]>
git.proxmox.com Git - pve-container.git/blob - src/lxc-pve-prestart-hook
3 package lxc_pve_prestart_hook
;
8 use Fcntl
qw(O_DIRECTORY :mode);
19 use PVE
::RESTEnvironment
;
22 use PVE
::Syscall
qw(:fsmount);
23 use PVE
::Tools
qw(AT_FDCWD O_PATH);
27 my ($vmid, $message) = @_;
29 if (!defined($WARNFD)) {
30 open($WARNFD, '>', "/run/pve/ct-${vmid}.warnings");
32 print $WARNFD "$message\n";
35 PVE
::LXC
::Tools
::lxc_hook
('pre-start', 'lxc', sub {
36 my ($vmid, $vars, undef, undef) = @_;
38 my $skiplock_flag_fn = "/run/lxc/skiplock-$vmid";
39 my $skiplock = -e
$skiplock_flag_fn;
40 unlink $skiplock_flag_fn if $skiplock;
42 PVE
::Cluster
::check_cfs_quorum
(); # only start if we have quorum
44 PVE
::RESTEnvironment-
>setup_default_cli_env();
46 return undef if ! -f PVE
::LXC
::Config-
>config_file($vmid);
48 my $conf = PVE
::LXC
::Config-
>load_config($vmid);
49 if (!$skiplock && !PVE
::LXC
::Config-
>has_lock($conf, 'mounted')) {
50 PVE
::LXC
::Config-
>check_lock($conf);
53 cleanup_cgroups
($vmid);
55 my $storage_cfg = PVE
::Storage
::config
();
57 my $rootdir = $vars->{ROOTFS_PATH
};
59 # Delete any leftover reboot-trigger file
60 unlink("/var/lib/lxc/$vmid/reboot");
62 # Delete the old device list file
63 # in case it was left over from a previous version of pve-container.
64 unlink("/var/lib/lxc/$vmid/devices");
68 my ($id_map, $rootuid, $rootgid) = PVE
::LXC
::parse_id_maps
($conf);
70 # Unmount first when the user mounted the container with "pct mount".
72 PVE
::Tools
::run_command
(['umount', '--recursive', $rootdir], outfunc
=> sub {}, errfunc
=> sub {});
75 my $rootdir_fd = undef;
76 my $setup_mountpoint = sub {
77 my ($opt, $mountpoint) = @_;
79 my $dir = PVE
::LXC
::get_staging_mount_path
($opt);
80 my (undef, undef, $dev, $mount_fd) = PVE
::LXC
::mountpoint_stage
(
89 my ($dest_dir, $dest_base_fd);
91 # Mount relative to the rootdir fd.
92 $dest_base_fd = $rootdir_fd;
93 $dest_dir = './' . $mountpoint->{mp
};
95 # Assert that 'rootfs' is the first one:
96 die "foreach_mount() error\n" if $opt ne 'rootfs';
98 # Mount the rootfs absolutely.
99 # $rootdir is not controlled by the container, so this is fine.
100 sysopen($dest_base_fd, '/', O_PATH
| O_DIRECTORY
)
101 or die "failed to open '.': $!\n";
102 $dest_dir = $rootdir;
105 PVE
::LXC
::mountpoint_insert_staged
(
114 # From now on we mount inside our rootfs:
116 $rootdir_fd = $mount_fd;
119 push @$devices, $dev if $dev && $mountpoint->{quota
};
122 PVE
::LXC
::Config-
>foreach_volume($conf, $setup_mountpoint);
125 my $passthrough_devices = [];
127 my $passthrough_dir = "/var/lib/lxc/$vmid/passthrough";
128 File
::Path
::make_path
($passthrough_dir);
129 PVE
::Tools
::mount
("none", $passthrough_dir, "tmpfs", 0, "size=8k")
130 or die ("Could not mount tmpfs for device passthrough at $passthrough_dir: $!");
132 my $setup_passthrough_device = sub {
133 my ($key, $device) = @_;
135 my $absolute_path = $device->{path
};
136 my ($mode, $rdev) = (stat($absolute_path))[2, 6];
138 die "Could not get mode or device ID of $absolute_path\n"
139 if (!defined($mode) || !defined($rdev));
141 my $passthrough_device_path = $passthrough_dir . $absolute_path;
142 File
::Path
::make_path
(dirname
($passthrough_device_path));
143 PVE
::Tools
::mknod
($passthrough_device_path, $mode, $rdev)
144 or die("failed to mknod $passthrough_device_path: $!\n");
146 # Use chmod because umask could mess with the access mode on mknod
