]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/commands.c
projects / mirror_lxc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
spelling: implementations
[mirror_lxc.git] / src / lxc / commands.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #ifndef _GNU_SOURCE
25 #define _GNU_SOURCE 1
26 #endif
27 #include <caps.h>
28 #include <errno.h>
29 #include <fcntl.h>
30 #include <malloc.h>
31 #include <poll.h>
32 #include <signal.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/un.h>
38 #include <unistd.h>
39
40 #include "af_unix.h"
41 #include "cgroup.h"
42 #include "commands.h"
43 #include "commands_utils.h"
44 #include "conf.h"
45 #include "config.h"
46 #include "confile.h"
47 #include "log.h"
48 #include "lxc.h"
49 #include "lxclock.h"
50 #include "mainloop.h"
51 #include "monitor.h"
52 #include "start.h"
53 #include "terminal.h"
54 #include "utils.h"
55
56 /*
57 * This file provides the different functions for clients to query/command the
58 * server. The client is typically some lxc tool and the server is typically the
59 * container (ie. lxc-start).
60 *
61 * Each command is transactional, the clients send a request to the server and
62 * the server answers the request with a message giving the request's status
63 * (zero or a negative errno value). Both the request and response may contain
64 * additional data.
65 *
66 * Each command is wrapped in a ancillary message in order to pass a credential
67 * making possible to the server to check if the client is allowed to ask for
68 * this command or not.
69 *
70 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
71 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
72 * information to the end of cmd.data, then you must introduce a new
73 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
74 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
75 *
76 * This is necessary in order to avoid having a newly compiled lxc command
77 * communicating with a running (old) monitor from crashing the running
78 * container.
79 */
80
81 lxc_log_define(commands, lxc);
82
83 static const char *lxc_cmd_str(lxc_cmd_t cmd)
84 {
85 static const char *const cmdname[LXC_CMD_MAX] = {
86 [LXC_CMD_CONSOLE] = "console",
87 [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
88 [LXC_CMD_STOP] = "stop",
89 [LXC_CMD_GET_STATE] = "get_state",
90 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
91 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
92 [LXC_CMD_GET_CGROUP] = "get_cgroup",
93 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
94 [LXC_CMD_GET_NAME] = "get_name",
95 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
96 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
97 [LXC_CMD_CONSOLE_LOG] = "console_log",
98 [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
99 };
100
101 if (cmd >= LXC_CMD_MAX)
102 return "Invalid request";
103
104 return cmdname[cmd];
105 }
106
107 /*
108 * lxc_cmd_rsp_recv: Receive a response to a command
109 *
110 * @sock : the socket connected to the container
111 * @cmd : command to put response in
112 *
113 * Returns the size of the response message or < 0 on failure
114 *
115 * Note that if the command response datalen > 0, then data is
116 * a malloc()ed buffer and should be free()ed by the caller. If
117 * the response data is <= a void * worth of data, it will be
118 * stored directly in data and datalen will be 0.
119 *
120 * As a special case, the response for LXC_CMD_CONSOLE is created
121 * here as it contains an fd for the master pty passed through the
122 * unix socket.
