src/tests/share_ns.c

   1 /* liblxcapi
   2  *
   3  * Copyright © 2017 Christian Brauner <christian.brauner@ubuntu.com>.
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This program is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details.
  13  *
  14  * You should have received a copy of the GNU General Public License along
  15  * with this program; if not, write to the Free Software Foundation, Inc.,
  16  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  17  */
  18
  19 #include "config.h"
  20
  21 #include <alloca.h>
  22 #include <errno.h>
  23 #include <pthread.h>
  24 #include <sched.h>
  25 #include <signal.h>
  26 #include <stdio.h>
  27 #include <string.h>
  28 #include <unistd.h>
  29 #include <sys/reboot.h>
  30 #include <sys/types.h>
  31 #include <sys/wait.h>
  32
  33 #include "lxc/lxccontainer.h"
  34 #include "lxctest.h"
  35 #include "../lxc/compiler.h"
  36
  37 #define TEST_DEFAULT_BUF_SIZE 256
  38
  39 struct thread_args {
  40         int thread_id;
  41         bool success;
  42         pid_t init_pid;
  43         char inherited_ipc_ns[TEST_DEFAULT_BUF_SIZE];
  44         char inherited_net_ns[TEST_DEFAULT_BUF_SIZE];
  45 };
  46
  47 __noreturn static void *ns_sharing_wrapper(void *data)
  48 {
  49         int init_pid;
  50         ssize_t ret;
  51         char name[100];
  52         char owning_ns_init_pid[100];
  53         char proc_ns_path[TEST_DEFAULT_BUF_SIZE];
  54         char ns_buf[TEST_DEFAULT_BUF_SIZE];
  55         struct lxc_container *c;
  56         struct thread_args *args = data;
  57
  58         lxc_debug("Starting namespace sharing thread %d\n", args->thread_id);
  59
  60         sprintf(name, "share-ns-%d", args->thread_id);
  61         c = lxc_container_new(name, NULL);
  62         if (!c) {
  63                 lxc_error("Failed to create container \"%s\"\n", name);
  64                 goto out_pthread_exit;
  65         }
  66
  67         if (c->is_defined(c)) {
  68                 lxc_error("Container \"%s\" is defined\n", name);
  69                 goto out;
  70         }
  71
  72         if (!c->createl(c, "busybox", NULL, NULL, 0, NULL)) {
  73                 lxc_error("Failed to create busybox container \"%s\"\n", name);
  74                 goto out;
  75         }
  76
  77         if (!c->is_defined(c)) {
  78                 lxc_error("Container \"%s\" is not defined\n", name);
  79                 goto out;
  80         }
  81
  82         c->clear_config(c);
  83
  84         if (!c->load_config(c, NULL)) {
  85                 lxc_error("Failed to load config for container \"%s\"\n", name);
  86                 goto out;
  87         }
  88
  89         /* share ipc namespace by container name */
  90         if (!c->set_config_item(c, "lxc.namespace.share.ipc", "owning-ns")) {
  91                 lxc_error("Failed to set \"lxc.namespace.share.ipc=owning-ns\" for container \"%s\"\n", name);
  92                 goto out;
  93         }
  94
  95         /* clear all network configuration */
  96         if (!c->set_config_item(c, "lxc.net", "")) {
  97                 lxc_error("Failed to set \"lxc.namespace.share.ipc=owning-ns\" for container \"%s\"\n", name);
  98                 goto out;
  99         }
 100
 101         if (!c->set_config_item(c, "lxc.net.0.type", "empty")) {
 102                 lxc_error("Failed to set \"lxc.net.0.type=empty\" for container \"%s\"\n", name);
 103                 goto out;
 104         }
 105
 106         sprintf(owning_ns_init_pid, "%d", args->init_pid);
 107         /* share net namespace by pid */
 108         if (!c->set_config_item(c, "lxc.namespace.share.net", owning_ns_init_pid)) {
 109                 lxc_error("Failed to set \"lxc.namespace.share.net=%s\" for container \"%s\"\n", owning_ns_init_pid, name);
 110                 goto out;
 111         }
 112
 113         if (!c->want_daemonize(c, true)) {
 114                 lxc_error("Failed to mark container \"%s\" daemonized\n", name);
 115                 goto out;
 116         }
 117
 118         if (!c->startl(c, 0, NULL)) {
 119                 lxc_error("Failed to start container \"%s\" daemonized\n", name);
 120                 goto out;
 121         }
 122
 123         init_pid = c->init_pid(c);
 124         if (init_pid < 0) {
 125                 lxc_error("Failed to retrieve init pid of container \"%s\"\n", name);
 126                 goto out;
