2 * lxc: linux Container library
4 * (C) Copyright IBM Corp. 2007, 2008
7 * Daniel Lezcano <daniel.lezcano at free.fr>
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
31 #include <sys/types.h>
34 #include <sys/param.h>
35 #include <sys/mount.h>
39 #include <sys/types.h>
42 #include <sys/prctl.h>
47 #include "namespace.h"
49 #ifndef PR_SET_MM_ARG_START
50 #define PR_SET_MM_ARG_START 8
53 #ifndef PR_SET_MM_ARG_END
54 #define PR_SET_MM_ARG_END 9
57 #ifndef PR_SET_MM_ENV_START
58 #define PR_SET_MM_ENV_START 10
61 #ifndef PR_SET_MM_ENV_END
62 #define PR_SET_MM_ENV_END 11
65 lxc_log_define(lxc_utils
, lxc
);
67 static int _recursive_rmdir_onedev(char *dirname
, dev_t pdev
,
68 const char *exclude
, int level
)
70 struct dirent dirent
, *direntp
;
73 char pathname
[MAXPATHLEN
];
74 bool hadexclude
= false;
76 dir
= opendir(dirname
);
78 ERROR("%s: failed to open %s", __func__
, dirname
);
82 while (!readdir_r(dir
, &dirent
, &direntp
)) {
89 if (!strcmp(direntp
->d_name
, ".") ||
90 !strcmp(direntp
->d_name
, ".."))
93 rc
= snprintf(pathname
, MAXPATHLEN
, "%s/%s", dirname
, direntp
->d_name
);
94 if (rc
< 0 || rc
>= MAXPATHLEN
) {
95 ERROR("pathname too long");
100 if (!level
&& exclude
&& !strcmp(direntp
->d_name
, exclude
)) {
101 ret
= rmdir(pathname
);
105 INFO("Not deleting snapshots");
109 ret
= unlink(pathname
);
111 INFO("%s: failed to remove %s", __func__
, pathname
);
114 SYSERROR("%s: failed to rmdir %s", __func__
, pathname
);
122 ret
= lstat(pathname
, &mystat
);
124 ERROR("%s: failed to stat %s", __func__
, pathname
);
128 if (mystat
.st_dev
!= pdev
)
130 if (S_ISDIR(mystat
.st_mode
)) {
131 if (_recursive_rmdir_onedev(pathname
, pdev
, exclude
, level
+1) < 0)
134 if (unlink(pathname
) < 0) {
135 ERROR("%s: failed to delete %s", __func__
, pathname
);
141 if (rmdir(dirname
) < 0) {
143 ERROR("%s: failed to delete %s", __func__
, dirname
);
150 ERROR("%s: failed to close directory %s", __func__
, dirname
);
154 return failed
? -1 : 0;
157 /* returns 0 on success, -1 if there were any failures */
158 extern int lxc_rmdir_onedev(char *path
, const char *exclude
)
162 if (lstat(path
, &mystat
) < 0) {
163 ERROR("%s: failed to stat %s", __func__
, path
);
167 return _recursive_rmdir_onedev(path
, mystat
.st_dev
, exclude
, 0);
170 static int mount_fs(const char *source
, const char *target
, const char *type
)
172 /* the umount may fail */
174 WARN("failed to unmount %s : %s", target
, strerror(errno
));
176 if (mount(source
, target
, type
, 0, NULL
)) {
177 ERROR("failed to mount %s : %s", target
, strerror(errno
));
181 DEBUG("'%s' mounted on '%s'", source
, target
);
186 extern void lxc_setup_fs(void)
188 if (mount_fs("proc", "/proc", "proc"))
189 INFO("failed to remount proc");
191 /* if we can't mount /dev/shm, continue anyway */
192 if (mount_fs("shmfs", "/dev/shm", "tmpfs"))
193 INFO("failed to mount /dev/shm");
195 /* If we were able to mount /dev/shm, then /dev exists */
196 /* Sure, but it's read-only per config :) */
197 if (access("/dev/mqueue", F_OK
) && mkdir("/dev/mqueue", 0666)) {
198 DEBUG("failed to create '/dev/mqueue'");
202 /* continue even without posix message queue support */
203 if (mount_fs("mqueue", "/dev/mqueue", "mqueue"))
204 INFO("failed to mount /dev/mqueue");
207 /* borrowed from iproute2 */
208 extern int get_u16(unsigned short *val
, const char *arg
, int base
)
217 res
= strtoul(arg
, &ptr
, base
);
218 if (!ptr
|| ptr
== arg
|| *ptr
