]> git.proxmox.com Git - mirror_lxc.git/blob - src/lxc/commands.c
projects / mirror_lxc.git / blob
? search:


9bf96fa8d437eea6f23d34524463aea3b35ec67d
[mirror_lxc.git] / src / lxc / commands.c
1 /*
2 * lxc: linux Container library
3 *
4 * (C) Copyright IBM Corp. 2007, 2009
5 *
6 * Authors:
7 * Daniel Lezcano <daniel.lezcano at free.fr>
8 *
9 * This library is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public
11 * License as published by the Free Software Foundation; either
12 * version 2.1 of the License, or (at your option) any later version.
13 *
14 * This library is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 */
23
24 #include "config.h"
25
26 #include <caps.h>
27 #include <errno.h>
28 #include <fcntl.h>
29 #include <malloc.h>
30 #include <poll.h>
31 #include <signal.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <sys/param.h>
36 #include <sys/socket.h>
37 #include <sys/un.h>
38
39 #include "af_unix.h"
40 #include "cgroup.h"
41 #include "commands.h"
42 #include "commands_utils.h"
43 #include "conf.h"
44 #include "confile.h"
45 #include "log.h"
46 #include "lxc.h"
47 #include "lxclock.h"
48 #include "mainloop.h"
49 #include "monitor.h"
50 #include "start.h"
51 #include "terminal.h"
52 #include "utils.h"
53
54 /*
55 * This file provides the different functions for clients to query/command the
56 * server. The client is typically some lxc tool and the server is typically the
57 * container (ie. lxc-start).
58 *
59 * Each command is transactional, the clients send a request to the server and
60 * the server answers the request with a message giving the request's status
61 * (zero or a negative errno value). Both the request and response may contain
62 * additional data.
63 *
64 * Each command is wrapped in a ancillary message in order to pass a credential
65 * making possible to the server to check if the client is allowed to ask for
66 * this command or not.
67 *
68 * IMPORTANTLY: Note that semantics for current commands are fixed. If you wish
69 * to make any changes to how, say, LXC_CMD_GET_CONFIG_ITEM works by adding
70 * information to the end of cmd.data, then you must introduce a new
71 * LXC_CMD_GET_CONFIG_ITEM_V2 define with a new number. You may wish to also
72 * mark LXC_CMD_GET_CONFIG_ITEM deprecated in commands.h.
73 *
74 * This is necessary in order to avoid having a newly compiled lxc command
75 * communicating with a running (old) monitor from crashing the running
76 * container.
77 */
78
79 lxc_log_define(commands, lxc);
80
81 static const char *lxc_cmd_str(lxc_cmd_t cmd)
82 {
83 static const char *const cmdname[LXC_CMD_MAX] = {
84 [LXC_CMD_CONSOLE] = "console",
85 [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
86 [LXC_CMD_STOP] = "stop",
87 [LXC_CMD_GET_STATE] = "get_state",
88 [LXC_CMD_GET_INIT_PID] = "get_init_pid",
89 [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
90 [LXC_CMD_GET_CGROUP] = "get_cgroup",
91 [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
92 [LXC_CMD_GET_NAME] = "get_name",
93 [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
94 [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
95 [LXC_CMD_CONSOLE_LOG] = "console_log",
96 [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
97 };
98
99 if (cmd >= LXC_CMD_MAX)
100 return "Unknown cmd";
101
102 return cmdname[cmd];
103 }
104
105 /*
106 * lxc_cmd_rsp_recv: Receive a response to a command
107 *
108 * @sock : the socket connected to the container
109 * @cmd : command to put response in
110 *
111 * Returns the size of the response message or < 0 on failure
112 *
113 * Note that if the command response datalen > 0, then data is
114 * a malloc()ed buffer and should be free()ed by the caller. If
115 * the response data is <= a void * worth of data, it will be
116 * stored directly in data and datalen will be 0.
117 *
118 * As a special case, the response for LXC_CMD_CONSOLE is created
119 * here as it contains an fd for the master pty passed through the
120 * unix socket.
