[mirror_lxc.git] / src / lxc / start.c

/*
 * lxc: linux Container library
 *
 * (C) Copyright IBM Corp. 2007, 2008
 *
 * Authors:
 * Daniel Lezcano <dlezcano at fr.ibm.com>
 *
 * This library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public
 * License as published by the Free Software Foundation; either
 * version 2.1 of the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 */

#define _GNU_SOURCE
#include <stdio.h>
#undef _GNU_SOURCE
#include <string.h>
#include <stdlib.h>
#include <dirent.h>
#include <errno.h>
#include <unistd.h>
#include <signal.h>
#include <sys/param.h>
#include <sys/file.h>
#include <sys/mount.h>
#include <sys/types.h>
#include <sys/prctl.h>
#include <sys/wait.h>

#include <lxc/lxc.h>

LXC_TTY_HANDLER(SIGINT);
LXC_TTY_HANDLER(SIGQUIT);

int opentty(const char *ttyname)
{
        int i, fd, flags;

        fd = open(ttyname, O_RDWR | O_NONBLOCK);
        if (fd == -1) {
		lxc_log_syserror("open '%s'", ttyname);
		return -1;
        }

        flags = fcntl(fd, F_GETFL);
        flags &= ~O_NONBLOCK;
        fcntl(fd, F_SETFL, flags);

        for (i = 0; i < fd; i++)
                close(i);
        for (i = 0; i < 3; i++)
                if (fd != i)
                        dup2(fd, i);
        if (fd >= 3)
                close(fd);

	return 0;
}

int lxc_start(const char *name, int argc, char *argv[], 
	      lxc_callback_t prestart, void *data)
{
	char *init = NULL, *val = NULL;
	char ttyname[MAXPATHLEN];
	int fd, lock, sv[2], sync = 0, err = -1;
	pid_t pid;
	int clone_flags;

	lock = lxc_get_lock(name);
	if (!lock) {
		lxc_log_error("'%s' is busy", name);
		return -1;
	}

	if (lock < 0) {
		lxc_log_error("failed to acquire lock on '%s':%s",
			      name, strerror(-lock));
		return -1;
	}

	/* Begin the set the state to STARTING*/
	if (lxc_setstate(name, STARTING)) {
		lxc_log_error("failed to set state %s", lxc_state2str(STARTING));
		goto out;
	}

	if (readlink("/proc/self/fd/0", ttyname, sizeof(ttyname)) < 0) {
		lxc_log_syserror("failed to read '/proc/self/fd/0'");
		goto out;
	}


	/* Synchro socketpair */
	if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sv)) {
		lxc_log_syserror("failed to create communication socketpair");
		goto out;
	}

	/* Avoid signals from terminal */
	LXC_TTY_ADD_HANDLER(SIGINT);
	LXC_TTY_ADD_HANDLER(SIGQUIT);

	clone_flags = CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
	if (conf_has_utsname(name))
		clone_flags |= CLONE_NEWUTS;
	if (conf_has_network(name))
		clone_flags |= CLONE_NEWNET;

	/* Create a process in a new set of namespaces */
	pid = fork_ns(clone_flags);
	if (pid < 0) {
		lxc_log_syserror("failed to fork into a new namespace");
		goto err_fork_ns;
	}

	if (!pid) {

		close(sv[1]);

		/* Be sure we don't inherit this after the exec */
		fcntl(sv[0], F_SETFD, FD_CLOEXEC);
		
		/* Tell our father he can begin to configure the container */
		if (write(sv[0], &sync, sizeof(sync)) < 0) {
			lxc_log_syserror("failed to write socket");
			return 1;
		}

		/* Wait for the father to finish the configuration */
		if (read(sv[0], &sync, sizeof(sync)) < 0) {
			lxc_log_syserror("failed to read socket");
			return 1;
		}

		/* Setup the container, ip, names, utsname, ... */
		if (lxc_setup(name)) {
			lxc_log_error("failed to setup the container");
			if (write(sv[0], &sync, sizeof(sync)) < 0)
				lxc_log_syserror("failed to write the socket");
			return -1;
		}

		/* Open the tty */
		if (opentty(ttyname)) {
			lxc_log_syserror("failed to open the tty");
			return -1;
		}

		if (mount(ttyname, "/dev/console", "none", MS_BIND, 0)) {
			lxc_log_syserror("failed to mount '/dev/console'");
			return -1;
		}

		/* If a callback has been passed, call it before doing exec */
		if (prestart)
			if (prestart(name, argc, argv, data)) {
				lxc_log_error("prestart callback has failed");
				return -1;
			}

		execvp(argv[0], argv);
		lxc_log_syserror("failed to exec %s", argv[0]);