|| res
> 0xFFFF || errno
!= 0)
226 extern int mkdir_p(const char *dir
, mode_t mode
)
228 const char *tmp
= dir
;
229 const char *orig
= dir
;
233 dir
= tmp
+ strspn(tmp
, "/");
234 tmp
= dir
+ strcspn(dir
, "/");
235 makeme
= strndup(orig
, dir
- orig
);
237 if (mkdir(makeme
, mode
) && errno
!= EEXIST
) {
238 SYSERROR("failed to create directory '%s'", makeme
);
249 extern void remove_trailing_slashes(char *p
)
252 while (--l
>= 0 && (p
[l
] == '/' || p
[l
] == '\n'))
256 static char *copy_global_config_value(char *p
)
263 if (p
[len
-1] == '\n') {
267 retbuf
= malloc(len
+1);
274 #define DEFAULT_VG "lxc"
275 #define DEFAULT_THIN_POOL "lxc"
276 #define DEFAULT_ZFSROOT "lxc"
278 const char *lxc_global_config_value(const char *option_name
)
280 static const char * const options
[][2] = {
281 { "lxc.bdev.lvm.vg", DEFAULT_VG
},
282 { "lxc.bdev.lvm.thin_pool", DEFAULT_THIN_POOL
},
283 { "lxc.bdev.zfs.root", DEFAULT_ZFSROOT
},
284 { "lxc.lxcpath", NULL
},
285 { "lxc.default_config", NULL
},
286 { "lxc.cgroup.pattern", NULL
},
287 { "lxc.cgroup.use", NULL
},
291 /* placed in the thread local storage pool for non-bionic targets */
293 static __thread
const char *values
[sizeof(options
) / sizeof(options
[0])] = { 0 };
295 static const char *values
[sizeof(options
) / sizeof(options
[0])] = { 0 };
298 /* user_config_path is freed as soon as it is used */
299 char *user_config_path
= NULL
;
302 * The following variables are freed at bottom unconditionally.
303 * So NULL the value if it is to be returned to the caller
305 char *user_default_config_path
= NULL
;
306 char *user_lxc_path
= NULL
;
307 char *user_cgroup_pattern
= NULL
;
310 const char *user_home
= getenv("HOME");
314 user_config_path
= malloc(sizeof(char) * (22 + strlen(user_home
)));
315 user_default_config_path
= malloc(sizeof(char) * (26 + strlen(user_home
)));
316 user_lxc_path
= malloc(sizeof(char) * (19 + strlen(user_home
)));
318 sprintf(user_config_path
, "%s/.config/lxc/lxc.conf", user_home
);
319 sprintf(user_default_config_path
, "%s/.config/lxc/default.conf", user_home
);
320 sprintf(user_lxc_path
, "%s/.local/share/lxc/", user_home
);
321 user_cgroup_pattern
= strdup("%n");
324 user_config_path
= strdup(LXC_GLOBAL_CONF
);
325 user_default_config_path
= strdup(LXC_DEFAULT_CONFIG
);
326 user_lxc_path
= strdup(LXCPATH
);
327 user_cgroup_pattern
= strdup(DEFAULT_CGROUP_PATTERN
);
330 const char * const (*ptr
)[2];
332 char buf
[1024], *p
, *p2
;
335 for (i
= 0, ptr
= options
; (*ptr
)[0]; ptr
++, i
++) {
336 if (!strcmp(option_name
, (*ptr
)[0]))
340 free(user_config_path
);
341 free(user_default_config_path
);
343 free(user_cgroup_pattern
);
349 free(user_config_path
);
350 free(user_default_config_path
);
352 free(user_cgroup_pattern
);
356 fin
= fopen_cloexec(user_config_path
, "r");
357 free(user_config_path
);
359 while (fgets(buf
, 1024, fin
)) {
362 p
= strstr(buf
, option_name
);
365 /* see if there was just white space in front
368 for (p2
= buf
; p2
< p
; p2
++) {
369 if (*p2
!= ' ' && *p2
!= '\t')
377 /* see if there was just white space after
380 for (p2
+= strlen(option_name
); p2
< p
; p2
++) {
381 if (*p2
!= ' ' && *p2
!= '\t')
387 while (*p
&& (*p
== ' ' || *p
== '\t')) p
++;
391 if (strcmp(option_name
, "lxc.lxcpath") == 0) {
393 user_lxc_path
= copy_global_config_value(p
);
394 remove_trailing_slashes(user_lxc_path
);
395 values
[i
] = user_lxc_path
;
396 user_lxc_path
= NULL
;
400 values
[i