121 */
122 static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
123 {
124 int ret, rspfd;
125 struct lxc_cmd_rsp *rsp = &cmd->rsp;
126
127 ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
128 if (ret < 0) {
129 SYSWARN("Failed to receive response for command \"%s\"",
130 lxc_cmd_str(cmd->req.cmd));
131
132 if (errno == ECONNRESET)
133 return -ECONNRESET;
134
135 return -1;
136 }
137 TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
138
139 if (cmd->req.cmd == LXC_CMD_CONSOLE) {
140 struct lxc_cmd_console_rsp_data *rspdata;
141
142 /* recv() returns 0 bytes when a tty cannot be allocated,
143 * rsp->ret is < 0 when the peer permission check failed
144 */
145 if (ret == 0 || rsp->ret < 0)
146 return 0;
147
148 rspdata = malloc(sizeof(*rspdata));
149 if (!rspdata) {
150 ERROR("Failed to allocate response buffer for command \"%s\"",
151 lxc_cmd_str(cmd->req.cmd));
152 return -ENOMEM;
153 }
154 rspdata->masterfd = rspfd;
155 rspdata->ttynum = PTR_TO_INT(rsp->data);
156 rsp->data = rspdata;
157 }
158
159 if (rsp->datalen == 0) {
160 DEBUG("Response data length for command \"%s\" is 0",
161 lxc_cmd_str(cmd->req.cmd));
162 return ret;
163 }
164
165 if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
166 (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
167 errno = EFBIG;
168 SYSERROR("Response data for command \"%s\" is too long: %d bytes > %d",
169 lxc_cmd_str(cmd->req.cmd), rsp->datalen, LXC_CMD_DATA_MAX);
170 return -EFBIG;
171 }
172
173 if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
174 rsp->data = malloc(rsp->datalen + 1);
175 ((char *)rsp->data)[rsp->datalen] = '\0';
176 } else {
177 rsp->data = malloc(rsp->datalen);
178 }
179 if (!rsp->data) {
180 errno = ENOMEM;
181 SYSERROR("Failed to allocate response buffer for command \"%s\"",
182 lxc_cmd_str(cmd->req.cmd));
183 return -ENOMEM;
184 }
185
186 ret = recv(sock, rsp->data, rsp->datalen, 0);
187 if (ret != rsp->datalen) {
188 SYSERROR("Failed to receive response data for command \"%s\"",
189 lxc_cmd_str(cmd->req.cmd));
190 if (ret >= 0)
191 ret = -1;
192 }
193
194 return ret;
195 }
196
197 /*
198 * lxc_cmd_rsp_send: Send a command response
199 *
200 * @fd : file descriptor of socket to send response on
201 * @rsp : response to send
202 *
203 * Returns 0 on success, < 0 on failure
204 */
205 static int lxc_cmd_rsp_send(int fd, struct lxc_cmd_rsp *rsp)
206 {
207 ssize_t ret;
208
209 ret = send(fd, rsp, sizeof(*rsp), MSG_NOSIGNAL);
210 if (ret < 0 || (size_t)ret != sizeof(*rsp)) {
211 SYSERROR("Failed to send command response %zd", ret);
212 return -1;
213 }
214
215 if (!rsp->data || rsp->datalen <= 0)
216 return 0;
217
218 ret = send(fd, rsp->data, rsp->datalen, MSG_NOSIGNAL);
219 if (ret < 0 || ret != (ssize_t)rsp->datalen) {
220 SYSWARN("Failed to send command response data %zd", ret);
221 return -1;
222 }
223
224 return 0;
225 }
226
227 static int lxc_cmd_send(const char *name, struct lxc_cmd_rr *cmd,
228 const char *lxcpath, const char *hashed_sock_name)
229 {
230 int client_fd;
231 ssize_t ret = -1;
232
233 client_fd = lxc_cmd_connect(name, lxcpath, hashed_sock_name, "command");
234 if (client_fd < 0) {
235 if (client_fd == -ECONNREFUSED)
236 return -ECONNREFUSED;
237
238 return -1;
239 }
240
241 ret = lxc_abstract_unix_send_credential(client_fd, &cmd->req,
242 sizeof(cmd->req));
243 if (ret < 0 || (size_t)ret != sizeof(cmd->req)) {
244 close(client_fd);
245
246 if (errno == EPIPE)
247 return -EPIPE;
248
249 if (ret >= 0)
250 return -EMSGSIZE;
251
252 return -1;
253 }
254
255 if (cmd->req.datalen <= 0)
256 return client_fd;
257
258 ret = send(client_fd, cmd->req.data, cmd->req.datalen, MSG_NOSIGNAL);
259 if (ret < 0 || ret != (ssize_t)cmd->req.datalen) {
260 close(client_fd);
261
262 if (errno == EPIPE)
263 return -EPIPE;
264
265 if (ret >= 0)
266 return -EMSGSIZE;
267
268 return -1;
269 }
270
271 return client_fd;
272 }
273
274 /*
275 * lxc_cmd: Connect to the specified running container, send it a command
276 * request and collect the response
277 *
278 * @name : name of container to connect to
279 * @cmd : command with initialized request to send
280 * @stopped : output indicator if the container was not running
281 * @lxcpath : the lxcpath in which the container is running
282 *
283 * Returns the size of the response message on success, < 0 on failure
284 *
285 * Note that there is a special case for LXC_CMD_CONSOLE. For this command
286 * the fd cannot be closed because it is used as a placeholder to indicate
287 * that a particular tty slot is in use. The fd is also used as a signal to
288 * the container that when the caller dies or closes the fd, the container
289 * will notice the fd on its side of the socket in its mainloop select and
290 * then free the slot with lxc_cmd_fd_cleanup(). The socket fd will be
291 * returned in the cmd response structure.
