1 # Module for lxc related functionality used mostly by our hooks.
2 package PVE
::LXC
::Tools
;
9 # LXC introduced an `lxc.hook.version` property which allows hooks to be executed in different
10 # manners. The old way passes a lot of stuff as command line parameter, the new way passes
11 # environment variables.
13 # This is supposed to be a common entry point for hooks, consuming the parameters passed by lxc and
14 # passing them on to a subroutine in a defined way.
16 my ($expected_type, $expected_section, $code) = @_;
18 my ($ct_name, $section, $type);
22 my $version = $ENV{LXC_HOOK_VERSION
} // '0';
23 if ($version eq '0') {
25 $ct_name = shift @ARGV;
26 $section = shift @ARGV;
29 if (!defined($ct_name) || !defined($section) || !defined($type)) {
30 die "missing hook parameters, expected to be called by lxc as hook\n";
33 if ($ct_name !~ /^\d+$/ || $section ne $expected_section || $type ne $expected_type) {
37 if ($type eq 'stop') {
38 foreach my $ns (@ARGV) {
39 if ($ns =~ /^([^:]+):(.+)$/) {
40 $namespaces->{$1} = $2;
42 die "unrecognized 'stop' hook parameter: $ns\n";
45 } elsif ($type eq 'clone') {
48 } elsif ($version eq '1') {
49 $ct_name = $ENV{LXC_NAME
}
50 or die "missing LXC_NAME environment variable\n";
51 $section = $ENV{LXC_HOOK_SECTION
}
52 or die "missing LXC_HOOK_SECTION environment variable\n";
53 $type = $ENV{LXC_HOOK_TYPE
}
54 or die "missing LXC_HOOK_TYPE environment variable\n";
56 if ($ct_name !~ /^\d+$/ || $section ne $expected_section || $type ne $expected_type) {
60 foreach my $var (keys %$ENV) {
61 if ($var =~ /^LXC_([A-Z]+)_NS$/) {
62 $namespaces->{lc($1)} = $ENV{$1};
66 die "lxc.hook.version $version not supported!\n";
69 my $logid = $ENV{PVE_LOG_ID
} || "pve-lxc-hook-$section-$type";
73 ROOTFS_MOUNT
=> ($ENV{LXC_ROOTFS_MOUNT
} or die "missing LXC_ROOTFS_MOUNT env var\n"),
74 ROOTFS_PATH
=> ($ENV{LXC_ROOTFS_PATH
} or die "missing LXC_ROOTFS_PATH env var\n"),
75 CONFIG_FILE
=> ($ENV{LXC_CONFIG_FILE
} or die "missing LXC_CONFIG_FILE env var\n"),
77 if (defined(my $target = $ENV{LXC_TARGET
})) {
78 $common_vars->{TARGET
} = $target;
81 $code->($ct_name, $common_vars, $namespaces, $args);
85 my ($devlist_file, $vmid, $code) = @_;
89 if (! open $fd, '<', $devlist_file) {
90 exit 0 if $!{ENOENT
}; # If the list is empty the file might not exist.
91 die "failed to open device list: $!\n";
94 while (defined(my $line = <$fd>)) {
95 if ($line !~ m
@^(b
|c
):(\d
+):(\d
+):/dev/(\S
+)\s
*$@) {
96 warn "invalid $devlist_file entry: $line\n";
100 my ($type, $major, $minor, $dev) = ($1, $2, $3, $4);
102 # Don't break out of $root/dev/
103 if ($dev =~ /\.\./) {
104 warn "skipping illegal device node entry: $dev\n";
108 # Never expose /dev/loop-control
109 if ($major == 10 && $minor == 237) {
110 warn "skipping illegal device entry (loop-control) for: $dev\n";
114 $code->($type, $major, $minor, $dev);
119 sub for_current_passthrough_mounts
($&) {
120 my ($vmid, $code) = @_;
122 my $devlist_file = "/var/lib/lxc/$vmid/passthrough/mounts";
124 if (-e
$devlist_file) {
125 for_devices
($devlist_file, $vmid, $code);
127 # Fallback to the old device list file in case a package upgrade
128 # occurs between lxc-pve-prestart-hook and now.
129 for_devices
("/var/lib/lxc/$vmid/devices", $vmid, $code);
133 sub for_current_passthrough_devices
($&) {
134 my ($vmid, $code) = @_;
136 my $passthrough_devlist_file = "/var/lib/lxc/$vmid/passthrough/devices";
137 for_devices
($passthrough_devlist_file, $vmid, $code);
140 sub cgroup_do_write
($$) {
141 my ($path, $value) = @_;
143 if (!open($fd, '>', $path)) {
144 warn "failed to open cgroup file $path: $!\n";
147 if (!defined syswrite($fd, $value)) {
148 warn "failed to write value $value to cgroup file $path: $!\n";
155 # Tries to the architecture of an executable file based on its ELF header.
156 sub detect_elf_architecture
{
159 # see https://en.wikipedia.org/wiki/Executable_and_Linkable_Format
161 my $supported_elf_machine = {
169 my $detect_arch = sub {
170 open(my $fh, "<", $elf_fn) or die "open '$elf_fn' failed: $!\n";
173 my $length = read($fh, my $data, 20) or die "read failed: $!\n";
175 # 4 bytes ELF magic number and 1 byte ELF class, padding, machine
176 my ($magic, $class, undef, $machine) = unpack("A4CA12n", $data);
178 die "'$elf_fn' does not resolve to an ELF!\n"
179 if (!defined($class) || !defined($magic) || $magic ne "\177ELF");
181 my $arch = $supported_elf_machine->{$machine};
182 die "'$elf_fn' has unknown ELF machine '$machine'!\n"
185 if ($arch eq 'riscv') {
188 } elsif ($class eq 2) {
191 die "'$elf_fn' has invalid class '$class'!\n";
198 my $arch = eval { PVE
::Tools
::run_fork_with_timeout
(10, $detect_arch); };
199 my $err = $@ // "timeout\n";
200 die $err if !defined($arch);