] = copy_global_config_value(p
);
404 /* could not find value, use default */
405 if (strcmp(option_name
, "lxc.lxcpath") == 0) {
406 remove_trailing_slashes(user_lxc_path
);
407 values
[i
] = user_lxc_path
;
408 user_lxc_path
= NULL
;
410 else if (strcmp(option_name
, "lxc.default_config") == 0) {
411 values
[i
] = user_default_config_path
;
412 user_default_config_path
= NULL
;
414 else if (strcmp(option_name
, "lxc.cgroup.pattern") == 0) {
415 values
[i
] = user_cgroup_pattern
;
416 user_cgroup_pattern
= NULL
;
419 values
[i
] = (*ptr
)[1];
421 /* special case: if default value is NULL,
422 * and there is no config, don't view that
431 free(user_cgroup_pattern
);
432 free(user_default_config_path
);
443 if (geteuid() == 0) {
444 rundir
= strdup(RUNTIME_PATH
);
448 rundir
= getenv("XDG_RUNTIME_DIR");
450 rundir
= strdup(rundir
);
454 INFO("XDG_RUNTIME_DIR isn't set in the environment.");
455 homedir
= getenv("HOME");
457 ERROR("HOME isn't set in the environment.");
461 rundir
= malloc(sizeof(char) * (17 + strlen(homedir
)));
462 sprintf(rundir
, "%s/.cache/lxc/run/", homedir
);
467 int wait_for_pid(pid_t pid
)
472 ret
= waitpid(pid
, &status
, 0);
480 if (!WIFEXITED(status
) || WEXITSTATUS(status
) != 0)
485 int lxc_wait_for_pid_status(pid_t pid
)
490 ret
= waitpid(pid
, &status
, 0);
501 ssize_t
lxc_write_nointr(int fd
, const void* buf
, size_t count
)
505 ret
= write(fd
, buf
, count
);
506 if (ret
< 0 && errno
== EINTR
)
511 ssize_t
lxc_read_nointr(int fd
, void* buf
, size_t count
)
515 ret
= read(fd
, buf
, count
);
516 if (ret
< 0 && errno
== EINTR
)
521 ssize_t
lxc_read_nointr_expect(int fd
, void* buf
, size_t count
, const void* expected_buf
)
524 ret
= lxc_read_nointr(fd
, buf
, count
);
527 if ((size_t)ret
!= count
)
529 if (expected_buf
&& memcmp(buf
, expected_buf
, count
) != 0) {
537 #include <gnutls/gnutls.h>
538 #include <gnutls/crypto.h>
540 __attribute__((constructor
))
541 static void gnutls_lxc_init(void)
543 gnutls_global_init();
546 int sha1sum_file(char *fnam
, unsigned char *digest
)
555 f
= fopen_cloexec(fnam
, "r");
557 SYSERROR("Error opening template");
560 if (fseek(f
, 0, SEEK_END
) < 0) {
561 SYSERROR("Error seeking to end of template");
565 if ((flen
= ftell(f
)) < 0) {
566 SYSERROR("Error telling size of template");
570 if (fseek(f
, 0, SEEK_SET
) < 0) {
571 SYSERROR("Error seeking to start of template");
575 if ((buf
= malloc(flen
+1)) == NULL
) {
576 SYSERROR("Out of memory");
580 if (fread(buf
, 1, flen
, f
) != flen
) {
581 SYSERROR("Failure reading template");
587 SYSERROR("Failre closing template");
592 ret
= gnutls_hash_fast(GNUTLS_DIG_SHA1
, buf
, flen
, (void *)digest
);
598 char** lxc_va_arg_list_to_argv(va_list ap
, size_t skip
, int do_strdup
)
601 size_t count
= 1 + skip
;
604 /* first determine size of argument list, we don't want to reallocate
609 char* arg
= va_arg(ap2
, char*);
616 result
= calloc(count
, sizeof(char*));
621 char* arg
= va_arg(ap
, char*);
624 arg
= do_strdup
? strdup(arg
) : arg
;
627 result
[count
++] = arg
;
630 /* calloc has already set last element to NULL*/
638 const char** lxc_va_arg_list_to_argv_const(va_list ap
, size_t skip
)
640 return (const char**)lxc_va_arg_list_to_argv(ap
, skip
, 0);
643 FILE *fopen_cloexec(const char *path
, const char *mode
)
651 if (!strncmp(mode
, "r+", 2)) {
654 } else if (!strncmp(mode
, "r", 1)) {
655 open_mode
= O_RDONLY
;
657 } else if (!strncmp(mode
, "w+", 2)) {
658 open_mode