292 */
293 static int lxc_cmd(const char *name, struct lxc_cmd_rr *cmd, int *stopped,
294 const char *lxcpath, const char *hashed_sock_name)
295 {
296 int client_fd;
297 int ret = -1;
298 bool stay_connected = false;
299
300 if (cmd->req.cmd == LXC_CMD_CONSOLE ||
301 cmd->req.cmd == LXC_CMD_ADD_STATE_CLIENT)
302 stay_connected = true;
303
304 *stopped = 0;
305
306 client_fd = lxc_cmd_send(name, cmd, lxcpath, hashed_sock_name);
307 if (client_fd < 0) {
308 SYSTRACE("Command \"%s\" failed to connect command socket",
309 lxc_cmd_str(cmd->req.cmd));
310
311 if (client_fd == -ECONNREFUSED)
312 *stopped = 1;
313
314 if (client_fd == -EPIPE) {
315 *stopped = 1;
316 client_fd = 0;
317 }
318
319 return client_fd;
320 }
321
322 ret = lxc_cmd_rsp_recv(client_fd, cmd);
323 if (ret == -ECONNRESET)
324 *stopped = 1;
325
326 if (!stay_connected || ret <= 0)
327 if (client_fd >= 0)
328 close(client_fd);
329
330 if (stay_connected && ret > 0)
331 cmd->rsp.ret = client_fd;
332
333 return ret;
334 }
335
336 int lxc_try_cmd(const char *name, const char *lxcpath)
337 {
338 int stopped, ret;
339 struct lxc_cmd_rr cmd = {
340 .req = { .cmd = LXC_CMD_GET_INIT_PID },
341 };
342
343 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
344 if (stopped)
345 return 0;
346 if (ret > 0 && cmd.rsp.ret < 0) {
347 errno = cmd.rsp.ret;
348 return -1;
349 }
350 if (ret > 0)
351 return 0;
352
353 /* At this point we weren't denied access, and the container *was*
354 * started. There was some inexplicable error in the protocol. I'm not
355 * clear on whether we should return -1 here, but we didn't receive a
356 * -EACCES, so technically it's not that we're not allowed to control
357 * the container - it's just not behaving.
358 */
359 return 0;
360 }
361
362 /* Implentations of the commands and their callbacks */
363
364 /*
365 * lxc_cmd_get_init_pid: Get pid of the container's init process
366 *
367 * @name : name of container to connect to
368 * @lxcpath : the lxcpath in which the container is running
369 *
370 * Returns the pid on success, < 0 on failure
371 */
372 pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath)
373 {
374 int ret, stopped;
375 struct lxc_cmd_rr cmd = {
376 .req = { .cmd = LXC_CMD_GET_INIT_PID },
377 };
378
379 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
380 if (ret < 0)
381 return ret;
382
383 return PTR_TO_INT(cmd.rsp.data);
384 }
385
386 static int lxc_cmd_get_init_pid_callback(int fd, struct lxc_cmd_req *req,
387 struct lxc_handler *handler)
388 {
389 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->pid) };
390
391 return lxc_cmd_rsp_send(fd, &rsp);
392 }
393
394 /*
395 * lxc_cmd_get_clone_flags: Get clone flags container was spawned with
396 *
397 * @name : name of container to connect to
398 * @lxcpath : the lxcpath in which the container is running
399 *
400 * Returns the clone flags on success, < 0 on failure
401 */
402 int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath)
403 {
404 int ret, stopped;
405 struct lxc_cmd_rr cmd = {
406 .req = { .cmd = LXC_CMD_GET_CLONE_FLAGS },
407 };
408
409 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
410 if (ret < 0)
411 return ret;
412
413 return PTR_TO_INT(cmd.rsp.data);
414 }
415
416 static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
417 struct lxc_handler *handler)
418 {
419 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->ns_clone_flags) };
420
421 return lxc_cmd_rsp_send(fd, &rsp);
422 }
423
424 /*
425 * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a
426 * particular subsystem. This is the cgroup path relative to the root
427 * of the cgroup filesystem.
428 *
429 * @name : name of container to connect to
430 * @lxcpath : the lxcpath in which the container is running
431 * @subsystem : the subsystem being asked about
432 *
433 * Returns the path on success, NULL on failure. The caller must free() the
434 * returned path.
435 */
436 char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
437 const char *subsystem)
438 {
439 int ret, stopped;
440 struct lxc_cmd_rr cmd = {
441 .req = {
442 .cmd = LXC_CMD_GET_CGROUP,
443 .data = subsystem,
444 .datalen = 0,
445 },
446 };
447
448 cmd.req.data = subsystem;
449 cmd.req.datalen = 0;
450 if (subsystem)
451 cmd.req.datalen = strlen(subsystem) + 1;
452
453 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
454 if (ret < 0)
455 return NULL;
456
457 if (ret == 0)
458 return NULL;
459
460 if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0)
461 return NULL;
462
463 return cmd.rsp.data;
464 }
465
466 static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
467 struct lxc_handler *handler)
468 {
469 const char *path;
470 struct lxc_cmd_rsp rsp;
471 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
472
473 if (req->datalen > 0)
474 path = cgroup_ops->get_cgroup(cgroup_ops, req->data);
475 else
476 path = cgroup_ops->get_cgroup(cgroup_ops, NULL);
477 if (!path)
478 return -1;
479
480 rsp.ret = 0;
481 rsp.datalen = strlen(path) + 1;
482 rsp.data = (char *)path;
483
484 return lxc_cmd_rsp_send(fd, &rsp);
485 }
486
487 /*
488 * lxc_cmd_get_config_item: Get config item the running container
489 *
490 * @name : name of container to connect to
491 * @item : the configuration item to retrieve (ex: lxc.net.0.veth.pair)
492 * @lxcpath : the lxcpath in which the container is running
493 *
494 * Returns the item on success, NULL on failure. The caller must free() the
495 * returned item.