123 */
124 static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
125 {
126 int ret, rspfd;
127 struct lxc_cmd_rsp *rsp = &cmd->rsp;
128
129 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
130 if (ret < 0) {
131 SYSWARN("Failed to receive response for command \"%s\"",
132 lxc_cmd_str(cmd->req.cmd));
133
134 if (errno == ECONNRESET)
135 return -1;
136
137 return -1;
138 }
139 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
140
141 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
142 struct lxc_cmd_console_rsp_data *rspdata;
143
144 /* recv() returns 0 bytes when a tty cannot be allocated,
145 * rsp->ret is < 0 when the peer permission check failed
146 */
147 if (ret == 0 || rsp->ret < 0)
148 return 0;
149
150 rspdata = malloc(sizeof(*rspdata));
151 if (!rspdata) {
152 errno = ENOMEM;
153 ERROR("Failed to allocate response buffer for command \"%s\"",
154 lxc_cmd_str(cmd->req.cmd));
155 return -1;
156 }
157
158 rspdata->masterfd = rspfd;
159 rspdata->ttynum = PTR_TO_INT(rsp->data);
160 rsp->data = rspdata;
161 }
162
163 if (rsp->datalen == 0) {
164 DEBUG("Response data length for command \"%s\" is 0",
165 lxc_cmd_str(cmd->req.cmd));
166 return ret;
167 }
168
169 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
170 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
171 ERROR("Response data for command \"%s\" is too long: %d bytes > %d",
172 lxc_cmd_str(cmd->req.cmd), rsp->datalen, LXC_CMD_DATA_MAX);
173 return -1;
174 }
175
176 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
177 rsp->data = malloc(rsp->datalen + 1);
178 ((char *)rsp->data)[rsp->datalen] = '\0';
179 } else {
180 rsp->data = malloc(rsp->datalen);
181 }
182 if (!rsp->data) {
183 errno = ENOMEM;
184 ERROR("Failed to allocate response buffer for command \"%s\"",
185 lxc_cmd_str(cmd->req.cmd));
186 return -1;
187 }
188
189 ret = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
190 if (ret != rsp->datalen) {
191 SYSERROR("Failed to receive response data for command \"%s\"",
192 lxc_cmd_str(cmd->req.cmd));
193 return -1;
194 }
195
196 return ret;
197 }
198
199 /*
200 * lxc_cmd_rsp_send: Send a command response
201 *
202 * @fd : file descriptor of socket to send response on
203 * @rsp : response to send
204 *
205 * Returns 0 on success, < 0 on failure
206 */
207 static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
208 {
209 ssize_t ret;
210
211 errno = EMSGSIZE;
212 ret = lxc_send_nointr(fd, rsp, sizeof(*rsp), MSG_NOSIGNAL);
213 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
214 SYSERROR("Failed to send command response %zd", ret);
215 return -1;
216 }
217
218 if (!rsp->data || rsp->datalen <= 0)
219 return 0;
220
221 errno = EMSGSIZE;
222 ret = lxc_send_nointr(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
223 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
224 SYSWARN("Failed to send command response data %zd", ret);
225 return -1;
226 }
227
228 return 0;
229 }
230
231 static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
232 const char *lxcpath, const char *hashed_sock_name)
233 {
234 int client_fd, saved_errno;
235 ssize_t ret = -1;
236
237 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
238 if (client_fd < 0)
239 return -1;
240
241 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
242 sizeof(cmd->req));
243 if (ret < 0 || (size_t)ret != sizeof(cmd->req))
244 goto on_error;
245
246 if (cmd->req.datalen <= 0)
247 return client_fd;
248
249 errno = EMSGSIZE;
250 ret = lxc_send_nointr(client_fd, (void *)cmd->req.data,
251 cmd->req.datalen, MSG_NOSIGNAL);
252 if (ret < 0 || ret != (ssize_t)cmd->req.datalen)
253 goto on_error;
254
255 return client_fd;
256
257 on_error:
258 saved_errno = errno;
259 close(client_fd);
260 errno = saved_errno;
261
262 return -1;
263 }
264
265 /*
266 * lxc_cmd: Connect to the specified running container, send it a command
267 * request and collect the response
268 *
269 * @name : name of container to connect to
270 * @cmd : command with initialized request to send
271 * @stopped : output indicator if the container was not running
272 * @lxcpath : the lxcpath in which the container is running
273 *
274 * Returns the size of the response message on success, < 0 on failure
275 *
276 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
277 * the fd cannot be closed because it is used as a placeholder to indicate
278 * that a particular tty slot is in use. The fd is also used as a signal to
279 * the container that when the caller dies or closes the fd, the container
280 * will notice the fd on its side of the socket in its mainloop select and
281 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
282 * returned in the cmd response structure.
283 */
284 static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
285 const char *lxcpath, const char *hashed_sock_name)
286 {
287 int client_fd, saved_errno;
288 int ret = -1;
289 bool stay_connected = false;
290
291 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
292 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
293 stay_connected = true;
294
295 *stopped = 0;
296
297 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
298 if (client_fd < 0) {
299 SYSTRACE("Command \"%s\" failed to connect command socket",
300 lxc_cmd_str(cmd->req.cmd));
301
302 if (errno == ECONNREFUSED || errno == EPIPE)
303 *stopped = 1;
304
305 return -1;
306 }
307
308 ret = lxc_cmd_rsp_recv(client_fd, cmd);
309 if (ret < 0 && errno == ECONNRESET)
310 *stopped = 1;
311
312 if (!stay_connected || ret <= 0) {
313 saved_errno = errno;
314 close(client_fd);
315 errno = saved_errno;
316 return ret;
317 }
318
319 if (stay_connected && ret > 0)
320 cmd->rsp.ret = client_fd;
321
322 return ret;
323 }
324
325 int lxc_try_cmd(const char *name, const char *lxcpath)
326 {
327 int stopped, ret;
328 struct lxc_cmd_rr cmd = {
329 .req = { .cmd = LXC_CMD_GET_INIT_PID },
330 };
331
332 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
333 if (stopped)
334 return 0;
335 if (ret > 0 && cmd.rsp.ret < 0) {
336 errno = cmd.rsp.ret;
337 return -1;
338 }
339 if (ret > 0)
340 return 0;
341
342 /* At this point we weren't denied access, and the container *was*
343 * started. There was some inexplicable error in the protocol. I'm not
344 * clear on whether we should return -1 here, but we didn't receive a
345 * -EACCES, so technically it's not that we're not allowed to control
346 * the container - it's just not behaving.
