]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/tools/lxc_start.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Add support share pid namespace
[mirror_lxc.git] / src / lxc / tools / lxc_start.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2008
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23 #include "config.h"
24
25 #include <stdio.h>
26 #include <libgen.h>
27 #include <stdlib.h>
28 #include <unistd.h>
29 #include <string.h>
30 #include <errno.h>
31 #include <fcntl.h>
32 #include <signal.h>
33 #include <sys/param.h>
34 #include <sys/utsname.h>
35 #include <sys/types.h>
36 #include <sys/socket.h>
37 #include <sys/stat.h>
38 #include <arpa/inet.h>
39 #include <netinet/in.h>
40 #include <net/if.h>
41
42 #include <lxc/lxccontainer.h>
43
44 #include "log.h"
45 #include "caps.h"
46 #include "lxc.h"
47 #include "conf.h"
48 #include "cgroup.h"
49 #include "utils.h"
50 #include "confile.h"
51 #include "arguments.h"
52
53 #define OPT_SHARE_NET OPT_USAGE + 1
54 #define OPT_SHARE_IPC OPT_USAGE + 2
55 #define OPT_SHARE_UTS OPT_USAGE + 3
56 #define OPT_SHARE_PID OPT_USAGE + 4
57
58 lxc_log_define(lxc_start_ui, lxc);
59
60 static struct lxc_list defines;
61
62 static int ensure_path(char **confpath, const char *path)
63 {
64 int err = -1, fd;
65 char *fullpath = NULL;
66
67 if (path) {
68 if (access(path, W_OK)) {
69 fd = creat(path, 0600);
70 if (fd < 0 && errno != EEXIST) {
71 SYSERROR("failed to create '%s'", path);
72 goto err;
73 }
74 if (fd >= 0)
75 close(fd);
76 }
77
78 fullpath = realpath(path, NULL);
79 if (!fullpath) {
80 SYSERROR("failed to get the real path of '%s'", path);
81 goto err;
82 }
83
84 *confpath = fullpath;
85 }
86 err = EXIT_SUCCESS;
87
88 err:
89 return err;
90 }
91
92 static int pid_from_lxcname(const char *lxcname_or_pid, const char *lxcpath) {
93 char *eptr;
94 int pid = strtol(lxcname_or_pid, &eptr, 10);
95 if (*eptr != '\0' || pid < 1) {
96 struct lxc_container *s;
97 s = lxc_container_new(lxcname_or_pid, lxcpath);
98 if (!s) {
99 SYSERROR("'%s' is not a valid pid nor a container name", lxcname_or_pid);
100 return -1;
101 }
102
103 if (!s->may_control(s)) {
104 SYSERROR("Insufficient privileges to control container '%s'", s->name);
105 lxc_container_put(s);
106 return -1;
107 }
108
109 pid = s->init_pid(s);
110 if (pid < 1) {
111 SYSERROR("Is container '%s' running?", s->name);
112 lxc_container_put(s);
113 return -1;
114 }
115
116 lxc_container_put(s);
117 }
118 if (kill(pid, 0) < 0) {
119 SYSERROR("Can't send signal to pid %d", pid);
120 return -1;
121 }
122
123 return pid;
124 }
125
126 static int open_ns(int pid, const char *ns_proc_name) {
127 int fd;
128 char path[MAXPATHLEN];
129 snprintf(path, MAXPATHLEN, "/proc/%d/ns/%s", pid, ns_proc_name);
130
131 fd = open(path, O_RDONLY);
132 if (fd < 0) {
133 SYSERROR("failed to open %s", path);
134 return -1;
135 }
136 return fd;
137 }
138
139 static int my_parser(struct lxc_arguments* args, int c, char* arg)
140 {
141 switch (c) {
142 case 'c': args->console = arg; break;
143 case 'L': args->console_log = arg; break;
144 case 'd': args->daemonize = 1; break;
145 case 'F': args->daemonize = 0; break;
146 case 'f': args->rcfile = arg; break;
147 case 'C': args->close_all_fds = 1; break;
148 case 's': return lxc_config_define_add(&defines, arg);