496 */
497 char *lxc_cmd_get_config_item(const char *name, const char *item,
498 const char *lxcpath)
499 {
500 int ret, stopped;
501 struct lxc_cmd_rr cmd = {
502 .req = { .cmd = LXC_CMD_GET_CONFIG_ITEM,
503 .data = item,
504 .datalen = strlen(item) + 1,
505 },
506 };
507
508 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
509 if (ret < 0)
510 return NULL;
511
512 if (cmd.rsp.ret == 0)
513 return cmd.rsp.data;
514
515 return NULL;
516 }
517
518 static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
519 struct lxc_handler *handler)
520 {
521 int cilen;
522 char *cidata;
523 struct lxc_config_t *item;
524 struct lxc_cmd_rsp rsp;
525
526 memset(&rsp, 0, sizeof(rsp));
527 item = lxc_get_config(req->data);
528 if (!item)
529 goto err1;
530
531 cilen = item->get(req->data, NULL, 0, handler->conf, NULL);
532 if (cilen <= 0)
533 goto err1;
534
535 cidata = alloca(cilen + 1);
536 if (item->get(req->data, cidata, cilen + 1, handler->conf, NULL) != cilen)
537 goto err1;
538
539 cidata[cilen] = '\0';
540 rsp.data = cidata;
541 rsp.datalen = cilen + 1;
542 rsp.ret = 0;
543 goto out;
544
545 err1:
546 rsp.ret = -1;
547 out:
548 return lxc_cmd_rsp_send(fd, &rsp);
549 }
550
551 /*
552 * lxc_cmd_get_state: Get current state of the container
553 *
554 * @name : name of container to connect to
555 * @lxcpath : the lxcpath in which the container is running
556 *
557 * Returns the state on success, < 0 on failure
558 */
559 int lxc_cmd_get_state(const char *name, const char *lxcpath)
560 {
561 int ret, stopped;
562 struct lxc_cmd_rr cmd = {
563 .req = { .cmd = LXC_CMD_GET_STATE }
564 };
565
566 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
567 if (ret < 0 && stopped)
568 return STOPPED;
569
570 if (ret < 0)
571 return -1;
572
573 if (!ret) {
574 WARN("Container \"%s\" has stopped before sending its state", name);
575 return -1;
576 }
577
578 DEBUG("Container \"%s\" is in \"%s\" state", name,
579 lxc_state2str(PTR_TO_INT(cmd.rsp.data)));
580
581 return PTR_TO_INT(cmd.rsp.data);
582 }
583
584 static int lxc_cmd_get_state_callback(int fd, struct lxc_cmd_req *req,
585 struct lxc_handler *handler)
586 {
587 struct lxc_cmd_rsp rsp = { .data = INT_TO_PTR(handler->state) };
588
589 return lxc_cmd_rsp_send(fd, &rsp);
590 }
591
592 /*
593 * lxc_cmd_stop: Stop the container previously started with lxc_start. All
594 * the processes running inside this container will be killed.
595 *
596 * @name : name of container to connect to
597 * @lxcpath : the lxcpath in which the container is running
598 *
599 * Returns 0 on success, < 0 on failure
600 */
601 int lxc_cmd_stop(const char *name, const char *lxcpath)
602 {
603 int ret, stopped;
604 struct lxc_cmd_rr cmd = {
605 .req = { .cmd = LXC_CMD_STOP },
606 };
607
608 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
609 if (ret < 0) {
610 if (stopped) {
611 INFO("Container \"%s\" is already stopped", name);
612 return 0;
613 }
614
615 return -1;
616 }
617
618 /* We do not expect any answer, because we wait for the connection to be
619 * closed.
620 */
621 if (ret > 0) {
622 errno = -cmd.rsp.ret;
623 SYSERROR("Failed to stop container \"%s\"", name);
624 return -1;
625 }
626
627 INFO("Container \"%s\" has stopped", name);
628 return 0;
629 }
630
631 static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req *req,
632 struct lxc_handler *handler)
633 {
634 struct lxc_cmd_rsp rsp;
635 int stopsignal = SIGKILL;
636 struct cgroup_ops *cgroup_ops = handler->cgroup_ops;
637
638 if (handler->conf->stopsignal)
639 stopsignal = handler->conf->stopsignal;
640 memset(&rsp, 0, sizeof(rsp));
641 rsp.ret = kill(handler->pid, stopsignal);
642 if (!rsp.ret) {
643 /* We can't just use lxc_unfreeze() since we are already in the
644 * context of handling the STOP cmd in lxc-start, and calling
645 * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
646 * deadlock us.