347 */
348 return 0;
349 }
350
351 /* Implementations of the commands and their callbacks */
352
353 /*
354 * lxc_cmd_get_init_pid: Get pid of the container's init process
355 *
356 * @name : name of container to connect to
357 * @lxcpath : the lxcpath in which the container is running
358 *
359 * Returns the pid on success, < 0 on failure
360 */
361 pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
362 {
363 int ret, stopped;
364 intmax_t pid;
365 struct lxc_cmd_rr cmd = {
366 .req = {
367 .cmd = LXC_CMD_GET_INIT_PID
368 },
369 .rsp = {
370 .data = INTMAX_TO_PTR((intmax_t){-1})
371 }
372 };
373
374 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
375 if (ret < 0)
376 return -1;
377
378 pid = PTR_TO_INTMAX(cmd.rsp.data);
379 if (pid < 0)
380 return -1;
381
382 /* We need to assume that pid_t can actually hold any pid given to us
383 * by the kernel. If it can't it's a libc bug.
384 */
385 return (pid_t)pid;
386 }
387
388 static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
389 struct lxc_handler *handler)
390 {
391 intmax_t pid = handler->pid;
392
393 struct lxc_cmd_rsp rsp = {
394 .data = INTMAX_TO_PTR(pid)
395 };
396
397 return lxc_cmd_rsp_send(fd, &rsp);
398 }
399
400 /*
401 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
402 *
403 * @name : name of container to connect to
404 * @lxcpath : the lxcpath in which the container is running
405 *
406 * Returns the clone flags on success, < 0 on failure
407 */
408 int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
409 {
410 int ret, stopped;
411 struct lxc_cmd_rr cmd = {
412 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
413 };
414
415 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
416 if (ret < 0)
417 return ret;
418
419 return PTR_TO_INT(cmd.rsp.data);
420 }
421
422 static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
423 struct lxc_handler *handler)
424 {
425 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->ns_clone_flags) };
426
427 return lxc_cmd_rsp_send(fd, &rsp);
428 }
429
430 /*
431 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
432 * particular subsystem. This is the cgroup path relative to the root
433 * of the cgroup filesystem.
434 *
435 * @name : name of container to connect to
436 * @lxcpath : the lxcpath in which the container is running
437 * @subsystem : the subsystem being asked about
438 *
439 * Returns the path on success, NULL on failure. The caller must free() the
440 * returned path.
441 */
442 char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
443 const char *subsystem)
444 {
445 int ret, stopped;
446 struct lxc_cmd_rr cmd = {
447 .req = {
448 .cmd = LXC_CMD_GET_CGROUP,
449 .data = subsystem,
450 .datalen = 0,
451 },
452 };
453
454 cmd.req.data = subsystem;
455 cmd.req.datalen = 0;
456 if (subsystem)
457 cmd.req.datalen = strlen(subsystem) + 1;
458
459 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
460 if (ret < 0)
461 return NULL;
462
463 if (ret == 0)
464 return NULL;
465
466 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
467 return NULL;
468
469 return cmd.rsp.data;
470 }
471
472 static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
473 struct lxc_handler *handler)
474 {
475 const char *path;
476 struct lxc_cmd_rsp rsp;
477 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
478
479 if (req->datalen > 0)
480 path = cgroup_ops->get_cgroup(cgroup_ops, req->data);
481 else
482 path = cgroup_ops->get_cgroup(cgroup_ops, NULL);
483 if (!path)
484 return -1;
485
486 rsp.ret = 0;
487 rsp.datalen = strlen(path) + 1;
488 rsp.data = (char *)path;
489
490 return lxc_cmd_rsp_send(fd, &rsp);
491 }
492
493 /*
494 * lxc_cmd_get_config_item: Get config item the running container
495 *
496 * @name : name of container to connect to
497 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
498 * @lxcpath : the lxcpath in which the container is running
499 *
500 * Returns the item on success, NULL on failure. The caller must free() the
501 * returned item.