= O_RDWR
| O_TRUNC
| O_CREAT
;
660 } else if (!strncmp(mode
, "w", 1)) {
661 open_mode
= O_WRONLY
| O_TRUNC
| O_CREAT
;
663 } else if (!strncmp(mode
, "a+", 2)) {
664 open_mode
= O_RDWR
| O_CREAT
| O_APPEND
;
666 } else if (!strncmp(mode
, "a", 1)) {
667 open_mode
= O_WRONLY
| O_CREAT
| O_APPEND
;
670 for (; mode
[step
]; step
++)
671 if (mode
[step
] == 'x')
673 open_mode
|= O_CLOEXEC
;
675 fd
= open(path
, open_mode
, 0666);
679 ret
= fdopen(fd
, mode
);
687 extern struct lxc_popen_FILE
*lxc_popen(const char *command
)
689 struct lxc_popen_FILE
*fp
= NULL
;
690 int parent_end
= -1, child_end
= -1;
694 int r
= pipe2(pipe_fds
, O_CLOEXEC
);
697 ERROR("pipe2 failure");
701 parent_end
= pipe_fds
[0];
702 child_end
= pipe_fds
[1];
706 if (child_pid
== 0) {
708 int child_std_end
= STDOUT_FILENO
;
710 if (child_end
!= child_std_end
) {
711 /* dup2() doesn't dup close-on-exec flag */
712 dup2(child_end
, child_std_end
);
714 /* it's safe not to close child_end here
715 * as it's marked close-on-exec anyway
719 * The descriptor is already the one we will use.
720 * But it must not be marked close-on-exec.
723 if (fcntl(child_end
, F_SETFD
, 0) != 0) {
724 SYSERROR("Failed to remove FD_CLOEXEC from fd.");
731 * This is the main/only reason
732 * why we do our lousy popen() emulation.
737 sigprocmask(SIG_UNBLOCK
, &mask
, NULL
);
740 execl("/bin/sh", "sh", "-c", command
, (char *) NULL
);
750 ERROR("fork failure");
754 fp
= calloc(1, sizeof(*fp
));
756 ERROR("failed to allocate memory");
760 fp
->f
= fdopen(parent_end
, "r");
762 ERROR("fdopen failure");
766 fp
->child_pid
= child_pid
;
775 parent_end
= -1; /* so we do not close it second time */
781 if (parent_end
!= -1)
787 extern int lxc_pclose(struct lxc_popen_FILE
*fp
)
796 child_pid
= fp
->child_pid
;
797 /* free memory (we still need to close file stream) */
802 if (!f
|| fclose(f
)) {
803 ERROR("fclose failure");
808 wait_pid
= waitpid(child_pid
, &wstatus
, 0);
809 } while (wait_pid
== -1 && errno
== EINTR
);
811 if (wait_pid
== -1) {
812 ERROR("waitpid failure");
819 char *lxc_string_replace(const char *needle
, const char *replacement
, const char *haystack
)
821 ssize_t len
= -1, saved_len
= -1;
823 size_t replacement_len
= strlen(replacement
);
824 size_t needle_len
= strlen(needle
);
826 /* should be executed exactly twice */
827 while (len
== -1 || result
== NULL
) {
833 result
= calloc(1, len
+ 1);
841 for (last_p
= (char *)haystack
, p
= strstr(last_p
, needle
); p
; last_p
= p
, p
= strstr(last_p
, needle
)) {
842 part_len
= (ssize_t
)(p
- last_p
);
843 if (result
&& part_len
> 0)
844 memcpy(&result
[len
], last_p
, part_len
);
846 if (result
&& replacement_len
> 0)
847 memcpy(&result
[len
], replacement
, replacement_len
);
848 len
+= replacement_len
;
851 part_len
= strlen(last_p
);
852 if (result
&& part_len
> 0)
853 memcpy(&result
[len
], last_p
, part_len
);
857 /* make sure we did the same thing twice,
858 * once for calculating length, the other
859 * time for copying data */
860 assert(saved_len
== len
);
861 /* make sure we didn't overwrite any buffer,
862 * due to calloc the string should be 0-terminated */
863 assert(result
[len
] == '\0');
868 bool lxc_string_in_array(const char *needle
, const char **haystack
)
870 for (; haystack
&& *haystack
; haystack
++)
871 if (!strcmp(needle
, *haystack
))
876 char *lxc_string_join(const char *sep
, const char **parts
, bool use_as_prefix
)
880 size_t sep_len
= strlen(sep