647 */
648 if (cgroup_ops->unfreeze(cgroup_ops))
649 return 0;
650
651 ERROR("Failed to unfreeze container \"%s\"", handler->name);
652 rsp.ret = -1;
653 }
654
655 return lxc_cmd_rsp_send(fd, &rsp);
656 }
657
658 /*
659 * lxc_cmd_terminal_winch: To process as if a SIGWINCH were received
660 *
661 * @name : name of container to connect to
662 * @lxcpath : the lxcpath in which the container is running
663 *
664 * Returns 0 on success, < 0 on failure
665 */
666 int lxc_cmd_terminal_winch(const char *name, const char *lxcpath)
667 {
668 int ret, stopped;
669 struct lxc_cmd_rr cmd = {
670 .req = { .cmd = LXC_CMD_TERMINAL_WINCH },
671 };
672
673 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
674 if (ret < 0)
675 return ret;
676
677 return 0;
678 }
679
680 static int lxc_cmd_terminal_winch_callback(int fd, struct lxc_cmd_req *req,
681 struct lxc_handler *handler)
682 {
683 struct lxc_cmd_rsp rsp = { .data = 0 };
684
685 lxc_terminal_sigwinch(SIGWINCH);
686
687 return lxc_cmd_rsp_send(fd, &rsp);
688 }
689
690 /*
691 * lxc_cmd_console: Open an fd to a tty in the container
692 *
693 * @name : name of container to connect to
694 * @ttynum : in: the tty to open or -1 for next available
695 * : out: the tty allocated
696 * @fd : out: file descriptor for master side of pty
697 * @lxcpath : the lxcpath in which the container is running
698 *
699 * Returns fd holding tty allocated on success, < 0 on failure
700 */
701 int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath)
702 {
703 int ret, stopped;
704 struct lxc_cmd_console_rsp_data *rspdata;
705 struct lxc_cmd_rr cmd = {
706 .req = { .cmd = LXC_CMD_CONSOLE, .data = INT_TO_PTR(*ttynum) },
707 };
708
709 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
710 if (ret < 0)
711 return ret;
712
713 if (cmd.rsp.ret < 0) {
714 errno = -cmd.rsp.ret;
715 SYSERROR("Denied access to tty");
716 ret = -1;
717 goto out;
718 }
719
720 if (ret == 0) {
721 ERROR("tty number %d invalid, busy or all ttys busy", *ttynum);
722 ret = -1;
723 goto out;
724 }
725
726 rspdata = cmd.rsp.data;
727 if (rspdata->masterfd < 0) {
728 ERROR("Unable to allocate fd for tty %d", rspdata->ttynum);
729 goto out;
730 }
731
732 ret = cmd.rsp.ret; /* socket fd */
733 *fd = rspdata->masterfd;
734 *ttynum = rspdata->ttynum;
735 INFO("Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret);
736
737 out:
738 free(cmd.rsp.data);
739 return ret;
740 }
741
742 static int lxc_cmd_console_callback(int fd, struct lxc_cmd_req *req,
743 struct lxc_handler *handler)
744 {
745 int masterfd, ret;
746 struct lxc_cmd_rsp rsp;
747 int ttynum = PTR_TO_INT(req->data);
748
749 masterfd = lxc_terminal_allocate(handler->conf, fd, &ttynum);
750 if (masterfd < 0)
751 goto out_close;
752
753 memset(&rsp, 0, sizeof(rsp));
754 rsp.data = INT_TO_PTR(ttynum);
755 ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp));
756 if (ret < 0) {
757 ERROR("Failed to send tty to client");
758 lxc_terminal_free(handler->conf, fd);
759 goto out_close;
760 }
761
762 return 0;
763
764 out_close:
765 /* Special indicator to lxc_cmd_handler() to close the fd and do
766 * related cleanup.
767 */
768 return 1;
769 }
770
771 /*
772 * lxc_cmd_get_name: Returns the name of the container
773 *
774 * @hashed_sock_name: hashed socket name
775 *
776 * Returns the name on success, NULL on failure.
777 */
778 char *lxc_cmd_get_name(const char *hashed_sock_name)
779 {
780 int ret, stopped;
781 struct lxc_cmd_rr cmd = {
782 .req = { .cmd = LXC_CMD_GET_NAME},
783 };
784
785 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
786 if (ret < 0)
787 return NULL;
788
789 if (cmd.rsp.ret == 0)
790 return cmd.rsp.data;
791
792 return NULL;
793 }
794
795 static int lxc_cmd_get_name_callback(int fd, struct lxc_cmd_req *req,
796 struct lxc_handler *handler)
797 {
798 struct lxc_cmd_rsp rsp;
799
800 memset(&rsp, 0, sizeof(rsp));
801
802 rsp.data = (char *)handler->name;
803 rsp.datalen = strlen(handler->name) + 1;
804 rsp.ret = 0;
805
806 return lxc_cmd_rsp_send(fd, &rsp);
807 }
808
809 /*
810 * lxc_cmd_get_lxcpath: Returns the lxcpath of the container
811 *
812 * @hashed_sock_name: hashed socket name
813 *
814 * Returns the lxcpath on success, NULL on failure.