149 case 'p': args->pidfile = arg; break;
150 case OPT_SHARE_NET: args->share_ns[LXC_NS_NET] = arg; break;
151 case OPT_SHARE_IPC: args->share_ns[LXC_NS_IPC] = arg; break;
152 case OPT_SHARE_UTS: args->share_ns[LXC_NS_UTS] = arg; break;
153 case OPT_SHARE_PID: args->share_ns[LXC_NS_PID] = arg; break;
154 }
155 return 0;
156 }
157
158 static const struct option my_longopts[] = {
159 {"daemon", no_argument, 0, 'd'},
160 {"foreground", no_argument, 0, 'F'},
161 {"rcfile", required_argument, 0, 'f'},
162 {"define", required_argument, 0, 's'},
163 {"console", required_argument, 0, 'c'},
164 {"console-log", required_argument, 0, 'L'},
165 {"close-all-fds", no_argument, 0, 'C'},
166 {"pidfile", required_argument, 0, 'p'},
167 {"share-net", required_argument, 0, OPT_SHARE_NET},
168 {"share-ipc", required_argument, 0, OPT_SHARE_IPC},
169 {"share-uts", required_argument, 0, OPT_SHARE_UTS},
170 {"share-pid", required_argument, 0, OPT_SHARE_PID},
171 LXC_COMMON_OPTIONS
172 };
173
174 static struct lxc_arguments my_args = {
175 .progname = "lxc-start",
176 .help = "\
177 --name=NAME -- COMMAND\n\
178 \n\
179 lxc-start start COMMAND in specified container NAME\n\
180 \n\
181 Options :\n\
182 -n, --name=NAME NAME of the container\n\
183 -d, --daemon Daemonize the container (default)\n\
184 -F, --foreground Start with the current tty attached to /dev/console\n\
185 -p, --pidfile=FILE Create a file with the process id\n\
186 -f, --rcfile=FILE Load configuration file FILE\n\
187 -c, --console=FILE Use specified FILE for the container console\n\
188 -L, --console-log=FILE Log container console output to FILE\n\
189 -C, --close-all-fds If any fds are inherited, close them\n\
190 If not specified, exit with failure instead\n\
191 Note: --daemon implies --close-all-fds\n\
192 -s, --define KEY=VAL Assign VAL to configuration variable KEY\n\
193 --share-[net|ipc|uts|pid]=NAME Share a namespace with another container or pid\n\
194 ",
195 .options = my_longopts,
196 .parser = my_parser,
197 .checker = NULL,
198 .daemonize = 1,
199 .pidfile = NULL,
200 };
201
202 int main(int argc, char *argv[])
203 {
204 int err = EXIT_FAILURE;
205 struct lxc_conf *conf;
206 struct lxc_log log;
207 char *const *args;
208 char *rcfile = NULL;
209 char *const default_args[] = {
210 "/sbin/init",
211 NULL,
212 };
213 struct lxc_container *c;
214
215 lxc_list_init(&defines);
216
217 if (lxc_caps_init())
218 exit(err);
219
220 if (lxc_arguments_parse(&my_args, argc, argv))
221 exit(err);
222
223 if (!my_args.argc)
224 args = default_args;
225 else
226 args = my_args.argv;
227
228 log.name = my_args.name;
229 log.file = my_args.log_file;
230 log.level = my_args.log_priority;
231 log.prefix = my_args.progname;
232 log.quiet = my_args.quiet;
233 log.lxcpath = my_args.lxcpath[0];
234
235 if (lxc_log_init(&log))
236 exit(err);
237 lxc_log_options_no_override();
238
239 if (access(my_args.lxcpath[0], O_RDONLY) < 0) {
240 if (!my_args.quiet)
241 fprintf(stderr, "You lack access to %s\n", my_args.lxcpath[0]);
242 exit(err);
243 }
244
245 const char *lxcpath = my_args.lxcpath[0];
246
247 /*
248 * rcfile possibilities:
249 * 1. rcfile from random path specified in cli option
250 * 2. rcfile not specified, use $lxcpath/$lxcname/config
251 * 3. rcfile not specified and does not exist.