);
881 size_t result_len
= use_as_prefix
* sep_len
;
883 /* calculate new string length */
884 for (p
= (char **)parts
; *p
; p
++)
885 result_len
+= (p
> (char **)parts
) * sep_len
+ strlen(*p
);
887 result
= calloc(result_len
+ 1, 1);
893 for (p
= (char **)parts
; *p
; p
++) {
894 if (p
> (char **)parts
)
902 char **lxc_normalize_path(const char *path
)
906 size_t components_len
= 0;
909 components
= lxc_string_split(path
, '/');
912 for (p
= components
; *p
; p
++)
915 /* resolve '.' and '..' */
916 for (pos
= 0; pos
< components_len
; ) {
917 if (!strcmp(components
[pos
], ".") || (!strcmp(components
[pos
], "..") && pos
== 0)) {
918 /* eat this element */
919 free(components
[pos
]);
920 memmove(&components
[pos
], &components
[pos
+1], sizeof(char *) * (components_len
- pos
));
922 } else if (!strcmp(components
[pos
], "..")) {
923 /* eat this and the previous element */
924 free(components
[pos
- 1]);
925 free(components
[pos
]);
926 memmove(&components
[pos
-1], &components
[pos
+1], sizeof(char *) * (components_len
- pos
));
937 char *lxc_append_paths(const char *first
, const char *second
)
939 size_t len
= strlen(first
) + strlen(second
) + 1;
940 const char *pattern
= "%s%s";
943 if (second
[0] != '/') {
948 result
= calloc(1, len
);
952 snprintf(result
, len
, pattern
, first
, second
);
956 bool lxc_string_in_list(const char *needle
, const char *haystack
, char _sep
)
958 char *token
, *str
, *saveptr
= NULL
;
959 char sep
[2] = { _sep
, '\0' };
961 if (!haystack
|| !needle
)
964 str
= alloca(strlen(haystack
)+1);
965 strcpy(str
, haystack
);
966 for (; (token
= strtok_r(str
, sep
, &saveptr
)); str
= NULL
) {
967 if (strcmp(needle
, token
) == 0)
974 char **lxc_string_split(const char *string
, char _sep
)
976 char *token
, *str
, *saveptr
= NULL
;
977 char sep
[2] = { _sep
, '\0' };
978 char **result
= NULL
;
979 size_t result_capacity
= 0;
980 size_t result_count
= 0;
984 return calloc(1, sizeof(char *));
986 str
= alloca(strlen(string
)+1);
988 for (; (token
= strtok_r(str
, sep
, &saveptr
)); str
= NULL
) {
989 r
= lxc_grow_array((void ***)&result
, &result_capacity
, result_count
+ 1, 16);
992 result
[result_count
] = strdup(token
);
993 if (!result
[result_count
])
998 /* if we allocated too much, reduce it */
999 return realloc(result
, (result_count
+ 1) * sizeof(char *));
1001 saved_errno
= errno
;
1002 lxc_free_array((void **)result
, free
);
1003 errno
= saved_errno
;
1007 char **lxc_string_split_and_trim(const char *string
, char _sep
)
1009 char *token
, *str
, *saveptr
= NULL
;
1010 char sep
[2] = { _sep
, '\0' };
1011 char **result
= NULL
;
1012 size_t result_capacity
= 0;
1013 size_t result_count
= 0;
1018 return calloc(1, sizeof(char *));
1020 str
= alloca(strlen(string
)+1);
1021 strcpy(str
, string
);
1022 for (; (token
= strtok_r(str
, sep
, &saveptr
)); str
= NULL
) {
1023 while (token
[0] == ' ' || token
[0] == '\t')
1026 while (i
> 0 && (token
[i
- 1] == ' ' || token
[i
- 1] == '\t')) {
1027 token
[i
- 1] = '\0';
1030 r
= lxc_grow_array((void ***)&result
, &result_capacity
, result_count
+ 1, 16);
1033 result
[result_count
] = strdup(token
);
1034 if (!result
[result_count
])
1039 /* if we allocated too much, reduce it */
1040 return realloc(result
, (result_count
+ 1) * sizeof(char *));
1042 saved_errno
= errno
;
1043 lxc_free_array((void **)result
, free
);
1044 errno
= saved_errno
;
1048 void lxc_free_array(void **array