815 */
816 char *lxc_cmd_get_lxcpath(const char *hashed_sock_name)
817 {
818 int ret, stopped;
819 struct lxc_cmd_rr cmd = {
820 .req = { .cmd = LXC_CMD_GET_LXCPATH},
821 };
822
823 ret = lxc_cmd(NULL, &cmd, &stopped, NULL, hashed_sock_name);
824 if (ret < 0)
825 return NULL;
826
827 if (cmd.rsp.ret == 0)
828 return cmd.rsp.data;
829
830 return NULL;
831 }
832
833 static int lxc_cmd_get_lxcpath_callback(int fd, struct lxc_cmd_req *req,
834 struct lxc_handler *handler)
835 {
836 struct lxc_cmd_rsp rsp;
837
838 memset(&rsp, 0, sizeof(rsp));
839
840 rsp.ret = 0;
841 rsp.data = (char *)handler->lxcpath;
842 rsp.datalen = strlen(handler->lxcpath) + 1;
843
844 return lxc_cmd_rsp_send(fd, &rsp);
845 }
846
847 int lxc_cmd_add_state_client(const char *name, const char *lxcpath,
848 lxc_state_t states[MAX_STATE],
849 int *state_client_fd)
850 {
851 int state, stopped;
852 ssize_t ret;
853 struct lxc_cmd_rr cmd = {
854 .req = {
855 .cmd = LXC_CMD_ADD_STATE_CLIENT,
856 .data = states,
857 .datalen = (sizeof(lxc_state_t) * MAX_STATE)
858 },
859 };
860
861 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
862 if (states[STOPPED] != 0 && stopped != 0)
863 return STOPPED;
864
865 if (ret < 0) {
866 if (errno != ECONNREFUSED)
867 SYSERROR("Failed to execute command");
868
869 return -1;
870 }
871
872 /* We should now be guaranteed to get an answer from the state sending
873 * function.
874 */
875 if (cmd.rsp.ret < 0) {
876 errno = -cmd.rsp.ret;
877 SYSERROR("Failed to receive socket fd");
878 return -1;
879 }
880
881 state = PTR_TO_INT(cmd.rsp.data);
882 if (state < MAX_STATE) {
883 TRACE("Container is already in requested state %s", lxc_state2str(state));
884 close(cmd.rsp.ret);
885 return state;
886 }
887
888 *state_client_fd = cmd.rsp.ret;
889 TRACE("Added state client %d to state client list", cmd.rsp.ret);
890 return MAX_STATE;
891 }
892
893 static int lxc_cmd_add_state_client_callback(int fd, struct lxc_cmd_req *req,
894 struct lxc_handler *handler)
895 {
896 int ret;
897 struct lxc_cmd_rsp rsp = {0};
898
899 if (req->datalen < 0)
900 goto reap_client_fd;
901
902 if (req->datalen > (sizeof(lxc_state_t) * MAX_STATE))
903 goto reap_client_fd;
904
905 if (!req->data)
906 goto reap_client_fd;
907
908 rsp.ret = lxc_add_state_client(fd, handler, (lxc_state_t *)req->data);
909 if (rsp.ret < 0)
910 goto reap_client_fd;
911
912 rsp.data = INT_TO_PTR(rsp.ret);
913
914 ret = lxc_cmd_rsp_send(fd, &rsp);
915 if (ret < 0)
916 goto reap_client_fd;
917
918 return 0;
919
920 reap_client_fd:
921 /* Special indicator to lxc_cmd_handler() to close the fd and do related
922 * cleanup.
923 */
924 return 1;
925 }
926
927 int lxc_cmd_console_log(const char *name, const char *lxcpath,
928 struct lxc_console_log *log)
929 {
930 int ret, stopped;
931 struct lxc_cmd_console_log data;
932 struct lxc_cmd_rr cmd;
933
934 data.clear = log->clear;
935 data.read = log->read;
936 data.read_max = *log->read_max;
937
938 cmd.req.cmd = LXC_CMD_CONSOLE_LOG;
939 cmd.req.data = &data;
940 cmd.req.datalen = sizeof(struct lxc_cmd_console_log);
941
942 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
943 if (ret < 0)
944 return ret;
945
946 /* There is nothing to be read from the buffer. So clear any values we
947 * where passed to clearly indicate to the user that nothing went wrong.