		/* If the exec fails, tell that to our father */
		if (write(sv[0], &sync, sizeof(sync)) < 0)
			lxc_log_syserror("failed to write the socket");
		
		exit(1);
	}

	close(sv[0]);
	
	/* Wait for the child to be ready */
	if (read(sv[1], &sync, sizeof(sync)) < 0) {
		lxc_log_syserror("failed to read the socket");
		goto err_pipe_read;
	}

	/* Create the network configuration */
	if (clone_flags & CLONE_NEWNET && conf_create_network(name, pid)) {
		lxc_log_error("failed to create the configured network");
		goto err_create_network;
	}

	/* Tell the child to continue its initialization */
	if (write(sv[1], &sync, sizeof(sync)) < 0) {
		lxc_log_syserror("failed to write the socket");
		goto err_pipe_write;
	}

	/* Wait for the child to exec or returning an error */
	err = read(sv[1], &sync, sizeof(sync));
	if (err < 0) {
		lxc_log_error("failed to read the socket");
		goto err_pipe_read2;
	}

	if (err > 0) {
		lxc_log_error("something went wrong with %d", pid);
		/* TODO : check status etc ... */
		waitpid(pid, NULL, 0);
		goto err_child_failed;
	}

	asprintf(&val, "%d\n", pid);
	asprintf(&init, LXCPATH "/%s/init", name);
	fd = open(init, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
	if (fd < 0) {
		lxc_log_syserror("failed to open '%s'", init);
		goto err_write;
	}
	
	if (write(fd, val, strlen(val)) < 0) {
		lxc_log_syserror("failed to write the init pid");
		goto err_write;
	}

	close(fd);

	if (lxc_link_nsgroup(name, pid))
		lxc_log_warning("cgroupfs not found: cgroup disabled");

	if (lxc_setstate(name, RUNNING)) {
		lxc_log_error("failed to set state to %s", 
			      lxc_state2str(RUNNING));
		goto err_state_failed;
	}

wait_again:
	if (waitpid(pid, NULL, 0) < 0) {
		if (errno == EINTR) 
			goto wait_again;
		lxc_log_syserror("failed to wait the pid %d", pid);
		goto err_waitpid_failed;
	}

	if (lxc_setstate(name, STOPPING))
		lxc_log_error("failed to set state %s", lxc_state2str(STOPPING));

	if (clone_flags & CLONE_NEWNET && conf_destroy_network(name))
		lxc_log_error("failed to destroy the network");

	err = 0;
out:
	if (lxc_setstate(name, STOPPED))
		lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));

	lxc_unlink_nsgroup(name);
	unlink(init);
	free(init);
	free(val);
	lxc_put_lock(lock);

	return err;

err_write:
	close(fd);

err_state_failed:
err_child_failed:
err_pipe_read2:
err_pipe_write:
	if (clone_flags & CLONE_NEWNET)
		conf_destroy_network(name);
err_create_network:
err_pipe_read:
err_waitpid_failed:
	if (lxc_setstate(name, ABORTING))
		lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));