, lxc_free_fn element_free_fn
)
1051 for (p
= array
; p
&& *p
; p
++)
1052 element_free_fn(*p
);
1056 int lxc_grow_array(void ***array
, size_t* capacity
, size_t new_size
, size_t capacity_increment
)
1058 size_t new_capacity
;
1061 /* first time around, catch some trivial mistakes of the user
1062 * only initializing one of these */
1063 if (!*array
|| !*capacity
) {
1068 new_capacity
= *capacity
;
1069 while (new_size
+ 1 > new_capacity
)
1070 new_capacity
+= capacity_increment
;
1071 if (new_capacity
!= *capacity
) {
1072 /* we have to reallocate */
1073 new_array
= realloc(*array
, new_capacity
* sizeof(void *));
1076 memset(&new_array
[*capacity
], 0, (new_capacity
- (*capacity
)) * sizeof(void *));
1078 *capacity
= new_capacity
;
1081 /* array has sufficient elements */
1085 size_t lxc_array_len(void **array
)
1090 for (p
= array
; p
&& *p
; p
++)
1096 int lxc_write_to_file(const char *filename
, const void* buf
, size_t count
, bool add_newline
)
1098 int fd
, saved_errno
;
1101 fd
= open(filename
, O_WRONLY
| O_TRUNC
| O_CREAT
| O_CLOEXEC
, 0666);
1104 ret
= lxc_write_nointr(fd
, buf
, count
);
1107 if ((size_t)ret
!= count
)
1110 ret
= lxc_write_nointr(fd
, "\n", 1);
1118 saved_errno
= errno
;
1120 errno
= saved_errno
;
1124 int lxc_read_from_file(const char *filename
, void* buf
, size_t count
)
1126 int fd
= -1, saved_errno
;
1129 fd
= open(filename
, O_RDONLY
| O_CLOEXEC
);
1133 if (!buf
|| !count
) {
1136 while ((ret
= read(fd
, buf2
, 100)) > 0)
1141 memset(buf
, 0, count
);
1142 ret
= read(fd
, buf
, count
);
1146 ERROR("read %s: %s", filename
, strerror(errno
));
1148 saved_errno
= errno
;
1150 errno
= saved_errno
;
1154 void **lxc_append_null_to_array(void **array
, size_t count
)
1158 /* Append NULL to the array */
1160 temp
= realloc(array
, (count
+ 1) * sizeof(*array
));
1163 for (i
= 0; i
< count
; i
++)
1169 array
[count
] = NULL
;
1174 int randseed(bool srand_it
)
1177 srand pre-seed function based on /dev/urandom
1179 unsigned int seed
=time(NULL
)+getpid();
1182 f
= fopen("/dev/urandom", "r");
1184 int ret
= fread(&seed
, sizeof(seed
), 1, f
);
1186 DEBUG("unable to fread /dev/urandom, %s, fallback to time+pid rand seed", strerror(errno
));
1196 uid_t
get_ns_uid(uid_t orig
)
1200 uid_t nsid
, hostid
, range
;
1201 FILE *f
= fopen("/proc/self/uid_map", "r");
1205 while (getline(&line
, &sz
, f
) != -1) {
1206 if (sscanf(line
, "%u %u %u", &nsid
, &hostid
, &range
) != 3)
1208 if (hostid
<= orig
&& hostid
+ range
> orig
) {
1209 nsid
+= orig
- hostid
;
1221 bool dir_exists(const char *path
)
1226 ret
= stat(path
, &sb
);
1228 // could be something other than eexist, just say no
1230 return S_ISDIR(sb
.st_mode
);
1233 /* Note we don't use SHA-1 here as we don't want to depend on HAVE_GNUTLS.
1234 * FNV has good anti collision properties and we're not worried
1235 * about pre-image resistance or one-way-ness, we're just trying to make
1236 * the name unique in the 108 bytes of space we have.
1238 uint64_t fnv_64a_buf(void *buf
, size_t len
, uint64_t hval
)
1242 for(bp
= buf
; bp
< (unsigned char *)buf
+ len
; bp
++)
1244 /* xor the bottom with the current octet */
1245 hval
^= (uint64_t)*bp
;
1248 * multiply by the 64 bit FNV magic prime mod 2^64
1250 hval
+= (hval
<< 1) + (hval
<< 4) + (hval
<< 5) +
1251 (hval
<< 7) + (hval
<< 8) + (hval
<< 40);
1258 * Detect whether / is mounted MS_SHARED. The only way I know of to
1259 * check that is through /proc/self/mountinfo.