502 */
503 char *lxc_cmd_get_config_item(const char *name, const char *item,
504 const char *lxcpath)
505 {
506 int ret, stopped;
507 struct lxc_cmd_rr cmd = {
508 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
509 .data = item,
510 .datalen = strlen(item) + 1,
511 },
512 };
513
514 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
515 if (ret < 0)
516 return NULL;
517
518 if (cmd.rsp.ret == 0)
519 return cmd.rsp.data;
520
521 return NULL;
522 }
523
524 static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
525 struct lxc_handler *handler)
526 {
527 int cilen;
528 char *cidata;
529 struct lxc_config_t *item;
530 struct lxc_cmd_rsp rsp;
531
532 memset(&rsp, 0, sizeof(rsp));
533 item = lxc_get_config(req->data);
534 if (!item)
535 goto err1;
536
537 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
538 if (cilen <= 0)
539 goto err1;
540
541 cidata = alloca(cilen + 1);
542 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
543 goto err1;
544
545 cidata[cilen] = '\0';
546 rsp.data = cidata;
547 rsp.datalen = cilen + 1;
548 rsp.ret = 0;
549 goto out;
550
551 err1:
552 rsp.ret = -1;
553 out:
554 return lxc_cmd_rsp_send(fd, &rsp);
555 }
556
557 /*
558 * lxc_cmd_get_state: Get current state of the container
559 *
560 * @name : name of container to connect to
561 * @lxcpath : the lxcpath in which the container is running
562 *
563 * Returns the state on success, < 0 on failure
564 */
565 int lxc_cmd_get_state(const char *name, const char *lxcpath)
566 {
567 int ret, stopped;
568 struct lxc_cmd_rr cmd = {
569 .req = { .cmd = LXC_CMD_GET_STATE }
570 };
571
572 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
573 if (ret < 0 && stopped)
574 return STOPPED;
575
576 if (ret < 0)
577 return -1;
578
579 if (!ret) {
580 WARN("Container \"%s\" has stopped before sending its state", name);
581 return -1;
582 }
583
584 DEBUG("Container \"%s\" is in \"%s\" state", name,
585 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
586
587 return PTR_TO_INT(cmd.rsp.data);
588 }
589
590 static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
591 struct lxc_handler *handler)
592 {
593 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
594
595 return lxc_cmd_rsp_send(fd, &rsp);
596 }
597
598 /*
599 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
600 * the processes running inside this container will be killed.
601 *
602 * @name : name of container to connect to
603 * @lxcpath : the lxcpath in which the container is running
604 *
605 * Returns 0 on success, < 0 on failure
606 */
607 int lxc_cmd_stop(const char *name, const char *lxcpath)
608 {
609 int ret, stopped;
610 struct lxc_cmd_rr cmd = {
611 .req = { .cmd = LXC_CMD_STOP },
612 };
613
614 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
615 if (ret < 0) {
616 if (stopped) {
617 INFO("Container \"%s\" is already stopped", name);
618 return 0;
619 }
620
621 return -1;
622 }
623
624 /* We do not expect any answer, because we wait for the connection to be
625 * closed.
626 */
627 if (ret > 0) {
628 errno = -cmd.rsp.ret;
629 SYSERROR("Failed to stop container \"%s\"", name);
630 return -1;
631 }
632
633 INFO("Container \"%s\" has stopped", name);
634 return 0;
635 }
636
637 static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
638 struct lxc_handler *handler)
639 {
640 struct lxc_cmd_rsp rsp;
641 int stopsignal = SIGKILL;
642 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
643
644 if (handler->conf->stopsignal)
645 stopsignal = handler->conf->stopsignal;
646 memset(&rsp, 0, sizeof(rsp));
647 rsp.ret = kill(handler->pid, stopsignal);
648 if (!rsp.ret) {
649 /* We can't just use lxc_unfreeze() since we are already in the
650 * context of handling the STOP cmd in lxc-start, and calling
651 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
652 * deadlock us.
