+++ /dev/null
- GNU LESSER GENERAL PUBLIC LICENSE
- Version 2.1, February 1999
-
- Copyright (C) 1991, 1999 Free Software Foundation, Inc.
- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-[This is the first released version of the Lesser GPL. It also counts
- as the successor of the GNU Library Public License, version 2, hence
- the version number 2.1.]
-
- Preamble
-
- The licenses for most software are designed to take away your
-freedom to share and change it. By contrast, the GNU General Public
-Licenses are intended to guarantee your freedom to share and change
-free software--to make sure the software is free for all its users.
-
- This license, the Lesser General Public License, applies to some
-specially designated software packages--typically libraries--of the
-Free Software Foundation and other authors who decide to use it. You
-can use it too, but we suggest you first think carefully about whether
-this license or the ordinary General Public License is the better
-strategy to use in any particular case, based on the explanations below.
-
- When we speak of free software, we are referring to freedom of use,
-not price. Our General Public Licenses are designed to make sure that
-you have the freedom to distribute copies of free software (and charge
-for this service if you wish); that you receive source code or can get
-it if you want it; that you can change the software and use pieces of
-it in new free programs; and that you are informed that you can do
-these things.
-
- To protect your rights, we need to make restrictions that forbid
-distributors to deny you these rights or to ask you to surrender these
-rights. These restrictions translate to certain responsibilities for
-you if you distribute copies of the library or if you modify it.
-
- For example, if you distribute copies of the library, whether gratis
-or for a fee, you must give the recipients all the rights that we gave
-you. You must make sure that they, too, receive or can get the source
-code. If you link other code with the library, you must provide
-complete object files to the recipients, so that they can relink them
-with the library after making changes to the library and recompiling
-it. And you must show them these terms so they know their rights.
-
- We protect your rights with a two-step method: (1) we copyright the
-library, and (2) we offer you this license, which gives you legal
-permission to copy, distribute and/or modify the library.
-
- To protect each distributor, we want to make it very clear that
-there is no warranty for the free library. Also, if the library is
-modified by someone else and passed on, the recipients should know
-that what they have is not the original version, so that the original
-author's reputation will not be affected by problems that might be
-introduced by others.
-\f
- Finally, software patents pose a constant threat to the existence of
-any free program. We wish to make sure that a company cannot
-effectively restrict the users of a free program by obtaining a
-restrictive license from a patent holder. Therefore, we insist that
-any patent license obtained for a version of the library must be
-consistent with the full freedom of use specified in this license.
-
- Most GNU software, including some libraries, is covered by the
-ordinary GNU General Public License. This license, the GNU Lesser
-General Public License, applies to certain designated libraries, and
-is quite different from the ordinary General Public License. We use
-this license for certain libraries in order to permit linking those
-libraries into non-free programs.
-
- When a program is linked with a library, whether statically or using
-a shared library, the combination of the two is legally speaking a
-combined work, a derivative of the original library. The ordinary
-General Public License therefore permits such linking only if the
-entire combination fits its criteria of freedom. The Lesser General
-Public License permits more lax criteria for linking other code with
-the library.
-
- We call this license the "Lesser" General Public License because it
-does Less to protect the user's freedom than the ordinary General
-Public License. It also provides other free software developers Less
-of an advantage over competing non-free programs. These disadvantages
-are the reason we use the ordinary General Public License for many
-libraries. However, the Lesser license provides advantages in certain
-special circumstances.
-
- For example, on rare occasions, there may be a special need to
-encourage the widest possible use of a certain library, so that it becomes
-a de-facto standard. To achieve this, non-free programs must be
-allowed to use the library. A more frequent case is that a free
-library does the same job as widely used non-free libraries. In this
-case, there is little to gain by limiting the free library to free
-software only, so we use the Lesser General Public License.
-
- In other cases, permission to use a particular library in non-free
-programs enables a greater number of people to use a large body of
-free software. For example, permission to use the GNU C Library in
-non-free programs enables many more people to use the whole GNU
-operating system, as well as its variant, the GNU/Linux operating
-system.
-
- Although the Lesser General Public License is Less protective of the
-users' freedom, it does ensure that the user of a program that is
-linked with the Library has the freedom and the wherewithal to run
-that program using a modified version of the Library.
-
- The precise terms and conditions for copying, distribution and
-modification follow. Pay close attention to the difference between a
-"work based on the library" and a "work that uses the library". The
-former contains code derived from the library, whereas the latter must
-be combined with the library in order to run.
-\f
- GNU LESSER GENERAL PUBLIC LICENSE
- TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
- 0. This License Agreement applies to any software library or other
-program which contains a notice placed by the copyright holder or
-other authorized party saying it may be distributed under the terms of
-this Lesser General Public License (also called "this License").
-Each licensee is addressed as "you".
-
- A "library" means a collection of software functions and/or data
-prepared so as to be conveniently linked with application programs
-(which use some of those functions and data) to form executables.
-
- The "Library", below, refers to any such software library or work
-which has been distributed under these terms. A "work based on the
-Library" means either the Library or any derivative work under
-copyright law: that is to say, a work containing the Library or a
-portion of it, either verbatim or with modifications and/or translated
-straightforwardly into another language. (Hereinafter, translation is
-included without limitation in the term "modification".)
-
- "Source code" for a work means the preferred form of the work for
-making modifications to it. For a library, complete source code means
-all the source code for all modules it contains, plus any associated
-interface definition files, plus the scripts used to control compilation
-and installation of the library.
-
- Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope. The act of
-running a program using the Library is not restricted, and output from
-such a program is covered only if its contents constitute a work based
-on the Library (independent of the use of the Library in a tool for
-writing it). Whether that is true depends on what the Library does
-and what the program that uses the Library does.
-
- 1. You may copy and distribute verbatim copies of the Library's
-complete source code as you receive it, in any medium, provided that
-you conspicuously and appropriately publish on each copy an
-appropriate copyright notice and disclaimer of warranty; keep intact
-all the notices that refer to this License and to the absence of any
-warranty; and distribute a copy of this License along with the
-Library.
-
- You may charge a fee for the physical act of transferring a copy,
-and you may at your option offer warranty protection in exchange for a
-fee.
-\f
- 2. You may modify your copy or copies of the Library or any portion
-of it, thus forming a work based on the Library, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
- a) The modified work must itself be a software library.
-
- b) You must cause the files modified to carry prominent notices
- stating that you changed the files and the date of any change.
-
- c) You must cause the whole of the work to be licensed at no
- charge to all third parties under the terms of this License.
-
- d) If a facility in the modified Library refers to a function or a
- table of data to be supplied by an application program that uses
- the facility, other than as an argument passed when the facility
- is invoked, then you must make a good faith effort to ensure that,
- in the event an application does not supply such function or
- table, the facility still operates, and performs whatever part of
- its purpose remains meaningful.
-
- (For example, a function in a library to compute square roots has
- a purpose that is entirely well-defined independent of the
- application. Therefore, Subsection 2d requires that any
- application-supplied function or table used by this function must
- be optional: if the application does not supply it, the square
- root function must still compute square roots.)
-
-These requirements apply to the modified work as a whole. If
-identifiable sections of that work are not derived from the Library,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works. But when you
-distribute the same sections as part of a whole which is a work based
-on the Library, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote
-it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Library.
-
-In addition, mere aggregation of another work not based on the Library
-with the Library (or with a work based on the Library) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
- 3. You may opt to apply the terms of the ordinary GNU General Public
-License instead of this License to a given copy of the Library. To do
-this, you must alter all the notices that refer to this License, so
-that they refer to the ordinary GNU General Public License, version 2,
-instead of to this License. (If a newer version than version 2 of the
-ordinary GNU General Public License has appeared, then you can specify
-that version instead if you wish.) Do not make any other change in
-these notices.
-\f
- Once this change is made in a given copy, it is irreversible for
-that copy, so the ordinary GNU General Public License applies to all
-subsequent copies and derivative works made from that copy.
-
- This option is useful when you wish to copy part of the code of
-the Library into a program that is not a library.
-
- 4. You may copy and distribute the Library (or a portion or
-derivative of it, under Section 2) in object code or executable form
-under the terms of Sections 1 and 2 above provided that you accompany
-it with the complete corresponding machine-readable source code, which
-must be distributed under the terms of Sections 1 and 2 above on a
-medium customarily used for software interchange.
-
- If distribution of object code is made by offering access to copy
-from a designated place, then offering equivalent access to copy the
-source code from the same place satisfies the requirement to
-distribute the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
- 5. A program that contains no derivative of any portion of the
-Library, but is designed to work with the Library by being compiled or
-linked with it, is called a "work that uses the Library". Such a
-work, in isolation, is not a derivative work of the Library, and
-therefore falls outside the scope of this License.
-
- However, linking a "work that uses the Library" with the Library
-creates an executable that is a derivative of the Library (because it
-contains portions of the Library), rather than a "work that uses the
-library". The executable is therefore covered by this License.
-Section 6 states terms for distribution of such executables.
-
- When a "work that uses the Library" uses material from a header file
-that is part of the Library, the object code for the work may be a
-derivative work of the Library even though the source code is not.
-Whether this is true is especially significant if the work can be
-linked without the Library, or if the work is itself a library. The
-threshold for this to be true is not precisely defined by law.
-
- If such an object file uses only numerical parameters, data
-structure layouts and accessors, and small macros and small inline
-functions (ten lines or less in length), then the use of the object
-file is unrestricted, regardless of whether it is legally a derivative
-work. (Executables containing this object code plus portions of the
-Library will still fall under Section 6.)
-
- Otherwise, if the work is a derivative of the Library, you may
-distribute the object code for the work under the terms of Section 6.
-Any executables containing that work also fall under Section 6,
-whether or not they are linked directly with the Library itself.
-\f
- 6. As an exception to the Sections above, you may also combine or
-link a "work that uses the Library" with the Library to produce a
-work containing portions of the Library, and distribute that work
-under terms of your choice, provided that the terms permit
-modification of the work for the customer's own use and reverse
-engineering for debugging such modifications.
-
- You must give prominent notice with each copy of the work that the
-Library is used in it and that the Library and its use are covered by
-this License. You must supply a copy of this License. If the work
-during execution displays copyright notices, you must include the
-copyright notice for the Library among them, as well as a reference
-directing the user to the copy of this License. Also, you must do one
-of these things:
-
- a) Accompany the work with the complete corresponding
- machine-readable source code for the Library including whatever
- changes were used in the work (which must be distributed under
- Sections 1 and 2 above); and, if the work is an executable linked
- with the Library, with the complete machine-readable "work that
- uses the Library", as object code and/or source code, so that the
- user can modify the Library and then relink to produce a modified
- executable containing the modified Library. (It is understood
- that the user who changes the contents of definitions files in the
- Library will not necessarily be able to recompile the application
- to use the modified definitions.)
-
- b) Use a suitable shared library mechanism for linking with the
- Library. A suitable mechanism is one that (1) uses at run time a
- copy of the library already present on the user's computer system,
- rather than copying library functions into the executable, and (2)
- will operate properly with a modified version of the library, if
- the user installs one, as long as the modified version is
- interface-compatible with the version that the work was made with.
-
- c) Accompany the work with a written offer, valid for at
- least three years, to give the same user the materials
- specified in Subsection 6a, above, for a charge no more
- than the cost of performing this distribution.
-
- d) If distribution of the work is made by offering access to copy
- from a designated place, offer equivalent access to copy the above
- specified materials from the same place.
-
- e) Verify that the user has already received a copy of these
- materials or that you have already sent this user a copy.
-
- For an executable, the required form of the "work that uses the
-Library" must include any data and utility programs needed for
-reproducing the executable from it. However, as a special exception,
-the materials to be distributed need not include anything that is
-normally distributed (in either source or binary form) with the major
-components (compiler, kernel, and so on) of the operating system on
-which the executable runs, unless that component itself accompanies
-the executable.
-
- It may happen that this requirement contradicts the license
-restrictions of other proprietary libraries that do not normally
-accompany the operating system. Such a contradiction means you cannot
-use both them and the Library together in an executable that you
-distribute.
-\f
- 7. You may place library facilities that are a work based on the
-Library side-by-side in a single library together with other library
-facilities not covered by this License, and distribute such a combined
-library, provided that the separate distribution of the work based on
-the Library and of the other library facilities is otherwise
-permitted, and provided that you do these two things:
-
- a) Accompany the combined library with a copy of the same work
- based on the Library, uncombined with any other library
- facilities. This must be distributed under the terms of the
- Sections above.
-
- b) Give prominent notice with the combined library of the fact
- that part of it is a work based on the Library, and explaining
- where to find the accompanying uncombined form of the same work.
-
- 8. You may not copy, modify, sublicense, link with, or distribute
-the Library except as expressly provided under this License. Any
-attempt otherwise to copy, modify, sublicense, link with, or
-distribute the Library is void, and will automatically terminate your
-rights under this License. However, parties who have received copies,
-or rights, from you under this License will not have their licenses
-terminated so long as such parties remain in full compliance.
-
- 9. You are not required to accept this License, since you have not
-signed it. However, nothing else grants you permission to modify or
-distribute the Library or its derivative works. These actions are
-prohibited by law if you do not accept this License. Therefore, by
-modifying or distributing the Library (or any work based on the
-Library), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Library or works based on it.
-
- 10. Each time you redistribute the Library (or any work based on the
-Library), the recipient automatically receives a license from the
-original licensor to copy, distribute, link with or modify the Library
-subject to these terms and conditions. You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties with
-this License.
-\f
- 11. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License. If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Library at all. For example, if a patent
-license would not permit royalty-free redistribution of the Library by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Library.
-
-If any portion of this section is held invalid or unenforceable under any
-particular circumstance, the balance of the section is intended to apply,
-and the section as a whole is intended to apply in other circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system which is
-implemented by public license practices. Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
- 12. If the distribution and/or use of the Library is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Library under this License may add
-an explicit geographical distribution limitation excluding those countries,
-so that distribution is permitted only in or among countries not thus
-excluded. In such case, this License incorporates the limitation as if
-written in the body of this License.
-
- 13. The Free Software Foundation may publish revised and/or new
-versions of the Lesser General Public License from time to time.
-Such new versions will be similar in spirit to the present version,
-but may differ in detail to address new problems or concerns.
-
-Each version is given a distinguishing version number. If the Library
-specifies a version number of this License which applies to it and
-"any later version", you have the option of following the terms and
-conditions either of that version or of any later version published by
-the Free Software Foundation. If the Library does not specify a
-license version number, you may choose any version ever published by
-the Free Software Foundation.
-\f
- 14. If you wish to incorporate parts of the Library into other free
-programs whose distribution conditions are incompatible with these,
-write to the author to ask for permission. For software which is
-copyrighted by the Free Software Foundation, write to the Free
-Software Foundation; we sometimes make exceptions for this. Our
-decision will be guided by the two goals of preserving the free status
-of all derivatives of our free software and of promoting the sharing
-and reuse of software generally.
-
- NO WARRANTY
-
- 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
-WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
-EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
-OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
-KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
-LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
-THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
- 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
-WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
-AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
-FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
-CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
-LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
-RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
-FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
-SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
-DAMAGES.
-
- END OF TERMS AND CONDITIONS
-\f
- How to Apply These Terms to Your New Libraries
-
- If you develop a new library, and you want it to be of the greatest
-possible use to the public, we recommend making it free software that
-everyone can redistribute and change. You can do so by permitting
-redistribution under these terms (or, alternatively, under the terms of the
-ordinary General Public License).
-
- To apply these terms, attach the following notices to the library. It is
-safest to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least the
-"copyright" line and a pointer to where the full notice is found.
-
- <one line to give the library's name and a brief idea of what it does.>
- Copyright (C) <year> <name of author>
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
-
- You should have received a copy of the GNU Lesser General Public
- License along with this library; if not, write to the Free Software
- Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
-Also add information on how to contact you by electronic and paper mail.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the library, if
-necessary. Here is a sample; alter the names:
-
- Yoyodyne, Inc., hereby disclaims all copyright interest in the
- library `Frob' (a library for tweaking knobs) written by James Random Hacker.
-
- <signature of Ty Coon>, 1 April 1990
- Ty Coon, President of Vice
-
-That's all there is to it!
--- /dev/null
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
--- /dev/null
+ GNU LESSER GENERAL PUBLIC LICENSE
+ Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL. It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+ This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it. You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+ When we speak of free software, we are referring to freedom of use,
+not price. Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+ To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights. These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+ For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you. You must make sure that they, too, receive or can get the source
+code. If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it. And you must show them these terms so they know their rights.
+
+ We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+ To protect each distributor, we want to make it very clear that
+there is no warranty for the free library. Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+\f
+ Finally, software patents pose a constant threat to the existence of
+any free program. We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder. Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+ Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License. This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License. We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+ When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library. The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom. The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+ We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License. It also provides other free software developers Less
+of an advantage over competing non-free programs. These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries. However, the Lesser license provides advantages in certain
+special circumstances.
+
+ For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard. To achieve this, non-free programs must be
+allowed to use the library. A more frequent case is that a free
+library does the same job as widely used non-free libraries. In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+ In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software. For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+ Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+ The precise terms and conditions for copying, distribution and
+modification follow. Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library". The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+\f
+ GNU LESSER GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+ A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+ The "Library", below, refers to any such software library or work
+which has been distributed under these terms. A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language. (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+ "Source code" for a work means the preferred form of the work for
+making modifications to it. For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+ Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it). Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+
+ 1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+ You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+\f
+ 2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) The modified work must itself be a software library.
+
+ b) You must cause the files modified to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ c) You must cause the whole of the work to be licensed at no
+ charge to all third parties under the terms of this License.
+
+ d) If a facility in the modified Library refers to a function or a
+ table of data to be supplied by an application program that uses
+ the facility, other than as an argument passed when the facility
+ is invoked, then you must make a good faith effort to ensure that,
+ in the event an application does not supply such function or
+ table, the facility still operates, and performs whatever part of
+ its purpose remains meaningful.
+
+ (For example, a function in a library to compute square roots has
+ a purpose that is entirely well-defined independent of the
+ application. Therefore, Subsection 2d requires that any
+ application-supplied function or table used by this function must
+ be optional: if the application does not supply it, the square
+ root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library. To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License. (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.) Do not make any other change in
+these notices.
+\f
+ Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+ This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+ 4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+ If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library". Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+ However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library". The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+ When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library. The
+threshold for this to be true is not precisely defined by law.
+
+ If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work. (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+ Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+\f
+ 6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+ You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License. You must supply a copy of this License. If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License. Also, you must do one
+of these things:
+
+ a) Accompany the work with the complete corresponding
+ machine-readable source code for the Library including whatever
+ changes were used in the work (which must be distributed under
+ Sections 1 and 2 above); and, if the work is an executable linked
+ with the Library, with the complete machine-readable "work that
+ uses the Library", as object code and/or source code, so that the
+ user can modify the Library and then relink to produce a modified
+ executable containing the modified Library. (It is understood
+ that the user who changes the contents of definitions files in the
+ Library will not necessarily be able to recompile the application
+ to use the modified definitions.)
+
+ b) Use a suitable shared library mechanism for linking with the
+ Library. A suitable mechanism is one that (1) uses at run time a
+ copy of the library already present on the user's computer system,
+ rather than copying library functions into the executable, and (2)
+ will operate properly with a modified version of the library, if
+ the user installs one, as long as the modified version is
+ interface-compatible with the version that the work was made with.
+
+ c) Accompany the work with a written offer, valid for at
+ least three years, to give the same user the materials
+ specified in Subsection 6a, above, for a charge no more
+ than the cost of performing this distribution.
+
+ d) If distribution of the work is made by offering access to copy
+ from a designated place, offer equivalent access to copy the above
+ specified materials from the same place.
+
+ e) Verify that the user has already received a copy of these
+ materials or that you have already sent this user a copy.
+
+ For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it. However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+ It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system. Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+\f
+ 7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+ a) Accompany the combined library with a copy of the same work
+ based on the Library, uncombined with any other library
+ facilities. This must be distributed under the terms of the
+ Sections above.
+
+ b) Give prominent notice with the combined library of the fact
+ that part of it is a work based on the Library, and explaining
+ where to find the accompanying uncombined form of the same work.
+
+ 8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License. Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License. However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+ 9. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Library or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+ 10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+\f
+ 11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all. For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded. In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+ 13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation. If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+\f
+ 14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission. For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this. Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+ NO WARRANTY
+
+ 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+\f
+ How to Apply These Terms to Your New Libraries
+
+ If you develop a new library, and you want it to be of the greatest
+possible use to the public, we recommend making it free software that
+everyone can redistribute and change. You can do so by permitting
+redistribution under these terms (or, alternatively, under the terms of the
+ordinary General Public License).
+
+ To apply these terms, attach the following notices to the library. It is
+safest to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the library's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+Also add information on how to contact you by electronic and paper mail.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the library, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the
+ library `Frob' (a library for tweaking knobs) written by James Random Hacker.
+
+ <signature of Ty Coon>, 1 April 1990
+ Ty Coon, President of Vice
+
+That's all there is to it!
AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include <seccomp.h>]])
CFLAGS="$OLD_CFLAGS"
+AC_CHECK_HEADERS([linux/bpf.h], [
+ AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include <linux/bpf.h>]])
+], [], [])
+
# Configuration examples
AC_ARG_ENABLE([examples],
[AS_HELP_STRING([--enable-examples], [install examples [default=yes]])],
AX_CHECK_COMPILE_FLAG([-Wstrict-prototypes], [CFLAGS="$CFLAGS -Wstrict-prototypes"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-fstack-clash-protection], [CFLAGS="$CFLAGS -fstack-clash-protection"],,[-Werror])
-AX_CHECK_COMPILE_FLAG([-fstack-protector-strong], [CFLAGS="$CFLAGS -fstack-protector-strong"],,[-Werror])
-AX_CHECK_COMPILE_FLAG([--param=ssp-buffer-size=4], [CFLAGS="$CFLAGS --param=ssp-buffer-size=4"],,[-Werror])
+AX_CHECK_LINK_FLAG([-fstack-protector-strong], [CFLAGS="$CFLAGS -fstack-protector-strong"],,[-Werror])
+AX_CHECK_LINK_FLAG([--param=ssp-buffer-size=4], [CFLAGS="$CFLAGS --param=ssp-buffer-size=4"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-g], [CFLAGS="$CFLAGS -g"],,[-Werror])
AX_CHECK_COMPILE_FLAG([--mcet -fcf-protection], [CFLAGS="$CFLAGS --mcet -fcf-protection"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=implicit-function-declaration], [CFLAGS="$CFLAGS -Werror=implicit-function-declaration"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wmissing-include-dirs], [CFLAGS="$CFLAGS -Wmissing-include-dirs"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wold-style-definition], [CFLAGS="$CFLAGS -Wold-style-definition"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"],,[-Werror])
+AX_CHECK_COMPILE_FLAG([-Wunused-but-set-variable], [CFLAGS="$CFLAGS -Wunused-but-set-variable"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest-attribute=noreturn"],,[-Werror])
AX_CHECK_COMPILE_FLAG([-Werror=return-type], [CFLAGS="$CFLAGS -Werror=return-type"],,[-Werror])
+# SPDX-License-Identifier: LGPL-2.1+
+
pkginclude_HEADERS = attach_options.h \
lxccontainer.h \
version.h
caps.h \
cgroups/cgroup.h \
cgroups/cgroup_utils.h \
+ cgroups/cgroup2_devices.h \
compiler.h \
conf.h \
confile.h \
caps.c caps.h \
cgroups/cgfsng.c \
cgroups/cgroup.c cgroups/cgroup.h \
+ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \
cgroups/cgroup_utils.c cgroups/cgroup_utils.h \
compiler.h \
commands.c commands.h \
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
len = strlen(path);
if (len == 0)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (path[0] != '/' && path[0] != '@')
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (path[1] == '\0')
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (len + 1 > sizeof(ret->sun_path))
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
*ret = (struct sockaddr_un){
.sun_family = AF_UNIX,
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_AF_UNIX_H
#define __LXC_AF_UNIX_H
-/* liblxcapi
- *
- * Copyright © 2018 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2018 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_API_EXTENSIONS_H
#define __LXC_API_EXTENSIONS_H
#include <stdio.h>
#include <stdlib.h>
+#include "config.h"
+
/*
* api_extensions is the list of all API extensions in the order they were
* added.
"network_gateway_device_route",
"network_phys_macvlan_mtu",
"network_veth_router",
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+ "cgroup2_devices",
+#endif
+ "cgroup2",
};
static size_t nr_api_extensions = sizeof(api_extensions) / sizeof(*api_extensions);
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
static inline void lxc_proc_close_ns_fd(struct lxc_proc_context_info *ctx)
{
- for (int i = 0; i < LXC_NS_MAX; i++) {
- __do_close_prot_errno int fd ATTR_UNUSED = move_fd(ctx->ns_fd[i]);
- }
+ for (int i = 0; i < LXC_NS_MAX; i++)
+ close_prot_errno_disarm(ctx->ns_fd[i]);
}
static void lxc_proc_put_context_info(struct lxc_proc_context_info *ctx)
static void lxc_put_attach_clone_payload(struct attach_clone_payload *p)
{
- __do_close_prot_errno int ipc_socket ATTR_UNUSED = p->ipc_socket;
- __do_close_prot_errno int terminal_slave_fd ATTR_UNUSED = p->terminal_slave_fd;
-
+ close_prot_errno_disarm(p->ipc_socket);
+ close_prot_errno_disarm(p->terminal_slave_fd);
if (p->init_ctx) {
lxc_proc_put_context_info(p->init_ctx);
p->init_ctx = NULL;
}
if (!container)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (!lxc_container_get(container))
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
name = container->name;
lxcpath = container->config_path;
/* Attach to cgroup, if requested. */
if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP) {
- struct cgroup_ops *cgroup_ops;
-
- cgroup_ops = cgroup_init(conf);
- if (!cgroup_ops)
- goto on_error;
+ /*
+ * If this is the unified hierarchy cgroup_attach() is
+ * enough.
+ */
+ ret = cgroup_attach(name, lxcpath, pid);
+ if (ret) {
+ __do_cgroup_exit struct cgroup_ops *cgroup_ops = NULL;
- if (!cgroup_ops->attach(cgroup_ops, name, lxcpath, pid))
- goto on_error;
+ cgroup_ops = cgroup_init(conf);
+ if (!cgroup_ops)
+ goto on_error;
- cgroup_exit(cgroup_ops);
+ if (!cgroup_ops->attach(cgroup_ops, name, lxcpath, pid))
+ goto on_error;
+ }
TRACE("Moved intermediate process %d into container's cgroups", pid);
}
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_ATTACH_H
#define __LXC_ATTACH_H
-/*! \file
- *
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_ATTACH_OPTIONS_H
#define __LXC_ATTACH_OPTIONS_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_CAPS_H
#define __LXC_CAPS_H
-/*
- * lxc: linux Container library
- *
- * Copyright © 2016 Canonical Ltd.