1260 * I'm only checking for /. If the container rootfs or mount location
1261 * is MS_SHARED, but not '/', then you're out of luck - figuring that
1262 * out would be too much work to be worth it.
1264 #define LINELEN 4096
1265 int detect_shared_rootfs(void)
1267 char buf
[LINELEN
], *p
;
1272 f
= fopen("/proc/self/mountinfo", "r");
1275 while (fgets(buf
, LINELEN
, f
)) {
1276 for (p
= buf
, i
=0; p
&& i
< 4; i
++)
1277 p
= strchr(p
+1, ' ');
1280 p2
= strchr(p
+1, ' ');
1284 if (strcmp(p
+1, "/") == 0) {
1285 // this is '/'. is it shared?
1286 p
= strchr(p2
+1, ' ');
1287 if (p
&& strstr(p
, "shared:")) {
1297 bool switch_to_ns(pid_t pid
, const char *ns
) {
1299 char nspath
[MAXPATHLEN
];
1301 /* Switch to new ns */
1302 ret
= snprintf(nspath
, MAXPATHLEN
, "/proc/%d/ns/%s", pid
, ns
);
1303 if (ret
< 0 || ret
>= MAXPATHLEN
)
1306 fd
= open(nspath
, O_RDONLY
);
1308 SYSERROR("failed to open %s", nspath
);
1314 SYSERROR("failed to set process %d to %s of %d.", pid
, ns
, fd
);
1323 * looking at fs/proc_namespace.c, it appears we can
1324 * actually expect the rootfs entry to very specifically contain
1325 * " - rootfs rootfs "
1326 * IIUC, so long as we've chrooted so that rootfs is not our root,
1327 * the rootfs entry should always be skipped in mountinfo contents.
1329 int detect_ramfs_rootfs(void)
1331 char buf
[LINELEN
], *p
;
1336 f
= fopen("/proc/self/mountinfo", "r");
1339 while (fgets(buf
, LINELEN
, f
)) {
1340 for (p
= buf
, i
=0; p
&& i
< 4; i
++)
1341 p
= strchr(p
+1, ' ');
1344 p2
= strchr(p
+1, ' ');
1348 if (strcmp(p
+1, "/") == 0) {
1349 // this is '/'. is it the ramfs?
1350 p
= strchr(p2
+1, '-');
1351 if (p
&& strncmp(p
, "- rootfs rootfs ", 16) == 0) {
1361 char *on_path(char *cmd
, const char *rootfs
) {
1364 char *saveptr
= NULL
;
1365 char cmdpath
[MAXPATHLEN
];
1368 path
= getenv("PATH");
1372 path
= strdup(path
);
1376 entry
= strtok_r(path
, ":", &saveptr
);
1379 ret
= snprintf(cmdpath
, MAXPATHLEN
, "%s/%s/%s", rootfs
, entry
, cmd
);
1381 ret
= snprintf(cmdpath
, MAXPATHLEN
, "%s/%s", entry
, cmd
);
1383 if (ret
< 0 || ret
>= MAXPATHLEN
)
1386 if (access(cmdpath
, X_OK
) == 0) {
1388 return strdup(cmdpath
);
1392 entry
= strtok_r(NULL
, ":", &saveptr
);
1399 bool file_exists(const char *f
)
1401 struct stat statbuf
;
1403 return stat(f
, &statbuf
) == 0;
1406 /* historically lxc-init has been under /usr/lib/lxc and under
1407 * /usr/lib/$ARCH/lxc. It now lives as $prefix/sbin/init.lxc.
1409 char *choose_init(const char *rootfs
)
1412 const char *empty
= "",
1414 int ret
, env_set
= 0;
1417 if (!getenv("PATH")) {
1418 if (setenv("PATH", "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", 0))
1419 SYSERROR("Failed to setenv");
1423 retv
= on_path("init.lxc", rootfs
);
1426 if (unsetenv("PATH"))
1427 SYSERROR("Failed to unsetenv");
1433 retv
= malloc(PATH_MAX
);
1442 ret
= snprintf(retv
, PATH_MAX
, "%s/%s/%s", tmp
, SBINDIR
, "/init.lxc");
1443 if (ret
< 0 || ret
>= PATH_MAX
) {
1444 ERROR("pathname too long");
1448 ret
= stat(retv
, &mystat
);
1452 ret
= snprintf(retv
, PATH_MAX
, "%s/%s/%s", tmp
, LXCINITDIR
, "/lxc/lxc-init");
1453 if (ret
< 0 || ret
>= PATH_MAX
) {
1454 ERROR("pathname too long");
1458 ret
= stat(retv
, &mystat
);
1462 ret
= snprintf(retv
, PATH_MAX
, "%s/usr/lib/lxc/lxc-init", tmp
);
1463 if (ret
< 0 || ret
>= PATH_MAX
) {
1464 ERROR("pathname too long");
1467 ret
= stat(retv
, &mystat
);
1471 ret
= snprintf(retv
, PATH_MAX
, "%s/sbin/lxc-init", tmp
);
1472 if (ret
< 0 || ret
>= PATH_MAX
) {
1473 ERROR("pathname too long");
1476 ret
= stat(retv
, &mystat
);
1481 * Last resort, look for the statically compiled init.lxc which we
1482 * hopefully bind-mounted in.