	kill(pid, SIGKILL);
err_fork_ns:
	LXC_TTY_DEL_HANDLER(SIGQUIT);
	LXC_TTY_DEL_HANDLER(SIGINT);
	close(sv[0]);
	close(sv[1]);
err:
	goto out;
}
Commit	Line	Data
0ad19a3f	1	/*
	2	* lxc: linux Container library
	3	*
	4	* (C) Copyright IBM Corp. 2007, 2008
	5	*
	6	* Authors:
	7	* Daniel Lezcano <dlezcano at fr.ibm.com>
	8	*
	9	* This library is free software; you can redistribute it and/or
	10	* modify it under the terms of the GNU Lesser General Public
	11	* License as published by the Free Software Foundation; either
	12	* version 2.1 of the License, or (at your option) any later version.
	13	*
	14	* This library is distributed in the hope that it will be useful,
	15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	17	* Lesser General Public License for more details.
	18	*
	19	* You should have received a copy of the GNU Lesser General Public
	20	* License along with this library; if not, write to the Free Software
	21	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	22	*/
	23
	24	#define _GNU_SOURCE
	25	#include <stdio.h>
	26	#undef _GNU_SOURCE
	27	#include <string.h>
	28	#include <stdlib.h>
	29	#include <dirent.h>
	30	#include <errno.h>
	31	#include <unistd.h>
	32	#include <signal.h>
0ad19a3f	33	#include <sys/param.h>
0ad19a3f	34	#include <sys/file.h>
f4d507d5	35	#include <sys/mount.h>
0ad19a3f	36	#include <sys/types.h>
0ad19a3f	37	#include <sys/prctl.h>
0ad19a3f	38	#include <sys/wait.h>
0ad19a3f	39
b113348e	40	#include <lxc/lxc.h>
0ad19a3f	41
	42	LXC_TTY_HANDLER(SIGINT);
	43	LXC_TTY_HANDLER(SIGQUIT);
	44
f4d507d5	45	int opentty(const char *ttyname)
	46	{
	47	int i, fd, flags;
	48
	49	fd = open(ttyname, O_RDWR \| O_NONBLOCK);
	50	if (fd == -1) {
	51	lxc_log_syserror("open '%s'", ttyname);
	52	return -1;
	53	}
	54
	55	flags = fcntl(fd, F_GETFL);
	56	flags &= ~O_NONBLOCK;
	57	fcntl(fd, F_SETFL, flags);
	58
	59	for (i = 0; i < fd; i++)
	60	close(i);
	61	for (i = 0; i < 3; i++)
	62	if (fd != i)
	63	dup2(fd, i);
	64	if (fd >= 3)
	65	close(fd);
	66
	67	return 0;
	68	}
	69
0ad19a3f	70	int lxc_start(const char name, int argc, char argv[],
	71	lxc_callback_t prestart, void *data)
	72	{
	73	char init = NULL, val = NULL;
f4d507d5	74	char ttyname[MAXPATHLEN];
0ad19a3f	75	int fd, lock, sv[2], sync = 0, err = -1;
	76	pid_t pid;
	77	int clone_flags;
f4d507d5	78
0ad19a3f	79	lock = lxc_get_lock(name);
	80	if (!lock) {
	81	lxc_log_error("'%s' is busy", name);
	82	return -1;
	83	}
	84
	85	if (lock < 0) {
	86	lxc_log_error("failed to acquire lock on '%s':%s",
	87	name, strerror(-lock));
	88	return -1;
	89	}
	90
0ad19a3f	91	/* Begin the set the state to STARTING*/
	92	if (lxc_setstate(name, STARTING)) {
	93	lxc_log_error("failed to set state %s", lxc_state2str(STARTING));
	94	goto out;
	95	}
	96
f4d507d5	97	if (readlink("/proc/self/fd/0", ttyname, sizeof(ttyname)) < 0) {
	98	lxc_log_syserror("failed to read '/proc/self/fd/0'");
	99	goto out;
	100	}
	101
	102
0ad19a3f	103	/* Synchro socketpair */
	104	if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sv)) {
	105	lxc_log_syserror("failed to create communication socketpair");
f4d507d5	106	goto out;
0ad19a3f	107	}
	108
	109	/* Avoid signals from terminal */
	110	LXC_TTY_ADD_HANDLER(SIGINT);
	111	LXC_TTY_ADD_HANDLER(SIGQUIT);
	112
f4d507d5	113	clone_flags = CLONE_NEWPID\|CLONE_NEWIPC\|CLONE_NEWNS;
0ad19a3f	114	if (conf_has_utsname(name))
	115	clone_flags \|= CLONE_NEWUTS;
	116	if (conf_has_network(name))
	117	clone_flags \|= CLONE_NEWNET;
	118
	119	/* Create a process in a new set of namespaces */
	120	pid = fork_ns(clone_flags);
	121	if (pid < 0) {
	122	lxc_log_syserror("failed to fork into a new namespace");
	123	goto err_fork_ns;
	124	}
	125
	126	if (!pid) {
	127
	128	close(sv[1]);
	129
	130	/* Be sure we don't inherit this after the exec */
	131	fcntl(sv[0], F_SETFD, FD_CLOEXEC);
	132
	133	/* Tell our father he can begin to configure the container */
	134	if (write(sv[0], &sync, sizeof(sync)) < 0) {
	135	lxc_log_syserror("failed to write socket");
	136	return 1;
	137	}
	138
	139	/* Wait for the father to finish the configuration */