948 */
949 if (cmd.rsp.ret == -ENODATA || cmd.rsp.ret == -EFAULT || cmd.rsp.ret == -ENOENT) {
950 *log->read_max = 0;
951 log->data = NULL;
952 }
953
954 /* This is a proper error so don't touch any values we were passed. */
955 if (cmd.rsp.ret < 0)
956 return cmd.rsp.ret;
957
958 *log->read_max = cmd.rsp.datalen;
959 log->data = cmd.rsp.data;
960
961 return 0;
962 }
963
964 static int lxc_cmd_console_log_callback(int fd, struct lxc_cmd_req *req,
965 struct lxc_handler *handler)
966 {
967 struct lxc_cmd_rsp rsp;
968 uint64_t buffer_size = handler->conf->console.buffer_size;
969 const struct lxc_cmd_console_log *log = req->data;
970 struct lxc_ringbuf *buf = &handler->conf->console.ringbuf;
971
972 rsp.ret = -EFAULT;
973 rsp.datalen = 0;
974 rsp.data = NULL;
975 if (buffer_size <= 0)
976 goto out;
977
978 if (log->read || log->write_logfile)
979 rsp.datalen = lxc_ringbuf_used(buf);
980
981 if (log->read)
982 rsp.data = lxc_ringbuf_get_read_addr(buf);
983
984 if (log->read_max > 0 && (log->read_max <= rsp.datalen))
985 rsp.datalen = log->read_max;
986
987 /* there's nothing to read */
988 rsp.ret = -ENODATA;
989 if (log->read && (buf->r_off == buf->w_off))
990 goto out;
991
992 rsp.ret = 0;
993 if (log->clear)
994 lxc_ringbuf_clear(buf); /* clear the ringbuffer */
995 else if (rsp.datalen > 0)
996 lxc_ringbuf_move_read_addr(buf, rsp.datalen);
997
998 out:
999 return lxc_cmd_rsp_send(fd, &rsp);
1000 }
1001
1002 int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath,
1003 lxc_state_t state)
1004 {
1005 int stopped;
1006 ssize_t ret;
1007 struct lxc_cmd_rr cmd = {
1008 .req = {
1009 .cmd = LXC_CMD_SERVE_STATE_CLIENTS,
1010 .data = INT_TO_PTR(state)
1011 },
1012 };
1013
1014 ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
1015 if (ret < 0) {
1016 SYSERROR("Failed to execute command");
1017 return -1;
1018 }
1019
1020 return 0;
1021 }
1022
1023 static int lxc_cmd_serve_state_clients_callback(int fd, struct lxc_cmd_req *req,
1024 struct lxc_handler *handler)
1025 {
1026 int ret;
1027 lxc_state_t state = PTR_TO_INT(req->data);
1028 struct lxc_cmd_rsp rsp = {0};
1029
1030 ret = lxc_serve_state_clients(handler->name, handler, state);
1031 if (ret < 0)
1032 goto reap_client_fd;
1033
1034 ret = lxc_cmd_rsp_send(fd, &rsp);
1035 if (ret < 0)
1036 goto reap_client_fd;
1037
1038 return 0;
1039
1040 reap_client_fd:
1041 /* Special indicator to lxc_cmd_handler() to close the fd and do related
1042 * cleanup.
1043 */
1044 return 1;
1045 }
1046
1047 static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
1048 struct lxc_handler *handler)
1049 {
1050 typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
1051
1052 callback cb[LXC_CMD_MAX] = {
1053 [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
1054 [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
1055 [LXC_CMD_STOP] = lxc_cmd_stop_callback,
1056 [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
1057 [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
1058 [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
1059 [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
1060 [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
1061 [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
1062 [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
1063 [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
1064 [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
1065 [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
1066 };
1067
1068 if (req->cmd >= LXC_CMD_MAX) {
1069 ERROR("Undefined command id %d", req->cmd);
1070 return -1;
1071 }
1072 return cb[req->cmd](fd, req, handler);
1073 }
1074
1075 static void lxc_cmd_fd_cleanup(int fd, struct lxc_handler *handler,
1076 struct lxc_epoll_descr *descr,
1077 const lxc_cmd_t cmd)
1078 {
1079 struct lxc_state_client *client;
1080 struct lxc_list *cur, *next;
1081
1082 lxc_terminal_free(handler->conf, fd);
1083 lxc_mainloop_del_handler(descr, fd);
1084 if (cmd != LXC_CMD_ADD_STATE_CLIENT) {
1085 close(fd);
1086 return;
1087 }
1088
1089 lxc_list_for_each_safe(cur, &handler->conf->state_clients, next) {
1090 client = cur->elem;
1091 if (client->clientfd != fd)
1092 continue;
1093
1094 /* kick client from list */
1095 lxc_list_del(cur);
1096 close(client->clientfd);
1097 free(cur->elem);
1098 free(cur);
1099 /* No need to walk the whole list. If we found the state client
1100 * fd there can't be a second one.
1101 */
1102 break;
1103 }
1104 }
1105
1106 static int lxc_cmd_handler(int fd, uint32_t events, void *data,
1107 struct lxc_epoll_descr *descr)
1108 {
1109 int ret;
1110 struct lxc_cmd_req req;
1111 void *reqdata = NULL;
1112 struct lxc_handler *handler = data;
1113
1114 ret = lxc_abstract_unix_rcv_credential(fd, &req, sizeof(req));
1115 if (ret == -EACCES) {
1116 /* We don't care for the peer, just send and close. */
1117 struct lxc_cmd_rsp rsp = {.ret = ret};
1118
1119 lxc_cmd_rsp_send(fd, &rsp);
1120 goto out_close;
1121 }
1122
1123 if (ret < 0) {
1124 SYSERROR("Failed to receive data on command socket for command "
1125 "\"%s\"", lxc_cmd_str(req.cmd));
1126 goto out_close;
1127 }
1128
1129 if (ret == 0)
1130 goto out_close;
1131
1132 if (ret != sizeof(req)) {
1133 WARN("Failed to receive full command request. Ignoring request "
1134 "for \"%s\"", lxc_cmd_str(req.cmd));
1135 ret = -1;
1136 goto out_close;
1137 }
1138
1139 if ((req.datalen > LXC_CMD_DATA_MAX) &&
1140 (req.cmd != LXC_CMD_CONSOLE_LOG)) {
1141 ERROR("Received command data length %d is too large for "
1142 "command \"%s\"", req.datalen, lxc_cmd_str(req.cmd));
1143 errno = EFBIG;
1144 ret = -EFBIG;
1145 goto out_close;
1146 }
1147
1148 if (req.datalen > 0) {
1149 /* LXC_CMD_CONSOLE_LOG needs to be able to allocate data
1150 * that exceeds LXC_CMD_DATA_MAX: use malloc() for that.