 127         }
 128
 129         /* Check whether we correctly inherited the ipc namespace. */
 130         ret = snprintf(proc_ns_path, sizeof(proc_ns_path), "/proc/%d/ns/ipc", init_pid);
 131         if (ret < 0 || (size_t)ret >= sizeof(proc_ns_path)) {
 132                 lxc_error("Failed to create string for container \"%s\"\n", name);
 133                 goto out;
 134         }
 135
 136         ret = readlink(proc_ns_path, ns_buf, sizeof(ns_buf));
 137         if (ret < 0 || (size_t)ret >= sizeof(ns_buf)) {
 138                 lxc_error("Failed to retrieve ipc namespace for container \"%s\"\n", name);
 139                 goto out;
 140         }
 141         ns_buf[ret] = '\0';
 142
 143         if (strcmp(args->inherited_ipc_ns, ns_buf) != 0) {
 144                 lxc_error("Failed to inherit ipc namespace from container \"owning-ns\": %s != %s\n", args->inherited_ipc_ns, ns_buf);
 145                 goto out;
 146         }
 147         lxc_debug("Inherited ipc namespace from container \"owning-ns\": %s == %s\n", args->inherited_ipc_ns, ns_buf);
 148
 149         /* Check whether we correctly inherited the net namespace. */
 150         ret = snprintf(proc_ns_path, sizeof(proc_ns_path), "/proc/%d/ns/net", init_pid);
 151         if (ret < 0 || (size_t)ret >= sizeof(proc_ns_path)) {
 152                 lxc_error("Failed to create string for container \"%s\"\n", name);
 153                 goto out;
 154         }
 155
 156         ret = readlink(proc_ns_path, ns_buf, sizeof(ns_buf));
 157         if (ret < 0 || (size_t)ret >= sizeof(ns_buf)) {
 158                 lxc_error("Failed to retrieve ipc namespace for container \"%s\"\n", name);
 159                 goto out;
 160         }
 161         ns_buf[ret] = '\0';
 162
 163         if (strcmp(args->inherited_net_ns, ns_buf) != 0) {
 164                 lxc_error("Failed to inherit net namespace from container \"owning-ns\": %s != %s\n", args->inherited_net_ns, ns_buf);
 165                 goto out;
 166         }
 167         lxc_debug("Inherited net namespace from container \"owning-ns\": %s == %s\n", args->inherited_net_ns, ns_buf);
 168
 169         args->success = true;
 170
 171 out:
 172         if (c->is_running(c) && !c->stop(c))
 173                 lxc_error("Failed to stop container \"%s\"\n", name);
 174
 175         if (!c->destroy(c))
 176                 lxc_error("Failed to destroy container \"%s\"\n", name);
 177
 178         lxc_container_put(c);
 179
 180 out_pthread_exit:
 181         pthread_exit(NULL);
 182 }
 183
 184 int main(int argc, char *argv[])
 185 {
 186         struct thread_args *args = NULL;
 187         pthread_t *threads = NULL;
 188         size_t nthreads = 10;
 189         int i, init_pid, j;
 190         char proc_ns_path[TEST_DEFAULT_BUF_SIZE];
 191         char ipc_ns_buf[TEST_DEFAULT_BUF_SIZE];
 192         char net_ns_buf[TEST_DEFAULT_BUF_SIZE];
 193         pthread_attr_t attr;
 194         struct lxc_container *c;
 195         int ret = EXIT_FAILURE;
 196
 197         pthread_attr_init(&attr);
 198
 199         c = lxc_container_new("owning-ns", NULL);
 200         if (!c) {
 201                 lxc_error("%s", "Failed to create container \"owning-ns\"");
 202                 exit(ret);
 203         }
 204
 205         if (c->is_defined(c)) {
 206                 lxc_error("%s\n", "Container \"owning-ns\" is defined");
 207                 goto on_error_stop;
 208         }
 209
 210         if (!c->createl(c, "busybox", NULL, NULL, 0, NULL)) {
 211                 lxc_error("%s\n", "Failed to create busybox container \"owning-ns\"");
 212                 goto on_error_stop;
 213         }
 214
 215         if (!c->is_defined(c)) {
 216                 lxc_error("%s\n", "Container \"owning-ns\" is not defined");
 217                 goto on_error_stop;
 218         }
 219
 220         c->clear_config(c);
 221
 222         if (!c->load_config(c, NULL)) {
 223                 lxc_error("%s\n", "Failed to load config for container \"owning-ns\"");
 224                 goto on_error_stop;
 225         }
 226
 227         if (!c->want_daemonize(c, true)) {
 228                 lxc_error("%s\n", "Failed to mark container \"owning-ns\" daemonized");
 229                 goto on_error_stop;
 230         }
 231
 232         if (!c->startl(c, 0, NULL)) {
 233                 lxc_error("%s\n", "Failed to start container \"owning-ns\" daemonized");