- *
- * Authors:
- * Serge Hallyn <serge.hallyn@ubuntu.com>
- * Christian Brauner <christian.brauner@ubuntu.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
/*
* cgfs-ng.c: this is a new, simplified implementation of a filesystem
#include "caps.h"
#include "cgroup.h"
+#include "cgroup2_devices.h"
#include "cgroup_utils.h"
#include "commands.h"
#include "conf.h"
#include "config.h"
#include "log.h"
#include "macro.h"
+#include "mainloop.h"
#include "memory_utils.h"
#include "storage/storage.h"
#include "utils.h"
if (ops->hierarchies[i]->controllers &&
!ops->hierarchies[i]->controllers[0])
return ops->hierarchies[i];
-
continue;
+ } else if (pure_unified_layout(ops) &&
+ strcmp(controller, "devices") == 0) {
+ if (ops->unified->bpf_device_controller)
+ return ops->unified;
+ break;
}
if (string_in_list(ops->hierarchies[i]->controllers, controller))
{
char *token;
size_t arrlen;
- uint32_t *bitarr;
+ __do_free uint32_t *bitarr = NULL;
arrlen = BITS_TO_LONGS(nbits);
bitarr = calloc(arrlen, sizeof(uint32_t));
if (!bitarr)
- return NULL;
+ return ret_set_errno(NULL, ENOMEM);
lxc_iterate_parts(token, buf, ",") {
errno = 0;
if (range)
end = strtoul(range + 1, NULL, 0);
- if (!(start <= end)) {
- free(bitarr);
- return NULL;
- }
+ if (!(start <= end))
+ return ret_set_errno(NULL, EINVAL);
- if (end >= nbits) {
- free(bitarr);
- return NULL;
- }
+ if (end >= nbits)
+ return ret_set_errno(NULL, EINVAL);
while (start <= end)
set_bit(start++, bitarr);
}
- return bitarr;
+ return move_ptr(bitarr);
}
/* Turn cpumask into simple, comma-separated cpulist. */
ret = lxc_append_string(&cpulist, numstr);
if (ret < 0) {
lxc_free_array((void **)cpulist, free);
- return NULL;
+ return ret_set_errno(NULL, ENOMEM);
}
}
if (!cpulist)
- return NULL;
+ return ret_set_errno(NULL, ENOMEM);
tmp = lxc_string_join(",", (const char **)cpulist, false);
lxc_free_array((void **)cpulist, free);
#define __ISOL_CPUS "/sys/devices/system/cpu/isolated"
#define __OFFLINE_CPUS "/sys/devices/system/cpu/offline"
-static bool cg_legacy_filter_and_set_cpus(char *path, bool am_initialized)
+static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup,
+ char *child_cgroup, bool am_initialized)
{
__do_free char *cpulist = NULL, *fpath = NULL, *isolcpus = NULL,
*offlinecpus = NULL, *posscpus = NULL;
*possmask = NULL;
int ret;
ssize_t i;
- char oldv;
- char *lastslash;
ssize_t maxisol = 0, maxoffline = 0, maxposs = 0;
- bool bret = false, flipped_bit = false;
+ bool flipped_bit = false;
- lastslash = strrchr(path, '/');
- if (!lastslash) {
- ERROR("Failed to detect \"/\" in \"%s\"", path);
- return bret;
- }
- oldv = *lastslash;
- *lastslash = '\0';
- fpath = must_make_path(path, "cpuset.cpus", NULL);
- *lastslash = oldv;
+ fpath = must_make_path(parent_cgroup, "cpuset.cpus", NULL);
posscpus = read_file(fpath);
- if (!posscpus) {
- SYSERROR("Failed to read file \"%s\"", fpath);
- return false;
- }
+ if (!posscpus)
+ return log_error_errno(false, errno, "Failed to read file \"%s\"", fpath);
/* Get maximum number of cpus found in possible cpuset. */
maxposs = get_max_cpus(posscpus);
if (file_exists(__ISOL_CPUS)) {
isolcpus = read_file(__ISOL_CPUS);
- if (!isolcpus) {
- SYSERROR("Failed to read file \"%s\"", __ISOL_CPUS);
- return false;
- }
+ if (!isolcpus)
+ return log_error_errno(false, errno, "Failed to read file \"%s\"", __ISOL_CPUS);
if (isdigit(isolcpus[0])) {
/* Get maximum number of cpus found in isolated cpuset. */
if (file_exists(__OFFLINE_CPUS)) {
offlinecpus = read_file(__OFFLINE_CPUS);
- if (!offlinecpus) {
- SYSERROR("Failed to read file \"%s\"", __OFFLINE_CPUS);
- return false;
- }
+ if (!offlinecpus)
+ return log_error_errno(false, errno, "Failed to read file \"%s\"", __OFFLINE_CPUS);
if (isdigit(offlinecpus[0])) {
/* Get maximum number of cpus found in offline cpuset. */
}
possmask = lxc_cpumask(posscpus, maxposs);
- if (!possmask) {
- ERROR("Failed to create cpumask for possible cpus");
- return false;
- }
+ if (!possmask)
+ return log_error_errno(false, errno, "Failed to create cpumask for possible cpus");
if (maxisol > 0) {
isolmask = lxc_cpumask(isolcpus, maxposs);
- if (!isolmask) {
- ERROR("Failed to create cpumask for isolated cpus");
- return false;
- }
+ if (!isolmask)
+ return log_error_errno(false, errno, "Failed to create cpumask for isolated cpus");
}
if (maxoffline > 0) {
offlinemask = lxc_cpumask(offlinecpus, maxposs);
- if (!offlinemask) {
- ERROR("Failed to create cpumask for offline cpus");
- return false;
- }
+ if (!offlinemask)
+ return log_error_errno(false, errno, "Failed to create cpumask for offline cpus");
}
for (i = 0; i <= maxposs; i++) {
cpulist = move_ptr(posscpus);
TRACE("Removed isolated or offline cpus from cpuset");
}
- if (!cpulist) {
- ERROR("Failed to create cpu list");
- return false;
- }
+ if (!cpulist)
+ return log_error_errno(false, errno, "Failed to create cpu list");
copy_parent:
if (!am_initialized) {
- fpath = must_make_path(path, "cpuset.cpus", NULL);
- ret = lxc_write_to_file(fpath, cpulist, strlen(cpulist), false,
- 0666);
- if (ret < 0) {
- SYSERROR("Failed to write cpu list to \"%s\"", fpath);
- return false;
- }
+ ret = lxc_write_openat(child_cgroup, "cpuset.cpus", cpulist, strlen(cpulist));
+ if (ret < 0)
+ return log_error_errno(false,
+ errno, "Failed to write cpu list to \"%s/cpuset.cpus\"",
+ child_cgroup);
TRACE("Copied cpu settings of parent cgroup");
}
}
/* Copy contents of parent(@path)/@file to @path/@file */
-static bool copy_parent_file(char *path, char *file)
+static bool copy_parent_file(const char *parent_cgroup,
+ const char *child_cgroup, const char *file)
{
- __do_free char *child_path = NULL, *parent_path = NULL, *value = NULL;
- int ret;
- char oldv;
+ __do_free char *parent_file = NULL, *value = NULL;
int len = 0;
- char *lastslash = NULL;
+ int ret;
- lastslash = strrchr(path, '/');
- if (!lastslash) {
- ERROR("Failed to detect \"/\" in \"%s\"", path);
- return false;
- }
- oldv = *lastslash;
- *lastslash = '\0';
- parent_path = must_make_path(path, file, NULL);
- len = lxc_read_from_file(parent_path, NULL, 0);
- if (len <= 0) {
- SYSERROR("Failed to determine buffer size");
- return false;
- }
+ parent_file = must_make_path(parent_cgroup, file, NULL);
+ len = lxc_read_from_file(parent_file, NULL, 0);
+ if (len <= 0)
+ return log_error_errno(false, errno,
+ "Failed to determine buffer size");
value = must_realloc(NULL, len + 1);
- ret = lxc_read_from_file(parent_path, value, len);
- if (ret != len) {
- SYSERROR("Failed to read from parent file \"%s\"", parent_path);
- return false;
- }
+ value[len] = '\0';
+ ret = lxc_read_from_file(parent_file, value, len);
+ if (ret != len)
+ return log_error_errno(false, errno,
+ "Failed to read from parent file \"%s\"",
+ parent_file);
+
+ ret = lxc_write_openat(child_cgroup, file, value, len);
+ if (ret < 0 && errno != EACCES)
+ return log_error_errno(false,
+ errno, "Failed to write \"%s\" to file \"%s/%s\"",
+ value, child_cgroup, file);
+ return true;
+}
- *lastslash = oldv;
- child_path = must_make_path(path, file, NULL);
- ret = lxc_write_to_file(child_path, value, len, false, 0666);
- if (ret < 0)
- SYSERROR("Failed to write \"%s\" to file \"%s\"", value, child_path);
- return ret >= 0;
+static bool is_unified_hierarchy(const struct hierarchy *h)
+{
+ return h->version == CGROUP2_SUPER_MAGIC;
}
-/* Initialize the cpuset hierarchy in first directory of @gname and set
+/*
+ * Initialize the cpuset hierarchy in first directory of @cgroup_leaf and set
* cgroup.clone_children so that children inherit settings. Since the
* h->base_path is populated by init or ourselves, we know it is already
* initialized.
+ *
+ * returns -1 on error, 0 when we didn't created a cgroup, 1 if we created a
+ * cgroup.
*/
-static bool cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h, char *cgname)
+static int cg_legacy_handle_cpuset_hierarchy(struct hierarchy *h,
+ const char *cgroup_leaf)
{
- __do_free char *cgpath = NULL, *clonechildrenpath = NULL;
+ __do_free char *parent_cgroup = NULL, *child_cgroup = NULL, *dup = NULL;
+ __do_close_prot_errno int cgroup_fd = -EBADF;
+ int fret = -1;
int ret;
char v;
- char *slash;
+ char *leaf, *slash;
+
+ if (is_unified_hierarchy(h))
+ return 0;
if (!string_in_list(h->controllers, "cpuset"))
- return true;
+ return 0;
+
+ if (!cgroup_leaf)
+ return ret_set_errno(-1, EINVAL);
+
+ dup = strdup(cgroup_leaf);
+ if (!dup)
+ return ret_set_errno(-1, ENOMEM);
- if (*cgname == '/')
- cgname++;
- slash = strchr(cgname, '/');
+ parent_cgroup = must_make_path(h->mountpoint, h->container_base_path, NULL);
+
+ leaf = dup;
+ leaf += strspn(leaf, "/");
+ slash = strchr(leaf, '/');
if (slash)
*slash = '\0';
-
- cgpath = must_make_path(h->mountpoint, h->container_base_path, cgname, NULL);
+ child_cgroup = must_make_path(parent_cgroup, leaf, NULL);
if (slash)
*slash = '/';
- ret = mkdir(cgpath, 0755);
+ fret = 1;
+ ret = mkdir(child_cgroup, 0755);
if (ret < 0) {
- if (errno != EEXIST) {
- SYSERROR("Failed to create directory \"%s\"", cgpath);
- return false;
- }
+ if (errno != EEXIST)
+ return log_error_errno(-1, errno, "Failed to create directory \"%s\"", child_cgroup);
+
+ fret = 0;
}
- clonechildrenpath = must_make_path(cgpath, "cgroup.clone_children", NULL);
- /* unified hierarchy doesn't have clone_children */
- if (!file_exists(clonechildrenpath))
- return true;
+ cgroup_fd = lxc_open_dirfd(child_cgroup);
+ if (cgroup_fd < 0)
+ return -1;
- ret = lxc_read_from_file(clonechildrenpath, &v, 1);
- if (ret < 0) {
- SYSERROR("Failed to read file \"%s\"", clonechildrenpath);
- return false;
- }
+ ret = lxc_readat(cgroup_fd, "cgroup.clone_children", &v, 1);
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to read file \"%s/cgroup.clone_children\"", child_cgroup);
/* Make sure any isolated cpus are removed from cpuset.cpus. */
- if (!cg_legacy_filter_and_set_cpus(cgpath, v == '1')) {
- SYSERROR("Failed to remove isolated cpus");
- return false;
- }
+ if (!cg_legacy_filter_and_set_cpus(parent_cgroup, child_cgroup, v == '1'))
+ return log_error_errno(-1, errno, "Failed to remove isolated cpus");
/* Already set for us by someone else. */
if (v == '1')
TRACE("\"cgroup.clone_children\" was already set to \"1\"");
/* copy parent's settings */
- if (!copy_parent_file(cgpath, "cpuset.mems")) {
- SYSERROR("Failed to copy \"cpuset.mems\" settings");
- return false;
- }
+ if (!copy_parent_file(parent_cgroup, child_cgroup, "cpuset.mems"))
+ return log_error_errno(-1, errno, "Failed to copy \"cpuset.mems\" settings");
- ret = lxc_write_to_file(clonechildrenpath, "1", 1, false, 0666);
- if (ret < 0) {
- /* Set clone_children so children inherit our settings */
- SYSERROR("Failed to write 1 to \"%s\"", clonechildrenpath);
- return false;
- }
+ /* Set clone_children so children inherit our settings */
+ ret = lxc_writeat(cgroup_fd, "cgroup.clone_children", "1", 1);
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to write 1 to \"%s/cgroup.clone_children\"", child_cgroup);
- return true;
+ return fret;
}
/* Given two null-terminated lists of strings, return true if any string is in
/* Note, if we change how mountinfo works, then our caller will need to
* verify /sys/fs/cgroup/ in this field.
*/
- if (strncmp(p, "/sys/fs/cgroup/", 15) != 0) {
- ERROR("Found hierarchy not under /sys/fs/cgroup: \"%s\"", p);
+ if (strncmp(p, DEFAULT_CGROUP_MOUNTPOINT "/", 15) != 0) {
+ ERROR("Found hierarchy not under " DEFAULT_CGROUP_MOUNTPOINT ": \"%s\"", p);
return NULL;
}
static char **cg_unified_get_controllers(const char *file)
{
__do_free char *buf = NULL;
- char *tok;
char *sep = " \t\n";
char **aret = NULL;
+ char *tok;
buf = read_file(file);
if (!buf)
struct hierarchy *new;
int newentry;
- new = must_realloc(NULL, sizeof(*new));
+ new = zalloc(sizeof(*new));
new->controllers = clist;
new->mountpoint = mountpoint;
new->container_base_path = container_base_path;
- new->container_full_path = NULL;
- new->monitor_full_path = NULL;
new->version = type;
- new->cgroup2_chown = NULL;
+ new->cgfd_con = -EBADF;
+ new->cgfd_mon = -EBADF;
newentry = append_null_to_list((void ***)h);
(*h)[newentry] = new;
p++;
}
- if (strncmp(p, "/sys/fs/cgroup/", 15) != 0)
+ if (strncmp(p, DEFAULT_CGROUP_MOUNTPOINT "/", 15) != 0)
return NULL;
p2 = strchr(p + 15, ' ');
static int cgroup_rmdir(struct hierarchy **hierarchies,
const char *container_cgroup)
{
- int i;
-
if (!container_cgroup || !hierarchies)
return 0;
- for (i = 0; hierarchies[i]; i++) {
+ for (int i = 0; hierarchies[i]; i++) {
int ret;
struct hierarchy *h = hierarchies[i];
static int cgroup_rmdir_wrapper(void *data)
{
- int ret;
struct generic_userns_exec_data *arg = data;
uid_t nsuid = (arg->conf->root_nsuid_map != NULL) ? 0 : arg->conf->init_uid;
gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
+ int ret;
ret = setresgid(nsgid, nsgid, nsgid);
- if (ret < 0) {
- SYSERROR("Failed to setresgid(%d, %d, %d)", (int)nsgid,
- (int)nsgid, (int)nsgid);
- return -1;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno,
+ "Failed to setresgid(%d, %d, %d)",
+ (int)nsgid, (int)nsgid, (int)nsgid);
ret = setresuid(nsuid, nsuid, nsuid);
- if (ret < 0) {
- SYSERROR("Failed to setresuid(%d, %d, %d)", (int)nsuid,
- (int)nsuid, (int)nsuid);
- return -1;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno,
+ "Failed to setresuid(%d, %d, %d)",
+ (int)nsuid, (int)nsuid, (int)nsuid);
ret = setgroups(0, NULL);
- if (ret < 0 && errno != EPERM) {
- SYSERROR("Failed to setgroups(0, NULL)");
- return -1;
- }
+ if (ret < 0 && errno != EPERM)
+ return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
return cgroup_rmdir(arg->hierarchies, arg->container_cgroup);
}
struct lxc_handler *handler)
{
int ret;
- struct generic_userns_exec_data wrap;
+
+ if (!ops)
+ log_error_errno(return, ENOENT, "Called with uninitialized cgroup operations");
if (!ops->hierarchies)
return;
- wrap.origuid = 0;
- wrap.container_cgroup = ops->container_cgroup;
- wrap.hierarchies = ops->hierarchies;
- wrap.conf = handler->conf;
+ if (!handler)
+ log_error_errno(return, EINVAL, "Called with uninitialized handler");
+
+ if (!handler->conf)
+ log_error_errno(return, EINVAL, "Called with uninitialized conf");
+
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+ ret = bpf_program_cgroup_detach(handler->conf->cgroup2_devices);
+ if (ret < 0)
+ WARN("Failed to detach bpf program from cgroup");
+#endif
- if (handler->conf && !lxc_list_empty(&handler->conf->id_map))
+ if (handler->conf && !lxc_list_empty(&handler->conf->id_map)) {
+ struct generic_userns_exec_data wrap = {
+ .origuid = 0,
+ .container_cgroup = ops->container_cgroup,
+ .hierarchies = ops->hierarchies,
+ .conf = handler->conf,
+ };
ret = userns_exec_1(handler->conf, cgroup_rmdir_wrapper, &wrap,
"cgroup_rmdir_wrapper");
- else
+ } else {
ret = cgroup_rmdir(ops->hierarchies, ops->container_cgroup);
- if (ret < 0) {
- WARN("Failed to destroy cgroups");
- return;
}
+ if (ret < 0)
+ log_warn_errno(return, errno, "Failed to destroy cgroups");
}
__cgfsng_ops static void cgfsng_monitor_destroy(struct cgroup_ops *ops,
struct lxc_handler *handler)
{
int len;
- struct lxc_conf *conf = handler->conf;
char pidstr[INTTYPE_TO_STRLEN(pid_t)];
+ const struct lxc_conf *conf;
+
+ if (!ops)
+ log_error_errno(return, ENOENT, "Called with uninitialized cgroup operations");
if (!ops->hierarchies)
return;
+ if (!handler)
+ log_error_errno(return, EINVAL, "Called with uninitialized handler");
+
+ if (!handler->conf)
+ log_error_errno(return, EINVAL, "Called with uninitialized conf");
+ conf = handler->conf;
+
len = snprintf(pidstr, sizeof(pidstr), "%d", handler->monitor_pid);
if (len < 0 || (size_t)len >= sizeof(pidstr))
return;
for (int i = 0; ops->hierarchies[i]; i++) {
__do_free char *pivot_path = NULL;
- int ret;
- char *chop;
- char pivot_cgroup[] = PIVOT_CGROUP;
struct hierarchy *h = ops->hierarchies[i];
+ int ret;
if (!h->monitor_full_path)
continue;
pivot_path = must_make_path(h->mountpoint,
h->container_base_path,
conf->cgroup_meta.dir,
- PIVOT_CGROUP,
- "cgroup.procs", NULL);
+ CGROUP_PIVOT, NULL);
else
pivot_path = must_make_path(h->mountpoint,
h->container_base_path,
- PIVOT_CGROUP,
- "cgroup.procs", NULL);
-
- chop = strrchr(pivot_path, '/');
- if (chop)
- *chop = '\0';
-
- /*
- * Make sure not to pass in the ro string literal PIVOT_CGROUP
- * here.
- */
- if (!cg_legacy_handle_cpuset_hierarchy(h, pivot_cgroup)) {
- WARN("Failed to handle legacy cpuset controller");
- continue;
- }
+ CGROUP_PIVOT, NULL);
ret = mkdir_p(pivot_path, 0755);
- if (ret < 0 && errno != EEXIST) {
- SYSWARN("Failed to create cgroup \"%s\"\n", pivot_path);
- continue;
- }
-
- if (chop)
- *chop = '/';
+ if (ret < 0 && errno != EEXIST)
+ log_error_errno(goto try_recursive_destroy, errno,
+ "Failed to create %s", pivot_path);
- /* Move ourselves into the pivot cgroup to delete our own
- * cgroup.
- */
- ret = lxc_write_to_file(pivot_path, pidstr, len, false, 0666);
- if (ret != 0) {
- SYSWARN("Failed to move monitor %s to \"%s\"\n", pidstr, pivot_path);
- continue;
- }
+ ret = lxc_write_openat(pivot_path, "cgroup.procs", pidstr, len);
+ if (ret != 0)
+ log_warn_errno(continue, errno,
+ "Failed to move monitor %s to \"%s\"",
+ pidstr, pivot_path);
+try_recursive_destroy:
ret = recursive_destroy(h->monitor_full_path);
if (ret < 0)
WARN("Failed to destroy \"%s\"", h->monitor_full_path);
}
}
-static bool cg_unified_create_cgroup(struct hierarchy *h, char *cgname)
-{
- __do_free char *add_controllers = NULL, *cgroup = NULL;
- size_t i, parts_len;
- char **it;
- size_t full_len = 0;
- char **parts = NULL;
- bool bret = false;
-
- if (h->version != CGROUP2_SUPER_MAGIC)
- return true;
-
- if (!h->controllers)
- return true;
-
- /* For now we simply enable all controllers that we have detected by
- * creating a string like "+memory +pids +cpu +io".
- * TODO: In the near future we might want to support "-<controller>"
- * etc. but whether supporting semantics like this make sense will need
- * some thinking.
- */
- for (it = h->controllers; it && *it; it++) {
- full_len += strlen(*it) + 2;
- add_controllers = must_realloc(add_controllers, full_len + 1);
-
- if (h->controllers[0] == *it)
- add_controllers[0] = '\0';
-
- (void)strlcat(add_controllers, "+", full_len + 1);
- (void)strlcat(add_controllers, *it, full_len + 1);
-
- if ((it + 1) && *(it + 1))
- (void)strlcat(add_controllers, " ", full_len + 1);
- }
-
- parts = lxc_string_split(cgname, '/');
- if (!parts)
- goto on_error;
-
- parts_len = lxc_array_len((void **)parts);
- if (parts_len > 0)
- parts_len--;
-
- cgroup = must_make_path(h->mountpoint, h->container_base_path, NULL);
- for (i = 0; i < parts_len; i++) {
- int ret;
- __do_free char *target = NULL;
-
- cgroup = must_append_path(cgroup, parts[i], NULL);
- target = must_make_path(cgroup, "cgroup.subtree_control", NULL);
- ret = lxc_write_to_file(target, add_controllers, full_len, false, 0666);
- if (ret < 0) {
- SYSERROR("Could not enable \"%s\" controllers in the "
- "unified cgroup \"%s\"", add_controllers, cgroup);
- goto on_error;
- }
- }
-
- bret = true;
-
-on_error:
- lxc_free_array((void **)parts, free);
- return bret;
-}
-
static int mkdir_eexist_on_last(const char *dir, mode_t mode)
{
const char *tmp = dir;
return 0;
}
-static bool monitor_create_path_for_hierarchy(struct hierarchy *h, char *cgname)
+static bool create_cgroup_tree(struct hierarchy *h, const char *cgroup_tree,
+ const char *cgroup_leaf, bool payload)
{
- int ret;
-
- if (!cg_legacy_handle_cpuset_hierarchy(h, cgname)) {
- ERROR("Failed to handle legacy cpuset controller");
- return false;
- }
-
- h->monitor_full_path = must_make_path(h->mountpoint, h->container_base_path, cgname, NULL);
- ret = mkdir_eexist_on_last(h->monitor_full_path, 0755);
- if (ret < 0) {
- ERROR("Failed to create cgroup \"%s\"", h->monitor_full_path);
- return false;
- }
+ __do_free char *path = NULL;
+ int ret, ret_cpuset;
- return cg_unified_create_cgroup(h, cgname);
-}
+ path = must_make_path(h->mountpoint, h->container_base_path, cgroup_leaf, NULL);
+ if (dir_exists(path))
+ return log_warn_errno(false, errno, "The %s cgroup already existed", path);
-static bool container_create_path_for_hierarchy(struct hierarchy *h, char *cgname)
-{
- int ret;
+ ret_cpuset = cg_legacy_handle_cpuset_hierarchy(h, cgroup_leaf);
+ if (ret_cpuset < 0)
+ return log_error_errno(false, errno, "Failed to handle legacy cpuset controller");
- if (!cg_legacy_handle_cpuset_hierarchy(h, cgname)) {
- ERROR("Failed to handle legacy cpuset controller");
- return false;
+ ret = mkdir_eexist_on_last(path, 0755);
+ if (ret < 0) {
+ /*
+ * This is the cpuset controller and
+ * cg_legacy_handle_cpuset_hierarchy() has created our target
+ * directory for us to ensure correct initialization.
+ */
+ if (ret_cpuset != 1 || cgroup_tree)
+ return log_error_errno(false, errno, "Failed to create %s cgroup", path);
}
- h->container_full_path = must_make_path(h->mountpoint, h->container_base_path, cgname, NULL);
- ret = mkdir_eexist_on_last(h->container_full_path, 0755);
- if (ret < 0) {
- ERROR("Failed to create cgroup \"%s\"", h->container_full_path);
- return false;
+ if (payload) {
+ h->cgfd_con = lxc_open_dirfd(path);
+ if (h->cgfd_con < 0)
+ return log_error_errno(false, errno, "Failed to open %s", path);
+ h->container_full_path = move_ptr(path);
+ } else {
+ h->cgfd_mon = lxc_open_dirfd(path);
+ if (h->cgfd_mon < 0)
+ return log_error_errno(false, errno, "Failed to open %s", path);
+ h->monitor_full_path = move_ptr(path);
}
- return cg_unified_create_cgroup(h, cgname);
+ return true;
}
-static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname, bool monitor)
+static void cgroup_remove_leaf(struct hierarchy *h, bool payload)
{
- int ret;
- char *full_path;
+ __do_free char *full_path = NULL;
- if (monitor)
- full_path = h->monitor_full_path;
- else
+ if (payload) {
+ __lxc_unused __do_close_prot_errno int fd = move_fd(h->cgfd_con);
+ h->cgfd_con = -EBADF;
full_path = h->container_full_path;
+ } else {
+ __lxc_unused __do_close_prot_errno int fd = move_fd(h->cgfd_mon);
+ h->cgfd_mon = -EBADF;
+ full_path = h->monitor_full_path;
+ }
- ret = rmdir(full_path);
- if (ret < 0)
- SYSERROR("Failed to rmdir(\"%s\") from failed creation attempt", full_path);
-
- free(full_path);
+ if (rmdir(full_path))
+ SYSWARN("Failed to rmdir(\"%s\") cgroup", full_path);
- if (monitor)
- h->monitor_full_path = NULL;
- else
+ if (payload)
h->container_full_path = NULL;
+ else
+ h->monitor_full_path = NULL;
}
__cgfsng_ops static inline bool cgfsng_monitor_create(struct cgroup_ops *ops,
struct lxc_handler *handler)
{
__do_free char *monitor_cgroup = NULL;
- char *offset, *tmp;
- int i, idx = 0;
+ const char *cgroup_tree;
+ int idx = 0;
+ int i;
size_t len;
- struct lxc_conf *conf = handler->conf;
+ char *suffix;
+ struct lxc_conf *conf;
- if (!conf)
- return false;
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
if (!ops->hierarchies)
return true;
- if (conf->cgroup_meta.dir)
- tmp = lxc_string_join("/",
- (const char *[]){conf->cgroup_meta.dir,
- ops->monitor_pattern,
- handler->name, NULL},
- false);
- else
- tmp = must_make_path(ops->monitor_pattern, handler->name, NULL);
- if (!tmp)
- return false;
+ if (ops->monitor_cgroup)
+ return ret_set_errno(false, EEXIST);
+
+ if (!handler || !handler->conf)
+ return ret_set_errno(false, EINVAL);
- len = strlen(tmp) + 5; /* leave room for -NNN\0 */
- monitor_cgroup = must_realloc(tmp, len);
- offset = monitor_cgroup + len - 5;
- *offset = 0;
+ conf = handler->conf;
+ cgroup_tree = conf->cgroup_meta.dir;
+ if (cgroup_tree)
+ monitor_cgroup = must_concat(&len, conf->cgroup_meta.dir, "/",
+ DEFAULT_MONITOR_CGROUP_PREFIX,
+ handler->name,
+ CGROUP_CREATE_RETRY, NULL);
+ else
+ monitor_cgroup = must_concat(&len, DEFAULT_MONITOR_CGROUP_PREFIX,
+ handler->name,
+ CGROUP_CREATE_RETRY, NULL);
+ if (!monitor_cgroup)
+ return ret_set_errno(false, ENOMEM);
+
+ suffix = monitor_cgroup + len - CGROUP_CREATE_RETRY_LEN;
+ *suffix = '\0';
do {
- if (idx) {
- int ret = snprintf(offset, 5, "-%d", idx);
- if (ret < 0 || (size_t)ret >= 5)
- return false;
- }
+ if (idx)
+ sprintf(suffix, "-%d", idx);
for (i = 0; ops->hierarchies[i]; i++) {
- if (!monitor_create_path_for_hierarchy(ops->hierarchies[i],
- monitor_cgroup)) {
- ERROR("Failed to create cgroup \"%s\"",
- ops->hierarchies[i]->monitor_full_path);
- for (int j = 0; j < i; j++)
- remove_path_for_hierarchy(ops->hierarchies[j],
- monitor_cgroup,
- true);
-
- idx++;
- break;
- }
+ if (create_cgroup_tree(ops->hierarchies[i], cgroup_tree, monitor_cgroup, false))
+ continue;
+
+ ERROR("Failed to create cgroup \"%s\"", ops->hierarchies[i]->monitor_full_path ?: "(null)");
+ for (int j = 0; j < i; j++)
+ cgroup_remove_leaf(ops->hierarchies[j], false);
+
+ idx++;
+ break;
}
} while (ops->hierarchies[i] && idx > 0 && idx < 1000);
if (idx == 1000)
- return false;
+ return ret_set_errno(false, ERANGE);
- INFO("The monitor process uses \"%s\" as cgroup", monitor_cgroup);
- return true;
+ ops->monitor_cgroup = move_ptr(monitor_cgroup);
+ return log_info(true, "The monitor process uses \"%s\" as cgroup", ops->monitor_cgroup);
}
-/* Try to create the same cgroup in all hierarchies. Start with cgroup_pattern;
+/*
+ * Try to create the same cgroup in all hierarchies. Start with cgroup_pattern;
* next cgroup_pattern-1, -2, ..., -999.