252 */
253 /* rcfile is specified in the cli option */
254 if (my_args.rcfile) {
255 rcfile = (char *)my_args.rcfile;
256 c = lxc_container_new(my_args.name, lxcpath);
257 if (!c) {
258 ERROR("Failed to create lxc_container");
259 exit(err);
260 }
261 c->clear_config(c);
262 if (!c->load_config(c, rcfile)) {
263 ERROR("Failed to load rcfile");
264 lxc_container_put(c);
265 exit(err);
266 }
267 c->configfile = strdup(my_args.rcfile);
268 if (!c->configfile) {
269 ERROR("Out of memory setting new config filename");
270 goto out;
271 }
272 } else {
273 int rc;
274
275 rc = asprintf(&rcfile, "%s/%s/config", lxcpath, my_args.name);
276 if (rc == -1) {
277 SYSERROR("failed to allocate memory");
278 exit(err);
279 }
280 INFO("using rcfile %s", rcfile);
281
282 /* container configuration does not exist */
283 if (access(rcfile, F_OK)) {
284 free(rcfile);
285 rcfile = NULL;
286 }
287 c = lxc_container_new(my_args.name, lxcpath);
288 if (!c) {
289 ERROR("Failed to create lxc_container");
290 exit(err);
291 }
292 }
293
294 /* We do not check here whether the container is defined, because we
295 * support volatile containers. Which means the container does not need
296 * to be created for it to be started. You can just pass a configuration
297 * file as argument and start the container right away.
298 */
299
300 if (!c->may_control(c)) {
301 fprintf(stderr, "Insufficent privileges to control %s\n", c->name);
302 goto out;
303 }
304
305 if (c->is_running(c)) {
306 ERROR("Container is already running.");
307 err = EXIT_SUCCESS;
308 goto out;
309 }
310 /*
311 * We should use set_config_item() over &defines, which would handle
312 * unset c->lxc_conf for us and let us not use lxc_config_define_load()
313 */
314 if (!c->lxc_conf)
315 c->lxc_conf = lxc_conf_init();
316 conf = c->lxc_conf;
317
318 if (lxc_config_define_load(&defines, conf))
319 goto out;
320
321 if (!rcfile && !strcmp("/sbin/init", args[0])) {
322 ERROR("Executing '/sbin/init' with no configuration file may crash the host");
323 goto out;
324 }
325
326 if (ensure_path(&conf->console.path, my_args.console) < 0) {
327 ERROR("failed to ensure console path '%s'", my_args.console);
328 goto out;
329 }
330
331 if (ensure_path(&conf->console.log_path, my_args.console_log) < 0) {
332 ERROR("failed to ensure console log '%s'", my_args.console_log);
333 goto out;
334 }
335
336 if (my_args.pidfile != NULL) {
337 if (ensure_path(&c->pidfile, my_args.pidfile) < 0) {
338 ERROR("failed to ensure pidfile '%s'", my_args.pidfile);
339 goto out;
340 }
341 }
342
343 int i;
344 for (i = 0; i < LXC_NS_MAX; i++) {
345 if (my_args.share_ns[i] == NULL)
346 continue;
347
348 int pid = pid_from_lxcname(my_args.share_ns[i], lxcpath);
349 if (pid < 1)
350 goto out;
351
352 int fd = open_ns(pid, ns_info[i].proc_name);
353 if (fd < 0)
354 goto out;
355 conf->inherit_ns_fd[i] = fd;
356 }
357
358 if (!my_args.daemonize) {
359 c->want_daemonize(c, false);
360 }
361
362 if (my_args.close_all_fds)
363 c->want_close_all_fds(c, true);
364
365 if (args == default_args)
366 err = c->start(c, 0, NULL) ? EXIT_SUCCESS : EXIT_FAILURE;
367 else
368 err = c->start(c, 0, args) ? EXIT_SUCCESS : EXIT_FAILURE;
369
370 if (err) {
371 ERROR("The container failed to start.");
372 if (my_args.daemonize)
373 ERROR("To get more details, run the container in foreground mode.");
374 ERROR("Additional information can be obtained by setting the "
375 "--logfile and --logpriority options.");
376 err = c->error_num;
377 lxc_container_put(c);
378 exit(err);
379 }
380
381 out:
382 lxc_container_put(c);
383 exit(err);
384 }
LXC mirror