hooks/dhclient.in

   1 #! /bin/bash
   2
   3 set -eu
   4
   5 LXC_DHCP_SCRIPT="@LXCHOOKDIR@/dhclient-script"
   6 LXC_DHCP_CONFIG="@SYSCONFDIR@/lxc/dhclient.conf"
   7
   8 rootfs_path="${LXC_ROOTFS_PATH#*:}"
   9 hookdir="${rootfs_path/%rootfs/hook}"
  10
  11 conffile_arg=""
  12 if [ -e "${LXC_DHCP_CONFIG}" ]; then
  13     conffile_arg="-cf ${LXC_DHCP_CONFIG}"
  14 fi
  15
  16 debugfile="/dev/null"
  17 if [ "${LXC_LOG_LEVEL}" = "DEBUG" ] || [ "${LXC_LOG_LEVEL}" = "TRACE" ]; then
  18     debugfile="${hookdir}/dhclient.log"
  19     echo "INFO: Writing dhclient log at ${debugfile}." >&2
  20 fi
  21
  22 pidfile="${hookdir}/dhclient.pid"
  23 leasefile="${hookdir}/dhclient.leases"
  24
  25 usage() {
  26     echo "Usage: ${0##*/} <name> lxc {start-host|stop}"
  27 }
  28
  29 # Wrap the dhclient command with "aa-exec -p unconfined" if AppArmor is enabled.
  30 dhclient() {
  31     bin="/sbin/dhclient"
  32     if [ -d "/sys/kernel/security/apparmor" ] && which aa-exec >/dev/null; then
  33         bin="aa-exec -p unconfined ${bin}"
  34     fi
  35     echo $bin
  36 }
  37
  38 dhclient_start() {
  39     ns_args=("--uts" "--net")
  40     if [ -z "$(readlink /proc/${LXC_PID}/ns/user /proc/self/ns/user | uniq -d)" ]; then
  41         ns_args+=("--user")
  42     fi
  43
  44     mkdir -p "${hookdir}"
  45
  46     if [ -e "${pidfile}" ]; then
  47         echo "WARN: DHCP client is already running, skipping start hook." >> "${debugfile}"
  48     else
  49         echo "INFO: Starting DHCP client and acquiring a lease..." >> "${debugfile}"
  50         nsenter ${ns_args[@]} --target "${LXC_PID}" -- \
  51           $(dhclient) -1 ${conffile_arg} -pf "${pidfile}" -lf "${leasefile}" -e "ROOTFS=${rootfs_path}" -sf "${LXC_DHCP_SCRIPT}" -v >> "${debugfile}" 2>&1
  52     fi
  53 }
  54
  55 dhclient_stop() {
  56     # We can't use LXC_PID here since the container process has exited,
  57     # use the namespace file descriptors in the hook arguments instead.
  58     ns_args=("")
  59     if [ "${LXC_HOOK_VERSION:-0}" -eq 0 ]; then
  60         for arg in "$@"; do
  61             case "${arg}" in
  62                 uts:* | user:* | net:*) ns_args+=("--${arg/:/=}") ;;
  63                 *) ;;
  64             esac
  65         done
  66     else
  67         ns_args+=("--uts=${LXC_UTS_NS}")
  68         ns_args+=("--net=${LXC_NET_NS}")
  69         [ -n "${LXC_USER_NS:+x}" ] && ns_args+=("--user=${LXC_USER_NS}")
  70     fi
  71
  72     if [ -e "${pidfile}" ]; then
  73         echo "INFO: Stopping DHCP client and releasing leases..." >> "${debugfile}"
  74         nsenter ${ns_args[@]} -- \
  75           $(dhclient) -r ${conffile_arg} -pf "${pidfile}" -lf "${leasefile}" -e "ROOTFS=${rootfs_path}" -sf "${LXC_DHCP_SCRIPT}" -v >> "${debugfile}" 2>&1
  76     else
  77         echo "WARN: DHCP client is not running, skipping stop hook." >> "${debugfile}"
  78     fi
  79
  80     # dhclient could fail to release the lease and shutdown, try to cleanup after ourselves just in case.
  81     nsenter ${ns_args[@]} -- \
  82       /bin/sh -c 'pkill --ns $$ --nslist net -f "^/sbin/dhclient"' || true
  83     rm -f "${pidfile}"
  84 }
  85
  86 HOOK_SECTION=
  87 HOOK_TYPE=
  88 case "${LXC_HOOK_VERSION:-0}" in
  89     0) HOOK_SECTION="${2:-}"; HOOK_TYPE="${3:-}"; shift 3;;
  90     1) HOOK_SECTION="${LXC_HOOK_SECTION:-}"; HOOK_TYPE="${LXC_HOOK_TYPE:-}";;
  91     *) echo "ERROR: Unsupported hook version: ${LXC_HOOK_VERSION}." >&2; exit 1;;
  92 esac
  93
  94 if [ "${HOOK_SECTION}" != "lxc" ]; then
  95     echo "ERROR: Not running through LXC." >&2
  96     exit 1
  97 fi
  98
  99 case "${HOOK_TYPE}" in
 100     start-host) dhclient_start $@;;
 101     stop) dhclient_stop $@;;
 102     *) usage; exit 1;;
 103 esac
 104
 105 exit 0