*/
__cgfsng_ops static inline bool cgfsng_payload_create(struct cgroup_ops *ops,
- struct lxc_handler *handler)
+ struct lxc_handler *handler)
{
- __do_free char *container_cgroup = NULL, *tmp = NULL;
+ __do_free char *container_cgroup = NULL;
+ const char *cgroup_tree;
+ int idx = 0;
int i;
size_t len;
- char *offset;
- int idx = 0;
- struct lxc_conf *conf = handler->conf;
-
- if (ops->container_cgroup)
- return false;
+ char *suffix;
+ struct lxc_conf *conf;
- if (!conf)
- return false;
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
if (!ops->hierarchies)
return true;
- if (conf->cgroup_meta.dir)
- tmp = lxc_string_join("/", (const char *[]){conf->cgroup_meta.dir, handler->name, NULL}, false);
- else
- tmp = lxc_string_replace("%n", handler->name, ops->cgroup_pattern);
- if (!tmp) {
- ERROR("Failed expanding cgroup name pattern");
- return false;
- }
+ if (ops->container_cgroup)
+ return ret_set_errno(false, EEXIST);
- len = strlen(tmp) + 5; /* leave room for -NNN\0 */
- container_cgroup = must_realloc(NULL, len);
- (void)strlcpy(container_cgroup, tmp, len);
- offset = container_cgroup + len - 5;
+ if (!handler || !handler->conf)
+ return ret_set_errno(false, EINVAL);
+ conf = handler->conf;
+ cgroup_tree = conf->cgroup_meta.dir;
+
+ if (cgroup_tree)
+ container_cgroup = must_concat(&len, cgroup_tree, "/",
+ DEFAULT_PAYLOAD_CGROUP_PREFIX,
+ handler->name,
+ CGROUP_CREATE_RETRY, NULL);
+ else
+ container_cgroup = must_concat(&len, DEFAULT_PAYLOAD_CGROUP_PREFIX,
+ handler->name,
+ CGROUP_CREATE_RETRY, NULL);
+ if (!container_cgroup)
+ return ret_set_errno(false, ENOMEM);
+
+ suffix = container_cgroup + len - CGROUP_CREATE_RETRY_LEN;
+ *suffix = '\0';
do {
- if (idx) {
- int ret = snprintf(offset, 5, "-%d", idx);
- if (ret < 0 || (size_t)ret >= 5)
- return false;
- }
+ if (idx)
+ sprintf(suffix, "-%d", idx);
for (i = 0; ops->hierarchies[i]; i++) {
- if (!container_create_path_for_hierarchy(ops->hierarchies[i],
- container_cgroup)) {
- ERROR("Failed to create cgroup \"%s\"",
- ops->hierarchies[i]->container_full_path);
- for (int j = 0; j < i; j++)
- remove_path_for_hierarchy(ops->hierarchies[j],
- container_cgroup,
- false);
- idx++;
- break;
- }
+ if (create_cgroup_tree(ops->hierarchies[i], cgroup_tree, container_cgroup, true))
+ continue;
+
+ ERROR("Failed to create cgroup \"%s\"", ops->hierarchies[i]->container_full_path ?: "(null)");
+ for (int j = 0; j < i; j++)
+ cgroup_remove_leaf(ops->hierarchies[j], true);
+
+ idx++;
+ break;
}
} while (ops->hierarchies[i] && idx > 0 && idx < 1000);
if (idx == 1000)
- return false;
+ return ret_set_errno(false, ERANGE);
- INFO("The container process uses \"%s\" as cgroup", container_cgroup);
ops->container_cgroup = move_ptr(container_cgroup);
+ INFO("The container process uses \"%s\" as cgroup", ops->container_cgroup);
return true;
}
-__cgfsng_ops static bool __do_cgroup_enter(struct cgroup_ops *ops, pid_t pid,
- bool monitor)
+__cgfsng_ops static bool cgfsng_monitor_enter(struct cgroup_ops *ops,
+ struct lxc_handler *handler)
{
- int len;
- char pidstr[INTTYPE_TO_STRLEN(pid_t)];
+ int monitor_len, transient_len;
+ char monitor[INTTYPE_TO_STRLEN(pid_t)],
+ transient[INTTYPE_TO_STRLEN(pid_t)];
+
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
if (!ops->hierarchies)
return true;
- len = snprintf(pidstr, sizeof(pidstr), "%d", pid);
- if (len < 0 || (size_t)len >= sizeof(pidstr))
- return false;
+ if (!ops->monitor_cgroup)
+ return ret_set_errno(false, ENOENT);
+
+ if (!handler || !handler->conf)
+ return ret_set_errno(false, EINVAL);
+
+ monitor_len = snprintf(monitor, sizeof(monitor), "%d", handler->monitor_pid);
+ if (handler->transient_pid > 0)
+ transient_len = snprintf(transient, sizeof(transient), "%d", handler->transient_pid);
for (int i = 0; ops->hierarchies[i]; i++) {
+ struct hierarchy *h = ops->hierarchies[i];
int ret;
- __do_free char *path = NULL;
- if (monitor)
- path = must_make_path(ops->hierarchies[i]->monitor_full_path,
- "cgroup.procs", NULL);
- else
- path = must_make_path(ops->hierarchies[i]->container_full_path,
- "cgroup.procs", NULL);
- ret = lxc_write_to_file(path, pidstr, len, false, 0666);
- if (ret != 0) {
- SYSERROR("Failed to enter cgroup \"%s\"", path);
- return false;
- }
+ ret = lxc_writeat(h->cgfd_mon, "cgroup.procs", monitor, monitor_len);
+ if (ret)
+ return log_error_errno(false, errno, "Failed to enter cgroup \"%s\"", h->monitor_full_path);
+
+ if (handler->transient_pid < 0)
+ return true;
+
+ ret = lxc_writeat(h->cgfd_mon, "cgroup.procs", transient, transient_len);
+ if (ret)
+ return log_error_errno(false, errno, "Failed to enter cgroup \"%s\"", h->monitor_full_path);
+
+ /*
+ * we don't keep the fds for non-unified hierarchies around
+ * mainly because we don't make use of them anymore after the
+ * core cgroup setup is done but also because there are quite a
+ * lot of them.
+ */
+ if (!is_unified_hierarchy(h))
+ close_prot_errno_disarm(h->cgfd_mon);
}
+ handler->transient_pid = -1;
return true;
}
-__cgfsng_ops static bool cgfsng_monitor_enter(struct cgroup_ops *ops, pid_t pid)
+__cgfsng_ops static bool cgfsng_payload_enter(struct cgroup_ops *ops,
+ struct lxc_handler *handler)
{
- return __do_cgroup_enter(ops, pid, true);
-}
+ int len;
+ char pidstr[INTTYPE_TO_STRLEN(pid_t)];
-static bool cgfsng_payload_enter(struct cgroup_ops *ops, pid_t pid)
-{
- return __do_cgroup_enter(ops, pid, false);
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
+ if (!ops->hierarchies)
+ return true;
+
+ if (!ops->container_cgroup)
+ return ret_set_errno(false, ENOENT);
+
+ if (!handler || !handler->conf)
+ return ret_set_errno(false, EINVAL);
+
+ len = snprintf(pidstr, sizeof(pidstr), "%d", handler->pid);
+
+ for (int i = 0; ops->hierarchies[i]; i++) {
+ struct hierarchy *h = ops->hierarchies[i];
+ int ret;
+
+ ret = lxc_writeat(h->cgfd_con, "cgroup.procs", pidstr, len);
+ if (ret != 0)
+ return log_error_errno(false, errno, "Failed to enter cgroup \"%s\"", h->container_full_path);
+ }
+
+ return true;
}
-static int chowmod(char *path, uid_t chown_uid, gid_t chown_gid,
- mode_t chmod_mode)
+static int fchowmodat(int dirfd, const char *path, uid_t chown_uid,
+ gid_t chown_gid, mode_t chmod_mode)
{
int ret;
- ret = chown(path, chown_uid, chown_gid);
- if (ret < 0) {
- SYSWARN("Failed to chown(%s, %d, %d)", path, (int)chown_uid, (int)chown_gid);
- return -1;
- }
+ ret = fchownat(dirfd, path, chown_uid, chown_gid,
+ AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW);
+ if (ret < 0)
+ return log_warn_errno(-1,
+ errno, "Failed to fchownat(%d, %s, %d, %d, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )",
+ dirfd, path, (int)chown_uid,
+ (int)chown_gid);
- ret = chmod(path, chmod_mode);
- if (ret < 0) {
- SYSWARN("Failed to chmod(%s, %d)", path, (int)chmod_mode);
- return -1;
- }
+ ret = fchmodat(dirfd, (*path != '\0') ? path : ".", chmod_mode, 0);
+ if (ret < 0)
+ return log_warn_errno(-1, errno, "Failed to fchmodat(%d, %s, %d, AT_SYMLINK_NOFOLLOW)",
+ dirfd, path, (int)chmod_mode);
return 0;
}
gid_t nsgid = (arg->conf->root_nsgid_map != NULL) ? 0 : arg->conf->init_gid;
ret = setresgid(nsgid, nsgid, nsgid);
- if (ret < 0) {
- SYSERROR("Failed to setresgid(%d, %d, %d)",
- (int)nsgid, (int)nsgid, (int)nsgid);
- return -1;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno,
+ "Failed to setresgid(%d, %d, %d)",
+ (int)nsgid, (int)nsgid, (int)nsgid);
ret = setresuid(nsuid, nsuid, nsuid);
- if (ret < 0) {
- SYSERROR("Failed to setresuid(%d, %d, %d)",
- (int)nsuid, (int)nsuid, (int)nsuid);
- return -1;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno,
+ "Failed to setresuid(%d, %d, %d)",
+ (int)nsuid, (int)nsuid, (int)nsuid);
ret = setgroups(0, NULL);
- if (ret < 0 && errno != EPERM) {
- SYSERROR("Failed to setgroups(0, NULL)");
- return -1;
- }
+ if (ret < 0 && errno != EPERM)
+ return log_error_errno(-1, errno, "Failed to setgroups(0, NULL)");
destuid = get_ns_uid(arg->origuid);
if (destuid == LXC_INVALID_UID)
destuid = 0;
for (int i = 0; arg->hierarchies[i]; i++) {
- __do_free char *fullpath = NULL;
- char *path = arg->hierarchies[i]->container_full_path;
+ int dirfd = arg->hierarchies[i]->cgfd_con;
- ret = chowmod(path, destuid, nsgid, 0775);
- if (ret < 0)
- return -1;
+ (void)fchowmodat(dirfd, "", destuid, nsgid, 0775);
- /* Failures to chown() these are inconvenient but not
+ /*
+ * Failures to chown() these are inconvenient but not
* detrimental We leave these owned by the container launcher,
* so that container root can write to the files to attach. We
* chmod() them 664 so that container systemd can write to the
* files (which systemd in wily insists on doing).
*/
- if (arg->hierarchies[i]->version == CGROUP_SUPER_MAGIC) {
- fullpath = must_make_path(path, "tasks", NULL);
- (void)chowmod(fullpath, destuid, nsgid, 0664);
- }
+ if (arg->hierarchies[i]->version == CGROUP_SUPER_MAGIC)
+ (void)fchowmodat(dirfd, "tasks", destuid, nsgid, 0664);
- fullpath = must_make_path(path, "cgroup.procs", NULL);
- (void)chowmod(fullpath, destuid, nsgid, 0664);
+ (void)fchowmodat(dirfd, "cgroup.procs", destuid, nsgid, 0664);
if (arg->hierarchies[i]->version != CGROUP2_SUPER_MAGIC)
continue;
- for (char **p = arg->hierarchies[i]->cgroup2_chown; p && *p; p++) {
- fullpath = must_make_path(path, *p, NULL);
- (void)chowmod(fullpath, destuid, nsgid, 0664);
- }
+ for (char **p = arg->hierarchies[i]->cgroup2_chown; p && *p; p++)
+ (void)fchowmodat(dirfd, *p, destuid, nsgid, 0664);
}
return 0;
}
__cgfsng_ops static bool cgfsng_chown(struct cgroup_ops *ops,
- struct lxc_conf *conf)
+ struct lxc_conf *conf)
{
struct generic_userns_exec_data wrap;
- if (lxc_list_empty(&conf->id_map))
- return true;
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
if (!ops->hierarchies)
return true;
+ if (!ops->container_cgroup)
+ return ret_set_errno(false, ENOENT);
+
+ if (!conf)
+ return ret_set_errno(false, EINVAL);
+
+ if (lxc_list_empty(&conf->id_map))
+ return true;
+
wrap.origuid = geteuid();
wrap.path = NULL;
wrap.hierarchies = ops->hierarchies;
wrap.conf = conf;
- if (userns_exec_1(conf, chown_cgroup_wrapper, &wrap,
- "chown_cgroup_wrapper") < 0) {
- ERROR("Error requesting cgroup chown in new user namespace");
- return false;
- }
+ if (userns_exec_1(conf, chown_cgroup_wrapper, &wrap, "chown_cgroup_wrapper") < 0)
+ return log_error_errno(false, errno, "Error requesting cgroup chown in new user namespace");
return true;
}
+__cgfsng_ops void cgfsng_payload_finalize(struct cgroup_ops *ops)
+{
+ if (!ops)
+ return;
+
+ if (!ops->hierarchies)
+ return;
+
+ for (int i = 0; ops->hierarchies[i]; i++) {
+ struct hierarchy *h = ops->hierarchies[i];
+ /*
+ * we don't keep the fds for non-unified hierarchies around
+ * mainly because we don't make use of them anymore after the
+ * core cgroup setup is done but also because there are quite a
+ * lot of them.
+ */
+ if (!is_unified_hierarchy(h))
+ close_prot_errno_disarm(h->cgfd_con);
+ }
+}
+
/* cgroup-full:* is done, no need to create subdirs */
static bool cg_mount_needs_subdirs(int type)
{
int ret;
bool has_cgns = false, retval = false, wants_force_mount = false;
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
if (!ops->hierarchies)
return true;
+ if (!handler || !handler->conf)
+ return ret_set_errno(false, EINVAL);
+
if ((type & LXC_AUTO_CGROUP_MASK) == 0)
return true;
else if (type == LXC_AUTO_CGROUP_FULL_NOSPEC)
type = LXC_AUTO_CGROUP_FULL_MIXED;
- cgroup_root = must_make_path(root, "/sys/fs/cgroup", NULL);
+ cgroup_root = must_make_path(root, DEFAULT_CGROUP_MOUNTPOINT, NULL);
if (ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED) {
if (has_cgns && wants_force_mount) {
/* If cgroup namespaces are supported but the container
continue;
ret = mkdir(controllerpath, 0755);
- if (ret < 0) {
- SYSERROR("Error creating cgroup path: %s", controllerpath);
- goto on_error;
- }
+ if (ret < 0)
+ log_error_errno(goto on_error, errno,
+ "Error creating cgroup path: %s",
+ controllerpath);
if (has_cgns && wants_force_mount) {
/* If cgroup namespaces are supported but the container
{
__do_free char *path = NULL;
+ if (!ops)
+ return ret_set_errno(-1, ENOENT);
+
if (!ops->container_cgroup || !ops->hierarchies)
- return -1;
+ return ret_set_errno(-1, EINVAL);
path = must_make_path(ops->hierarchies[0]->container_full_path, NULL);
return recursive_count_nrtasks(path);
/* Only root needs to escape to the cgroup of its init. */
__cgfsng_ops static bool cgfsng_escape(const struct cgroup_ops *ops,
- struct lxc_conf *conf)
+ struct lxc_conf *conf)
{
- if (conf->cgroup_meta.relative || geteuid() || !ops->hierarchies)
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
+ if (!ops->hierarchies)
+ return true;
+
+ if (!conf)
+ return ret_set_errno(false, EINVAL);
+
+ if (conf->cgroup_meta.relative || geteuid())
return true;
for (int i = 0; ops->hierarchies[i]; i++) {
- int ret;
__do_free char *fullpath = NULL;
+ int ret;
- fullpath = must_make_path(ops->hierarchies[i]->mountpoint,
- ops->hierarchies[i]->container_base_path,
- "cgroup.procs", NULL);
+ fullpath =
+ must_make_path(ops->hierarchies[i]->mountpoint,
+ ops->hierarchies[i]->container_base_path,
+ "cgroup.procs", NULL);
ret = lxc_write_to_file(fullpath, "0", 2, false, 0666);
- if (ret != 0) {
- SYSERROR("Failed to escape to cgroup \"%s\"", fullpath);
- return false;
- }
+ if (ret != 0)
+ return log_error_errno(false,
+ errno, "Failed to escape to cgroup \"%s\"",
+ fullpath);
}
return true;
{
int i = 0;
+ if (!ops)
+ return ret_set_errno(-1, ENOENT);
+
if (!ops->hierarchies)
return 0;
return i;
}
-__cgfsng_ops static bool cgfsng_get_hierarchies(struct cgroup_ops *ops, int n, char ***out)
+__cgfsng_ops static bool cgfsng_get_hierarchies(struct cgroup_ops *ops, int n,
+ char ***out)
{
int i;
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
if (!ops->hierarchies)
return false;
/* sanity check n */
for (i = 0; i < n; i++)
if (!ops->hierarchies[i])
- return false;
+ return ret_set_errno(false, ENOENT);
*out = ops->hierarchies[i]->controllers;
return true;
}
-static bool poll_file_ready(int lfd)
+static bool cg_legacy_freeze(struct cgroup_ops *ops)
{
- int ret;
- struct pollfd pfd = {
- .fd = lfd,
- .events = POLLIN,
- .revents = 0,
- };
-
-again:
- ret = poll(&pfd, 1, 60000);
- if (ret < 0) {
- if (errno == EINTR)
- goto again;
+ struct hierarchy *h;
- SYSERROR("Failed to poll() on file descriptor");
- return false;
- }
+ h = get_hierarchy(ops, "freezer");
+ if (!h)
+ return ret_set_errno(-1, ENOENT);
- return (pfd.revents & POLLIN);
+ return lxc_write_openat(h->container_full_path, "freezer.state",
+ "FROZEN", STRLITERALLEN("FROZEN"));
}
-static bool cg_legacy_freeze(struct cgroup_ops *ops)
+static int freezer_cgroup_events_cb(int fd, uint32_t events, void *cbdata,
+ struct lxc_epoll_descr *descr)
{
- __do_free char *path = NULL;
- struct hierarchy *h;
+ __do_close_prot_errno int duped_fd = -EBADF;
+ __do_free char *line = NULL;
+ __do_fclose FILE *f = NULL;
+ int state = PTR_TO_INT(cbdata);
+ size_t len;
+ const char *state_string;
- h = get_hierarchy(ops, "freezer");
- if (!h)
- return false;
+ duped_fd = dup(fd);
+ if (duped_fd < 0)
+ return LXC_MAINLOOP_ERROR;
- path = must_make_path(h->container_full_path, "freezer.state", NULL);
- return lxc_write_to_file(path, "FROZEN", STRLITERALLEN("FROZEN"), false,
- 0666) == 0;
+ if (lseek(duped_fd, 0, SEEK_SET) < (off_t)-1)
+ return LXC_MAINLOOP_ERROR;
+
+ f = fdopen(duped_fd, "re");
+ if (!f)
+ return LXC_MAINLOOP_ERROR;
+ move_fd(duped_fd);
+
+ if (state == 1)
+ state_string = "frozen 1";
+ else
+ state_string = "frozen 0";
+
+ while (getline(&line, &len, f) != -1)
+ if (strncmp(line, state_string, STRLITERALLEN("frozen") + 2) == 0)
+ return LXC_MAINLOOP_CLOSE;
+
+ return LXC_MAINLOOP_CONTINUE;
}
-static bool cg_unified_freeze(struct cgroup_ops *ops)
+static int cg_unified_freeze(struct cgroup_ops *ops, int timeout)
{
- int ret;
__do_close_prot_errno int fd = -EBADF;
- __do_free char *events_file = NULL, *path = NULL, *line = NULL;
- __do_fclose FILE *f = NULL;
+ __do_lxc_mainloop_close struct lxc_epoll_descr *descr_ptr = NULL;
+ int ret;
+ struct lxc_epoll_descr descr;
struct hierarchy *h;
h = ops->unified;
if (!h)
- return false;
+ return ret_set_errno(-1, ENOENT);
- path = must_make_path(h->container_full_path, "cgroup.freeze", NULL);
- ret = lxc_write_to_file(path, "1", 1, false, 0666);
- if (ret < 0)
- return false;
+ if (!h->container_full_path)
+ return ret_set_errno(-1, EEXIST);
- events_file = must_make_path(h->container_full_path, "cgroup.events", NULL);
- fd = open(events_file, O_RDONLY | O_CLOEXEC);
- if (fd < 0)
- return false;
+ if (timeout != 0) {
+ __do_free char *events_file = NULL;
- f = fdopen(fd, "re");
- if (!f)
- return false;
- move_fd(fd);
+ events_file = must_make_path(h->container_full_path, "cgroup.events", NULL);
+ fd = open(events_file, O_RDONLY | O_CLOEXEC);
+ if (fd < 0)
+ return log_error_errno(-1, errno, "Failed to open cgroup.events file");
- for (int i = 0; i < 10 && poll_file_ready(fd); i++) {
- size_t len;
+ ret = lxc_mainloop_open(&descr);
+ if (ret)
+ return log_error_errno(-1, errno, "Failed to create epoll instance to wait for container freeze");
- while (getline(&line, &len, f) != -1) {
- if (strcmp(line, "frozen 1") == 0)
- return true;
- }
+ /* automatically cleaned up now */
+ descr_ptr = &descr;
+
+ ret = lxc_mainloop_add_handler(&descr, fd, freezer_cgroup_events_cb, INT_TO_PTR((int){1}));
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to add cgroup.events fd handler to mainloop");
+ }
+
+ ret = lxc_write_openat(h->container_full_path, "cgroup.freeze", "1", 1);
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to open cgroup.freeze file");
- fseek(f, 0, SEEK_SET);
- };
+ if (timeout != 0 && lxc_mainloop(&descr, timeout))
+ return log_error_errno(-1, errno, "Failed to wait for container to be frozen");
- return false;
+ return 0;
}
-__cgfsng_ops static bool cgfsng_freeze(struct cgroup_ops *ops)
+__cgfsng_ops static int cgfsng_freeze(struct cgroup_ops *ops, int timeout)
{
if (!ops->hierarchies)
- return true;
+ return ret_set_errno(-1, ENOENT);
if (ops->cgroup_layout != CGROUP_LAYOUT_UNIFIED)
return cg_legacy_freeze(ops);
- return cg_unified_freeze(ops);
+ return cg_unified_freeze(ops, timeout);
}
-static bool cg_legacy_unfreeze(struct cgroup_ops *ops)
+static int cg_legacy_unfreeze(struct cgroup_ops *ops)
{
- __do_free char *path = NULL;
struct hierarchy *h;
h = get_hierarchy(ops, "freezer");
if (!h)
- return false;
+ return ret_set_errno(-1, ENOENT);
- path = must_make_path(h->container_full_path, "freezer.state", NULL);
- return lxc_write_to_file(path, "THAWED", STRLITERALLEN("THAWED"), false,
- 0666) == 0;
+ return lxc_write_openat(h->container_full_path, "freezer.state",
+ "THAWED", STRLITERALLEN("THAWED"));
}
-static bool cg_unified_unfreeze(struct cgroup_ops *ops)
+static int cg_unified_unfreeze(struct cgroup_ops *ops, int timeout)
{
- __do_free char *path = NULL;
+ __do_close_prot_errno int fd = -EBADF;
+ __do_lxc_mainloop_close struct lxc_epoll_descr *descr_ptr = NULL;
+ int ret;
+ struct lxc_epoll_descr descr;
struct hierarchy *h;
h = ops->unified;
if (!h)
- return false;
+ return ret_set_errno(-1, ENOENT);
+
+ if (!h->container_full_path)
+ return ret_set_errno(-1, EEXIST);
+
+ if (timeout != 0) {
+ __do_free char *events_file = NULL;
+
+ events_file = must_make_path(h->container_full_path, "cgroup.events", NULL);
+ fd = open(events_file, O_RDONLY | O_CLOEXEC);
+ if (fd < 0)
+ return log_error_errno(-1, errno, "Failed to open cgroup.events file");
+
+ ret = lxc_mainloop_open(&descr);
+ if (ret)
+ return log_error_errno(-1, errno, "Failed to create epoll instance to wait for container unfreeze");
+
+ /* automatically cleaned up now */
+ descr_ptr = &descr;
+
+ ret = lxc_mainloop_add_handler(&descr, fd, freezer_cgroup_events_cb, INT_TO_PTR((int){0}));
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to add cgroup.events fd handler to mainloop");
+ }
+
+ ret = lxc_write_openat(h->container_full_path, "cgroup.freeze", "0", 1);
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to open cgroup.freeze file");
- path = must_make_path(h->container_full_path, "cgroup.freeze", NULL);
- return lxc_write_to_file(path, "0", 1, false, 0666) == 0;
+ if (timeout != 0 && lxc_mainloop(&descr, timeout))
+ return log_error_errno(-1, errno, "Failed to wait for container to be unfrozen");
+
+ return 0;
}
-__cgfsng_ops static bool cgfsng_unfreeze(struct cgroup_ops *ops)
+__cgfsng_ops static int cgfsng_unfreeze(struct cgroup_ops *ops, int timeout)
{
if (!ops->hierarchies)
- return true;
+ return ret_set_errno(-1, ENOENT);
if (ops->cgroup_layout != CGROUP_LAYOUT_UNIFIED)
return cg_legacy_unfreeze(ops);
- return cg_unified_unfreeze(ops);
+ return cg_unified_unfreeze(ops, timeout);
}
__cgfsng_ops static const char *cgfsng_get_cgroup(struct cgroup_ops *ops,
- const char *controller)
+ const char *controller)
{
struct hierarchy *h;
h = get_hierarchy(ops, controller);
- if (!h) {
- WARN("Failed to find hierarchy for controller \"%s\"",
- controller ? controller : "(null)");
- return NULL;
- }
+ if (!h)
+ return log_warn_errno(NULL,
+ ENOENT, "Failed to find hierarchy for controller \"%s\"",
+ controller ? controller : "(null)");
- return h->container_full_path ? h->container_full_path + strlen(h->mountpoint) : NULL;
+ return h->container_full_path
+ ? h->container_full_path + strlen(h->mountpoint)
+ : NULL;
}
/* Given a cgroup path returned from lxc_cmd_get_cgroup_path, build a full path,
return must_make_path(h->mountpoint, inpath, filename, NULL);
}
-/* Technically, we're always at a delegation boundary here (This is especially
- * true when cgroup namespaces are available.). The reasoning is that in order
- * for us to have been able to start a container in the first place the root
- * cgroup must have been a leaf node. Now, either the container's init system
- * has populated the cgroup and kept it as a leaf node or it has created
- * subtrees. In the former case we will simply attach to the leaf node we
- * created when we started the container in the latter case we create our own
- * cgroup for the attaching process.
- */
-static int __cg_unified_attach(const struct hierarchy *h, const char *name,
- const char *lxcpath, const char *pidstr,
- size_t pidstr_len, const char *controller)
+static int cgroup_attach_leaf(int unified_fd, int64_t pid)
{
- __do_free char *base_path = NULL, *container_cgroup = NULL,
- *full_path = NULL;
+ int idx = 1;
int ret;
- size_t len;
- int fret = -1, idx = 0;
+ char pidstr[INTTYPE_TO_STRLEN(int64_t) + 1];
+ char attach_cgroup[STRLITERALLEN("lxc-1000/cgroup.procs") + 1];
+ size_t pidstr_len;
- container_cgroup = lxc_cmd_get_cgroup_path(name, lxcpath, controller);
- /* not running */
- if (!container_cgroup)
- return 0;
-
- base_path = must_make_path(h->mountpoint, container_cgroup, NULL);
- full_path = must_make_path(base_path, "cgroup.procs", NULL);
- /* cgroup is populated */
- ret = lxc_write_to_file(full_path, pidstr, pidstr_len, false, 0666);
- if (ret < 0 && errno != EBUSY)
- goto on_error;
+ /* Create leaf cgroup. */
+ ret = mkdirat(unified_fd, "lxc", 0755);
+ if (ret < 0 && errno != EEXIST)
+ return log_error_errno(-1, errno, "Failed to create leaf cgroup \"lxc\"");
+ pidstr_len = sprintf(pidstr, INT64_FMT, pid);
+ ret = lxc_writeat(unified_fd, "lxc/cgroup.procs", pidstr, pidstr_len);
+ if (ret < 0)
+ ret = lxc_writeat(unified_fd, "cgroup.procs", pidstr, pidstr_len);
if (ret == 0)
- goto on_success;
+ return 0;
+
+ /* this is a non-leaf node */
+ if (errno != EBUSY)
+ return log_error_errno(-1, errno, "Failed to attach to unified cgroup");
- len = strlen(base_path) + STRLITERALLEN("/lxc-1000") +
- STRLITERALLEN("/cgroup-procs");
- full_path = must_realloc(NULL, len + 1);
do {
- if (idx)
- ret = snprintf(full_path, len + 1, "%s/lxc-%d",
- base_path, idx);
- else
- ret = snprintf(full_path, len + 1, "%s/lxc", base_path);
- if (ret < 0 || (size_t)ret >= len + 1)
- goto on_error;
+ char *slash;
- ret = mkdir_p(full_path, 0755);
+ sprintf(attach_cgroup, "lxc-%d/cgroup.procs", idx);
+ slash = &attach_cgroup[ret] - STRLITERALLEN("/cgroup.procs");
+ *slash = '\0';
+
+ ret = mkdirat(unified_fd, attach_cgroup, 0755);
if (ret < 0 && errno != EEXIST)
- goto on_error;
+ return log_error_errno(-1, errno, "Failed to create cgroup %s", attach_cgroup);
- (void)strlcat(full_path, "/cgroup.procs", len + 1);
- ret = lxc_write_to_file(full_path, pidstr, len, false, 0666);
+ *slash = '/';
+
+ ret = lxc_writeat(unified_fd, attach_cgroup, pidstr, pidstr_len);
if (ret == 0)
- goto on_success;
+ return 0;
/* this is a non-leaf node */
if (errno != EBUSY)
- goto on_error;
+ return log_error_errno(-1, errno, "Failed to attach to unified cgroup");
idx++;
} while (idx < 1000);
-on_success:
- if (idx < 1000)
- fret = 0;
+ return log_error_errno(-1, errno, "Failed to attach to unified cgroup");
+}
-on_error:
- return fret;
+int cgroup_attach(const char *name, const char *lxcpath, int64_t pid)
+{
+ __do_close_prot_errno int unified_fd = -EBADF;
+
+ unified_fd = lxc_cmd_get_cgroup2_fd(name, lxcpath);
+ if (unified_fd < 0)
+ return -1;
+
+ return cgroup_attach_leaf(unified_fd, pid);
+}
+
+/* Technically, we're always at a delegation boundary here (This is especially
+ * true when cgroup namespaces are available.). The reasoning is that in order
+ * for us to have been able to start a container in the first place the root
+ * cgroup must have been a leaf node. Now, either the container's init system
+ * has populated the cgroup and kept it as a leaf node or it has created
+ * subtrees. In the former case we will simply attach to the leaf node we
+ * created when we started the container in the latter case we create our own
+ * cgroup for the attaching process.