653 */
654 if (!cgroup_ops->get_cgroup(cgroup_ops, "freezer"))
655 return 0;
656
657 if (cgroup_ops->unfreeze(cgroup_ops))
658 return 0;
659
660 ERROR("Failed to unfreeze container \"%s\"", handler->name);
661 rsp.ret = -1;
662 }
663
664 return lxc_cmd_rsp_send(fd, &rsp);
665 }
666
667 /*
668 * lxc_cmd_terminal_winch: To process as if a SIGWINCH were received
669 *
670 * @name : name of container to connect to
671 * @lxcpath : the lxcpath in which the container is running
672 *
673 * Returns 0 on success, < 0 on failure
674 */
675 int lxc_cmd_terminal_winch(const char *name, const char *lxcpath)
676 {
677 int ret, stopped;
678 struct lxc_cmd_rr cmd = {
679 .req = { .cmd = LXC_CMD_TERMINAL_WINCH },
680 };
681
682 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
683 if (ret < 0)
684 return ret;
685
686 return 0;
687 }
688
689 static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
690 struct lxc_handler *handler)
691 {
692 struct lxc_cmd_rsp rsp = { .data = 0 };
693
694 lxc_terminal_sigwinch(SIGWINCH);
695
696 return lxc_cmd_rsp_send(fd, &rsp);
697 }
698
699 /*
700 * lxc_cmd_console: Open an fd to a tty in the container
701 *
702 * @name : name of container to connect to
703 * @ttynum : in: the tty to open or -1 for next available
704 * : out: the tty allocated
705 * @fd : out: file descriptor for master side of pty
706 * @lxcpath : the lxcpath in which the container is running
707 *
708 * Returns fd holding tty allocated on success, < 0 on failure
709 */
710 int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
711 {
712 int ret, stopped;
713 struct lxc_cmd_console_rsp_data *rspdata;
714 struct lxc_cmd_rr cmd = {
715 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
716 };
717
718 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
719 if (ret < 0)
720 return ret;
721
722 if (cmd.rsp.ret < 0) {
723 errno = -cmd.rsp.ret;
724 SYSERROR("Denied access to tty");
725 ret = -1;
726 goto out;
727 }
728
729 if (ret == 0) {
730 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
731 ret = -1;
732 goto out;
733 }
734
735 rspdata = cmd.rsp.data;
736 if (rspdata->masterfd < 0) {
737 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
738 goto out;
739 }
740
741 ret = cmd.rsp.ret; /* socket fd */
742 *fd = rspdata->masterfd;
743 *ttynum = rspdata->ttynum;
744 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
745
746 out:
747 free(cmd.rsp.data);
748 return ret;
749 }
750
751 static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
752 struct lxc_handler *handler)
753 {
754 int masterfd, ret;
755 struct lxc_cmd_rsp rsp;
756 int ttynum = PTR_TO_INT(req->data);
757
758 masterfd = lxc_terminal_allocate(handler->conf, fd, &ttynum);
759 if (masterfd < 0)
760 goto out_close;
761
762 memset(&rsp, 0, sizeof(rsp));
763 rsp.data = INT_TO_PTR(ttynum);
764 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
765 if (ret < 0) {
766 SYSERROR("Failed to send tty to client");
767 lxc_terminal_free(handler->conf, fd);
768 goto out_close;
769 }
770
771 return 0;
772
773 out_close:
774 /* Special indicator to lxc_cmd_handler() to close the fd and do
775 * related cleanup.
776 */
777 return 1;
778 }
779
780 /*
781 * lxc_cmd_get_name: Returns the name of the container
782 *
783 * @hashed_sock_name: hashed socket name
784 *
785 * Returns the name on success, NULL on failure.
786 */
787 char *lxc_cmd_get_name(const char *hashed_sock_name)
788 {
789 int ret, stopped;
790 struct lxc_cmd_rr cmd = {
791 .req = { .cmd = LXC_CMD_GET_NAME},
792 };
793
794 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
795 if (ret < 0)
796 return NULL;
797
798 if (cmd.rsp.ret == 0)
799 return cmd.rsp.data;
800
801 return NULL;
802 }
803
804 static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
805 struct lxc_handler *handler)
806 {
807 struct lxc_cmd_rsp rsp;
808
809 memset(&rsp, 0, sizeof(rsp));
810
811 rsp.data = (char *)handler->name;
812 rsp.datalen = strlen(handler->name) + 1;
813 rsp.ret = 0;
814
815 return lxc_cmd_rsp_send(fd, &rsp);
816 }
817
818 /*
819 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
820 *
821 * @hashed_sock_name: hashed socket name
822 *
823 * Returns the lxcpath on success, NULL on failure.
