 --clear-env Clear all environment variables before attaching.\n\
210 The attached shell/program will start with only\n\
211 container=lxc set.\n\
212 --keep-env Keep all current environment variables. This\n\
213 is the current default behaviour, but is likely to\n\
214 change in the future.\n\
215 -L, --pty-log=FILE\n\
216 Log pty output to FILE\n\
217 -v, --set-var Set an additional variable that is seen by the\n\
218 attached program in the container. May be specified\n\
219 multiple times.\n\
220 --keep-var Keep an additional environment variable. Only\n\
221 applicable if --clear-env is specified. May be used\n\
222 multiple times.\n\
223 -f, --rcfile=FILE\n\
224 Load configuration file FILE\n\
225 ",
226 .options = my_longopts,
227 .parser = my_parser,
228 .checker = NULL,
229 };
230
231 static bool stdfd_is_pty(void)
232 {
233 if (isatty(STDIN_FILENO))
234 return true;
235 if (isatty(STDOUT_FILENO))
236 return true;
237 if (isatty(STDERR_FILENO))
238 return true;
239
240 return false;
241 }
242
243 int lxc_attach_create_log_file(const char *log_file)
244 {
245 int fd;
246
247 fd = open(log_file, O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0600);
248 if (fd < 0) {
249 fprintf(stderr, "Failed to open log file \"%s\"\n", log_file);
250 return -1;
251 }
252
253 return fd;
254 }
255
256 int main(int argc, char *argv[])
257 {
258 int ret = -1, r;
259 int wexit = 0;
260 struct lxc_log log;
261 pid_t pid;
262 lxc_attach_options_t attach_options = LXC_ATTACH_OPTIONS_DEFAULT;
263 lxc_attach_command_t command = (lxc_attach_command_t){.program = NULL};
264
265 r = lxc_caps_init();
266 if (r)
267 exit(EXIT_FAILURE);
268
269 r = lxc_arguments_parse(&my_args, argc, argv);
270 if (r)
271 exit(EXIT_FAILURE);
272
273 if (!my_args.log_file)
274 my_args.log_file = "none";
275
276 log.name = my_args.name;
277 log.file = my_args.log_file;
278 log.level = my_args.log_priority;
279 log.prefix = my_args.progname;
280 log.quiet = my_args.quiet;
281 log.lxcpath = my_args.lxcpath[0];
282 r = lxc_log_init(&log);
283 if (r)
284 exit(EXIT_FAILURE);
285
286 if (geteuid()) {
287 if (access(my_args.lxcpath[0], O_RDONLY) < 0) {
288 if (!my_args.quiet)
289 fprintf(stderr, "You lack access to %s\n", my_args.lxcpath[0]);
290 exit(EXIT_FAILURE);
291 }
292 }
293
294 struct lxc_container *c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
295 if (!c)
296 exit(EXIT_FAILURE);
297
298 if (my_args.rcfile) {
299 c->clear_config(c);
300 if (!c->load_config(c, my_args.rcfile)) {
301 fprintf(stderr, "Failed to load rcfile\n");
302 lxc_container_put(c);
303 exit(EXIT_FAILURE);
304 }
305 c->configfile = strdup(my_args.rcfile);
306 if (!c->configfile) {
307 fprintf(stderr, "Out of memory setting new config filename\n");
308 lxc_container_put(c);
309 exit(EXIT_FAILURE);
310 }
311 }
312
313 if (!c->may_control(c)) {
314 fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
315 lxc_container_put(c);
316 exit(EXIT_FAILURE);
317 }
318
319 if (remount_sys_proc)
320 attach_options.attach_flags |= LXC_ATTACH_REMOUNT_PROC_SYS;
321 if (elevated_privileges)
322 attach_options.attach_flags &= ~(elevated_privileges);
323 if (stdfd_is_pty())
324 attach_options.attach_flags |= LXC_ATTACH_TERMINAL;
325 attach_options.namespaces = namespace_flags;
326 attach_options.personality = new_personality;
327 attach_options.env_policy = env_policy;
328 attach_options.extra_env_vars = extra_env;
329 attach_options.extra_keep_env = extra_keep;
330
331 if (my_args.argc > 0) {
332 command.program = my_args.argv[0];
333 command.argv = (char**)my_args.argv;
334 }
335
336 if (my_args.console_log) {
337 attach_options.log_fd = lxc_attach_create_log_file(my_args.console_log);
338 if (attach_options.log_fd < 0)
339 goto out;
340 }
341
342 if (command.program)
343 ret = c->attach(c, lxc_attach_run_command, &command, &attach_options, &pid);
344 else
345 ret = c->attach(c, lxc_attach_run_shell, NULL, &attach_options, &pid);
346
347 if (ret < 0)
348 goto out;
349
350 ret = lxc_wait_for_pid_status(pid);
351 if (ret < 0)
352 goto out;
353
354 if (WIFEXITED(ret))
355 wexit = WEXITSTATUS(ret);
356 out:
357 lxc_container_put(c);
358 if (ret >= 0)
359 exit(wexit);
360 exit(EXIT_FAILURE);
361 }
LXC mirror