+ */
+static int __cg_unified_attach(const struct hierarchy *h, const char *name,
+ const char *lxcpath, pid_t pid,
+ const char *controller)
+{
+ __do_close_prot_errno int unified_fd = -EBADF;
+ int ret;
+
+ ret = cgroup_attach(name, lxcpath, pid);
+ if (ret < 0) {
+ __do_free char *path = NULL, *cgroup = NULL;
+
+ cgroup = lxc_cmd_get_cgroup_path(name, lxcpath, controller);
+ /* not running */
+ if (!cgroup)
+ return 0;
+
+ path = must_make_path(h->mountpoint, cgroup, NULL);
+ unified_fd = open(path, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
+ }
+ if (unified_fd < 0)
+ return -1;
+
+ return cgroup_attach_leaf(unified_fd, pid);
}
__cgfsng_ops static bool cgfsng_attach(struct cgroup_ops *ops, const char *name,
int len, ret;
char pidstr[INTTYPE_TO_STRLEN(pid_t)];
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
if (!ops->hierarchies)
return true;
struct hierarchy *h = ops->hierarchies[i];
if (h->version == CGROUP2_SUPER_MAGIC) {
- ret = __cg_unified_attach(h, name, lxcpath, pidstr, len,
+ ret = __cg_unified_attach(h, name, lxcpath, pid,
h->controllers[0]);
if (ret < 0)
return false;
path = lxc_cmd_get_cgroup_path(name, lxcpath, h->controllers[0]);
/* not running */
if (!path)
- continue;
+ return false;
fullpath = build_full_cgpath_from_monitorpath(h, path, "cgroup.procs");
ret = lxc_write_to_file(fullpath, pidstr, len, false, 0666);
- if (ret < 0) {
- SYSERROR("Failed to attach %d to %s", (int)pid, fullpath);
- return false;
- }
+ if (ret < 0)
+ return log_error_errno(false, errno,
+ "Failed to attach %d to %s",
+ (int)pid, fullpath);
}
return true;
struct hierarchy *h;
int ret = -1;
+ if (!ops)
+ return ret_set_errno(-1, ENOENT);
+
controller = must_copy_string(filename);
p = strchr(controller, '.');
if (p)
return ret;
}
+static int device_cgroup_parse_access(struct device_item *device, const char *val)
+{
+ for (int count = 0; count < 3; count++, val++) {
+ switch (*val) {
+ case 'r':
+ device->access[count] = *val;
+ break;
+ case 'w':
+ device->access[count] = *val;
+ break;
+ case 'm':
+ device->access[count] = *val;
+ break;
+ case '\n':
+ case '\0':
+ count = 3;
+ break;
+ default:
+ return ret_errno(EINVAL);
+ }
+ }
+
+ return 0;
+}
+
+static int device_cgroup_rule_parse(struct device_item *device, const char *key,
+ const char *val)
+{
+ int count, ret;
+ char temp[50];
+
+ if (strcmp("devices.allow", key) == 0)
+ device->allow = 1;
+ else
+ device->allow = 0;
+
+ if (strcmp(val, "a") == 0) {
+ /* global rule */
+ device->type = 'a';
+ device->major = -1;
+ device->minor = -1;
+ device->global_rule = device->allow
+ ? LXC_BPF_DEVICE_CGROUP_BLACKLIST
+ : LXC_BPF_DEVICE_CGROUP_WHITELIST;
+ device->allow = -1;
+ return 0;
+ } else {
+ device->global_rule = LXC_BPF_DEVICE_CGROUP_LOCAL_RULE;
+ }
+
+ switch (*val) {
+ case 'a':
+ __fallthrough;
+ case 'b':
+ __fallthrough;
+ case 'c':
+ device->type = *val;
+ break;
+ default:
+ return -1;
+ }
+
+ val++;
+ if (!isspace(*val))
+ return -1;
+ val++;
+ if (*val == '*') {
+ device->major = -1;
+ val++;
+ } else if (isdigit(*val)) {
+ memset(temp, 0, sizeof(temp));
+ for (count = 0; count < sizeof(temp) - 1; count++) {
+ temp[count] = *val;
+ val++;
+ if (!isdigit(*val))
+ break;
+ }
+ ret = lxc_safe_int(temp, &device->major);
+ if (ret)
+ return -1;
+ } else {
+ return -1;
+ }
+ if (*val != ':')
+ return -1;
+ val++;
+
+ /* read minor */
+ if (*val == '*') {
+ device->minor = -1;
+ val++;
+ } else if (isdigit(*val)) {
+ memset(temp, 0, sizeof(temp));
+ for (count = 0; count < sizeof(temp) - 1; count++) {
+ temp[count] = *val;
+ val++;
+ if (!isdigit(*val))
+ break;
+ }
+ ret = lxc_safe_int(temp, &device->minor);
+ if (ret)
+ return -1;
+ } else {
+ return -1;
+ }
+ if (!isspace(*val))
+ return -1;
+
+ return device_cgroup_parse_access(device, ++val);
+}
+
/* Called externally (i.e. from 'lxc-cgroup') to set new cgroup limits. Here we
* don't have a cgroup_data set up, so we ask the running container through the
* commands API for the cgroup path.
*/
__cgfsng_ops static int cgfsng_set(struct cgroup_ops *ops,
- const char *filename, const char *value,
+ const char *key, const char *value,
const char *name, const char *lxcpath)
{
__do_free char *path = NULL;
struct hierarchy *h;
int ret = -1;
- controller = must_copy_string(filename);
+ if (!ops)
+ return ret_set_errno(-1, ENOENT);
+
+ controller = must_copy_string(key);
p = strchr(controller, '.');
if (p)
*p = '\0';
+ if (pure_unified_layout(ops) && strcmp(controller, "devices") == 0) {
+ struct device_item device = {0};
+
+ ret = device_cgroup_rule_parse(&device, key, value);
+ if (ret < 0)
+ return log_error_errno(-1, EINVAL, "Failed to parse device string %s=%s",
+ key, value);
+
+ ret = lxc_cmd_add_bpf_device_cgroup(name, lxcpath, &device);
+ if (ret < 0)
+ return -1;
+
+ return 0;
+ }
+
path = lxc_cmd_get_cgroup_path(name, lxcpath, controller);
/* not running */
if (!path)
if (h) {
__do_free char *fullpath = NULL;
- fullpath = build_full_cgpath_from_monitorpath(h, path, filename);
+ fullpath = build_full_cgpath_from_monitorpath(h, path, key);
ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
}
* line. Return <0 on error. Dest is a preallocated buffer long enough to hold
* the output.
*/
-static int convert_devpath(const char *invalue, char *dest)
+static int device_cgroup_rule_parse_devpath(struct device_item *device,
+ const char *devpath)
{
__do_free char *path = NULL;
- int n_parts;
- char *p, type;
- unsigned long minor, major;
- struct stat sb;
- int ret = -EINVAL;
char *mode = NULL;
+ int n_parts, ret;
+ char *p;
+ struct stat sb;
- path = must_copy_string(invalue);
+ path = must_copy_string(devpath);
- /* Read path followed by mode. Ignore any trailing text.
+ /*
+ * Read path followed by mode. Ignore any trailing text.
* A ' # comment' would be legal. Technically other text is not
* legal, we could check for that if we cared to.
*/
mode = p;
if (*p == '\0')
- goto out;
+ return ret_set_errno(-1, EINVAL);
}
+ if (device_cgroup_parse_access(device, mode) < 0)
+ return -1;
+
if (n_parts == 1)
- goto out;
+ return ret_set_errno(-1, EINVAL);
ret = stat(path, &sb);
if (ret < 0)
- goto out;
+ return ret_set_errno(-1, errno);
mode_t m = sb.st_mode & S_IFMT;
switch (m) {
case S_IFBLK:
- type = 'b';
+ device->type = 'b';
break;
case S_IFCHR:
- type = 'c';
+ device->type = 'c';
break;
default:
- ERROR("Unsupported device type %i for \"%s\"", m, path);
- ret = -EINVAL;
- goto out;
+ return log_error_errno(-1, EINVAL,
+ "Unsupported device type %i for \"%s\"",
+ m, path);
}
- major = MAJOR(sb.st_rdev);
- minor = MINOR(sb.st_rdev);
- ret = snprintf(dest, 50, "%c %lu:%lu %s", type, major, minor, mode);
- if (ret < 0 || ret >= 50) {
- ERROR("Error on configuration value \"%c %lu:%lu %s\" (max 50 "
- "chars)", type, major, minor, mode);
- ret = -ENAMETOOLONG;
- goto out;
- }
- ret = 0;
+ device->major = MAJOR(sb.st_rdev);
+ device->minor = MINOR(sb.st_rdev);
+ device->allow = 1;
+ device->global_rule = LXC_BPF_DEVICE_CGROUP_LOCAL_RULE;
-out:
- return ret;
+ return 0;
+}
+
+static int convert_devpath(const char *invalue, char *dest)
+{
+ struct device_item device = {0};
+ int ret;
+
+ ret = device_cgroup_rule_parse_devpath(&device, invalue);
+ if (ret < 0)
+ return -1;
+
+ ret = snprintf(dest, 50, "%c %d:%d %s", device.type, device.major,
+ device.minor, device.access);
+ if (ret < 0 || ret >= 50)
+ return log_error_errno(-1,
+ ENAMETOOLONG, "Error on configuration value \"%c %d:%d %s\" (max 50 chars)",
+ device.type, device.major, device.minor,
+ device.access);
+
+ return 0;
}
/* Called from setup_limits - here we have the container's cgroup_data because
const char *value)
{
__do_free char *controller = NULL;
- __do_free char *fullpath = NULL;
char *p;
/* "b|c <2^64-1>:<2^64-1> r|w|m" = 47 chars max */
char converted_value[50];
struct hierarchy *h;
- int ret = 0;
controller = must_copy_string(filename);
p = strchr(controller, '.');
*p = '\0';
if (strcmp("devices.allow", filename) == 0 && value[0] == '/') {
+ int ret;
+
ret = convert_devpath(value, converted_value);
if (ret < 0)
return ret;
return -ENOENT;
}
- fullpath = must_make_path(h->container_full_path, filename, NULL);
- ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
- return ret;
+ return lxc_write_openat(h->container_full_path, filename, value, strlen(value));
}
-static bool __cg_legacy_setup_limits(struct cgroup_ops *ops,
- struct lxc_list *cgroup_settings,
- bool do_devices)
+__cgfsng_ops static bool cgfsng_setup_limits_legacy(struct cgroup_ops *ops,
+ struct lxc_conf *conf,
+ bool do_devices)
{
__do_free struct lxc_list *sorted_cgroup_settings = NULL;
+ struct lxc_list *cgroup_settings = &conf->cgroup;
struct lxc_list *iterator, *next;
struct lxc_cgroup *cg;
bool ret = false;
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
+ if (!conf)
+ return ret_set_errno(false, EINVAL);
+
+ cgroup_settings = &conf->cgroup;
if (lxc_list_empty(cgroup_settings))
return true;
if (!ops->hierarchies)
- return false;
+ return ret_set_errno(false, EINVAL);
sorted_cgroup_settings = sort_cgroup_settings(cgroup_settings);
if (!sorted_cgroup_settings)
if (do_devices == !strncmp("devices", cg->subsystem, 7)) {
if (cg_legacy_set_data(ops, cg->subsystem, cg->value)) {
- if (do_devices && (errno == EACCES || errno == EPERM)) {
- WARN("Failed to set \"%s\" to \"%s\"",
- cg->subsystem, cg->value);
- continue;
- }
- WARN("Failed to set \"%s\" to \"%s\"",
- cg->subsystem, cg->value);
- goto out;
+ if (do_devices && (errno == EACCES || errno == EPERM))
+ log_warn_errno(continue,
+ errno, "Failed to set \"%s\" to \"%s\"",
+ cg->subsystem, cg->value);
+ log_warn_errno(goto out, errno,
+ "Failed to set \"%s\" to \"%s\"",
+ cg->subsystem, cg->value);
}
DEBUG("Set controller \"%s\" set to \"%s\"",
cg->subsystem, cg->value);
return ret;
}
-static bool __cg_unified_setup_limits(struct cgroup_ops *ops,
- struct lxc_list *cgroup_settings)
+/*
+ * Some of the parsing logic comes from the original cgroup device v1
+ * implementation in the kernel.
+ */
+static int bpf_device_cgroup_prepare(struct cgroup_ops *ops,
+ struct lxc_conf *conf, const char *key,
+ const char *val)
{
- struct lxc_list *iterator;
- struct hierarchy *h = ops->unified;
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+ struct device_item device_item = {0};
+ int ret;
- if (lxc_list_empty(cgroup_settings))
+ if (strcmp("devices.allow", key) == 0 && *val == '/')
+ ret = device_cgroup_rule_parse_devpath(&device_item, val);
+ else
+ ret = device_cgroup_rule_parse(&device_item, key, val);
+ if (ret < 0)
+ return log_error_errno(-1, EINVAL,
+ "Failed to parse device string %s=%s",
+ key, val);
+
+ ret = bpf_list_add_device(conf, &device_item);
+ if (ret < 0)
+ return -1;
+#endif
+ return 0;
+}
+
+__cgfsng_ops static bool cgfsng_setup_limits(struct cgroup_ops *ops,
+ struct lxc_handler *handler)
+{
+ struct lxc_list *cgroup_settings, *iterator;
+ struct hierarchy *h;
+ struct lxc_conf *conf;
+
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
+ if (!ops->hierarchies)
return true;
- if (!h)
+ if (!ops->container_cgroup)
+ return ret_set_errno(false, EINVAL);
+
+ if (!handler || !handler->conf)
+ return ret_set_errno(false, EINVAL);
+ conf = handler->conf;
+
+ if (lxc_list_empty(&conf->cgroup2))
+ return true;
+ cgroup_settings = &conf->cgroup2;
+
+ if (!ops->unified)
return false;
+ h = ops->unified;
- lxc_list_for_each(iterator, cgroup_settings) {
- __do_free char *fullpath = NULL;
- int ret;
+ lxc_list_for_each (iterator, cgroup_settings) {
struct lxc_cgroup *cg = iterator->elem;
+ int ret;
- fullpath = must_make_path(h->container_full_path, cg->subsystem, NULL);
- ret = lxc_write_to_file(fullpath, cg->value, strlen(cg->value), false, 0666);
- if (ret < 0) {
- SYSERROR("Failed to set \"%s\" to \"%s\"",
- cg->subsystem, cg->value);
- return false;
+ if (strncmp("devices", cg->subsystem, 7) == 0) {
+ ret = bpf_device_cgroup_prepare(ops, conf, cg->subsystem,
+ cg->value);
+ } else {
+ ret = lxc_write_openat(h->container_full_path,
+ cg->subsystem, cg->value,
+ strlen(cg->value));
+ if (ret < 0)
+ return log_error_errno(false,
+ errno, "Failed to set \"%s\" to \"%s\"",
+ cg->subsystem, cg->value);
}
TRACE("Set \"%s\" to \"%s\"", cg->subsystem, cg->value);
}
- INFO("Limits for the unified cgroup hierarchy have been setup");
+ return log_info(true, "Limits for the unified cgroup hierarchy have been setup");
+}
+
+__cgfsng_ops bool cgfsng_devices_activate(struct cgroup_ops *ops,
+ struct lxc_handler *handler)
+{
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+ __do_bpf_program_free struct bpf_program *devices = NULL;
+ int ret;
+ struct lxc_conf *conf;
+ struct hierarchy *unified;
+ struct lxc_list *it;
+ struct bpf_program *devices_old;
+
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
+ if (!ops->hierarchies)
+ return true;
+
+ if (!ops->container_cgroup)
+ return ret_set_errno(false, EEXIST);
+
+ if (!handler || !handler->conf)
+ return ret_set_errno(false, EINVAL);
+ conf = handler->conf;
+
+ unified = ops->unified;
+ if (!unified || !unified->bpf_device_controller ||
+ !unified->container_full_path || lxc_list_empty(&conf->devices))
+ return true;
+
+ devices = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);
+ if (!devices)
+ return log_error_errno(false, ENOMEM,
+ "Failed to create new bpf program");
+
+ ret = bpf_program_init(devices);
+ if (ret)
+ return log_error_errno(false, ENOMEM,
+ "Failed to initialize bpf program");
+
+ lxc_list_for_each(it, &conf->devices) {
+ struct device_item *cur = it->elem;
+
+ ret = bpf_program_append_device(devices, cur);
+ if (ret)
+ return log_error_errno(false,
+ ENOMEM, "Failed to add new rule to bpf device program: type %c, major %d, minor %d, access %s, allow %d, global_rule %d",
+ cur->type, cur->major,
+ cur->minor, cur->access,
+ cur->allow, cur->global_rule);
+ TRACE("Added rule to bpf device program: type %c, major %d, minor %d, access %s, allow %d, global_rule %d",
+ cur->type, cur->major, cur->minor, cur->access,
+ cur->allow, cur->global_rule);
+ }
+
+ ret = bpf_program_finalize(devices);
+ if (ret)
+ return log_error_errno(false, ENOMEM,
+ "Failed to finalize bpf program");
+
+ ret = bpf_program_cgroup_attach(devices, BPF_CGROUP_DEVICE,
+ unified->container_full_path,
+ BPF_F_ALLOW_MULTI);
+ if (ret)
+ return log_error_errno(false, ENOMEM,
+ "Failed to attach bpf program");
+
+ /* Replace old bpf program. */
+ devices_old = move_ptr(conf->cgroup2_devices);
+ conf->cgroup2_devices = move_ptr(devices);
+ devices = move_ptr(devices_old);
+#endif
return true;
}
-__cgfsng_ops static bool cgfsng_setup_limits(struct cgroup_ops *ops,
- struct lxc_conf *conf,
- bool do_devices)
+bool __cgfsng_delegate_controllers(struct cgroup_ops *ops, const char *cgroup)
{
- if (!__cg_legacy_setup_limits(ops, &conf->cgroup, do_devices))
- return false;
+ __do_free char *add_controllers = NULL, *base_path = NULL;
+ struct hierarchy *unified = ops->unified;
+ ssize_t parts_len;
+ char **it;
+ size_t full_len = 0;
+ char **parts = NULL;
+ bool bret = false;
+
+ if (!ops->hierarchies || !pure_unified_layout(ops) ||
+ !unified->controllers[0])
+ return true;
+
+ /* For now we simply enable all controllers that we have detected by
+ * creating a string like "+memory +pids +cpu +io".
+ * TODO: In the near future we might want to support "-<controller>"
+ * etc. but whether supporting semantics like this make sense will need
+ * some thinking.
+ */
+ for (it = unified->controllers; it && *it; it++) {
+ full_len += strlen(*it) + 2;
+ add_controllers = must_realloc(add_controllers, full_len + 1);
+
+ if (unified->controllers[0] == *it)
+ add_controllers[0] = '\0';
+
+ (void)strlcat(add_controllers, "+", full_len + 1);
+ (void)strlcat(add_controllers, *it, full_len + 1);
+
+ if ((it + 1) && *(it + 1))
+ (void)strlcat(add_controllers, " ", full_len + 1);
+ }
+
+ parts = lxc_string_split(cgroup, '/');
+ if (!parts)
+ goto on_error;
- return __cg_unified_setup_limits(ops, &conf->cgroup2);
+ parts_len = lxc_array_len((void **)parts);
+ if (parts_len > 0)
+ parts_len--;
+
+ base_path = must_make_path(unified->mountpoint, unified->container_base_path, NULL);
+ for (ssize_t i = -1; i < parts_len; i++) {
+ int ret;
+ __do_free char *target = NULL;
+
+ if (i >= 0)
+ base_path = must_append_path(base_path, parts[i], NULL);
+ target = must_make_path(base_path, "cgroup.subtree_control", NULL);
+ ret = lxc_writeat(-1, target, add_controllers, full_len);
+ if (ret < 0)
+ log_error_errno(goto on_error,
+ errno, "Could not enable \"%s\" controllers in the unified cgroup \"%s\"",
+ add_controllers, target);
+ TRACE("Enable \"%s\" controllers in the unified cgroup \"%s\"", add_controllers, target);
+ }
+
+ bret = true;
+
+on_error:
+ lxc_free_array((void **)parts, free);
+ return bret;
+}
+
+__cgfsng_ops bool cgfsng_monitor_delegate_controllers(struct cgroup_ops *ops)
+{
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
+ return __cgfsng_delegate_controllers(ops, ops->monitor_cgroup);
+}
+
+__cgfsng_ops bool cgfsng_payload_delegate_controllers(struct cgroup_ops *ops)
+{
+ if (!ops)
+ return ret_set_errno(false, ENOENT);
+
+ return __cgfsng_delegate_controllers(ops, ops->container_cgroup);
}
static bool cgroup_use_wants_controllers(const struct cgroup_ops *ops,
static void cg_unified_delegate(char ***delegate)
{
- __do_free char *tmp = NULL;
- int idx;
+ __do_free char *buf = NULL;
char *standard[] = {"cgroup.subtree_control", "cgroup.threads", NULL};
+ char *token;
+ int idx;
- tmp = read_file("/sys/kernel/cgroup/delegate");
- if (!tmp) {
+ buf = read_file("/sys/kernel/cgroup/delegate");
+ if (!buf) {
for (char **p = standard; p && *p; p++) {
idx = append_null_to_list((void ***)delegate);
(*delegate)[idx] = must_copy_string(*p);
}
- } else {
- char *token;
- lxc_iterate_parts (token, tmp, " \t\n") {
- /*
- * We always need to chown this for both cgroup and
- * cgroup2.
- */
- if (strcmp(token, "cgroup.procs") == 0)
- continue;
+ log_warn_errno(return, errno, "Failed to read /sys/kernel/cgroup/delegate");
+ }
- idx = append_null_to_list((void ***)delegate);
- (*delegate)[idx] = must_copy_string(token);
- }
+ lxc_iterate_parts (token, buf, " \t\n") {
+ /*
+ * We always need to chown this for both cgroup and
+ * cgroup2.
+ */
+ if (strcmp(token, "cgroup.procs") == 0)
+ continue;
+
+ idx = append_null_to_list((void ***)delegate);
+ (*delegate)[idx] = must_copy_string(token);
}
}
/* At startup, parse_hierarchies finds all the info we need about cgroup
* mountpoints and current cgroups, and stores it in @d.
*/
-static bool cg_hybrid_init(struct cgroup_ops *ops, bool relative,
- bool unprivileged)
+static int cg_hybrid_init(struct cgroup_ops *ops, bool relative, bool unprivileged)
{
__do_free char *basecginfo = NULL;
__do_free char *line = NULL;
else
basecginfo = read_file("/proc/self/cgroup");
if (!basecginfo)
- return false;
+ return ret_set_errno(-1, ENOMEM);
ret = get_existing_subsystems(&klist, &nlist);
- if (ret < 0) {
- ERROR("Failed to retrieve available legacy cgroup controllers");
- return false;
- }
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to retrieve available legacy cgroup controllers");
f = fopen("/proc/self/mountinfo", "r");
- if (!f) {
- ERROR("Failed to open \"/proc/self/mountinfo\"");
- return false;
- }
+ if (!f)
+ return log_error_errno(-1, errno, "Failed to open \"/proc/self/mountinfo\"");
lxc_cgfsng_print_basecg_debuginfo(basecginfo, klist, nlist);
if (type == CGROUP_SUPER_MAGIC)
if (controller_list_is_dup(ops->hierarchies, controller_list))
- goto next;
+ log_trace_errno(goto next, EEXIST, "Skipping duplicating controller");
mountpoint = cg_hybrid_get_mountpoint(line);
- if (!mountpoint) {
- ERROR("Failed parsing mountpoint from \"%s\"", line);
- goto next;
- }
+ if (!mountpoint)
+ log_error_errno(goto next, EINVAL, "Failed parsing mountpoint from \"%s\"", line);
if (type == CGROUP_SUPER_MAGIC)
base_cgroup = cg_hybrid_get_current_cgroup(basecginfo, controller_list[0], CGROUP_SUPER_MAGIC);
else
base_cgroup = cg_hybrid_get_current_cgroup(basecginfo, NULL, CGROUP2_SUPER_MAGIC);
- if (!base_cgroup) {
- ERROR("Failed to find current cgroup");
- goto next;
- }
+ if (!base_cgroup)
+ log_error_errno(goto next, EINVAL, "Failed to find current cgroup");
trim(base_cgroup);
prune_init_scope(base_cgroup);
else
writeable = test_writeable_v1(mountpoint, base_cgroup);
if (!writeable)
- goto next;
+ log_trace_errno(goto next, EROFS, "The %s group is not writeable", base_cgroup);
if (type == CGROUP2_SUPER_MAGIC) {
char *cgv2_ctrl_path;
/* Exclude all controllers that cgroup use does not want. */
if (!cgroup_use_wants_controllers(ops, controller_list))
- goto next;
+ log_trace_errno(goto next, EINVAL, "Skipping controller");
new = add_hierarchy(&ops->hierarchies, controller_list, mountpoint, base_cgroup, type);
if (type == CGROUP2_SUPER_MAGIC && !ops->unified) {
* controllers are accounted for
*/
if (!all_controllers_found(ops))
- return false;
-
- return true;
-}
-
-static int cg_is_pure_unified(void)
-{
-
- int ret;
- struct statfs fs;
-
- ret = statfs("/sys/fs/cgroup", &fs);
- if (ret < 0)
- return -ENOMEDIUM;
-
- if (is_fs_type(&fs, CGROUP2_SUPER_MAGIC))
- return CGROUP2_SUPER_MAGIC;
+ return log_error_errno(-1, ENOENT, "Failed to find all required controllers");
return 0;
}
struct hierarchy *new;
char *base_cgroup = NULL;
- ret = cg_is_pure_unified();
+ ret = unified_cgroup_hierarchy();
if (ret == -ENOMEDIUM)
- return -ENOMEDIUM;
+ return ret_errno(ENOMEDIUM);
if (ret != CGROUP2_SUPER_MAGIC)
return 0;
base_cgroup = cg_unified_get_current_cgroup(relative);
if (!base_cgroup)
- return -EINVAL;
- prune_init_scope(base_cgroup);
+ return ret_errno(EINVAL);
+ if (!relative)
+ prune_init_scope(base_cgroup);
- /* We assume that we have already been given controllers to delegate
- * further down the hierarchy. If not it is up to the user to delegate
- * them to us.
+ /*
+ * We assume that the cgroup we're currently in has been delegated to
+ * us and we are free to further delege all of the controllers listed
+ * in cgroup.controllers further down the hierarchy.
*/
- mountpoint = must_copy_string("/sys/fs/cgroup");
- subtree_path = must_make_path(mountpoint, base_cgroup,
- "cgroup.subtree_control", NULL);
+ mountpoint = must_copy_string(DEFAULT_CGROUP_MOUNTPOINT);
+ subtree_path = must_make_path(mountpoint, base_cgroup, "cgroup.controllers", NULL);
delegatable = cg_unified_get_controllers(subtree_path);
if (!delegatable)
delegatable = cg_unified_make_empty_controller();
*/
new = add_hierarchy(&ops->hierarchies, delegatable, mountpoint, base_cgroup, CGROUP2_SUPER_MAGIC);
- if (!unprivileged)
+ if (unprivileged)
cg_unified_delegate(&new->cgroup2_chown);
+ if (bpf_devices_cgroup_supported())
+ new->bpf_device_controller = 1;
+
ops->cgroup_layout = CGROUP_LAYOUT_UNIFIED;
ops->unified = new;
return CGROUP2_SUPER_MAGIC;
}
-static bool cg_init(struct cgroup_ops *ops, struct lxc_conf *conf)
+static int cg_init(struct cgroup_ops *ops, struct lxc_conf *conf)
{
int ret;
const char *tmp;
ret = cg_unified_init(ops, relative, !lxc_list_empty(&conf->id_map));
if (ret < 0)
- return false;
+ return -1;
if (ret == CGROUP2_SUPER_MAGIC)
- return true;
+ return 0;
return cg_hybrid_init(ops, relative, !lxc_list_empty(&conf->id_map));
}
-__cgfsng_ops static bool cgfsng_data_init(struct cgroup_ops *ops)
+__cgfsng_ops static int cgfsng_data_init(struct cgroup_ops *ops)
{
const char *cgroup_pattern;
+ if (!ops)
+ return ret_set_errno(-1, ENOENT);
+
/* copy system-wide cgroup information */
cgroup_pattern = lxc_global_config_value("lxc.cgroup.pattern");
if (!cgroup_pattern) {
/* lxc.cgroup.pattern is only NULL on error. */
ERROR("Failed to retrieve cgroup pattern");
- return false;
+ return ret_set_errno(-1, ENOMEM);
}
ops->cgroup_pattern = must_copy_string(cgroup_pattern);
- ops->monitor_pattern = MONITOR_CGROUP;
- return true;
+ return 0;
}
struct cgroup_ops *cgfsng_ops_init(struct lxc_conf *conf)
cgfsng_ops = malloc(sizeof(struct cgroup_ops));
if (!cgfsng_ops)
- return NULL;
+ return ret_set_errno(NULL, ENOMEM);
memset(cgfsng_ops, 0, sizeof(struct cgroup_ops));
cgfsng_ops->cgroup_layout = CGROUP_LAYOUT_UNKNOWN;
- if (!cg_init(cgfsng_ops, conf))
+ if (cg_init(cgfsng_ops, conf))
return NULL;
cgfsng_ops->data_init = cgfsng_data_init;
cgfsng_ops->monitor_destroy = cgfsng_monitor_destroy;
cgfsng_ops->monitor_create = cgfsng_monitor_create;
cgfsng_ops->monitor_enter = cgfsng_monitor_enter;
+ cgfsng_ops->monitor_delegate_controllers = cgfsng_monitor_delegate_controllers;
+ cgfsng_ops->payload_delegate_controllers = cgfsng_payload_delegate_controllers;
cgfsng_ops->payload_create = cgfsng_payload_create;
cgfsng_ops->payload_enter = cgfsng_payload_enter;
+ cgfsng_ops->payload_finalize = cgfsng_payload_finalize;
cgfsng_ops->escape = cgfsng_escape;
cgfsng_ops->num_hierarchies = cgfsng_num_hierarchies;
cgfsng_ops->get_hierarchies = cgfsng_get_hierarchies;
cgfsng_ops->set = cgfsng_set;
cgfsng_ops->freeze = cgfsng_freeze;
cgfsng_ops->unfreeze = cgfsng_unfreeze;
+ cgfsng_ops->setup_limits_legacy = cgfsng_setup_limits_legacy;
cgfsng_ops->setup_limits = cgfsng_setup_limits;
cgfsng_ops->driver = "cgfsng";
cgfsng_ops->version = "1.0.0";
cgfsng_ops->chown = cgfsng_chown;
cgfsng_ops->mount = cgfsng_mount;
cgfsng_ops->nrtasks = cgfsng_nrtasks;
+ cgfsng_ops->devices_activate = cgfsng_devices_activate;
return move_ptr(cgfsng_ops);
}
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
#include <unistd.h>
#include "cgroup.h"
+#include "cgroup2_devices.h"
#include "conf.h"
#include "config.h"
#include "initutils.h"
{
struct cgroup_ops *cgroup_ops;
- if (!conf) {
- ERROR("No valid conf given");
- return NULL;
- }
+ if (!conf)
+ return log_error_errno(NULL, EINVAL, "No valid conf given");
cgroup_ops = cgfsng_ops_init(conf);
- if (!cgroup_ops) {
- ERROR("Failed to initialize cgroup driver");
- return NULL;
- }
+ if (!cgroup_ops)
+ return log_error_errno(NULL, errno, "Failed to initialize cgroup driver");
- if (!cgroup_ops->data_init(cgroup_ops))
- return NULL;
+ if (cgroup_ops->data_init(cgroup_ops))
+ return log_error_errno(NULL, errno,
+ "Failed to initialize cgroup data");
TRACE("Initialized cgroup driver %s", cgroup_ops->driver);
free(ops->cgroup_pattern);
free(ops->container_cgroup);
+ free(ops->monitor_cgroup);
+
+ if (ops->cgroup2_devices)
+ bpf_program_free(ops->cgroup2_devices);
for (it = ops->hierarchies; it && *it; it++) {
char **p;
free((*it)->container_base_path);
free((*it)->container_full_path);
free((*it)->monitor_full_path);
+ if ((*it)->cgfd_mon >= 0)
+ close((*it)->cgfd_con);
+ if ((*it)->cgfd_mon >= 0)
+ close((*it)->cgfd_mon);
free(*it);
}
free(ops->hierarchies);
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_CGROUP_H
#define __LXC_CGROUP_H
#include <stddef.h>
#include <sys/types.h>
-#define PAYLOAD_CGROUP "lxc.payload"
-#define MONITOR_CGROUP "lxc.monitor"
-#define PIVOT_CGROUP "lxc.pivot"
+#include "macro.h"
+
+#define DEFAULT_CGROUP_MOUNTPOINT "/sys/fs/cgroup"
+#define DEFAULT_PAYLOAD_CGROUP_PREFIX "lxc.payload."