824 */
825 char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
826 {
827 int ret, stopped;
828 struct lxc_cmd_rr cmd = {
829 .req = { .cmd = LXC_CMD_GET_LXCPATH},
830 };
831
832 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
833 if (ret < 0)
834 return NULL;
835
836 if (cmd.rsp.ret == 0)
837 return cmd.rsp.data;
838
839 return NULL;
840 }
841
842 static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
843 struct lxc_handler *handler)
844 {
845 struct lxc_cmd_rsp rsp;
846
847 memset(&rsp, 0, sizeof(rsp));
848
849 rsp.ret = 0;
850 rsp.data = (char *)handler->lxcpath;
851 rsp.datalen = strlen(handler->lxcpath) + 1;
852
853 return lxc_cmd_rsp_send(fd, &rsp);
854 }
855
856 int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
857 lxc_state_t states[MAX_STATE],
858 int *state_client_fd)
859 {
860 int state, stopped;
861 ssize_t ret;
862 struct lxc_cmd_rr cmd = {
863 .req = {
864 .cmd = LXC_CMD_ADD_STATE_CLIENT,
865 .data = states,
866 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
867 },
868 };
869
870 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
871 if (states[STOPPED] != 0 && stopped != 0)
872 return STOPPED;
873
874 if (ret < 0) {
875 if (errno != ECONNREFUSED)
876 SYSERROR("Failed to execute command");
877
878 return -1;
879 }
880
881 /* We should now be guaranteed to get an answer from the state sending
882 * function.
883 */
884 if (cmd.rsp.ret < 0) {
885 errno = -cmd.rsp.ret;
886 SYSERROR("Failed to receive socket fd");
887 return -1;
888 }
889
890 state = PTR_TO_INT(cmd.rsp.data);
891 if (state < MAX_STATE) {
892 TRACE("Container is already in requested state %s", lxc_state2str(state));
893 close(cmd.rsp.ret);
894 return state;
895 }
896
897 *state_client_fd = cmd.rsp.ret;
898 TRACE("Added state client %d to state client list", cmd.rsp.ret);
899 return MAX_STATE;
900 }
901
902 static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
903 struct lxc_handler *handler)
904 {
905 int ret;
906 struct lxc_cmd_rsp rsp = {0};
907
908 if (req->datalen < 0)
909 goto reap_client_fd;
910
911 if (req->datalen > (sizeof(lxc_state_t) * MAX_STATE))
912 goto reap_client_fd;
913
914 if (!req->data)
915 goto reap_client_fd;
916
917 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
918 if (rsp.ret < 0)
919 goto reap_client_fd;
920
921 rsp.data = INT_TO_PTR(rsp.ret);
922
923 ret = lxc_cmd_rsp_send(fd, &rsp);
924 if (ret < 0)
925 goto reap_client_fd;
926
927 return 0;
928
929 reap_client_fd:
930 /* Special indicator to lxc_cmd_handler() to close the fd and do related
931 * cleanup.
932 */
933 return 1;
934 }
935
936 int lxc_cmd_console_log(const char *name, const char *lxcpath,
937 struct lxc_console_log *log)
938 {
939 int ret, stopped;
940 struct lxc_cmd_console_log data;
941 struct lxc_cmd_rr cmd;
942
943 data.clear = log->clear;
944 data.read = log->read;
945 data.read_max = *log->read_max;
946
947 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
948 cmd.req.data = &data;
949 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
950
951 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
952 if (ret < 0)
953 return ret;
954
955 /* There is nothing to be read from the buffer. So clear any values we
956 * where passed to clearly indicate to the user that nothing went wrong.