147 my $passthrough_mode = 0660;
148 $passthrough_mode = oct($device->{mode
}) if defined($device->{mode
});
149 chmod $passthrough_mode, $passthrough_device_path
150 or die "failed to chmod $passthrough_mode $passthrough_device_path: $!\n";
152 # Set uid and gid of the device node
155 $uid = $device->{uid
} if defined($device->{uid
});
156 $gid = $device->{gid
} if defined($device->{gid
});
157 $uid = PVE
::LXC
::map_ct_uid_to_host
($uid, $id_map);
158 $gid = PVE
::LXC
::map_ct_gid_to_host
($gid, $id_map);
159 chown $uid, $gid, $passthrough_device_path
160 or die("failed to chown $uid:$gid $passthrough_device_path: $!\n");
162 push @$passthrough_devices, [$absolute_path, $mode, $rdev];
165 PVE
::LXC
::Config-
>foreach_passthrough_device($conf, $setup_passthrough_device);
167 my $lxc_setup = PVE
::LXC
::Setup-
>new($conf, $rootdir);
168 $lxc_setup->pre_start_hook();
170 if (PVE
::CGroup
::cgroup_mode
() == 2) {
171 if (!$lxc_setup->unified_cgroupv2_support()) {
172 log_warn
($vmid, "old systemd (< v232) detected, container won't run in a pure cgroupv2"
173 ." environment! Please see documentation -> container -> cgroup version.");
174 syslog
('err', "CT $vmid does not support running in a pure cgroupv2 environment\n");
180 foreach my $dev (@$devices) {
181 my ($mode, $rdev) = (stat($dev))[2,6];
182 next if !$mode || !S_ISBLK
($mode) || !$rdev;
183 my $major = PVE
::Tools
::dev_t_major
($rdev);
184 my $minor = PVE
::Tools
::dev_t_minor
($rdev);
185 $devlist .= "b:$major:$minor:$dev\n";
187 PVE
::Tools
::file_set_contents
("/var/lib/lxc/$vmid/passthrough/mounts", $devlist);
190 if (@$passthrough_devices) {
192 for my $dev (@$passthrough_devices) {
193 my ($path, $mode, $rdev) = @$dev;
194 my $major = PVE
::Tools
::dev_t_major
($rdev);
195 my $minor = PVE
::Tools
::dev_t_minor
($rdev);
196 my $device_type_char = S_ISBLK
($mode) ?
'b' : 'c';
197 $devlist .= "$device_type_char:$major:$minor:$path\n";
199 PVE
::Tools
::file_set_contents
("/var/lib/lxc/$vmid/passthrough/devices", $devlist);
203 # Leftover cgroups prevent lxc from starting without any useful information
204 # showing up in the journal, it is also often unable to properly clean them up
205 # at shutdown, so we do this here.
206 sub cleanup_cgroups
($) {
209 if (PVE
::CGroup
::cgroup_mode
() == 2) {
210 rmdir_recursive
("/sys/fs/cgroup/lxc/$vmid");
211 rmdir_recursive
("/sys/fs/cgroup/lxc.monitor/$vmid");
213 my ($v1, $v2) = PVE
::CGroup
::get_cgroup_controllers
();
215 my @controllers_cgv1 = keys %$v1;
216 foreach my $controller (@controllers_cgv1) {
217 $controller =~ s/^name=//; # `name=systemd` is mounted just as `systemd`
218 rmdir_recursive
("/sys/fs/cgroup/$controller/lxc/$vmid");
219 rmdir_recursive
("/sys/fs/cgroup/$controller/lxc.monitor/$vmid");
223 rmdir_recursive
("/sys/fs/cgroup/unified/lxc/$vmid");
224 rmdir_recursive
("/sys/fs/cgroup/unified/lxc.monitor/$vmid");
229 # FIXME: This is an ugly version without openat() because perl has no equivalent
230 # of fdopendir() so we cannot readdir from an openat() opened handle.
231 sub rmdir_recursive
{
235 if (!opendir($dh, $path)) {
236 return if $!{ENOENT
};
237 die "failed to open directory '$path': $!\n";
240 while (defined(my $entry = readdir($dh))) {
241 next if $entry eq '.' || $entry eq '..';
242 my $next = "$path/$entry";
244 rmdir_recursive
($next);
247 rmdir($path) or die "failed to remove directory '$path': $!\n";