+#define DEFAULT_MONITOR_CGROUP_PREFIX "lxc.monitor."
+#define CGROUP_CREATE_RETRY "-NNNN"
+#define CGROUP_CREATE_RETRY_LEN (STRLITERALLEN(CGROUP_CREATE_RETRY))
+#define CGROUP_PIVOT "lxc.pivot"
struct lxc_handler;
struct lxc_conf;
* If the hierarchy is a legacy hierarchy this will be set to
* CGROUP_SUPER_MAGIC.
* - unified hierarchy
- * If the hierarchy is a legacy hierarchy this will be set to
+ * If the hierarchy is a unified hierarchy this will be set to
* CGROUP2_SUPER_MAGIC.
*/
struct hierarchy {
char *container_full_path;
char *monitor_full_path;
int version;
+
+ /* cgroup2 only */
+ unsigned int bpf_device_controller:1;
+
+ /* monitor cgroup fd */
+ int cgfd_con;
+ /* container cgroup fd */
+ int cgfd_mon;
};
struct cgroup_ops {
char **cgroup_use;
char *cgroup_pattern;
char *container_cgroup;
-
- /* Static memory, do not free.*/
- const char *monitor_pattern;
+ char *monitor_cgroup;
/* @hierarchies
* - A NULL-terminated array of struct hierarchy, one per legacy
/* Pointer to the unified hierarchy. Do not free! */
struct hierarchy *unified;
+ /*
+ * @cgroup2_devices
+ * bpf program to limit device access; only applicable to privileged
+ * containers.
+ */
+ struct bpf_program *cgroup2_devices;
+
/*
* @cgroup_layout
* - What cgroup layout the container is running with.
*/
cgroup_layout_t cgroup_layout;
- bool (*data_init)(struct cgroup_ops *ops);
+ int (*data_init)(struct cgroup_ops *ops);
void (*payload_destroy)(struct cgroup_ops *ops, struct lxc_handler *handler);
void (*monitor_destroy)(struct cgroup_ops *ops, struct lxc_handler *handler);
bool (*monitor_create)(struct cgroup_ops *ops, struct lxc_handler *handler);
- bool (*monitor_enter)(struct cgroup_ops *ops, pid_t pid);
+ bool (*monitor_enter)(struct cgroup_ops *ops, struct lxc_handler *handler);
bool (*payload_create)(struct cgroup_ops *ops, struct lxc_handler *handler);
- bool (*payload_enter)(struct cgroup_ops *ops, pid_t pid);
+ bool (*payload_enter)(struct cgroup_ops *ops, struct lxc_handler *handler);
const char *(*get_cgroup)(struct cgroup_ops *ops, const char *controller);
bool (*escape)(const struct cgroup_ops *ops, struct lxc_conf *conf);
int (*num_hierarchies)(struct cgroup_ops *ops);
const char *value, const char *name, const char *lxcpath);
int (*get)(struct cgroup_ops *ops, const char *filename, char *value,
size_t len, const char *name, const char *lxcpath);
- bool (*freeze)(struct cgroup_ops *ops);
- bool (*unfreeze)(struct cgroup_ops *ops);
- bool (*setup_limits)(struct cgroup_ops *ops, struct lxc_conf *conf,
- bool with_devices);
+ int (*freeze)(struct cgroup_ops *ops, int timeout);
+ int (*unfreeze)(struct cgroup_ops *ops, int timeout);
+ bool (*setup_limits_legacy)(struct cgroup_ops *ops,
+ struct lxc_conf *conf, bool with_devices);
+ bool (*setup_limits)(struct cgroup_ops *ops, struct lxc_handler *handler);
bool (*chown)(struct cgroup_ops *ops, struct lxc_conf *conf);
bool (*attach)(struct cgroup_ops *ops, const char *name,
const char *lxcpath, pid_t pid);
bool (*mount)(struct cgroup_ops *ops, struct lxc_handler *handler,
const char *root, int type);
int (*nrtasks)(struct cgroup_ops *ops);
+ bool (*devices_activate)(struct cgroup_ops *ops,
+ struct lxc_handler *handler);
+ bool (*monitor_delegate_controllers)(struct cgroup_ops *ops);
+ bool (*payload_delegate_controllers)(struct cgroup_ops *ops);
+ void (*payload_finalize)(struct cgroup_ops *ops);
};
extern struct cgroup_ops *cgroup_init(struct lxc_conf *conf);
extern void prune_init_scope(char *cg);
+static inline void __auto_cgroup_exit__(struct cgroup_ops **ops)
+{
+ if (*ops)
+ cgroup_exit(*ops);
+}
+
+extern int cgroup_attach(const char *name, const char *lxcpath, int64_t pid);
+
+#define __do_cgroup_exit __attribute__((__cleanup__(__auto_cgroup_exit__)))
+
+static inline bool pure_unified_layout(const struct cgroup_ops *ops)
+{
+ return ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED;
+}
+
#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+/* Parts of this taken from systemd's implementation. */
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+#include <errno.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "cgroup2_devices.h"
+#include "config.h"
+#include "log.h"
+#include "macro.h"
+#include "memory_utils.h"
+
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+#include <linux/bpf.h>
+#include <linux/filter.h>
+
+lxc_log_define(cgroup2_devices, cgroup);
+
+static int bpf_program_add_instructions(struct bpf_program *prog,
+ const struct bpf_insn *instructions,
+ size_t count)
+{
+
+ struct bpf_insn *new_insn;
+
+ if (prog->kernel_fd >= 0)
+ return log_error_errno(-1, EBUSY, "Refusing to update bpf cgroup program that's already loaded");
+
+ new_insn = realloc(prog->instructions, sizeof(struct bpf_insn) * (count + prog->n_instructions));
+ if (!new_insn)
+ return log_error_errno(-1, ENOMEM, "Failed to reallocate bpf cgroup program");
+
+ prog->instructions = new_insn;
+ memcpy(prog->instructions + prog->n_instructions, instructions,
+ sizeof(struct bpf_insn) * count);
+ prog->n_instructions += count;
+
+ return 0;
+}
+
+void bpf_program_free(struct bpf_program *prog)
+{
+ if (!prog)
+ return;
+
+ (void)bpf_program_cgroup_detach(prog);
+
+ if (prog->kernel_fd >= 0)
+ close(prog->kernel_fd);
+ free(prog->instructions);
+ free(prog->attached_path);
+ free(prog);
+}
+
+/* Memory load, dst_reg = *(uint *) (src_reg + off16) */
+#define BPF_LDX_MEM(SIZE, DST, SRC, OFF) \
+ ((struct bpf_insn){.code = BPF_LDX | BPF_SIZE(SIZE) | BPF_MEM, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = OFF, \
+ .imm = 0})
+
+/* ALU ops on immediates, bpf_add|sub|...: dst_reg += imm32 */
+#define BPF_ALU32_IMM(OP, DST, IMM) \
+ ((struct bpf_insn){.code = BPF_ALU | BPF_OP(OP) | BPF_K, \
+ .dst_reg = DST, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = IMM})
+
+/* Short form of mov, dst_reg = src_reg */
+#define BPF_MOV64_IMM(DST, IMM) \
+ ((struct bpf_insn){.code = BPF_ALU64 | BPF_MOV | BPF_K, \
+ .dst_reg = DST, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = IMM})
+
+#define BPF_MOV32_REG(DST, SRC) \
+ ((struct bpf_insn){.code = BPF_ALU | BPF_MOV | BPF_X, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = 0, \
+ .imm = 0})
+
+/* Conditional jumps against registers, if (dst_reg 'op' src_reg) goto pc + off16 */
+#define BPF_JMP_REG(OP, DST, SRC, OFF) \
+ ((struct bpf_insn){.code = BPF_JMP | BPF_OP(OP) | BPF_X, \
+ .dst_reg = DST, \
+ .src_reg = SRC, \
+ .off = OFF, \
+ .imm = 0})
+
+/* Conditional jumps against immediates, if (dst_reg 'op' imm32) goto pc + off16 */
+#define BPF_JMP_IMM(OP, DST, IMM, OFF) \
+ ((struct bpf_insn){.code = BPF_JMP | BPF_OP(OP) | BPF_K, \
+ .dst_reg = DST, \
+ .src_reg = 0, \
+ .off = OFF, \
+ .imm = IMM})
+
+/* Program exit */
+#define BPF_EXIT_INSN() \
+ ((struct bpf_insn){.code = BPF_JMP | BPF_EXIT, \
+ .dst_reg = 0, \
+ .src_reg = 0, \
+ .off = 0, \
+ .imm = 0})
+
+static int bpf_access_mask(const char *acc)
+{
+ int mask = 0;
+
+ if (!acc)
+ return mask;
+
+ for (; *acc; acc++)
+ switch (*acc) {
+ case 'r':
+ mask |= BPF_DEVCG_ACC_READ;
+ break;
+ case 'w':
+ mask |= BPF_DEVCG_ACC_WRITE;
+ break;
+ case 'm':
+ mask |= BPF_DEVCG_ACC_MKNOD;
+ break;
+ default:
+ return -EINVAL;
+ }
+
+ return mask;
+}
+
+static int bpf_device_type(char type)
+{
+ switch (type) {
+ case 'a':
+ return 0;
+ case 'b':
+ return BPF_DEVCG_DEV_BLOCK;
+ case 'c':
+ return BPF_DEVCG_DEV_CHAR;
+ }
+
+ return -1;
+}
+
+static inline bool bpf_device_all_access(int access_mask)
+{
+ return (access_mask == (BPF_DEVCG_ACC_READ | BPF_DEVCG_ACC_WRITE |
+ BPF_DEVCG_ACC_MKNOD));
+}
+
+struct bpf_program *bpf_program_new(uint32_t prog_type)
+{
+ __do_free struct bpf_program *prog = NULL;
+
+ prog = calloc(1, sizeof(struct bpf_program));
+ if (!prog)
+ return NULL;
+
+ prog->prog_type = prog_type;
+ prog->kernel_fd = -EBADF;
+ /*
+ * By default a whitelist is used unless the user tells us otherwise.
+ */
+ prog->device_list_type = LXC_BPF_DEVICE_CGROUP_WHITELIST;
+
+ return move_ptr(prog);
+}
+
+int bpf_program_init(struct bpf_program *prog)
+{
+ if (!prog)
+ return ret_set_errno(-1, EINVAL);
+
+ const struct bpf_insn pre_insn[] = {
+ /* load device type to r2 */
+ BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)),
+ BPF_ALU32_IMM(BPF_AND, BPF_REG_2, 0xFFFF),
+
+ /* load access type to r3 */
+ BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)),
+ BPF_ALU32_IMM(BPF_RSH, BPF_REG_3, 16),
+
+ /* load major number to r4 */
+ BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, major)),
+
+ /* load minor number to r5 */
+ BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, minor)),
+ };
+
+ return bpf_program_add_instructions(prog, pre_insn, ARRAY_SIZE(pre_insn));
+}
+
+int bpf_program_append_device(struct bpf_program *prog, struct device_item *device)
+{
+ int ret;
+ int jump_nr = 1;
+ struct bpf_insn bpf_access_decision[] = {
+ BPF_MOV64_IMM(BPF_REG_0, device->allow),
+ BPF_EXIT_INSN(),
+ };
+ int access_mask;
+ int device_type;
+
+ if (!prog || !device)
+ return ret_set_errno(-1, EINVAL);
+
+ /* This is a global rule so no need to append anything. */
+ if (device->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE) {
+ prog->device_list_type = device->global_rule;
+ return 0;
+ }
+
+ device_type = bpf_device_type(device->type);
+ if (device_type < 0)
+ return log_error_errno(-1, EINVAL, "Invalid bpf cgroup device type %c", device->type);
+
+ if (device_type > 0)
+ jump_nr++;
+
+ access_mask = bpf_access_mask(device->access);
+ if (!bpf_device_all_access(access_mask))
+ jump_nr += 3;
+
+ if (device->major != -1)
+ jump_nr++;
+
+ if (device->minor != -1)
+ jump_nr++;
+
+ if (device_type > 0) {
+ struct bpf_insn ins[] = {
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_2, device_type, jump_nr--),
+ };
+
+ ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
+ if (ret)
+ return log_error_errno(-1, errno, "Failed to add instructions to bpf cgroup program");
+ }
+
+ if (!bpf_device_all_access(access_mask)) {
+ struct bpf_insn ins[] = {
+ BPF_MOV32_REG(BPF_REG_1, BPF_REG_3),
+ BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access_mask),
+ BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, jump_nr),
+ };
+
+ jump_nr -= 3;
+ ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
+ if (ret)
+ return log_error_errno(-1, errno, "Failed to add instructions to bpf cgroup program");
+ }
+
+ if (device->major >= 0) {
+ struct bpf_insn ins[] = {
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_4, device->major, jump_nr--),
+ };
+
+ ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
+ if (ret)
+ return log_error_errno(-1, errno, "Failed to add instructions to bpf cgroup program");
+ }
+
+ if (device->minor >= 0) {
+ struct bpf_insn ins[] = {
+ BPF_JMP_IMM(BPF_JNE, BPF_REG_5, device->minor, jump_nr--),
+ };
+
+ ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
+ if (ret)
+ return log_error_errno(-1, errno, "Failed to add instructions to bpf cgroup program");
+ }
+
+ ret = bpf_program_add_instructions(prog, bpf_access_decision,
+ ARRAY_SIZE(bpf_access_decision));
+ if (ret)
+ return log_error_errno(-1, errno, "Failed to add instructions to bpf cgroup program");
+
+ return 0;
+}
+
+int bpf_program_finalize(struct bpf_program *prog)
+{
+ struct bpf_insn ins[] = {
+ BPF_MOV64_IMM(BPF_REG_0, prog->device_list_type),
+ BPF_EXIT_INSN(),
+ };
+
+ if (!prog)
+ return ret_set_errno(-1, EINVAL);
+
+ TRACE("Implementing %s bpf device cgroup program",
+ prog->device_list_type == LXC_BPF_DEVICE_CGROUP_BLACKLIST
+ ? "blacklist"
+ : "whitelist");
+ return bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins));
+}
+
+static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf,
+ size_t log_size)
+{
+ union bpf_attr attr;
+
+ if (prog->kernel_fd >= 0) {
+ memset(log_buf, 0, log_size);
+ return 0;
+ }
+
+ attr = (union bpf_attr){
+ .prog_type = prog->prog_type,
+ .insns = PTR_TO_UINT64(prog->instructions),
+ .insn_cnt = prog->n_instructions,
+ .license = PTR_TO_UINT64("GPL"),
+ .log_buf = PTR_TO_UINT64(log_buf),
+ .log_level = !!log_buf,
+ .log_size = log_size,
+ };
+
+ prog->kernel_fd = bpf(BPF_PROG_LOAD, &attr, sizeof(attr));
+ if (prog->kernel_fd < 0)
+ return log_error_errno(-1, errno, "Failed to load bpf program");
+
+ return 0;
+}
+
+int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
+ const char *path, uint32_t flags)
+{
+ __do_free char *copy = NULL;
+ __do_close_prot_errno int fd = -EBADF;
+ union bpf_attr attr;
+ int ret;
+
+ if (!prog)
+ return ret_set_errno(-1, EINVAL);
+
+ if (flags & ~(BPF_F_ALLOW_OVERRIDE, BPF_F_ALLOW_MULTI))
+ return log_error_errno(-1, EINVAL, "Invalid flags for bpf program");
+
+ if (prog->attached_path) {
+ if (prog->attached_type != type)
+ return log_error_errno(-1, EBUSY, "Wrong type for bpf program");
+
+ if (prog->attached_flags != flags)
+ return log_error_errno(-1, EBUSY, "Wrong flags for bpf program");
+
+ if (flags != BPF_F_ALLOW_OVERRIDE)
+ return true;
+ }
+
+ ret = bpf_program_load_kernel(prog, NULL, 0);
+ if (ret < 0)
+ return log_error_errno(-1, ret, "Failed to load bpf program");
+
+ copy = strdup(path);
+ if (!copy)
+ return log_error_errno(-1, ENOMEM, "Failed to duplicate cgroup path %s", path);
+
+ fd = open(path, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
+ if (fd < 0)
+ return log_error_errno(-1, errno, "Failed to open cgroup path %s", path);
+
+ attr = (union bpf_attr){
+ .attach_type = type,
+ .target_fd = fd,
+ .attach_bpf_fd = prog->kernel_fd,
+ .attach_flags = flags,
+ };
+
+ ret = bpf(BPF_PROG_ATTACH, &attr, sizeof(attr));
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to attach bpf program");
+
+ free_replace_move_ptr(prog->attached_path, copy);
+ prog->attached_type = type;
+ prog->attached_flags = flags;
+
+ TRACE("Loaded and attached bpf program to cgroup %s", prog->attached_path);
+ return 0;
+}
+
+int bpf_program_cgroup_detach(struct bpf_program *prog)
+{
+ int ret;
+ __do_close_prot_errno int fd = -EBADF;
+
+ if (!prog)
+ return 0;
+
+ if (!prog->attached_path)
+ return 0;
+
+ fd = open(prog->attached_path, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
+ if (fd < 0) {
+ if (errno != ENOENT)
+ return log_error_errno(-1, errno, "Failed to open attach cgroup %s",
+ prog->attached_path);
+ } else {
+ union bpf_attr attr;
+
+ attr = (union bpf_attr){
+ .attach_type = prog->attached_type,
+ .target_fd = fd,
+ .attach_bpf_fd = prog->kernel_fd,
+ };
+
+ ret = bpf(BPF_PROG_DETACH, &attr, sizeof(attr));
+ if (ret < 0)
+ return log_error_errno(-1, errno, "Failed to detach bpf program from cgroup %s",
+ prog->attached_path);
+ }
+
+ free(prog->attached_path);
+ prog->attached_path = NULL;
+
+ return 0;
+}
+
+void lxc_clear_cgroup2_devices(struct lxc_conf *conf)
+{
+ if (conf->cgroup2_devices) {
+ (void)bpf_program_cgroup_detach(conf->cgroup2_devices);
+ (void)bpf_program_free(conf->cgroup2_devices);
+ }
+}
+
+int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device)
+{
+ __do_free struct lxc_list *list_elem = NULL;
+ __do_free struct device_item *new_device = NULL;
+ struct lxc_list *it;
+
+ lxc_list_for_each(it, &conf->devices) {
+ struct device_item *cur = it->elem;
+
+ if (cur->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE &&
+ device->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE) {
+ TRACE("Switched from %s to %s",
+ cur->global_rule == LXC_BPF_DEVICE_CGROUP_WHITELIST
+ ? "whitelist"
+ : "blacklist",
+ device->global_rule == LXC_BPF_DEVICE_CGROUP_WHITELIST
+ ? "whitelist"
+ : "blacklist");
+ cur->global_rule = device->global_rule;
+ return 1;
+ }
+
+ if (cur->type != device->type)
+ continue;
+ if (cur->major != device->major)
+ continue;
+ if (cur->minor != device->minor)
+ continue;
+ if (strcmp(cur->access, device->access))
+ continue;
+
+ /*
+ * The rule is switched from allow to deny or vica versa so
+ * don't bother allocating just flip the existing one.
+ */
+ if (cur->allow != device->allow) {
+ cur->allow = device->allow;
+ return log_trace(0, "Switched existing rule of bpf device program: type %c, major %d, minor %d, access %s, allow %d, global_rule %d",
+ cur->type, cur->major, cur->minor,
+ cur->access, cur->allow,
+ cur->global_rule);
+ }
+
+ return log_trace(1, "Reusing existing rule of bpf device program: type %c, major %d, minor %d, access %s, allow %d, global_rule %d",
+ cur->type, cur->major, cur->minor, cur->access,
+ cur->allow, cur->global_rule);
+ }
+
+ list_elem = malloc(sizeof(*list_elem));
+ if (!list_elem)
+ return log_error_errno(-1, ENOMEM, "Failed to allocate new device list");
+
+ new_device = memdup(device, sizeof(struct device_item));
+ if (!new_device)
+ return log_error_errno(-1, ENOMEM, "Failed to allocate new device item");
+
+ lxc_list_add_elem(list_elem, move_ptr(new_device));
+ lxc_list_add_tail(&conf->devices, move_ptr(list_elem));
+
+ return 0;
+}
+
+bool bpf_devices_cgroup_supported(void)
+{
+ const struct bpf_insn dummy[] = {
+ BPF_MOV64_IMM(BPF_REG_0, 1),
+ BPF_EXIT_INSN(),
+ };
+
+ __do_bpf_program_free struct bpf_program *prog = NULL;
+ int ret;
+
+ if (geteuid() != 0)
+ return log_trace(false,
+ "The bpf device cgroup requires real root");
+
+ prog = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);
+ if (prog < 0)
+ return log_trace(false, "Failed to allocate new bpf device cgroup program");
+
+ ret = bpf_program_add_instructions(prog, dummy, ARRAY_SIZE(dummy));
+ if (ret < 0)
+ return log_trace(false, "Failed to add new instructions to bpf device cgroup program");
+
+ ret = bpf_program_load_kernel(prog, NULL, 0);
+ if (ret < 0)
+ return log_trace(false, "Failed to load new bpf device cgroup program");
+
+ return log_trace(true, "The bpf device cgroup is supported");
+}
+#endif
--- /dev/null
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+/* Parts of this taken from systemd's implementation. */
+
+#ifndef __LXC_CGROUP2_DEVICES_H
+#define __LXC_CGROUP2_DEVICES_H
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#include "conf.h"
+#include "config.h"
+
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+#include <linux/bpf.h>
+#include <linux/filter.h>
+#endif
+
+#if !HAVE_BPF
+#if !(defined __NR_bpf && __NR_bpf > 0)
+#if defined __NR_bpf
+#undef __NR_bpf
+#endif
+#if defined __i386__
+#define __NR_bpf 357
+#elif defined __x86_64__
+#define __NR_bpf 321
+#elif defined __aarch64__
+#define __NR_bpf 280
+#elif defined __arm__
+#define __NR_bpf 386
+#elif defined __sparc__
+#define __NR_bpf 349
+#elif defined __s390__
+#define __NR_bpf 351
+#elif defined __tilegx__
+#define __NR_bpf 280
+#else
+#warning "__NR_bpf not defined for your architecture"
+#endif
+#endif
+
+union bpf_attr;
+
+static inline int missing_bpf(int cmd, union bpf_attr *attr, size_t size)
+{
+#ifdef __NR_bpf
+ return (int)syscall(__NR_bpf, cmd, attr, size);
+#else
+ errno = ENOSYS;
+ return -1;
+#endif
+}
+
+#define bpf missing_bpf
+#endif
+
+struct bpf_program {
+ int device_list_type;
+ int kernel_fd;
+ uint32_t prog_type;
+
+ size_t n_instructions;
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+ struct bpf_insn *instructions;
+#endif
+
+ char *attached_path;
+ int attached_type;
+ uint32_t attached_flags;
+};
+
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+struct bpf_program *bpf_program_new(uint32_t prog_type);
+int bpf_program_init(struct bpf_program *prog);
+int bpf_program_append_device(struct bpf_program *prog,
+ struct device_item *device);
+int bpf_program_finalize(struct bpf_program *prog);
+int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
+ const char *path, uint32_t flags);
+int bpf_program_cgroup_detach(struct bpf_program *prog);
+void bpf_program_free(struct bpf_program *prog);
+void lxc_clear_cgroup2_devices(struct lxc_conf *conf);
+bool bpf_devices_cgroup_supported(void);
+static inline void __auto_bpf_program_free__(struct bpf_program **prog)
+{
+ if (*prog) {
+ bpf_program_free(*prog);
+ *prog = NULL;
+ }
+}
+int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device);
+#else
+static inline struct bpf_program *bpf_program_new(uint32_t prog_type)
+{
+ errno = ENOSYS;
+ return NULL;
+}
+
+static inline int bpf_program_init(struct bpf_program *prog)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
+static inline int bpf_program_append_device(struct bpf_program *prog, char type,
+ int major, int minor,
+ const char *access, int allow)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
+static inline int bpf_program_finalize(struct bpf_program *prog)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
+static inline int bpf_program_cgroup_attach(struct bpf_program *prog, int type,
+ const char *path, uint32_t flags)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
+static inline int bpf_program_cgroup_detach(struct bpf_program *prog)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
+static inline void bpf_program_free(struct bpf_program *prog)
+{
+}
+
+static inline void lxc_clear_cgroup2_devices(struct lxc_conf *conf)
+{
+}
+
+static inline bool bpf_devices_cgroup_supported(void)
+{
+ return false;
+}
+
+static inline void __auto_bpf_program_free__(struct bpf_program **prog)
+{
+}
+
+static inline int bpf_list_add_device(struct lxc_conf *conf,
+ struct device_item *device)
+{
+ errno = ENOSYS;
+ return -1;
+}
+#endif
+
+#define __do_bpf_program_free \
+ __attribute__((__cleanup__(__auto_bpf_program_free__)))
+
+#endif /* __LXC_CGROUP2_DEVICES_H */
-/*
- * lxc: linux Container library
- *
- * Copyright © 2017 Canonical Ltd.
- *
- * Authors:
- * Serge Hallyn <serge.hallyn@ubuntu.com>
- * Christian Brauner <christian.brauner@ubuntu.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
+#include <sys/vfs.h>
#include <unistd.h>
+#include "cgroup.h"
#include "cgroup_utils.h"
#include "config.h"
+#include "file_utils.h"
#include "macro.h"
#include "memory_utils.h"
#include "utils.h"
return (access(cgroup_threads_file, W_OK) == 0);
}
+
+int unified_cgroup_hierarchy(void)
+{
+
+ int ret;
+ struct statfs fs;
+
+ ret = statfs(DEFAULT_CGROUP_MOUNTPOINT, &fs);
+ if (ret < 0)
+ return -ENOMEDIUM;
+
+ if (is_fs_type(&fs, CGROUP2_SUPER_MAGIC))
+ return CGROUP2_SUPER_MAGIC;
+
+ return 0;
+}
-/*
- * lxc: linux Container library
- *
- * Copyright © 2017 Canonical Ltd.
- *
- * Authors:
- * Serge Hallyn <serge.hallyn@ubuntu.com>
- * Christian Brauner <christian.brauner@ubuntu.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_CGROUP_UTILS_H
#define __LXC_CGROUP_UTILS_H
*/
extern bool test_writeable_v2(char *mountpoint, char *path);
+extern int unified_cgroup_hierarchy(void);
+
#endif /* __LXC_CGROUP_UTILS_H */
+# SPDX-License-Identifier: LGPL-2.1+
+
#!/bin/sh
# Allow environment variables to override config
+# SPDX-License-Identifier: LGPL-2.1+
+
#!/bin/sh
# Make sure the usual locations are in PATH
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * Copyright © 2012 Oracle.