1151 */
1152 if (req.cmd == LXC_CMD_CONSOLE_LOG)
1153 reqdata = malloc(req.datalen);
1154 else
1155 reqdata = alloca(req.datalen);
1156 if (!reqdata) {
1157 ERROR("Failed to allocate memory for \"%s\" command",
1158 lxc_cmd_str(req.cmd));
1159 errno = ENOMEM;
1160 ret = -ENOMEM;
1161 goto out_close;
1162 }
1163
1164 ret = recv(fd, reqdata, req.datalen, 0);
1165 if (ret != req.datalen) {
1166 WARN("Failed to receive full command request. Ignoring "
1167 "request for \"%s\"", lxc_cmd_str(req.cmd));
1168 ret = LXC_MAINLOOP_ERROR;
1169 goto out_close;
1170 }
1171
1172 req.data = reqdata;
1173 }
1174
1175 ret = lxc_cmd_process(fd, &req, handler);
1176 if (ret) {
1177 /* This is not an error, but only a request to close fd. */
1178 ret = LXC_MAINLOOP_CONTINUE;
1179 goto out_close;
1180 }
1181
1182 out:
1183 if (req.cmd == LXC_CMD_CONSOLE_LOG && reqdata)
1184 free(reqdata);
1185
1186 return ret;
1187
1188 out_close:
1189 lxc_cmd_fd_cleanup(fd, handler, descr, req.cmd);
1190 goto out;
1191 }
1192
1193 static int lxc_cmd_accept(int fd, uint32_t events, void *data,
1194 struct lxc_epoll_descr *descr)
1195 {
1196 int connection;
1197 int opt = 1, ret = -1;
1198
1199 connection = accept(fd, NULL, 0);
1200 if (connection < 0) {
1201 SYSERROR("Failed to accept connection to run command.");
1202 return LXC_MAINLOOP_ERROR;
1203 }
1204
1205 ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
1206 if (ret < 0) {
1207 SYSERROR("Failed to set close-on-exec on incoming command connection");
1208 goto out_close;
1209 }
1210
1211 ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
1212 if (ret < 0) {
1213 SYSERROR("Failed to enable necessary credentials on command socket");
1214 goto out_close;
1215 }
1216
1217 ret = lxc_mainloop_add_handler(descr, connection, lxc_cmd_handler, data);
1218 if (ret) {
1219 ERROR("Failed to add command handler");
1220 goto out_close;
1221 }
1222
1223 out:
1224 return ret;
1225
1226 out_close:
1227 close(connection);
1228 goto out;
1229 }
1230
1231 int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix)
1232 {
1233 int fd, len, ret;
1234 char path[sizeof(((struct sockaddr_un *)0)->sun_path)] = {0};
1235 char *offset = &path[1];
1236
1237 /* -2 here because this is an abstract unix socket so it needs a
1238 * leading \0, and we null terminate, so it needs a trailing \0.
1239 * Although null termination isn't required by the API, we do it anyway
1240 * because we print the sockname out sometimes.
1241 */
1242 len = sizeof(path) - 2;
1243 ret = lxc_make_abstract_socket_name(offset, len, name, lxcpath, NULL, suffix);
1244 if (ret < 0)
1245 return -1;
1246 TRACE("Creating abstract unix socket \"%s\"", offset);
1247
1248 fd = lxc_abstract_unix_open(path, SOCK_STREAM, 0);
1249 if (fd < 0) {
1250 SYSERROR("Failed to create command socket %s", offset);
1251 if (errno == EADDRINUSE)
1252 ERROR("Container \"%s\" appears to be already running", name);
1253
1254 return -1;
1255 }
1256
1257 ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
1258 if (ret < 0) {
1259 SYSERROR("Failed to set FD_CLOEXEC on command socket file descriptor");
1260 close(fd);
1261 return -1;
1262 }
1263
1264 return fd;
1265 }
1266
1267 int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr,
1268 struct lxc_handler *handler)
1269 {
1270 int ret;
1271 int fd = handler->conf->maincmd_fd;
1272
1273 ret = lxc_mainloop_add_handler(descr, fd, lxc_cmd_accept, handler);
1274 if (ret < 0) {
1275 ERROR("Failed to add handler for command socket");
1276 close(fd);
1277 }
1278
1279 return ret;
1280 }
LXC mirror