 234                 goto on_error_stop;
 235         }
 236
 237         init_pid = c->init_pid(c);
 238         if (init_pid < 0) {
 239                 lxc_error("%s\n", "Failed to retrieve init pid of container \"owning-ns\"");
 240                 goto on_error_stop;
 241         }
 242
 243         /* record our ipc namespace */
 244         ret = snprintf(proc_ns_path, sizeof(proc_ns_path), "/proc/%d/ns/ipc", init_pid);
 245         if (ret < 0 || (size_t)ret >= sizeof(proc_ns_path)) {
 246                 lxc_error("%s\n", "Failed to create string for container \"owning-ns\"");
 247                 goto on_error_stop;
 248         }
 249
 250         ret = readlink(proc_ns_path, ipc_ns_buf, sizeof(ipc_ns_buf));
 251         if (ret < 0 || (size_t)ret >= sizeof(ipc_ns_buf)) {
 252                 lxc_error("%s\n", "Failed to retrieve ipc namespace for container \"owning-ns\"");
 253                 goto on_error_stop;
 254
 255         }
 256         ipc_ns_buf[ret] = '\0';
 257
 258         /* record our net namespace */
 259         ret = snprintf(proc_ns_path, sizeof(proc_ns_path), "/proc/%d/ns/net", init_pid);
 260         if (ret < 0 || (size_t)ret >= sizeof(proc_ns_path)) {
 261                 lxc_error("%s\n", "Failed to create string for container \"owning-ns\"");
 262                 goto on_error_stop;
 263         }
 264
 265         ret = readlink(proc_ns_path, net_ns_buf, sizeof(net_ns_buf));
 266         if (ret < 0 || (size_t)ret >= sizeof(net_ns_buf)) {
 267                 lxc_error("%s\n", "Failed to retrieve ipc namespace for container \"owning-ns\"");
 268                 goto on_error_stop;
 269         }
 270         net_ns_buf[ret] = '\0';
 271
 272         sleep(5);
 273
 274         args = malloc(sizeof(struct thread_args) * nthreads);
 275         if (!args) {
 276                 lxc_error("%s\n", "Failed to allocate memory");
 277                 goto on_error_stop;
 278         }
 279
 280         threads = malloc(sizeof(pthread_t) * nthreads);
 281         if (!threads) {
 282                 lxc_error("%s\n", "Failed to allocate memory");
 283                 goto on_error_stop;
 284         }
 285
 286         for (j = 0; j < 10; j++) {
 287                 bool had_error = false;
 288
 289                 lxc_debug("Starting namespace sharing test iteration %d\n", j);
 290
 291                 for (i = 0; i < nthreads; i++) {
 292                         memset(&args[i], 0, sizeof(struct thread_args));
 293                         memset(&threads[i], 0, sizeof(pthread_t));
 294
 295                         args[i].thread_id = i;
 296                         args[i].success = false;
 297                         args[i].init_pid = init_pid;
 298                         snprintf(args[i].inherited_ipc_ns, sizeof(args[i].inherited_ipc_ns), "%s", ipc_ns_buf);
 299                         snprintf(args[i].inherited_net_ns, sizeof(args[i].inherited_net_ns), "%s", net_ns_buf);
 300
 301                         ret = pthread_create(&threads[i], &attr, ns_sharing_wrapper, (void *)&args[i]);
 302                         if (ret != 0)
 303                                 goto on_error_stop;
 304                 }
 305
 306                 for (i = 0; i < nthreads; i++) {
 307                         ret = pthread_join(threads[i], NULL);
 308                         if (ret != 0)
 309                                 goto on_error_stop;
 310
 311                         if (!args[i].success) {
 312                                 lxc_error("ns sharing thread %d failed\n", args[i].thread_id);
 313                                 had_error = true;
 314                         }
 315                 }
 316
 317                 if (had_error)
 318                         goto on_error_stop;
 319         }
 320
 321         ret = EXIT_SUCCESS;
 322
 323 on_error_stop:
 324         free(args);
 325         free(threads);
 326         pthread_attr_destroy(&attr);
 327
 328         if (c->is_running(c) && !c->stop(c))
 329                 lxc_error("%s\n", "Failed to stop container \"owning-ns\"");
 330
 331         if (!c->destroy(c))
 332                 lxc_error("%s\n", "Failed to destroy container \"owning-ns\"");
 333
 334         lxc_container_put(c);
 335         if (ret == EXIT_SUCCESS)
 336                 lxc_debug("%s\n", "All state namespace sharing tests passed");
 337
 338         exit(ret);
 339 }