- *
- * Authors:
- * Dwight Engen <dwight.engen@oracle.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- *
- * Copyright © 2013 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2013 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * (C) Copyright IBM Corp. 2008
- * (C) Copyright Canonical, Inc 2010-2013
- *
- * Authors:
- * Serge Hallyn <serge.hallyn@ubuntu.com>
- * (Once upon a time, this was based on nsexec from the IBM
- * container tools)
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
static void usage(const char *name)
{
- printf("usage: %s [-h] [-m <uid-maps>] -- [command [arg ..]]\n", name);
+ printf("usage: %s [-h] [-m <uid-maps>] [-s] -- [command [arg ..]]\n", name);
printf("\n");
printf(" -h this message\n");
printf("\n");
printf(" -m <uid-maps> uid maps to use\n");
printf("\n");
+ printf(" -s: map self\n");
printf(" uid-maps: [u|g|b]:ns_id:host_id:range\n");
printf(" [u|g|b]: map user id, group id, or both\n");
printf(" ns_id: the base id in the new namespace\n");
static struct lxc_list active_map;
+static int add_map_entry(long host_id, long ns_id, long range, int which)
+{
+ struct lxc_list *tmp = NULL;
+ struct id_map *newmap;
+
+ newmap = malloc(sizeof(*newmap));
+ if (!newmap)
+ return -1;
+
+ newmap->hostid = host_id;
+ newmap->nsid = ns_id;
+ newmap->range = range;
+ newmap->idtype = which;
+ tmp = malloc(sizeof(*tmp));
+ if (!tmp) {
+ free(newmap);
+ return -1;
+ }
+
+ tmp->elem = newmap;
+ lxc_list_add_tail(&active_map, tmp);
+ return 0;
+}
+
/*
* Given a string like "b:0:100000:10", map both uids and gids 0-10 to 100000
* to 100010
*/
static int parse_map(char *map)
{
- int i, ret;
+ int i, ret, idtype;
long host_id, ns_id, range;
char which;
- struct id_map *newmap;
char types[2] = {'u', 'g'};
- struct lxc_list *tmp = NULL;
if (!map)
return -1;
if (which != types[i] && which != 'b')
continue;
- newmap = malloc(sizeof(*newmap));
- if (!newmap)
- return -1;
-
- newmap->hostid = host_id;
- newmap->nsid = ns_id;
- newmap->range = range;
-
if (types[i] == 'u')
- newmap->idtype = ID_TYPE_UID;
+ idtype = ID_TYPE_UID;
else
- newmap->idtype = ID_TYPE_GID;
+ idtype = ID_TYPE_GID;
- tmp = malloc(sizeof(*tmp));
- if (!tmp) {
- free(newmap);
- return -1;
- }
-
- tmp->elem = newmap;
- lxc_list_add_tail(&active_map, tmp);
+ ret = add_map_entry(host_id, ns_id, range, idtype);
+ if (ret < 0)
+ return ret;
}
return 0;
unsigned long ul1, ul2;
int ret = -1;
size_t sz = 0;
- struct lxc_list *tmp = NULL;
- struct id_map *newmap = NULL;
fin = fopen(fnam, "r");
if (!fin)
if (ret < 0)
break;
- ret = -1;
- newmap = malloc(sizeof(*newmap));
- if (!newmap)
- break;
-
- newmap->nsid = 0;
- newmap->idtype = which;
- newmap->hostid = ul1;
- newmap->range = ul2;
-
- tmp = malloc(sizeof(*tmp));
- if (!tmp) {
- free(newmap);
- break;
- }
-
- tmp->elem = newmap;
- lxc_list_add_tail(&active_map, tmp);
-
- ret = 0;
+ ret = add_map_entry(ul1, 0, ul2, which);
break;
}
return 0;
}
+static bool is_in_ns_range(long id, struct id_map *map)
+{
+ if (id < map->nsid)
+ return false;
+ if (id >= map->nsid + map->range)
+ return false;
+ return true;
+}
+
+static bool do_map_self(void)
+{
+ struct id_map *map;
+ long nsuid = 0, nsgid = 0;
+ struct lxc_list *tmp = NULL;
+ int ret;
+
+ lxc_list_for_each(tmp, &active_map) {
+ map = tmp->elem;
+ if (map->idtype == ID_TYPE_UID) {
+ if (is_in_ns_range(nsuid, map))
+ nsuid += map->range;
+ } else {
+ if (is_in_ns_range(nsgid, map))
+ nsgid += map->range;
+ }
+ }
+
+ ret = add_map_entry(getgid(), nsgid, 1, ID_TYPE_GID);
+ if (ret < 0)
+ return false;
+ ret = add_map_entry(getuid(), nsuid, 1, ID_TYPE_UID);
+ if (ret < 0)
+ return false;
+ return true;
+}
+
int main(int argc, char *argv[])
{
int c, pid, ret, status;
unsigned long flags = CLONE_NEWUSER | CLONE_NEWNS;
char ttyname0[256] = {0}, ttyname1[256] = {0}, ttyname2[256] = {0};
char *default_args[] = {"/bin/sh", NULL};
+ bool map_self = false;
lxc_log_fd = STDERR_FILENO;
lxc_list_init(&active_map);
- while ((c = getopt(argc, argv, "m:h")) != EOF) {
+ while ((c = getopt(argc, argv, "m:hs")) != EOF) {
switch (c) {
case 'm':
ret = parse_map(optarg);
case 'h':
usage(argv[0]);
_exit(EXIT_SUCCESS);
+ case 's':
+ map_self = true;
+ break;
default:
usage(argv[0]);
_exit(EXIT_FAILURE);
}
}
+ // Do we want to support map-self with no other allocations?
+ // If so we should move this above the previous block.
+ if (map_self) {
+ if (!do_map_self()) {
+ fprintf(stderr, "Failed mapping own uid\n");
+ _exit(EXIT_FAILURE);
+ }
+ }
+
argv = &argv[optind];
argc = argc - optind;
if (argc < 1)
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2009
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
#include "af_unix.h"
#include "cgroup.h"
+#include "cgroups/cgroup2_devices.h"
#include "commands.h"
#include "commands_utils.h"
#include "conf.h"
static const char *lxc_cmd_str(lxc_cmd_t cmd)
{
static const char *const cmdname[LXC_CMD_MAX] = {
- [LXC_CMD_CONSOLE] = "console",
- [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
- [LXC_CMD_STOP] = "stop",
- [LXC_CMD_GET_STATE] = "get_state",
- [LXC_CMD_GET_INIT_PID] = "get_init_pid",
- [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
- [LXC_CMD_GET_CGROUP] = "get_cgroup",
- [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
- [LXC_CMD_GET_NAME] = "get_name",
- [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
- [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
- [LXC_CMD_CONSOLE_LOG] = "console_log",
- [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
- [LXC_CMD_SECCOMP_NOTIFY_ADD_LISTENER] = "seccomp_notify_add_listener",
+ [LXC_CMD_CONSOLE] = "console",
+ [LXC_CMD_TERMINAL_WINCH] = "terminal_winch",
+ [LXC_CMD_STOP] = "stop",
+ [LXC_CMD_GET_STATE] = "get_state",
+ [LXC_CMD_GET_INIT_PID] = "get_init_pid",
+ [LXC_CMD_GET_CLONE_FLAGS] = "get_clone_flags",
+ [LXC_CMD_GET_CGROUP] = "get_cgroup",
+ [LXC_CMD_GET_CONFIG_ITEM] = "get_config_item",
+ [LXC_CMD_GET_NAME] = "get_name",
+ [LXC_CMD_GET_LXCPATH] = "get_lxcpath",
+ [LXC_CMD_ADD_STATE_CLIENT] = "add_state_client",
+ [LXC_CMD_CONSOLE_LOG] = "console_log",
+ [LXC_CMD_SERVE_STATE_CLIENTS] = "serve_state_clients",
+ [LXC_CMD_SECCOMP_NOTIFY_ADD_LISTENER] = "seccomp_notify_add_listener",
+ [LXC_CMD_ADD_BPF_DEVICE_CGROUP] = "add_bpf_device_cgroup",
+ [LXC_CMD_FREEZE] = "freeze",
+ [LXC_CMD_UNFREEZE] = "unfreeze",
+ [LXC_CMD_GET_CGROUP2_FD] = "get_cgroup2_fd",
};
if (cmd >= LXC_CMD_MAX)
*/
static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd)
{
- int ret, rspfd;
+ __do_close_prot_errno int fd_rsp = -EBADF;
+ int ret;
struct lxc_cmd_rsp *rsp = &cmd->rsp;
- ret = lxc_abstract_unix_recv_fds(sock, &rspfd, 1, rsp, sizeof(*rsp));
- if (ret < 0) {
- SYSWARN("Failed to receive response for command \"%s\"",
- lxc_cmd_str(cmd->req.cmd));
-
- if (errno == ECONNRESET)
- return -1;
-
- return -1;
- }
+ ret = lxc_abstract_unix_recv_fds(sock, &fd_rsp, 1, rsp, sizeof(*rsp));
+ if (ret < 0)
+ return log_warn_errno(-1,
+ errno, "Failed to receive response for command \"%s\"",
+ lxc_cmd_str(cmd->req.cmd));
TRACE("Command \"%s\" received response", lxc_cmd_str(cmd->req.cmd));
if (cmd->req.cmd == LXC_CMD_CONSOLE) {
return 0;
rspdata = malloc(sizeof(*rspdata));
- if (!rspdata) {
- errno = ENOMEM;
- ERROR("Failed to allocate response buffer for command \"%s\"",
- lxc_cmd_str(cmd->req.cmd));
- return -1;
- }
+ if (!rspdata)
+ return log_warn_errno(-1,
+ ENOMEM, "Failed to receive response for command \"%s\"",
+ lxc_cmd_str(cmd->req.cmd));
- rspdata->masterfd = rspfd;
+ rspdata->masterfd = move_fd(fd_rsp);
rspdata->ttynum = PTR_TO_INT(rsp->data);
rsp->data = rspdata;
}
- if (rsp->datalen == 0) {
- DEBUG("Response data length for command \"%s\" is 0",
- lxc_cmd_str(cmd->req.cmd));
- return ret;
+ if (cmd->req.cmd == LXC_CMD_GET_CGROUP2_FD) {
+ int cgroup2_fd = move_fd(fd_rsp);
+ rsp->data = INT_TO_PTR(cgroup2_fd);
}
+ if (rsp->datalen == 0)
+ return log_debug(ret,
+ "Response data length for command \"%s\" is 0",
+ lxc_cmd_str(cmd->req.cmd));
+
if ((rsp->datalen > LXC_CMD_DATA_MAX) &&
- (cmd->req.cmd != LXC_CMD_CONSOLE_LOG)) {
- ERROR("Response data for command \"%s\" is too long: %d bytes > %d",
- lxc_cmd_str(cmd->req.cmd), rsp->datalen, LXC_CMD_DATA_MAX);
- return -1;
- }
+ (cmd->req.cmd != LXC_CMD_CONSOLE_LOG))
+ return log_error(-1, "Response data for command \"%s\" is too long: %d bytes > %d",
+ lxc_cmd_str(cmd->req.cmd), rsp->datalen,
+ LXC_CMD_DATA_MAX);
if (cmd->req.cmd == LXC_CMD_CONSOLE_LOG) {
rsp->data = malloc(rsp->datalen + 1);
} else {
rsp->data = malloc(rsp->datalen);
}
- if (!rsp->data) {
- errno = ENOMEM;
- ERROR("Failed to allocate response buffer for command \"%s\"",
- lxc_cmd_str(cmd->req.cmd));
- return -1;
- }
+ if (!rsp->data)
+ return log_error_errno(-1,
+ ENOMEM, "Failed to allocate response buffer for command \"%s\"",
+ lxc_cmd_str(cmd->req.cmd));
ret = lxc_recv_nointr(sock, rsp->data, rsp->datalen, 0);
- if (ret != rsp->datalen) {
- SYSERROR("Failed to receive response data for command \"%s\"",
- lxc_cmd_str(cmd->req.cmd));
- return -1;
- }
+ if (ret != rsp->datalen)
+ return log_error_errno(-1,
+ errno, "Failed to receive response data for command \"%s\"",
+ lxc_cmd_str(cmd->req.cmd));
return ret;
}
memset(&rsp, 0, sizeof(rsp));
rsp.ret = kill(handler->pid, stopsignal);
if (!rsp.ret) {
- /* We can't just use lxc_unfreeze() since we are already in the
- * context of handling the STOP cmd in lxc-start, and calling
- * lxc_unfreeze() would do another cmd (GET_CGROUP) which would
- * deadlock us.
- */
- if (!cgroup_ops->get_cgroup(cgroup_ops, "freezer"))
- return 0;
-
- if (cgroup_ops->unfreeze(cgroup_ops))
+ rsp.ret = cgroup_ops->unfreeze(cgroup_ops, -1);
+ if (!rsp.ret)
return 0;
ERROR("Failed to unfreeze container \"%s\"", handler->name);
- rsp.ret = -1;
+ rsp.ret = -errno;
+ } else {
+ rsp.ret = -errno;
}
return lxc_cmd_rsp_send(fd, &rsp);
return 1;
}
+int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
+ struct device_item *device)
+{
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+ int stopped = 0;
+ struct lxc_cmd_rr cmd = {
+ .req = {
+ .cmd = LXC_CMD_ADD_BPF_DEVICE_CGROUP,
+ .data = device,
+ .datalen = sizeof(struct device_item),
+ },
+ };
+ int ret;
+
+ if (strlen(device->access) > STRLITERALLEN("rwm"))
+ return log_error_errno(-1, EINVAL, "Invalid access mode specified %s",
+ device->access);
+
+ ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
+ if (ret < 0 || cmd.rsp.ret < 0)
+ return log_error_errno(-1, errno, "Failed to add new bpf device cgroup rule");
+
+ return 0;
+#else
+ return ret_set_errno(-1, ENOSYS);
+#endif
+}
+
+static int lxc_cmd_add_bpf_device_cgroup_callback(int fd, struct lxc_cmd_req *req,
+ struct lxc_handler *handler,
+ struct lxc_epoll_descr *descr)
+{
+#ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX
+ __do_bpf_program_free struct bpf_program *devices = NULL;
+ struct lxc_cmd_rsp rsp = {0};
+ struct lxc_conf *conf = handler->conf;
+ struct hierarchy *unified = handler->cgroup_ops->unified;
+ struct lxc_list *list_elem = NULL;
+ struct device_item *new_device = NULL;
+ int ret;
+ struct lxc_list *it;
+ struct device_item *device;
+ struct bpf_program *devices_old;
+
+ if (req->datalen <= 0)
+ goto reap_client_fd;
+
+ if (req->datalen != sizeof(struct device_item))
+ goto reap_client_fd;
+
+ if (!req->data)
+ goto reap_client_fd;
+ device = (struct device_item *)req->data;
+
+ rsp.ret = -1;
+ if (!unified)
+ goto respond;
+
+ ret = bpf_list_add_device(conf, device);
+ if (ret < 0)
+ goto respond;
+
+ devices = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE);
+ if (!devices)
+ goto respond;
+
+ ret = bpf_program_init(devices);
+ if (ret)
+ goto respond;
+
+ lxc_list_for_each(it, &conf->devices) {
+ struct device_item *cur = it->elem;
+
+ ret = bpf_program_append_device(devices, cur);
+ if (ret)
+ goto respond;
+ }
+
+ ret = bpf_program_finalize(devices);
+ if (ret)
+ goto respond;
+
+ ret = bpf_program_cgroup_attach(devices, BPF_CGROUP_DEVICE,
+ unified->container_full_path,
+ BPF_F_ALLOW_MULTI);
+ if (ret)
+ goto respond;
+
+ /* Replace old bpf program. */
+ devices_old = move_ptr(conf->cgroup2_devices);
+ conf->cgroup2_devices = move_ptr(devices);
+ devices = move_ptr(devices_old);
+
+ rsp.ret = 0;
+
+respond:
+ ret = lxc_cmd_rsp_send(fd, &rsp);
+ if (ret < 0)
+ goto reap_client_fd;
+
+ return 0;
+
+reap_client_fd:
+ /* Special indicator to lxc_cmd_handler() to close the fd and do related
+ * cleanup.
+ */
+ return 1;
+#else
+ return ret_set_errno(-1, ENOSYS);
+#endif
+}
+
int lxc_cmd_console_log(const char *name, const char *lxcpath,
struct lxc_console_log *log)
{
return cmd.rsp.ret;
#else
- return minus_one_set_errno(ENOSYS);
+ return ret_set_errno(-1, ENOSYS);
#endif
}
#ifdef HAVE_SECCOMP_NOTIFY
int ret;
__do_close_prot_errno int recv_fd = -EBADF;
- int notify_fd = -EBADF;
ret = lxc_abstract_unix_recv_fds(fd, &recv_fd, 1, NULL, 0);
if (ret <= 0) {
rsp.ret = -errno;
goto out;
}
- notify_fd = move_fd(recv_fd);
+ move_fd(recv_fd);
out:
#else
return lxc_cmd_rsp_send(fd, &rsp);
}
+int lxc_cmd_freeze(const char *name, const char *lxcpath, int timeout)
+{
+ int ret, stopped;
+ struct lxc_cmd_rr cmd = {
+ .req = {
+ .cmd = LXC_CMD_FREEZE,
+ .data = INT_TO_PTR(timeout),
+ },
+ };
+
+ ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
+ if (ret <= 0 || cmd.rsp.ret < 0)
+ return log_error_errno(-1, errno, "Failed to freeze container");
+
+ return cmd.rsp.ret;
+}
+
+static int lxc_cmd_freeze_callback(int fd, struct lxc_cmd_req *req,
+ struct lxc_handler *handler,
+ struct lxc_epoll_descr *descr)
+{
+ int timeout = PTR_TO_INT(req->data);
+ struct lxc_cmd_rsp rsp = {
+ .ret = -ENOENT,
+ };
+ struct cgroup_ops *ops = handler->cgroup_ops;
+
+ if (pure_unified_layout(ops))
+ rsp.ret = ops->freeze(ops, timeout);
+
+ return lxc_cmd_rsp_send(fd, &rsp);
+}
+
+int lxc_cmd_unfreeze(const char *name, const char *lxcpath, int timeout)
+{
+ int ret, stopped;
+ struct lxc_cmd_rr cmd = {
+ .req = {
+ .cmd = LXC_CMD_UNFREEZE,
+ .data = INT_TO_PTR(timeout),
+ },
+ };
+
+ ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
+ if (ret <= 0 || cmd.rsp.ret < 0)
+ return log_error_errno(-1, errno, "Failed to unfreeze container");
+
+ return cmd.rsp.ret;
+}
+
+static int lxc_cmd_unfreeze_callback(int fd, struct lxc_cmd_req *req,
+ struct lxc_handler *handler,
+ struct lxc_epoll_descr *descr)
+{
+ int timeout = PTR_TO_INT(req->data);
+ struct lxc_cmd_rsp rsp = {
+ .ret = -ENOENT,
+ };
+ struct cgroup_ops *ops = handler->cgroup_ops;
+
+ if (pure_unified_layout(ops))
+ rsp.ret = ops->unfreeze(ops, timeout);
+
+ return lxc_cmd_rsp_send(fd, &rsp);
+}
+
+int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath)
+{
+ int ret, stopped;
+ struct lxc_cmd_rr cmd = {
+ .req = {
+ .cmd = LXC_CMD_GET_CGROUP2_FD,
+ },
+ };
+
+ ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
+ if (ret < 0)
+ return -1;
+
+ if (cmd.rsp.ret < 0)
+ return log_debug_errno(-1, errno, "Failed to receive cgroup2 fd");
+
+ return PTR_TO_INT(cmd.rsp.data);
+}
+
+static int lxc_cmd_get_cgroup2_fd_callback(int fd, struct lxc_cmd_req *req,
+ struct lxc_handler *handler,
+ struct lxc_epoll_descr *descr)
+{
+ struct lxc_cmd_rsp rsp = {
+ .ret = -EINVAL,
+ };
+ struct cgroup_ops *ops = handler->cgroup_ops;
+ int ret;
+
+ if (!pure_unified_layout(ops) || !ops->unified)
+ return lxc_cmd_rsp_send(fd, &rsp);
+
+ rsp.ret = 0;
+ ret = lxc_abstract_unix_send_fds(fd, &ops->unified->cgfd_con, 1, &rsp,
+ sizeof(rsp));
+ if (ret < 0)
+ return log_error(1, "Failed to send cgroup2 fd");
+
+ return 0;
+}
+
static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
struct lxc_handler *handler,
struct lxc_epoll_descr *descr)
struct lxc_epoll_descr *);
callback cb[LXC_CMD_MAX] = {
- [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
- [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
- [LXC_CMD_STOP] = lxc_cmd_stop_callback,
- [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
- [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
- [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
- [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
- [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
- [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
- [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
- [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
- [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
- [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
- [LXC_CMD_SECCOMP_NOTIFY_ADD_LISTENER] = lxc_cmd_seccomp_notify_add_listener_callback,
+ [LXC_CMD_CONSOLE] = lxc_cmd_console_callback,
+ [LXC_CMD_TERMINAL_WINCH] = lxc_cmd_terminal_winch_callback,
+ [LXC_CMD_STOP] = lxc_cmd_stop_callback,
+ [LXC_CMD_GET_STATE] = lxc_cmd_get_state_callback,
+ [LXC_CMD_GET_INIT_PID] = lxc_cmd_get_init_pid_callback,
+ [LXC_CMD_GET_CLONE_FLAGS] = lxc_cmd_get_clone_flags_callback,
+ [LXC_CMD_GET_CGROUP] = lxc_cmd_get_cgroup_callback,
+ [LXC_CMD_GET_CONFIG_ITEM] = lxc_cmd_get_config_item_callback,
+ [LXC_CMD_GET_NAME] = lxc_cmd_get_name_callback,
+ [LXC_CMD_GET_LXCPATH] = lxc_cmd_get_lxcpath_callback,
+ [LXC_CMD_ADD_STATE_CLIENT] = lxc_cmd_add_state_client_callback,
+ [LXC_CMD_CONSOLE_LOG] = lxc_cmd_console_log_callback,
+ [LXC_CMD_SERVE_STATE_CLIENTS] = lxc_cmd_serve_state_clients_callback,
+ [LXC_CMD_SECCOMP_NOTIFY_ADD_LISTENER] = lxc_cmd_seccomp_notify_add_listener_callback,
+ [LXC_CMD_ADD_BPF_DEVICE_CGROUP] = lxc_cmd_add_bpf_device_cgroup_callback,
+ [LXC_CMD_FREEZE] = lxc_cmd_freeze_callback,
+ [LXC_CMD_UNFREEZE] = lxc_cmd_unfreeze_callback,
+ [LXC_CMD_GET_CGROUP2_FD] = lxc_cmd_get_cgroup2_fd_callback,
};
- if (req->cmd >= LXC_CMD_MAX) {
- ERROR("Undefined command id %d", req->cmd);
- return -1;
- }
+ if (req->cmd >= LXC_CMD_MAX)
+ return log_error_errno(-1, ENOENT, "Undefined command id %d", req->cmd);
+
return cb[req->cmd](fd, req, handler, descr);
}
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2009
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_COMMANDS_H
#define __LXC_COMMANDS_H
LXC_CMD_CONSOLE_LOG,
LXC_CMD_SERVE_STATE_CLIENTS,
LXC_CMD_SECCOMP_NOTIFY_ADD_LISTENER,
+ LXC_CMD_ADD_BPF_DEVICE_CGROUP,
+ LXC_CMD_FREEZE,
+ LXC_CMD_UNFREEZE,
+ LXC_CMD_GET_CGROUP2_FD,
LXC_CMD_MAX,
} lxc_cmd_t;
/* unused */ unsigned int command,
/* unused */ unsigned int flags);
+struct device_item;
+extern int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath,
+ struct device_item *device);
+extern int lxc_cmd_freeze(const char *name, const char *lxcpath, int timeout);
+extern int lxc_cmd_unfreeze(const char *name, const char *lxcpath, int timeout);
+extern int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath);
+
#endif /* __commands_h */
-/* liblxcapi
- *
- * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2019 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/* liblxcapi
- *
- * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2019 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_COMMANDS_UTILS_H
#define __LXC_COMMANDS_UTILS_H
-/* liblxcapi
- *
- * Copyright © 2018 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2018 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_COMPILER_H
#define __LXC_COMPILER_H
#define __returns_twice __attribute__((returns_twice))
#endif
+/* This attribute is required to silence clang warnings */
+#if defined(__GNUC__)
+#define __lxc_unused __attribute__ ((unused))
+#else
+#define __lxc_unused
+#endif
+
#define __cgfsng_ops
#endif /* __LXC_COMPILER_H */
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
#include "af_unix.h"
#include "caps.h"
#include "cgroup.h"
+#include "cgroup2_devices.h"
#include "conf.h"
#include "config.h"
#include "confile.h"
SYSWARN("Failed to set FD_CLOEXEC flag on slave fd %d of "
"tty device \"%s\"", tty->slave, tty->name);
- tty->busy = 0;
+ tty->busy = -1;
}
INFO("Finished creating %zu tty devices", ttys->max);
{
struct mount_opt *mo;
- /* If opt is found in mount_opt, set or clear flags.
- * Otherwise append it to data. */
-
- for (mo = &mount_opt[0]; mo->name != NULL; mo++) {
- if (strncmp(opt, mo->name, strlen(mo->name)) == 0) {
- if (mo->clear)
- *flags &= ~mo->flag;
- else
- *flags |= mo->flag;
- return;
+ /* If '=' is contained in opt, the option must go into data. */
+ if (!strchr(opt, '=')) {
+
+ /* If opt is found in mount_opt, set or clear flags.
+ * Otherwise append it to data. */
+ size_t opt_len = strlen(opt);
+ for (mo = &mount_opt[0]; mo->name != NULL; mo++) {
+ size_t mo_name_len = strlen(mo->name);
+ if (opt_len == mo_name_len && strncmp(opt, mo->name, mo_name_len) == 0) {
+ if (mo->clear)
+ *flags &= ~mo->flag;
+ else
+ *flags |= mo->flag;
+ return;
+ }
}
}
new->logfd = -1;
lxc_list_init(&new->cgroup);
lxc_list_init(&new->cgroup2);
+ lxc_list_init(&new->devices);
lxc_list_init(&new->network);
lxc_list_init(&new->mount_list);
lxc_list_init(&new->caps);
return 0;
}
+static void lxc_clear_devices(struct lxc_conf *conf)
+{
+ struct lxc_list *list = &conf->devices;
+ struct lxc_list *it, *next;
+
+ lxc_list_for_each_safe(it, list, next) {
+ lxc_list_del(it);
+ free(it);
+ }
+}
+
int lxc_clear_limits(struct lxc_conf *c, const char *key)
{
struct lxc_list *it, *next;
lxc_clear_config_keepcaps(conf);
lxc_clear_cgroups(conf, "lxc.cgroup", CGROUP_SUPER_MAGIC);
lxc_clear_cgroups(conf, "lxc.cgroup2", CGROUP2_SUPER_MAGIC);
+ lxc_clear_devices(conf);
+ lxc_clear_cgroup2_devices(conf);
lxc_clear_hooks(conf, "lxc.hook");
lxc_clear_mount_entries(conf);
lxc_clear_idmaps(conf);
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_CONF_H
#define __LXC_CONF_H
lxc_state_t states[MAX_STATE];
};
+enum {
+ LXC_BPF_DEVICE_CGROUP_LOCAL_RULE = -1,
+ LXC_BPF_DEVICE_CGROUP_WHITELIST = 0,
+ LXC_BPF_DEVICE_CGROUP_BLACKLIST = 1,
+};
+
+struct device_item {
+ char type;
+ int major;
+ int minor;
+ char access[4];
+ int allow;
+ /*
+ * LXC_BPF_DEVICE_CGROUP_LOCAL_RULE -> no global rule
+ * LXC_BPF_DEVICE_CGROUP_WHITELIST -> whitelist (deny all)
+ * LXC_BPF_DEVICE_CGROUP_BLACKLIST -> blacklist (allow all)
+ */
+ int global_rule;
+};
+
struct lxc_conf {
/* Pointer to the name of the container. Do not free! */
const char *name;
struct {
struct lxc_list cgroup;
struct lxc_list cgroup2;
+ struct bpf_program *cgroup2_devices;
+ /* This should be reimplemented as a hashmap. */
+ struct lxc_list devices;
};
struct {
-/*
- * lxc: linux Container library
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- * Serge Hallyn <serge@hallyn.com>
- * Christian Brauner <christian.brauner@ubuntu.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
return clr_config_net_l2proxy(key, lxc_conf, data);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
ret = lxc_safe_uint(value, &val);
if (ret < 0)
- return minus_one_set_errno(-ret);
+ return ret_set_errno(-1, -ret);
switch (val) {
case 0:
return 0;
}
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
static int set_config_net_name(const char *key, const char *value,
return clr_config_net_ipvlan_mode(key, lxc_conf, data);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_IPVLAN) {
SYSERROR("Invalid ipvlan mode \"%s\", can only be used with ipvlan network", value);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
return lxc_ipvlan_mode_to_flag(&netdev->priv.ipvlan_attr.mode, value);
return clr_config_net_ipvlan_isolation(key, lxc_conf, data);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_IPVLAN) {
SYSERROR("Invalid ipvlan isolation \"%s\", can only be used with ipvlan network", value);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
return lxc_ipvlan_isolation_to_flag(&netdev->priv.ipvlan_attr.isolation, value);
return clr_config_net_veth_ipv4_route(key, lxc_conf, data);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_VETH) {
SYSERROR("Invalid ipv4 route \"%s\", can only be used with veth network", value);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
inetdev = malloc(sizeof(*inetdev));
slash = strchr(valdup, '/');
if (!slash)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
*slash = '\0';
slash++;
if (*slash == '\0')
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
netmask = slash;
ret = lxc_safe_uint(netmask, &inetdev->prefix);
if (ret < 0 || inetdev->prefix > 32)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
ret = inet_pton(AF_INET, valdup, &inetdev->addr);
if (!ret || ret < 0)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
lxc_list_add_tail(&netdev->priv.veth_attr.ipv4_routes, list);
move_ptr(inetdev);
return clr_config_net_veth_ipv6_route(key, lxc_conf, data);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_VETH) {
SYSERROR("Invalid ipv6 route \"%s\", can only be used with veth network", value);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
inet6dev = malloc(sizeof(*inet6dev));
slash = strchr(valdup, '/');
if (!slash)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
*slash = '\0';
slash++;
if (*slash == '\0')
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
netmask = slash;
ret = lxc_safe_uint(netmask, &inet6dev->prefix);
if (ret < 0 || inet6dev->prefix > 128)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
ret = inet_pton(AF_INET6, valdup, &inet6dev->addr);
if (!ret || ret < 0)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
lxc_list_add_tail(&netdev->priv.veth_attr.ipv6_routes, list);
move_ptr(inet6dev);
return -1;
if (lxc_conf->seccomp.allow_nesting > 1)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
return 0;
#else
#ifdef HAVE_SECCOMP_NOTIFY
return set_config_string_item(&lxc_conf->seccomp.notifier.cookie, value);
#else
- return minus_one_set_errno(ENOSYS);
+ return ret_set_errno(-1, ENOSYS);
#endif
}
return clr_config_seccomp_notify_proxy(key, lxc_conf, NULL);
if (strncmp(value, "unix:", 5) != 0)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
offset = value + 5;
if (lxc_unix_sockaddr(&lxc_conf->seccomp.notifier.proxy_addr, offset) < 0)
return 0;
#else
- return minus_one_set_errno(ENOSYS);
+ return ret_set_errno(-1, ENOSYS);
#endif
}
#ifdef HAVE_SECCOMP_NOTIFY
return lxc_get_conf_str(retv, inlen, c->seccomp.notifier.cookie);
#else
- return minus_one_set_errno(ENOSYS);
+ return ret_set_errno(-1, ENOSYS);
#endif
}
? &c->seccomp.notifier.proxy_addr.sun_path[0]
: &c->seccomp.notifier.proxy_addr.sun_path[1]);
#else
- return minus_one_set_errno(ENOSYS);
+ return ret_set_errno(-1, ENOSYS);
#endif
}
c->seccomp.notifier.cookie = NULL;
return 0;
#else
- return minus_one_set_errno(ENOSYS);
+ return ret_set_errno(-1, ENOSYS);
#endif
}
sizeof(c->seccomp.notifier.proxy_addr));
return 0;
#else
- return minus_one_set_errno(ENOSYS);
+ return ret_set_errno(-1, ENOSYS);
#endif
}
struct lxc_netdev *netdev = data;
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
netdev->l2proxy = false;
struct lxc_netdev *netdev = data;
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_IPVLAN)
return 0;
struct lxc_netdev *netdev = data;
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_IPVLAN)
return 0;
struct lxc_netdev *netdev = data;
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_VETH)
return 0;
memset(retv, 0, inlen);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_IPVLAN)
return 0;
memset(retv, 0, inlen);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_IPVLAN)
return 0;
memset(retv, 0, inlen);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_VETH)
return 0;
memset(retv, 0, inlen);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_VETH)
return 0;
memset(retv, 0, inlen);
if (!netdev)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
if (netdev->type != LXC_NET_VETH)
return 0;
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- * Serge Hallyn <serge@hallyn.com>
- * Christian Brauner <christian.brauner@ubuntu.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_CONFILE_H
#define __LXC_CONFILE_H
-/* liblxcapi
- *
- * Copyright © 2017 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2017 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
return 0;
}
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
static struct lxc_macvlan_mode {
-/* liblxcapi
- *
- * Copyright © 2017 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2017 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_CONFILE_UTILS_H
#define __LXC_CONFILE_UTILS_H
-/*
- * lxc: linux Container library
- *
- * Copyright © 2014-2015 Canonical Ltd.