957 */
958 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
959 *log->read_max = 0;
960 log->data = NULL;
961 }
962
963 /* This is a proper error so don't touch any values we were passed. */
964 if (cmd.rsp.ret < 0)
965 return cmd.rsp.ret;
966
967 *log->read_max = cmd.rsp.datalen;
968 log->data = cmd.rsp.data;
969
970 return 0;
971 }
972
973 static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
974 struct lxc_handler *handler)
975 {
976 struct lxc_cmd_rsp rsp;
977 uint64_t buffer_size = handler->conf->console.buffer_size;
978 const struct lxc_cmd_console_log *log = req->data;
979 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
980
981 rsp.ret = -EFAULT;
982 rsp.datalen = 0;
983 rsp.data = NULL;
984 if (buffer_size <= 0)
985 goto out;
986
987 if (log->read || log->write_logfile)
988 rsp.datalen = lxc_ringbuf_used(buf);
989
990 if (log->read)
991 rsp.data = lxc_ringbuf_get_read_addr(buf);
992
993 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
994 rsp.datalen = log->read_max;
995
996 /* there's nothing to read */
997 rsp.ret = -ENODATA;
998 if (log->read && (buf->r_off == buf->w_off))
999 goto out;
1000
1001 rsp.ret = 0;
1002 if (log->clear)
1003 lxc_ringbuf_clear(buf); /* clear the ringbuffer */
1004 else if (rsp.datalen > 0)
1005 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
1006
1007 out:
1008 return lxc_cmd_rsp_send(fd, &rsp);
1009 }
1010
1011 int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
1012 lxc_state_t state)
1013 {
1014 int stopped;
1015 ssize_t ret;
1016 struct lxc_cmd_rr cmd = {
1017 .req = {
1018 .cmd = LXC_CMD_SERVE_STATE_CLIENTS,
1019 .data = INT_TO_PTR(state)
1020 },
1021 };
1022
1023 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
1024 if (ret < 0) {
1025 SYSERROR("Failed to execute command");
1026 return -1;
1027 }
1028
1029 return 0;
1030 }
1031
1032 static int lxc_cmd_serve_state_clients_callback(int fd, struct lxc_cmd_req *req,
1033 struct lxc_handler *handler)
1034 {
1035 int ret;
1036 lxc_state_t state = PTR_TO_INT(req->data);
1037 struct lxc_cmd_rsp rsp = {0};
1038
1039 ret = lxc_serve_state_clients(handler->name, handler, state);
1040 if (ret < 0)
1041 goto reap_client_fd;
1042
1043 ret = lxc_cmd_rsp_send(fd, &rsp);
1044 if (ret < 0)
1045 goto reap_client_fd;
1046
1047 return 0;
1048
1049 reap_client_fd:
1050 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1051 * cleanup.
1052 */
1053 return 1;
1054 }
1055
1056 static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
1057 struct lxc_handler *handler)
1058 {
1059 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1060
1061 callback cb[LXC_CMD_MAX] = {
1062 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
1063 [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
1064 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1065 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1066 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1067 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1068 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1069 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1070 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1071 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1072 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
1073 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
1074 [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
1075 };
1076
1077 if (req->cmd >= LXC_CMD_MAX) {
1078 ERROR("Undefined command id %d", req->cmd);
1079 return -1;
1080 }
1081 return cb[req->cmd](fd, req, handler);
1082 }
1083
1084 static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
1085 struct lxc_epoll_descr *descr,
1086 const lxc_cmd_t cmd)
1087 {
1088 struct lxc_state_client *client;
1089 struct lxc_list *cur, *next;
1090
1091 lxc_terminal_free(handler->conf, fd);
1092 lxc_mainloop_del_handler(descr, fd);
1093 if (cmd != LXC_CMD_ADD_STATE_CLIENT) {
1094 close(fd);
1095 return;
1096 }
1097
1098 lxc_list_for_each_safe(cur, &handler->conf->state_clients, next) {
1099 client = cur->elem;
1100 if (client->clientfd != fd)
1101 continue;
1102
1103 /* kick client from list */
1104 lxc_list_del(cur);
1105 close(client->clientfd);
1106 free(cur->elem);
1107 free(cur);
1108 /* No need to walk the whole list. If we found the state client
1109 * fd there can't be a second one.