1483 * If we are called during container setup, and we get to this point,
1484 * then the init.lxc.static from the host will need to be bind-mounted
1485 * in. So we return NULL here to indicate that.
1490 ret
= snprintf(retv
, PATH_MAX
, "/init.lxc.static");
1491 if (ret
< 0 || ret
>= PATH_MAX
) {
1492 WARN("Nonsense - name /lxc.init.static too long");
1495 ret
= stat(retv
, &mystat
);
1504 int print_to_file(const char *file
, const char *content
)
1509 f
= fopen(file
, "w");
1512 if (fprintf(f
, "%s", content
) != strlen(content
))
1518 int is_dir(const char *path
)
1520 struct stat statbuf
;
1521 int ret
= stat(path
, &statbuf
);
1522 if (ret
== 0 && S_ISDIR(statbuf
.st_mode
))
1528 * Given the '-t' template option to lxc-create, figure out what to
1529 * do. If the template is a full executable path, use that. If it
1530 * is something like 'sshd', then return $templatepath/lxc-sshd.
1531 * On success return the template, on error return NULL.
1533 char *get_template_path(const char *t
)
1538 if (t
[0] == '/' && access(t
, X_OK
) == 0) {
1543 len
= strlen(LXCTEMPLATEDIR
) + strlen(t
) + strlen("/lxc-") + 1;
1544 tpath
= malloc(len
);
1547 ret
= snprintf(tpath
, len
, "%s/lxc-%s", LXCTEMPLATEDIR
, t
);
1548 if (ret
< 0 || ret
>= len
) {
1552 if (access(tpath
, X_OK
) < 0) {
1553 SYSERROR("bad template: %s", t
);
1562 * Sets the process title to the specified title. Note:
1563 * 1. this function requires root to succeed
1564 * 2. it clears /proc/self/environ
1565 * 3. it may not succed (e.g. if title is longer than /proc/self/environ +
1566 * the original title)
1568 int setproctitle(char *title
)
1570 char buf
[2048], *tmp
;
1572 int i
, len
, ret
= 0;
1573 unsigned long arg_start
, arg_end
, env_start
, env_end
;
1575 f
= fopen_cloexec("/proc/self/stat", "r");
1580 tmp
= fgets(buf
, sizeof(buf
), f
);
1586 /* Skip the first 47 fields, column 48-51 are ARG_START and
1588 tmp
= strchr(buf
, ' ');
1589 for (i
= 0; i
< 46; i
++) {
1592 tmp
= strchr(tmp
+1, ' ');
1595 i
= sscanf(tmp
, "%lu %lu %lu %lu", &arg_start
, &arg_end
, &env_start
, &env_end
);
1600 /* We're truncating the environment, so we should use at most the
1601 * length of the argument + environment for the title. */
1602 len
= strlen(title
);
1603 if (len
> env_end
- arg_start
) {
1605 len
= env_end
- arg_start
;
1607 /* Only truncate the environment if we're actually going to
1608 * overwrite part of it. */
1609 if (len
>= arg_end
- arg_start
) {
1610 env_start
= env_end
;
1612 arg_end
= arg_start
+ len
;
1616 /* memcpy instead of strcpy since this isn't null terminated */
1617 memcpy((void*)arg_start
, title
, len
);
1619 ret
|= prctl(PR_SET_MM
, PR_SET_MM_ARG_START
, (long)arg_start
, 0, 0);
1620 ret
|= prctl(PR_SET_MM
, PR_SET_MM_ARG_END
, (long)arg_end
, 0, 0);
1621 ret
|= prctl(PR_SET_MM
, PR_SET_MM_ENV_START
, (long)env_start
, 0, 0);
1622 ret
|= prctl(PR_SET_MM
, PR_SET_MM_ENV_END
, (long)env_end
, 0, 0);