- *
- * Authors:
- * Tycho Andersen <tycho.andersen@canonical.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * Copyright © 2014-2015 Canonical Ltd.
- *
- * Authors:
- * Tycho Andersen <tycho.andersen@canonical.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_CRIU_H
#define __LXC_CRIU_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#include <stdio.h>
#include <stdlib.h>
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_ERROR_H
#define __LXC_ERROR_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/* liblxcapi
- *
- * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2019 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
#include "config.h"
#include "file_utils.h"
+#include "log.h"
#include "macro.h"
#include "memory_utils.h"
#include "string_utils.h"
#include "utils.h"
+int lxc_open_dirfd(const char *dir)
+{
+ return open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
+}
+
+int lxc_readat(int dirfd, const char *filename, void *buf, size_t count)
+{
+ __do_close_prot_errno int fd = -EBADF;
+ ssize_t ret;
+
+ fd = openat(dirfd, filename, O_RDONLY | O_CLOEXEC);
+ if (fd < 0)
+ return -1;
+
+ ret = lxc_read_nointr(fd, buf, count);
+ if (ret < 0 || (size_t)ret != count)
+ return -1;
+
+ return 0;
+}
+
+int lxc_writeat(int dirfd, const char *filename, const void *buf, size_t count)
+{
+ __do_close_prot_errno int fd = -EBADF;
+ ssize_t ret;
+
+ fd = openat(dirfd, filename,
+ O_WRONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
+ if (fd < 0)
+ return -1;
+
+ ret = lxc_write_nointr(fd, buf, count);
+ if (ret < 0 || (size_t)ret != count)
+ return -1;
+
+ return 0;
+}
+
+int lxc_write_openat(const char *dir, const char *filename, const void *buf,
+ size_t count)
+{
+ __do_close_prot_errno int dirfd = -EBADF;
+
+ dirfd = open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
+ if (dirfd < 0)
+ return -1;
+
+ return lxc_writeat(dirfd, filename, buf, count);
+}
+
int lxc_write_to_file(const char *filename, const void *buf, size_t count,
bool add_newline, mode_t mode)
{
-/* liblxcapi
- *
- * Copyright © 2018 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2018 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_FILE_UTILS_H
#define __LXC_FILE_UTILS_H
/* read and write whole files */
extern int lxc_write_to_file(const char *filename, const void *buf,
size_t count, bool add_newline, mode_t mode);
+extern int lxc_readat(int dirfd, const char *filename, void *buf, size_t count);
+extern int lxc_writeat(int dirfd, const char *filename, const void *buf,
+ size_t count);
+extern int lxc_write_openat(const char *dir, const char *filename,
+ const void *buf, size_t count);
extern int lxc_read_from_file(const char *filename, void *buf, size_t count);
/* send and receive buffers completely */
size_t count);
extern char *file_to_buf(char *path, size_t *length);
extern int fd_to_fd(int from, int to);
+extern int lxc_open_dirfd(const char *dir);
#endif /* __LXC_FILE_UTILS_H */
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
#include <sys/types.h>
#include <unistd.h>
-#include "cgroup.h"
+#include "cgroups/cgroup.h"
+#include "cgroups/cgroup_utils.h"
#include "commands.h"
#include "config.h"
#include "error.h"
lxc_log_define(freezer, lxc);
+static void notify_state_listeners(const char *name, const char *lxcpath,
+ lxc_state_t state)
+{
+ (void)lxc_cmd_serve_state_clients(name, lxcpath, state);
+ (void)lxc_monitor_send_state(name, state, lxcpath);
+}
+
static int do_freeze_thaw(bool freeze, struct lxc_conf *conf, const char *name,
const char *lxcpath)
{
+ __do_cgroup_exit struct cgroup_ops *cgroup_ops = NULL;
+ lxc_state_t new_state = freeze ? FROZEN : THAWED;
int ret;
- char v[100];
- struct cgroup_ops *cgroup_ops;
const char *state;
size_t state_len;
- lxc_state_t new_state = freeze ? FROZEN : THAWED;
state = lxc_state2str(new_state);
state_len = strlen(state);
if (!cgroup_ops)
return -1;
- if (cgroup_ops->cgroup_layout != CGROUP_LAYOUT_UNIFIED) {
- ret = cgroup_ops->set(cgroup_ops, "freezer.state", state, name,
- lxcpath);
- if (ret < 0) {
- cgroup_exit(cgroup_ops);
- ERROR("Failed to %s %s",
- (new_state == FROZEN ? "freeze" : "unfreeze"),
- name);
- return -1;
- }
+ ret = cgroup_ops->set(cgroup_ops, "freezer.state", state, name, lxcpath);
+ if (ret < 0)
+ return log_error(-1, "Failed to %s %s",
+ freeze ? "freeze" : "unfreeze", name);
+
+ for (;;) {
+ char cur_state[MAX_STATE_LENGTH] = "";
- for (;;) {
- ret = cgroup_ops->get(cgroup_ops, "freezer.state", v,
- sizeof(v), name, lxcpath);
- if (ret < 0) {
- cgroup_exit(cgroup_ops);
- ERROR("Failed to get freezer state of %s", name);
- return -1;
- }
-
- v[sizeof(v) - 1] = '\0';
- v[lxc_char_right_gc(v, strlen(v))] = '\0';
-
- ret = strncmp(v, state, state_len);
- if (ret == 0) {
- cgroup_exit(cgroup_ops);
- lxc_cmd_serve_state_clients(name, lxcpath,
- new_state);
- lxc_monitor_send_state(name, new_state, lxcpath);
- return 0;
- }
-
- sleep(1);
+ ret = cgroup_ops->get(cgroup_ops, "freezer.state", cur_state,
+ sizeof(cur_state), name, lxcpath);
+ if (ret < 0)
+ return log_error(-1, "Failed to get freezer state of %s", name);
+
+ cur_state[lxc_char_right_gc(cur_state, strlen(cur_state))] = '\0';
+ ret = strncmp(cur_state, state, state_len);
+ if (ret == 0) {
+ notify_state_listeners(name, lxcpath, new_state);
+ return 0;
}
- }
- ret = cgroup_ops->freeze(cgroup_ops);
- cgroup_exit(cgroup_ops);
- if (ret < 0)
- return error_log_errno(-1, "Failed to %s container",
- freeze ? "freeze" : "unfreeze");
+ sleep(1);
+ }
return 0;
}
int lxc_freeze(struct lxc_conf *conf, const char *name, const char *lxcpath)
{
- lxc_cmd_serve_state_clients(name, lxcpath, FREEZING);
- lxc_monitor_send_state(name, FREEZING, lxcpath);
- return do_freeze_thaw(true, conf, name, lxcpath);
+ int ret;
+
+ notify_state_listeners(name, lxcpath, FREEZING);
+ if (unified_cgroup_hierarchy() > 0)
+ ret = lxc_cmd_freeze(name, lxcpath, -1);
+ else
+ ret = do_freeze_thaw(true, conf, name, lxcpath);
+ notify_state_listeners(name, lxcpath, !ret ? FROZEN : RUNNING);
+ return ret;
}
int lxc_unfreeze(struct lxc_conf *conf, const char *name, const char *lxcpath)
{
- return do_freeze_thaw(false, conf, name, lxcpath);
+ int ret;
+
+ notify_state_listeners(name, lxcpath, THAWED);
+ if (unified_cgroup_hierarchy() > 0)
+ ret = lxc_cmd_unfreeze(name, lxcpath, -1);
+ else
+ ret = do_freeze_thaw(false, conf, name, lxcpath);
+ notify_state_listeners(name, lxcpath, !ret ? RUNNING : FROZEN);
+ return ret;
}
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
sprintf(user_config_path, "%s/.config/lxc/lxc.conf", user_home);
sprintf(user_default_config_path, "%s/.config/lxc/default.conf", user_home);
sprintf(user_lxc_path, "%s/.local/share/lxc/", user_home);
- user_cgroup_pattern = strdup("lxc.payload/%n");
+ user_cgroup_pattern = strdup("%n");
}
else {
user_config_path = strdup(LXC_GLOBAL_CONF);
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_INITUTILS_H
#define __LXC_INITUTILS_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_LIST_H
#define __LXC_LIST_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Cedric Le Goater <legoater@free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- * Cedric Le Goater <legoater@free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_LOG_H
#define __LXC_LOG_H
#define LXC_LOG_PREFIX_SIZE 32
#define LXC_LOG_BUFFER_SIZE 4096
-/* This attribute is required to silence clang warnings */
-#if defined(__GNUC__)
-#define ATTR_UNUSED __attribute__ ((unused))
-#else
-#define ATTR_UNUSED
-#endif
-
/* predefined lxc log priorities. */
enum lxc_loglevel {
LXC_LOG_LEVEL_TRACE,
*/
#define lxc_log_priority_define(acategory, LEVEL) \
\
-ATTR_UNUSED __attribute__ ((format (printf, 2, 3))) \
+__lxc_unused __attribute__ ((format (printf, 2, 3))) \
static inline void LXC_##LEVEL(struct lxc_log_locinfo *, const char *, ...); \
\
-ATTR_UNUSED static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo, \
+__lxc_unused static inline void LXC_##LEVEL(struct lxc_log_locinfo* locinfo, \
const char* format, ...) \
{ \
if (lxc_log_priority_is_enabled(acategory, LXC_LOG_LEVEL_##LEVEL)) { \
} while (0)
#endif
-#define error_log_errno(__errno__, format, ...) \
+#define log_error_errno(__ret__, __errno__, format, ...) \
+ ({ \
+ errno = __errno__; \
+ SYSERROR(format, ##__VA_ARGS__); \
+ __ret__; \
+ })
+
+#define log_error(__ret__, format, ...) \
+ ({ \
+ ERROR(format, ##__VA_ARGS__); \
+ __ret__; \
+ })
+
+#define log_trace_errno(__ret__, __errno__, format, ...) \
+ ({ \
+ errno = __errno__; \
+ SYSTRACE(format, ##__VA_ARGS__); \
+ __ret__; \
+ })
+
+#define log_trace(__ret__, format, ...) \
+ ({ \
+ TRACE(format, ##__VA_ARGS__); \
+ __ret__; \
+ })
+
+#define log_warn_errno(__ret__, __errno__, format, ...) \
({ \
errno = __errno__; \
- SYSERROR(format, ##__VA_ARGS__); \
- -1; \
+ SYSWARN(format, ##__VA_ARGS__); \
+ __ret__; \
+ })
+
+#define log_debug_errno(__ret__, __errno__, format, ...) \
+ ({ \
+ errno = __errno__; \
+ SYSDEBUG(format, ##__VA_ARGS__); \
+ __ret__; \
+ })
+
+#define log_debug(__ret__, format, ...) \
+ ({ \
+ DEBUG(format, ##__VA_ARGS__); \
+ __ret__; \
+ })
+
+#define log_info_errno(__ret__, __errno__, format, ...) \
+ ({ \
+ errno = __errno__; \
+ SYSINFO(format, ##__VA_ARGS__); \
+ __ret__; \
+ })
+
+#define log_info(__ret__, format, ...) \
+ ({ \
+ INFO(format, ##__VA_ARGS__); \
+ __ret__; \
})
extern int lxc_log_fd;
-/* apparmor
- *
- * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2012 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
static inline char *apparmor_profile_full(const char *ctname, const char *lxcpath)
{
- return shorten_apparmor_name(must_concat("lxc-", ctname, "_<", lxcpath, ">", NULL));
+ return shorten_apparmor_name(must_concat(NULL, "lxc-", ctname, "_<", lxcpath, ">", NULL));
}
/* Like apparmor_profile_full() but with slashes replaced by hyphens */
profile_name_full = apparmor_profile_full(conf->name, lxcpath);
- profile = must_concat(
+ profile = must_concat(NULL,
"#include <tunables/global>\n"
"profile \"", profile_name_full, "\" flags=(attach_disconnected,mediate_deleted) {\n",
NULL);
STRARRAYLEN(AA_PROFILE_STACKING_BASE));
namespace = apparmor_namespace(conf->name, lxcpath);
- temp = must_concat(" change_profile -> \":", namespace, ":*\",\n"
+ temp = must_concat(NULL, " change_profile -> \":", namespace, ":*\",\n"
" change_profile -> \":", namespace, "://*\",\n",
NULL);
free(namespace);
if (!aa_can_stack || aa_is_stacked) {
char *temp;
- temp = must_concat(" change_profile -> \"",
+ temp = must_concat(NULL, " change_profile -> \"",
profile_name_full, "\",\n", NULL);
must_append_sized(&profile, &size, temp, strlen(temp));
free(temp);
-/*
- * lxc: linux Container library
- *
- * Authors:
- * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>
- * Copyright © 2012 Canonical Ltd.
- * Dwight Engen <dwight.engen@oracle.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * Copyright © 2013 Oracle.
- *
- * Authors:
- * Dwight Engen <dwight.engen@oracle.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_LSM_H
#define __LXC_LSM_H
-/*
- * lxc: linux Container library
- *
- * Copyright © 2013 Oracle.
- *
- * Authors:
- * Dwight Engen <dwight.engen@oracle.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * Copyright © 2013 Oracle.
- *
- * Authors:
- * Dwight Engen <dwight.engen@oracle.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-#
-# lxc: linux Container library
-
-# Authors:
-# Serge Hallyn <serge.hallyn@ubuntu.com>
-
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+# SPDX-License-Identifier: LGPL-2.1+
# This file contains helpers for the various lxc shell scripts
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_LXC_H
#define __LXC_LXC_H
-/* liblxcapi
- *
- * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2012 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
{
int ret, state;
+ /* The first child is going to fork() again and then exits. So we reap
+ * the first child here.
+ */
+ ret = wait_for_pid(pid);
+ if (ret < 0)
+ DEBUG("Failed waiting on first child %d", pid);
+ else
+ DEBUG("First child %d exited", pid);
+
/* Close write end of the socket pair. */
close(handler->state_socket_pair[1]);
handler->state_socket_pair[1] = -1;
close(handler->state_socket_pair[0]);
handler->state_socket_pair[0] = -1;
- /* The first child is going to fork() again and then exits. So we reap
- * the first child here.
- */
- ret = wait_for_pid(pid);
- if (ret < 0)
- DEBUG("Failed waiting on first child %d", pid);
- else
- DEBUG("First child %d exited", pid);
-
if (state < 0) {
SYSERROR("Failed to receive the container state");
return false;
if (c->daemonize) {
bool started;
char title[2048];
- pid_t pid;
+ pid_t pid_first, pid_second;
- pid = fork();
- if (pid < 0) {
+ pid_first = fork();
+ if (pid_first < 0) {
free_init_cmd(init_cmd);
lxc_free_handler(handler);
return false;
}
/* first parent */
- if (pid != 0) {
+ if (pid_first != 0) {
/* Set to NULL because we don't want father unlink
* the PID file, child will do the free and unlink.
*/
/* Wait for container to tell us whether it started
* successfully.
*/
- started = wait_on_daemonized_start(handler, pid);
+ started = wait_on_daemonized_start(handler, pid_first);
free_init_cmd(init_cmd);
lxc_free_handler(handler);
* POSIX's daemon() function we change to "/" and redirect
* std{in,out,err} to /dev/null.
*/
- pid = fork();
- if (pid < 0) {
+ pid_second = fork();
+ if (pid_second < 0) {
SYSERROR("Failed to fork first child process");
_exit(EXIT_FAILURE);
}
/* second parent */
- if (pid != 0) {
+ if (pid_second != 0) {
free_init_cmd(init_cmd);
lxc_free_handler(handler);
_exit(EXIT_SUCCESS);
static int do_lxcapi_seccomp_notify_fd(struct lxc_container *c)
{
if (!c || !c->lxc_conf)
- return minus_one_set_errno(-EINVAL);
+ return ret_set_errno(-1, -EINVAL);
return lxc_seccomp_get_notify_fd(&c->lxc_conf->seccomp);
}
-/*! \file
- *
- * liblxcapi
- *
- * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2012 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_CONTAINER_H
#define __LXC_CONTAINER_H
-/* liblxcapi
- *
- * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2012 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*! \file
- *
- * liblxcapi
- *
- * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2012 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_LXCLOCK_H
#define __LXC_LXCLOCK_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright Canonical, Inc. 2012
- *
- * Authors:
- * Serge Hallyn <serge.hallyn@canonical.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_LXCSECCOMP_H
#define __LXC_LXCSECCOMP_H
-/* liblxcapi
- *
- * Copyright © 2018 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2018 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_MACRO_H
#define __LXC_MACRO_H
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE 1
+#endif
+#define __STDC_FORMAT_MACROS
#include <asm/types.h>
#include <limits.h>
#include <linux/if_link.h>
#define PATH_MAX 4096
#endif
+#define INT64_FMT "%" PRId64
+
/* Define __S_ISTYPE if missing from the C library. */
#ifndef __S_ISTYPE
#define __S_ISTYPE(mode, mask) (((mode)&S_IFMT) == (mask))
#define PTR_TO_INTMAX(p) ((intmax_t)((intptr_t)(p)))
#define INTMAX_TO_PTR(u) ((void *)((intptr_t)(u)))
+#define PTR_TO_UINT64(p) ((uint64_t)((intptr_t)(p)))
+
#define LXC_INVALID_UID ((uid_t)-1)
#define LXC_INVALID_GID ((gid_t)-1)
__internal_fd__; \
})
-#define minus_one_set_errno(__errno__) \
- ({ \
- errno = __errno__; \
- -1; \
+#define ret_set_errno(__ret__, __errno__) \
+ ({ \
+ errno = __errno__; \
+ __ret__; \
+ })
+
+#define ret_errno(__errno__) \
+ ({ \
+ errno = __errno__; \
+ -__errno__; \
+ })
+
+#define free_replace_move_ptr(a, b) \
+ ({ \
+ free(a); \
+ (a) = (b); \
+ (b) = NULL; \
+ 0; \
})
/* Container's specific file/directory names */
#define LXC_TIMESTAMP_FNAME "ts"
#define LXC_COMMENT_FNAME "comment"
+#define ARRAY_SIZE(x) \
+ (__builtin_choose_expr(!__builtin_types_compatible_p(typeof(x), \
+ typeof(&*(x))), \
+ sizeof(x) / sizeof((x)[0]), ((void)0)))
+
#endif /* __LXC_MACRO_H */
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
*/
ret = handler->callback(handler->fd, events[i].events,
handler->data, descr);
+ if (ret == LXC_MAINLOOP_ERROR)
+ return -1;
if (ret == LXC_MAINLOOP_CLOSE)
return 0;
}
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_MAINLOOP_H
#define __LXC_MAINLOOP_H
extern int lxc_mainloop_close(struct lxc_epoll_descr *descr);
+static inline void __auto_lxc_mainloop_close__(struct lxc_epoll_descr **descr)
+{
+ if (*descr)
+ lxc_mainloop_close(*descr);
+}
+
+#define __do_lxc_mainloop_close \
+ __attribute__((__cleanup__(__auto_lxc_mainloop_close__)))
+
#endif
-/* liblxcapi
- *
- * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2019 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_MEMORY_UTILS_H
#define __LXC_MEMORY_UTILS_H
#define __do_fclose __attribute__((__cleanup__(__auto_fclose__)))
#define __do_closedir __attribute__((__cleanup__(__auto_closedir__)))
+static inline void *memdup(const void *data, size_t len)
+{
+ void *copy = NULL;
+
+ copy = len ? malloc(len) : NULL;
+ return copy ? memcpy(copy, data, len) : NULL;
+}
+
+#define zalloc(__size__) (calloc(1, __size__))
+
#endif /* __LXC_MEMORY_UTILS_H */
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- * Dwight Engen <dwight.engen@oracle.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_MONITOR_H
#define __LXC_MONITOR_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2009
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2009
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_NAMESPACE_H
#define __LXC_NAMESPACE_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
if (err) {
SYSERROR("Failed to setup ipv4 route for network device "
"with ifindex %d", ifindex);
- return minus_one_set_errno(-err);
+ return ret_set_errno(-1, -err);
}
}
if (err) {
SYSERROR("Failed to setup ipv6 route for network device "
"with ifindex %d", ifindex);
- return minus_one_set_errno(-err);
+ return ret_set_errno(-1, -err);
}
}
err = lxc_ipv4_dest_add(ifindex, &inetdev->addr, 32);
if (err)
- return error_log_errno(err,
+ return log_error_errno(-1, err,
"Failed to setup ipv4 address route for network device with eifindex %d",
ifindex);
}
err = lxc_ipv6_dest_add(ifindex, &inet6dev->addr, 128);
if (err)
- return error_log_errno(err,
+ return log_error_errno(-1, err,
"Failed to setup ipv6 address route for network device with eifindex %d",
ifindex);
}
char buf[1] = "";
if (family != AF_INET && family != AF_INET6)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
ret = snprintf(path, PATH_MAX, "/proc/sys/net/%s/conf/%s/%s",
family == AF_INET ? "ipv4" : "ipv6", ifname,
"forwarding");
if (ret < 0 || (size_t)ret >= PATH_MAX)
- return minus_one_set_errno(E2BIG);
+ return ret_set_errno(-1, E2BIG);
return lxc_read_file_expect(path, buf, 1, "1");
}
if (netdev->ipv4_gateway) {
char bufinet4[INET_ADDRSTRLEN];
if (!inet_ntop(AF_INET, netdev->ipv4_gateway, bufinet4, sizeof(bufinet4))) {
- error_log_errno(-errno, "Failed to convert gateway ipv4 address on \"%s\"", veth1);
+ log_error_errno(-1, -errno, "Failed to convert gateway ipv4 address on \"%s\"", veth1);
goto out_delete;
}
err = lxc_ip_forwarding_on(veth1, AF_INET);
if (err) {
- error_log_errno(err, "Failed to activate ipv4 forwarding on \"%s\"", veth1);
+ log_error_errno(-1, err, "Failed to activate ipv4 forwarding on \"%s\"", veth1);
goto out_delete;
}
err = lxc_add_ip_neigh_proxy(bufinet4, veth1);
if (err) {
- error_log_errno(err, "Failed to add gateway ipv4 proxy on \"%s\"", veth1);
+ log_error_errno(-1, err, "Failed to add gateway ipv4 proxy on \"%s\"", veth1);
goto out_delete;
}
}
char bufinet6[INET6_ADDRSTRLEN];
if (!inet_ntop(AF_INET6, netdev->ipv6_gateway, bufinet6, sizeof(bufinet6))) {
- error_log_errno(-errno, "Failed to convert gateway ipv6 address on \"%s\"", veth1);
+ log_error_errno(-1, -errno, "Failed to convert gateway ipv6 address on \"%s\"", veth1);
goto out_delete;
}
*/
err = lxc_is_ip_forwarding_enabled("all", AF_INET6);
if (err) {
- error_log_errno(err, "Requires sysctl net.ipv6.conf.all.forwarding=1");
+ log_error_errno(-1, err, "Requires sysctl net.ipv6.conf.all.forwarding=1");
goto out_delete;
}
err = lxc_ip_forwarding_on(veth1, AF_INET6);
if (err) {
- error_log_errno(err, "Failed to activate ipv6 forwarding on \"%s\"", veth1);
+ log_error_errno(-1, err, "Failed to activate ipv6 forwarding on \"%s\"", veth1);
goto out_delete;
}
err = lxc_neigh_proxy_on(veth1, AF_INET6);
if (err) {
- error_log_errno(err, "Failed to activate proxy ndp on \"%s\"", veth1);
+ log_error_errno(-1, err, "Failed to activate proxy ndp on \"%s\"", veth1);
goto out_delete;
}
err = lxc_add_ip_neigh_proxy(bufinet6, veth1);
if (err) {
- error_log_errno(err, "Failed to add gateway ipv6 proxy on \"%s\"", veth1);
+ log_error_errno(-1, err, "Failed to add gateway ipv6 proxy on \"%s\"", veth1);
goto out_delete;
}
}
/* setup ipv4 address routes on the host interface */
err = setup_ipv4_addr_routes(&netdev->ipv4, netdev->priv.veth_attr.ifindex);
if (err) {
- error_log_errno(err, "Failed to setup ip address routes for network device \"%s\"", veth1);
+ log_error_errno(-1, err, "Failed to setup ip address routes for network device \"%s\"", veth1);
goto out_delete;
}
/* setup ipv6 address routes on the host interface */
err = setup_ipv6_addr_routes(&netdev->ipv6, netdev->priv.veth_attr.ifindex);
if (err) {
- error_log_errno(err, "Failed to setup ip address routes for network device \"%s\"", veth1);
+ log_error_errno(-1, err, "Failed to setup ip address routes for network device \"%s\"", veth1);
goto out_delete;
}
}
len = strlen(master);
if (len == 1 || len >= IFNAMSIZ)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
len = strlen(name);
if (len == 1 || len >= IFNAMSIZ)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
index = if_nametoindex(master);
if (!index)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
err = netlink_open(&nlh, NETLINK_ROUTE);
if (err)
- return minus_one_set_errno(-err);
+ return ret_set_errno(-1, -err);
err = -ENOMEM;
nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
nlmsg_free(answer);
nlmsg_free(nlmsg);
if (err < 0)
- return minus_one_set_errno(-err);
+ return ret_set_errno(-1, -err);
return 0;
}
mtu_orig = netdev_get_mtu(netdev->ifindex);
if (mtu_orig < 0) {
SYSERROR("Failed to get original mtu for interface \"%s\"", netdev->link);
- return minus_one_set_errno(-mtu_orig);
+ return ret_set_errno(-1, -mtu_orig);
}
netdev->priv.phys_attr.mtu = mtu_orig;
char buf[1] = "";
if (family != AF_INET && family != AF_INET6)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
ret = snprintf(path, PATH_MAX, "/proc/sys/net/%s/conf/%s/%s",
family == AF_INET ? "ipv4" : "ipv6", ifname,
family == AF_INET ? "proxy_arp" : "proxy_ndp");
if (ret < 0 || (size_t)ret >= PATH_MAX)
- return minus_one_set_errno(E2BIG);
+ return ret_set_errno(-1, E2BIG);
return lxc_read_file_expect(path, buf, 1, "1");
}
lxc_ovs_delete_port_exec, (void *)&args);
if (ret < 0) {
ERROR("Failed to delete \"%s\" from openvswitch bridge \"%s\": "
- "%s", bridge, nic, cmd_output);
+ "%s", nic, bridge, cmd_output);
return -1;
}
lxc_ovs_attach_bridge_exec, (void *)&args);
if (ret < 0) {
ERROR("Failed to attach \"%s\" to openvswitch bridge \"%s\": %s",
- bridge, nic, cmd_output);
+ nic, bridge, cmd_output);
return -1;
}
/* Check for net.ipv4.conf.[link].forwarding=1 */
if (lxc_is_ip_forwarding_enabled(netdev->link, AF_INET) < 0) {
ERROR("Requires sysctl net.ipv4.conf.%s.forwarding=1", netdev->link);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
}
/* Check for net.ipv6.conf.[link].proxy_ndp=1 */
if (lxc_is_ip_neigh_proxy_enabled(netdev->link, AF_INET6) < 0) {
ERROR("Requires sysctl net.ipv6.conf.%s.proxy_ndp=1", netdev->link);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
/* Check for net.ipv6.conf.[link].forwarding=1 */
if (lxc_is_ip_forwarding_enabled(netdev->link, AF_INET6) < 0) {
ERROR("Requires sysctl net.ipv6.conf.%s.forwarding=1", netdev->link);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
}
/* Check mode is l3s as other modes do not work with l2proxy. */
if (netdev->priv.ipvlan_attr.mode != IPVLAN_MODE_L3S) {
ERROR("Requires ipvlan mode on dev \"%s\" be l3s when used with l2proxy", netdev->link);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
/* Retrieve local-loopback interface index for use with IPVLAN static routes. */
lo_ifindex = if_nametoindex(loop_device);
if (lo_ifindex == 0) {
ERROR("Failed to retrieve ifindex for \"%s\" routing cleanup", loop_device);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
}
lxc_list_for_each_safe(cur, &netdev->ipv4, next) {
inet4dev = cur->elem;
if (!inet_ntop(AF_INET, &inet4dev->addr, bufinet4, sizeof(bufinet4)))
- return minus_one_set_errno(-errno);
+ return ret_set_errno(-1, -errno);
if (lxc_add_ip_neigh_proxy(bufinet4, netdev->link) < 0)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
/* IPVLAN requires a route to local-loopback to trigger l2proxy. */
if (netdev->type == LXC_NET_IPVLAN) {
err = lxc_ipv4_dest_add(lo_ifindex, &inet4dev->addr, 32);
if (err < 0) {
ERROR("Failed to add ipv4 dest \"%s\" for network device \"%s\"", bufinet4, loop_device);
- return minus_one_set_errno(-err);
+ return ret_set_errno(-1, -err);
}
}
}
lxc_list_for_each_safe(cur, &netdev->ipv6, next) {
inet6dev = cur->elem;
if (!inet_ntop(AF_INET6, &inet6dev->addr, bufinet6, sizeof(bufinet6)))
- return minus_one_set_errno(-errno);
+ return ret_set_errno(-1, -errno);
if (lxc_add_ip_neigh_proxy(bufinet6, netdev->link) < 0)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
/* IPVLAN requires a route to local-loopback to trigger l2proxy. */
if (netdev->type == LXC_NET_IPVLAN) {
err = lxc_ipv6_dest_add(lo_ifindex, &inet6dev->addr, 128);
if (err < 0) {
ERROR("Failed to add ipv6 dest \"%s\" for network device \"%s\"", bufinet6, loop_device);
- return minus_one_set_errno(-err);
+ return ret_set_errno(-1, -err);
}
}
}
if (!inet_ntop(AF_INET, ip, bufinet4, sizeof(bufinet4))) {
SYSERROR("Failed to convert IP for l2proxy ipv4 removal on dev \"%s\"", link);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
/* If a local-loopback ifindex supplied remove the static route to the lo device. */
}
if (errCount > 0)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
return 0;
}
if (!inet_ntop(AF_INET6, ip, bufinet6, sizeof(bufinet6))) {
SYSERROR("Failed to convert IP for l2proxy ipv6 removal on dev \"%s\"", link);
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
}
/* If a local-loopback ifindex supplied remove the static route to the lo device. */
}
if (errCount > 0)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
return 0;
}
}
if (errCount > 0)
- return minus_one_set_errno(EINVAL);
+ return ret_set_errno(-1, EINVAL);
return 0;
}
if (err < 0) {
SYSERROR("Failed to setup ipv4 gateway to network device \"%s\"",
current_ifname);
- return minus_one_set_errno(-err);
+ return ret_set_errno(-1, -err);
}
} else {
/* Check the gateway address is valid */
if (!inet_ntop(AF_INET, netdev->ipv4_gateway, bufinet4, sizeof(bufinet4)))
- return minus_one_set_errno(errno);
+ return ret_set_errno(-1, errno);
/* Try adding a default route to the gateway address */
err = lxc_ipv4_gateway_add(netdev->ifindex, netdev->ipv4_gateway);
if (err < 0) {
SYSERROR("Failed to setup ipv6 gateway to network device \"%s\"",
current_ifname);
- return minus_one_set_errno(-err);
+ return ret_set_errno(-1, -err);
}
} else {
/* Check the gateway address is valid */
if (!inet_ntop(AF_INET6, netdev->ipv6_gateway, bufinet6, sizeof(bufinet6)))
- return minus_one_set_errno(errno);
+ return ret_set_errno(-1, errno);
/* Try adding a default route to the gateway address */
err = lxc_ipv6_gateway_add(netdev->ifindex, netdev->ipv6_gateway);
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_NETWORK_H
#define __LXC_NETWORK_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_NL_H
#define __LXC_NL_H
-/* pam-cgfs
- *
- * Copyright © 2016 Canonical, Inc
- * Author: Serge Hallyn <serge.hallyn@ubuntu.com>
- * Author: Christian Brauner <christian.brauner@ubuntu.com>
- *
- * When a user logs in, this pam module will create cgroups which the user may
- * administer. It handles both pure cgroupfs v1 and pure cgroupfs v2, as well as
- * mixed mounts, where some controllers are mounted in a standard cgroupfs v1
- * hierarchy location (/sys/fs/cgroup/<controller>) and others are in the
- * cgroupfs v2 hierarchy.