	140	if (read(sv[0], &sync, sizeof(sync)) < 0) {
	141	lxc_log_syserror("failed to read socket");
	142	return 1;
	143	}
	144
	145	/* Setup the container, ip, names, utsname, ... */
	146	if (lxc_setup(name)) {
	147	lxc_log_error("failed to setup the container");
	148	if (write(sv[0], &sync, sizeof(sync)) < 0)
	149	lxc_log_syserror("failed to write the socket");
	150	return -1;
	151	}
	152
f4d507d5	153	/* Open the tty */
	154	if (opentty(ttyname)) {
	155	lxc_log_syserror("failed to open the tty");
	156	return -1;
	157	}
	158
	159	if (mount(ttyname, "/dev/console", "none", MS_BIND, 0)) {
	160	lxc_log_syserror("failed to mount '/dev/console'");
	161	return -1;
	162	}
	163
0ad19a3f	164	/* If a callback has been passed, call it before doing exec */
	165	if (prestart)
	166	if (prestart(name, argc, argv, data)) {
	167	lxc_log_error("prestart callback has failed");
	168	return -1;
	169	}
	170
	171	execvp(argv[0], argv);
	172	lxc_log_syserror("failed to exec %s", argv[0]);
	173
	174	/* If the exec fails, tell that to our father */
	175	if (write(sv[0], &sync, sizeof(sync)) < 0)
	176	lxc_log_syserror("failed to write the socket");
	177
	178	exit(1);
	179	}
	180
	181	close(sv[0]);
	182
	183	/* Wait for the child to be ready */
	184	if (read(sv[1], &sync, sizeof(sync)) < 0) {
	185	lxc_log_syserror("failed to read the socket");
	186	goto err_pipe_read;
	187	}
	188
	189	/* Create the network configuration */
	190	if (clone_flags & CLONE_NEWNET && conf_create_network(name, pid)) {
	191	lxc_log_error("failed to create the configured network");
	192	goto err_create_network;
	193	}
	194
	195	/* Tell the child to continue its initialization */
	196	if (write(sv[1], &sync, sizeof(sync)) < 0) {
	197	lxc_log_syserror("failed to write the socket");
	198	goto err_pipe_write;
	199	}
	200
	201	/* Wait for the child to exec or returning an error */
	202	err = read(sv[1], &sync, sizeof(sync));
	203	if (err < 0) {
	204	lxc_log_error("failed to read the socket");
	205	goto err_pipe_read2;
	206	}
	207
	208	if (err > 0) {
	209	lxc_log_error("something went wrong with %d", pid);
	210	/* TODO : check status etc ... */
	211	waitpid(pid, NULL, 0);
	212	goto err_child_failed;
	213	}
	214
	215	asprintf(&val, "%d\n", pid);
	216	asprintf(&init, LXCPATH "/%s/init", name);
	217	fd = open(init, O_WRONLY\|O_CREAT\|O_TRUNC, S_IRUSR\|S_IWUSR);
	218	if (fd < 0) {
	219	lxc_log_syserror("failed to open '%s'", init);
	220	goto err_write;
	221	}
	222
	223	if (write(fd, val, strlen(val)) < 0) {
	224	lxc_log_syserror("failed to write the init pid");
	225	goto err_write;
	226	}
	227
228	close(fd);
229
230	if (lxc_link_nsgroup(name, pid))
231	lxc_log_warning("cgroupfs not found: cgroup disabled");
232
233	if (lxc_setstate(name, RUNNING)) {
234	lxc_log_error("failed to set state to %s",
235	lxc_state2str(RUNNING));
236	goto err_state_failed;
237	}
238
239	wait_again:
240	if (waitpid(pid, NULL, 0) < 0) {
241	if (errno == EINTR)
242	goto wait_again;
243	lxc_log_syserror("failed to wait the pid %d", pid);
244	goto err_waitpid_failed;
245	}
246
247	if (lxc_setstate(name, STOPPING))
248	lxc_log_error("failed to set state %s", lxc_state2str(STOPPING));
249
250	if (clone_flags & CLONE_NEWNET && conf_destroy_network(name))
251	lxc_log_error("failed to destroy the network");
252
253	err = 0;
254	out:
255	if (lxc_setstate(name, STOPPED))
256	lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));
257
258	lxc_unlink_nsgroup(name);
259	unlink(init);
260	free(init);
261	free(val);
262	lxc_put_lock(lock);
263
264	return err;
265
266	err_write:
267	close(fd);
268
269	err_state_failed:
270	err_child_failed:
271	err_pipe_read2:
272	err_pipe_write:
273	if (clone_flags & CLONE_NEWNET)
274	conf_destroy_network(name);
275	err_create_network:
276	err_pipe_read:
277	err_waitpid_failed:
278	if (lxc_setstate(name, ABORTING))
279	lxc_log_error("failed to set state %s", lxc_state2str(STOPPED));
280
281	kill(pid, SIGKILL);
282	err_fork_ns:
283	LXC_TTY_DEL_HANDLER(SIGQUIT);
284	LXC_TTY_DEL_HANDLER(SIGINT);
285	close(sv[0]);
286	close(sv[1]);
287	err:
288	goto out;
289	}