1110 */
1111 break;
1112 }
1113 }
1114
1115 static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1116 struct lxc_epoll_descr *descr)
1117 {
1118 int ret;
1119 struct lxc_cmd_req req;
1120 void *reqdata = NULL;
1121 struct lxc_handler *handler = data;
1122
1123 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
1124 if (ret < 0) {
1125 SYSERROR("Failed to receive data on command socket for command "
1126 "\"%s\"", lxc_cmd_str(req.cmd));
1127
1128 if (errno == EACCES) {
1129 /* We don't care for the peer, just send and close. */
1130 struct lxc_cmd_rsp rsp = {.ret = ret};
1131
1132 lxc_cmd_rsp_send(fd, &rsp);
1133 }
1134
1135 goto out_close;
1136 }
1137
1138 if (ret == 0)
1139 goto out_close;
1140
1141 if (ret != sizeof(req)) {
1142 WARN("Failed to receive full command request. Ignoring request "
1143 "for \"%s\"", lxc_cmd_str(req.cmd));
1144 ret = -1;
1145 goto out_close;
1146 }
1147
1148 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1149 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
1150 ERROR("Received command data length %d is too large for "
1151 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1152 errno = EFBIG;
1153 ret = -EFBIG;
1154 goto out_close;
1155 }
1156
1157 if (req.datalen > 0) {
1158 /* LXC_CMD_CONSOLE_LOG needs to be able to allocate data
1159 * that exceeds LXC_CMD_DATA_MAX: use malloc() for that.
1160 */
1161 if (req.cmd == LXC_CMD_CONSOLE_LOG)
1162 reqdata = malloc(req.datalen);
1163 else
1164 reqdata = alloca(req.datalen);
1165 if (!reqdata) {
1166 ERROR("Failed to allocate memory for \"%s\" command",
1167 lxc_cmd_str(req.cmd));
1168 errno = ENOMEM;
1169 ret = -ENOMEM;
1170 goto out_close;
1171 }
1172
1173 ret = lxc_recv_nointr(fd, reqdata, req.datalen, 0);
1174 if (ret != req.datalen) {
1175 WARN("Failed to receive full command request. Ignoring "
1176 "request for \"%s\"", lxc_cmd_str(req.cmd));
1177 ret = LXC_MAINLOOP_ERROR;
1178 goto out_close;
1179 }
1180
1181 req.data = reqdata;
1182 }
1183
1184 ret = lxc_cmd_process(fd, &req, handler);
1185 if (ret) {
1186 /* This is not an error, but only a request to close fd. */
1187 ret = LXC_MAINLOOP_CONTINUE;
1188 goto out_close;
1189 }
1190
1191 out:
1192 if (req.cmd == LXC_CMD_CONSOLE_LOG && reqdata)
1193 free(reqdata);
1194
1195 return ret;
1196
1197 out_close:
1198 lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);
1199 goto out;
1200 }
1201
1202 static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1203 struct lxc_epoll_descr *descr)
1204 {
1205 int connection;
1206 int opt = 1, ret = -1;
1207
1208 connection = accept(fd, NULL, 0);
1209 if (connection < 0) {
1210 SYSERROR("Failed to accept connection to run command");
1211 return LXC_MAINLOOP_ERROR;
1212 }
1213
1214 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1215 if (ret < 0) {
1216 SYSERROR("Failed to set close-on-exec on incoming command connection");
1217 goto out_close;
1218 }
1219
1220 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1221 if (ret < 0) {
1222 SYSERROR("Failed to enable necessary credentials on command socket");
1223 goto out_close;
1224 }
1225
1226 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
1227 if (ret) {
1228 ERROR("Failed to add command handler");
1229 goto out_close;
1230 }
1231
1232 out:
1233 return ret;
1234
1235 out_close:
1236 close(connection);
1237 goto out;
1238 }
1239
1240 int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
1241 {
1242 int fd, ret;
1243 char path[LXC_AUDS_ADDR_LEN] = {0};
1244
1245 ret = lxc_make_abstract_socket_name(path, sizeof(path), name, lxcpath, NULL, suffix);
1246 if (ret < 0)
1247 return -1;
1248 TRACE("Creating abstract unix socket \"%s\"", &path[1]);
1249
1250 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
1251 if (fd < 0) {
1252 SYSERROR("Failed to create command socket %s", &path[1]);
1253 if (errno == EADDRINUSE)
1254 ERROR("Container \"%s\" appears to be already running", name);
1255
1256 return -1;
1257 }
1258
1259 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1260 if (ret < 0) {
1261 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
1262 close(fd);
1263 return -1;
1264 }
1265
1266 return fd;
1267 }
1268
1269 int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
1270 struct lxc_handler *handler)
1271 {
1272 int ret;
1273 int fd = handler->conf->maincmd_fd;
1274
1275 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
1276 if (ret < 0) {
1277 ERROR("Failed to add handler for command socket");
1278 close(fd);
1279 }
1280
1281 return ret;
1282 }
LXC mirror