- * Writeable cgroups are either created for all controllers or, if specified,
- * for any controllers listed on the command line.
- * The cgroup created will be "user/$user/0" for the first session,
- * "user/$user/1" for the second, etc.
- *
- * Systems with a systemd init system are treated specially, both with respect
- * to cgroupfs v1 and cgroupfs v2. For both, cgroupfs v1 and cgroupfs v2, We
- * check whether systemd already placed us in a cgroup it created:
- *
- * user.slice/user-uid.slice/session-n.scope
- *
- * by checking whether uid == our uid. If it did, we simply chown the last
- * part (session-n.scope). If it did not we create a cgroup as outlined above
- * (user/$user/n) and chown it to our uid.
- * The same holds for cgroupfs v2 where this assumptions becomes crucial:
- * We __have to__ be placed in our under the cgroup systemd created for us on
- * login, otherwise things like starting an xserver or similar will not work.
- *
- * All requested cgroups must be mounted under /sys/fs/cgroup/$controller,
- * no messing around with finding mountpoints.
- *
- * See COPYING file for details.
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_PARSE_H
#define __LXC_PARSE_H
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
#endif
-/* liblxcapi
- *
- * Copyright © 2018 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2018 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_RAW_SYSCALL_H
#define __LXC_RAW_SYSCALL_H
-/* liblxcapi
- *
- * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2019 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/* liblxcapi
- *
- * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2019 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_REXEC_H
#define __LXC_REXEC_H
-/* liblxcapi
- *
- * Copyright © 2017 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2017 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/* liblxcapi
- *
- * Copyright © 2017 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2017 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_RINGBUF_H
#define __LXC_RINGBUF_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_RTNL_H
#define __LXC_RTNL_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright Canonical, Inc. 2012
- *
- * Authors:
- * Serge Hallyn <serge.hallyn@canonical.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- * Serge Hallyn <serge@hallyn.com>
- * Christian Brauner <christian.brauner@ubuntu.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
handler->nsfd[i] = -1;
handler->name = name;
+ if (daemonize)
+ handler->transient_pid = lxc_raw_getpid();
+ else
+ handler->transient_pid = -1;
if (daemonize && handler->conf->reboot == REBOOT_NONE) {
/* Create socketpair() to synchronize on daemonized startup.
ret = lsm_process_prepare(conf, handler->lxcpath);
if (ret < 0) {
ERROR("Failed to initialize LSM");
- goto out_destroy_cgroups;
+ goto out_delete_terminal;
}
TRACE("Initialized LSM");
handler->monitor_status_fd = move_fd(status_fd);
return 0;
-out_destroy_cgroups:
- handler->cgroup_ops->payload_destroy(handler->cgroup_ops, handler);
- handler->cgroup_ops->monitor_destroy(handler->cgroup_ops, handler);
-
out_delete_terminal:
lxc_terminal_delete(&handler->conf->console);
lsm_process_cleanup(handler->conf, handler->lxcpath);
- cgroup_ops->payload_destroy(cgroup_ops, handler);
- cgroup_ops->monitor_destroy(cgroup_ops, handler);
+ if (cgroup_ops) {
+ cgroup_ops->payload_destroy(cgroup_ops, handler);
+ cgroup_ops->monitor_destroy(cgroup_ops, handler);
+ }
if (handler->conf->reboot == REBOOT_NONE) {
/* For all new state clients simply close the command socket.
static int do_start(void *data)
{
struct lxc_handler *handler = data;
- ATTR_UNUSED __do_close_prot_errno int data_sock0 = handler->data_sock[0],
- data_sock1 = handler->data_sock[1];
+ __lxc_unused __do_close_prot_errno int data_sock0 = handler->data_sock[0],
+ data_sock1 = handler->data_sock[1];
__do_close_prot_errno int status_fd = -EBADF;
int ret;
uid_t new_uid;
lxc_sync_fini_parent(handler);
- if (lxc_abstract_unix_recv_fds(handler->data_sock[1], &status_fd, 1, NULL, 0) < 0) {
+ if (lxc_abstract_unix_recv_fds(data_sock1, &status_fd, 1, NULL, 0) < 0) {
ERROR("Failed to receive status file descriptor to child process");
goto out_warn_father;
}
/* Add the requested environment variables to the current environment to
* allow them to be used by the various hooks, such as the start hook
- * above.
+ * below.
*/
lxc_list_for_each(iterator, &handler->conf->environment) {
ret = putenv((char *)iterator->elem);
break;
tty = &ttys->tty[i];
- tty->busy = 0;
+ tty->busy = -1;
tty->master = ttyfds[0];
tty->slave = ttyfds[1];
TRACE("Received pty with master fd %d and slave fd %d from "
- "parent", tty->master, tty->slave);
+ "child", tty->master, tty->slave);
}
if (ret < 0)
if (ret < 0)
goto out_delete_net;
- if (!cgroup_ops->setup_limits(cgroup_ops, handler->conf, false)) {
+ if (!cgroup_ops->setup_limits_legacy(cgroup_ops, handler->conf, false)) {
ERROR("Failed to setup cgroup limits for container \"%s\"", name);
goto out_delete_net;
}
- if (!cgroup_ops->payload_enter(cgroup_ops, handler->pid))
+ if (!cgroup_ops->payload_enter(cgroup_ops, handler)) {
goto out_delete_net;
+ }
+
+ if (!cgroup_ops->payload_delegate_controllers(cgroup_ops)) {
+ ERROR("Failed to delegate controllers to payload cgroup");
+ goto out_delete_net;
+ }
+
+ if (!cgroup_ops->setup_limits(cgroup_ops, handler)) {
+ ERROR("Failed to setup cgroup limits for container \"%s\"", name);
+ goto out_delete_net;
+ }
if (!cgroup_ops->chown(cgroup_ops, handler->conf))
goto out_delete_net;
if (ret < 0)
goto out_delete_net;
- if (!cgroup_ops->setup_limits(cgroup_ops, handler->conf, true)) {
+ if (!cgroup_ops->setup_limits_legacy(cgroup_ops, handler->conf, true)) {
ERROR("Failed to setup legacy device cgroup controller limits");
goto out_delete_net;
}
TRACE("Set up legacy device cgroup controller limits");
+ if (!cgroup_ops->devices_activate(cgroup_ops, handler)) {
+ ERROR("Failed to setup cgroup2 device controller limits");
+ goto out_delete_net;
+ }
+ TRACE("Set up cgroup2 device controller limits");
+
if (handler->ns_clone_flags & CLONE_NEWCGROUP) {
/* Now we're ready to preserve the cgroup namespace */
ret = lxc_try_preserve_ns(handler->pid, "cgroup");
}
}
+ cgroup_ops->payload_finalize(cgroup_ops);
+ TRACE("Finished setting up cgroups");
+
/* Run any host-side start hooks */
ret = run_lxc_hooks(name, "start-host", conf, NULL);
if (ret < 0) {
goto out_fini_nonet;
}
- if (!cgroup_ops->monitor_enter(cgroup_ops, handler->monitor_pid)) {
+ if (!cgroup_ops->monitor_enter(cgroup_ops, handler)) {
ERROR("Failed to enter monitor cgroup");
ret = -1;
goto out_fini_nonet;
}
+ if (!cgroup_ops->monitor_delegate_controllers(cgroup_ops)) {
+ ERROR("Failed to delegate controllers to monitor cgroup");
+ ret = -1;
+ goto out_fini_nonet;
+ }
+
if (geteuid() == 0 && !lxc_list_empty(&conf->id_map)) {
/* If the backing store is a device, mount it here and now. */
if (rootfs_is_blockdev(conf)) {
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- * Serge Hallyn <serge@hallyn.com>
- * Christian Brauner <christian.brauner@ubuntu.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_START_H
#define __LXC_START_H
*/
int proc_pidfd;
+ /* The grandfather's pid when double-forking. */
+ pid_t transient_pid;
+
/* The monitor's pid. */
pid_t monitor_pid;
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_STATE_H
#define __LXC_STATE_H
+#define MAX_STATE_LENGTH (8 + 1)
+
typedef enum {
STOPPED,
STARTING,
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_BTRFS_H
#define __LXC_BTRFS_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_DIR_H
#define __LXC_DIR_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_LOOP_H
#define __LXC_LOOP_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_LVM_H
#define __LXC_LVM_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_NBD_H
#define __LXC_NBD_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_OVERLAY_H
#define __LXC_OVERLAY_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_RDB_H
#define __LXC_RDB_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_RSYNC_H
#define __LXC_RSYNC_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_STORAGE_H
#define __LXC_STORAGE_H
-/*
- * lxc: linux Container library
- *
- * Copyright © 2017 Canonical Ltd.
- *
- * Authors:
- * Christian Brauner <christian.brauner@ubuntu.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * Copyright © 2017 Canonical Ltd.
- *
- * Authors:
- * Christian Brauner <christian.brauner@ubuntu.com>
- *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_STORAGE_UTILS_H
#define __LXC_STORAGE_UTILS_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_ZFS_H
#define __LXC_ZFS_H
-/* liblxcapi
- *
- * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2019 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
return 0;
}
-char *must_concat(const char *first, ...)
+char *must_concat(size_t *len, const char *first, ...)
{
va_list args;
char *cur, *dest;
va_end(args);
dest[cur_len] = '\0';
+ if (len)
+ *len = cur_len;
return dest;
}
-/* liblxcapi
- *
- * Copyright © 2018 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2018 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_STRING_UTILS_H
#define __LXC_STRING_UTILS_H
* Concatenate all passed-in strings into one path. Do not fail. If any piece
* is not prefixed with '/', add a '/'.
*/
-__attribute__((sentinel)) extern char *must_concat(const char *first, ...);
+__attribute__((sentinel)) extern char *must_concat(size_t *len, const char *first, ...);
__attribute__((sentinel)) extern char *must_make_path(const char *first, ...);
__attribute__((sentinel)) extern char *must_append_path(char *first, ...);
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_SYNC_H
#define __LXC_SYNC_H
-/* liblxcapi
- *
- * Copyright © 2018 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2018 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_SYSCALL_WRAPPER_H
#define __LXC_SYSCALL_WRAPPER_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
struct lxc_terminal_state *lxc_terminal_signal_init(int srcfd, int dstfd)
{
+ __do_close_prot_errno int signal_fd = -EBADF;
__do_free struct lxc_terminal_state *ts = NULL;
- bool istty = false;
int ret;
sigset_t mask;
ret = sigemptyset(&mask);
if (ret < 0) {
SYSERROR("Failed to initialize an empty signal set");
- goto on_error;
+ return NULL;
}
- istty = (isatty(srcfd) == 1);
- if (!istty) {
- INFO("fd %d does not refer to a tty device", srcfd);
- } else {
+ if (isatty(srcfd)) {
ret = sigaddset(&mask, SIGWINCH);
if (ret < 0)
SYSNOTICE("Failed to add SIGWINCH to signal set");
+ } else {
+ INFO("fd %d does not refer to a tty device", srcfd);
}
/* Exit the mainloop cleanly on SIGTERM. */
ret = sigaddset(&mask, SIGTERM);
if (ret < 0) {
SYSERROR("Failed to add SIGWINCH to signal set");
- goto on_error;
+ return NULL;
}
ret = pthread_sigmask(SIG_BLOCK, &mask, &ts->oldmask);
if (ret < 0) {
WARN("Failed to block signals");
- goto on_error;
+ return NULL;
}
- ts->sigfd = signalfd(-1, &mask, SFD_CLOEXEC);
- if (ts->sigfd < 0) {
+ signal_fd = signalfd(-1, &mask, SFD_CLOEXEC);
+ if (signal_fd < 0) {
WARN("Failed to create signal fd");
(void)pthread_sigmask(SIG_SETMASK, &ts->oldmask, NULL);
- goto on_error;
- }
-
- DEBUG("Created signal fd %d", ts->sigfd);
- return ts;
-
-on_error:
- ERROR("Failed to create signal fd");
- if (ts->sigfd >= 0) {
- close(ts->sigfd);
- ts->sigfd = -1;
+ return NULL;
}
+ ts->sigfd = move_fd(signal_fd);
+ TRACE("Created signal fd %d", ts->sigfd);
- return ts;
+ return move_ptr(ts);
}
-void lxc_terminal_signal_fini(struct lxc_terminal *terminal)
+/**
+ * lxc_terminal_signal_fini: uninstall signal handler
+ *
+ * @terminal: terminal instance
+ *
+ * Restore the saved signal handler that was in effect at the time
+ * lxc_terminal_signal_init() was called.
+ */
+static void lxc_terminal_signal_fini(struct lxc_terminal *terminal)
{
struct lxc_terminal_state *state = terminal->tty_state;
if (*ttyreq > ttys->max)
goto out;
- if (ttys->tty[*ttyreq - 1].busy)
+ if (ttys->tty[*ttyreq - 1].busy >= 0)
goto out;
/* The requested tty is available. */
}
/* Search for next available tty, fixup index tty1 => [0]. */
- for (ttynum = 1; ttynum <= ttys->max && ttys->tty[ttynum - 1].busy; ttynum++) {
+ for (ttynum = 1; ttynum <= ttys->max && ttys->tty[ttynum - 1].busy >= 0; ttynum++) {
;
}
for (i = 0; i < ttys->max; i++)
if (ttys->tty[i].busy == fd)
- ttys->tty[i].busy = 0;
+ ttys->tty[i].busy = -1;
if (terminal->proxy.busy != fd)
return;
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2010
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_TERMINAL_H
#define __LXC_TERMINAL_H
extern int lxc_terminal_signalfd_cb(int fd, uint32_t events, void *cbdata,
struct lxc_epoll_descr *descr);
-/**
- * lxc_terminal_signal_fini: uninstall signal handler
- *
- * @terminal
- * - the lxc_terminal
- *
- * Restore the saved signal handler that was in effect at the time
- * lxc_terminal_signal_init() was called.
- *
- * Must be called with process_lock held to protect the lxc_ttys list, or
- * from a non-threaded context.
- */
-extern void lxc_terminal_signal_fini(struct lxc_terminal *terminal);
-
extern int lxc_terminal_write_ringbuffer(struct lxc_terminal *terminal);
extern int lxc_terminal_create_log_file(struct lxc_terminal *terminal);
extern int lxc_terminal_io_cb(int fd, uint32_t events, void *data,
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- * Michel Normand <normand at fr.ibm.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- * Michel Normand <normand at fr.ibm.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_ARGUMENTS_H
#define __LXC_ARGUMENTS_H
-/*
- * Android c-library does not have getsubopt,
- * so code lifted from uClibc
- * http://git.uclibc.org/uClibc/tree/libc/unistd/getsubopt.c
- */
-
-/* Parse comma separate list into words.
- Copyright (C) 1996, 1997, 1999, 2004 Free Software Foundation, Inc.
- This file is part of the GNU C Library.
- Contributed by Ulrich Drepper <drepper@cygnus.com>, 1996.
- The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Lesser General Public
- License as published by the Free Software Foundation; either
- version 2.1 of the License, or (at your option) any later version.
- The GNU C Library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Lesser General Public License for more details.
- You should have received a copy of the GNU Lesser General Public
- License along with the GNU C Library; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
- 02111-1307 USA. */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#include <stdlib.h>
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef _GETSUBOPT_H
#define _GETSUBOPT_H
int getsubopt (char **optionp, char *const *tokens, char **valuep);
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2010
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/* lxc_autostart
- *
- * Copyright © 2013 Stéphane Graber <stgraber@ubuntu.com>
- * Copyright © 2013 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * Copyright © 2014 Tycho Andersen <tycho.andersen@canonical.com>.
- * Copyright © 2014 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: GPL-2.0-only */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/* lxc_config
- *
- * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2012 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- *
- * Copyright © 2015 Christian Brauner <christian.brauner@mailbox.org>.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: GPL-2.0-only */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- *
- * Copyright © 2013 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2013 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: GPL-2.0-only */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- *
- * Copyright © 2013 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2013 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: GPL-2.0-only */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * Authors:
- * Dongsheng Yang <yangds.fnst@cn.fujitsu.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- *
- * Copyright © 2016 Christian Brauner <christian.brauner@mailbox.org>.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: GPL-2.0-only */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- *
- * Copyright © 2013 Serge Hallyn <serge.hallyn@ubuntu.com>.
- * Copyright © 2013 Canonical Ltd.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2, as
- * published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License along
- * with this program; if not, write to the Free Software Foundation, Inc.,
- * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
- */
+/* SPDX-License-Identifier: GPL-2.0-only */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * Copyright © 2014 Oracle.
- *
- * Authors:
- * Dwight Engen <dwight.engen@oracle.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef _GNU_SOURCE
#define _GNU_SOURCE 1
return 0;
}
-int recursive_destroy(char *dirname)
+int recursive_destroy(const char *dirname)
{
+ __do_closedir DIR *dir = NULL;
+ int fret = 0;
int ret;
struct dirent *direntp;
- DIR *dir;
- int r = 0;
dir = opendir(dirname);
- if (!dir) {
- SYSERROR("Failed to open dir \"%s\"", dirname);
- return -1;
- }
+ if (!dir)
+ return log_error_errno(-1, errno, "Failed to open dir \"%s\"", dirname);
while ((direntp = readdir(dir))) {
- char *pathname;
+ __do_free char *pathname = NULL;
struct stat mystat;
if (!strcmp(direntp->d_name, ".") ||
continue;
pathname = must_make_path(dirname, direntp->d_name, NULL);
-
ret = lstat(pathname, &mystat);
if (ret < 0) {
- if (!r)
+ if (!fret)
SYSWARN("Failed to stat \"%s\"", pathname);
- r = -1;
- goto next;
+ fret = -1;
+ continue;
}
if (!S_ISDIR(mystat.st_mode))
- goto next;
+ continue;
ret = recursive_destroy(pathname);
if (ret < 0)
- r = -1;
-
- next:
- free(pathname);
+ fret = -1;
}
ret = rmdir(dirname);
- if (ret < 0) {
- if (!r)
- SYSWARN("Failed to delete \"%s\"", dirname);
-
- r = -1;
- }
-
- ret = closedir(dir);
- if (ret < 0) {
- if (!r)
- SYSWARN("Failed to delete \"%s\"", dirname);
-
- r = -1;
- }
+ if (ret < 0)
+ return log_warn_errno(-1, errno, "Failed to delete \"%s\"", dirname);
- return r;
+ return fret;
}
int lxc_setup_keyring(void)
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_UTILS_H
#define __LXC_UTILS_H
extern int run_command_status(char *buf, size_t buf_size, int (*child_fn)(void *),
void *args);
-/* Concatenate all passed-in strings into one path. Do not fail. If any piece
- * is not prefixed with '/', add a '/'.
- */
-__attribute__((sentinel)) extern char *must_concat(const char *first, ...);
-__attribute__((sentinel)) extern char *must_make_path(const char *first, ...);
-__attribute__((sentinel)) extern char *must_append_path(char *first, ...);
-
/* return copy of string @entry; do not fail. */
extern char *must_copy_string(const char *entry);
/* Set a signal the child process will receive after the parent has died. */
extern int lxc_set_death_signal(int signal, pid_t parent, int parent_status_fd);
extern int fd_cloexec(int fd, bool cloexec);
-extern int recursive_destroy(char *dirname);
+extern int recursive_destroy(const char *dirname);
extern int lxc_setup_keyring(void);
#endif /* __LXC_UTILS_H */
-/* liblxcapi
- *
- * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2019 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Stolen and reworked from systemd.
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#define _GNU_SOURCE
#define __STDC_FORMAT_MACROS /* Required for PRIu64 to work. */
-/* liblxcapi
- *
- * Copyright © 2019 Christian Brauner <christian.brauner@ubuntu.com>.
- * Copyright © 2019 Canonical Ltd.
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
-
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
-
- * You should have received a copy of the GNU Lesser General Public License
- * along with this library; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- *
- * Stolen and reworked from systemd.
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
#ifndef __LXC_UUID_H
#define __LXC_UUID_H
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
+/* SPDX-License-Identifier: LGPL-2.1+ */
+
#ifndef __LXC_VERSION_H
#define __LXC_VERSION_H
lxc-test-autostart \
lxc-test-cloneconfig \
lxc-test-createconfig \
+ lxc-test-exit-code \
lxc-test-no-new-privs \
lxc-test-rootfs
/*
* test_running_container: test cgroup functions against a running container
*
- * @group : name of the container group or NULL for default "lxc"
* @name : name of the container
*/
-static int test_running_container(const char *lxcpath,
- const char *group, const char *name)
+static int test_running_container(const char *lxcpath, const char *name)
{
int ret = -1;
struct lxc_container *c = NULL;
char value[NAME_MAX], value_save[NAME_MAX];
struct cgroup_ops *cgroup_ops;
- sprintf(relpath, "%s/%s", group ? group : "lxc.payload", name);
+ sprintf(relpath, DEFAULT_PAYLOAD_CGROUP_PREFIX "%s", name);
if ((c = lxc_container_new(name, lxcpath)) == NULL) {
TSTERR("container %s couldn't instantiate", name);
return ret;
}
-static int test_container(const char *lxcpath,
- const char *group, const char *name,
+static int test_container(const char *lxcpath, const char *name,
const char *template)
{
int ret;
goto out3;
}
- ret = test_running_container(lxcpath, group, name);
+ ret = test_running_container(lxcpath, name);
c->stop(c);
out3:
* the container ourselves because valgrind gets confused by lxc's
* internal calls to clone.
*/
- if (test_running_container(NULL, NULL, "bb01") < 0)
+ if (test_running_container(NULL, "bb01") < 0)
goto out;
printf("Running container cgroup tests...Passed\n");
#else
- if (test_container(NULL, NULL, MYNAME, "busybox") < 0)
+ if (test_container(NULL, MYNAME, "busybox") < 0)
goto out;
printf("Container creation tests...Passed\n");
- if (test_container("/var/lib/lxctest2", NULL, MYNAME, "busybox") < 0)
+ if (test_container("/var/lib/lxctest2", MYNAME, "busybox") < 0)
goto out;
printf("Container creation with LXCPATH tests...Passed\n");
#include <lxc/lxccontainer.h>
#define NAME "device_add_remove_test"
-#define DEVICE "/dev/network_latency"
+#define DEVICE "/dev/loop-control"
int main(int argc, char *argv[])
{
--- /dev/null
+#!/bin/sh
+
+# lxc: linux Container library
+
+# Authors:
+# Florian Margaine <florian@platform.sh>
+#
+# This is a test script for the lxc-attach and lxc-execute
+# programs. It tests whether the exit code is not 0 when a script
+# fails to execute.
+
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+set -e
+
+FAIL() {
+ echo -n "Failed " >&2
+ echo "$*" >&2
+ lxc-destroy -n busy -f
+ exit 1
+}
+
+# Create a container
+lxc-create -t busybox -n busy || FAIL "creating busybox container"
+
+# Run lxc-execute to make sure it fails when the command fails, and
+# succeed when the command succeeds.
+lxc-execute -n busy -- sh -c 'exit 1' && FAIL "should be failing" || true
+lxc-execute -n busy -- sh -c 'exit 0' || FAIL "should be succeeding"
+
+# Now, start the container and wait for it to be in running state.
+lxc-start -n busy -d || FAIL "starting busybox container"
+lxc-wait -n busy -s RUNNING || FAIL "waiting for busybox container to run"
+
+# And run the same tests on lxc-attach.
+lxc-attach -n busy -- sh -c 'exit 1' && FAIL "should be failing" || true
+lxc-attach -n busy -- sh -c 'exit 0' || FAIL "should be succeeding"
+
+lxc-destroy -n busy -f
+
+exit 0