[pve-lxc-syscalld.git] / src / main.rs

#![deny(unsafe_op_in_unsafe_fn)]

use std::ffi::{OsStr, OsString};
use std::future::Future;
use std::io as StdIo;
use std::io::{stderr, stdout, Write};
use std::os::unix::ffi::OsStrExt;

use anyhow::{bail, format_err, Error};
use nix::sys::socket::UnixAddr;

#[macro_use]
mod macros;

pub mod apparmor;
pub mod capability;
pub mod client;
pub mod error;
pub mod fork;
pub mod io;
pub mod lxcseccomp;
pub mod nsfd;
pub mod poll_fn;
pub mod process;
pub mod seccomp;
pub mod sys_mknod;
pub mod sys_quotactl;
pub mod syscall;
pub mod tools;

use crate::io::seq_packet::SeqPacketListener;

#[track_caller]
pub fn spawn(fut: impl Future<Output = ()> + Send + 'static) {
    tokio::spawn(fut);
}

fn usage(status: i32, program: &OsStr, out: &mut dyn Write) -> ! {
    let _ = out.write_all("usage: ".as_bytes());
    let _ = out.write_all(program.as_bytes());
    let _ = out.write_all(
        concat!(
            "[options] SOCKET_PATH\n",
            "options:\n",
            "    -h, --help      show this help message\n",
            "    --system        \
                     run as systemd daemon (use sd_notify() when ready to accept connections)\n",
        )
        .as_bytes(),
    );
    std::process::exit(status);
}

fn main() {
    let mut args = std::env::args_os();
    let program = args.next().unwrap(); // program name always exists

    let mut use_sd_notify = false;
    let mut path = None;

    let mut nonopt_arg = |arg: OsString| {
        if path.is_some() {
            let _ = stderr().write_all(b"unexpected extra parameter: ");
            let _ = stderr().write_all(arg.as_bytes());
            let _ = stderr().write_all(b"\n");
            usage(1, &program, &mut stderr());
        }

        path = Some(arg);
    };

    for arg in &mut args {
        if arg == "-h" || arg == "--help" {
            usage(0, &program, &mut stdout());
        }

        if arg == "--" {
            break;
        } else if arg == "--system" {
            use_sd_notify = true;
        } else {
            if arg.as_bytes().starts_with(b"-") {
                let _ = stderr().write_all(b"unexpected option: ");
                let _ = stderr().write_all(arg.as_bytes());
                let _ = stderr().write_all(b"\n");
                usage(1, &program, &mut stderr());
            }

            nonopt_arg(arg);
        }
    }

    for arg in &mut args {
        nonopt_arg(arg);
    }

    let path = match path {
        Some(path) => path,
        None => {
            eprintln!("missing path");
            usage(1, &program, &mut stderr());
        }
    };

    let cpus = num_cpus::get();

    let rt = tokio::runtime::Builder::new_multi_thread()
        .enable_all()
        .worker_threads(cpus.max(2).min(4))
        .build()
        .expect("failed to spawn tokio runtime");

    if let Err(err) = rt.block_on(do_main(use_sd_notify, path)) {
        eprintln!("error: {}", err);
        std::process::exit(1);
    }
}

async fn do_main(use_sd_notify: bool, socket_path: OsString) -> Result<(), Error> {
    match std::fs::remove_file(&socket_path) {
        Ok(_) => (),
        Err(ref e) if e.kind() == StdIo::ErrorKind::NotFound => (), // Ok
        Err(e) => bail!("failed to remove previous socket: {}", e),
    }

    let address =
        UnixAddr::new(socket_path.as_os_str()).expect("cannot create struct sockaddr_un?");

    let mut listener = SeqPacketListener::bind(&address)
        .map_err(|e| format_err!("failed to create listening socket: {}", e))?;

    if use_sd_notify {
        notify_systemd()?;
    }

    loop {
        let client = listener.accept().await?;
        let client = client::Client::new(client);
        spawn(client.main());
    }
}

#[link(name = "systemd")]
extern "C" {
    fn sd_notify(unset_environment: libc::c_int, state: *const libc::c_char) -> libc::c_int;
}

fn notify_systemd() -> StdIo::Result<()> {
    let err = unsafe { sd_notify(0, c_str!("READY=1\n").as_ptr()) };
    if err >= 0 {
        Ok(())
    } else {
        Err(StdIo::Error::from_raw_os_error(-err))
    }
}
Commit	Line	Data
4032c669 WB	1	#![deny(unsafe_op_in_unsafe_fn)]
4032c669 WB	2
d54e9e5a	3	use std::ffi::{OsStr, OsString};
9aa2a15a	4	use std::future::Future;
8dd26985	5	use std::io as StdIo;
d54e9e5a WB	6	use std::io::{stderr, stdout, Write};
d54e9e5a WB	7	use std::os::unix::ffi::OsStrExt;
9cffeac4	8
8150a439	9	use anyhow::{bail, format_err, Error};
b8cb8723	10	use nix::sys::socket::UnixAddr;
9cffeac4	11
9aa2a15a WB	12	#[macro_use]
	13	mod macros;
	14
42f25756	15	pub mod apparmor;
738dbfbe	16	pub mod capability;
e420f6f9	17	pub mod client;
d1b1deab	18	pub mod error;
e420f6f9	19	pub mod fork;
8dd26985	20	pub mod io;
9cffeac4	21	pub mod lxcseccomp;
e420f6f9	22	pub mod nsfd;
a22aece0	23	pub mod poll_fn;
3bbd1db0	24	pub mod process;
9cffeac4	25	pub mod seccomp;
e420f6f9	26	pub mod sys_mknod;
3e69a521	27	pub mod sys_quotactl;
c95be5f6	28	pub mod syscall;
9cffeac4 WB	29	pub mod tools;
9cffeac4 WB	30
8dd26985	31	use crate::io::seq_packet::SeqPacketListener;
9aa2a15a	32
7d20b692	33	#[track_caller]
9aa2a15a	34	pub fn spawn(fut: impl Future<Output = ()> + Send + 'static) {
5bd0c562	35	tokio::spawn(fut);
9aa2a15a WB	36	}
9aa2a15a WB	37
86ee36e8	38	fn usage(status: i32, program: &OsStr, out: &mut dyn Write) -> ! {
d54e9e5a WB	39	let _ = out.write_all("usage: ".as_bytes());
	40	let _ = out.write_all(program.as_bytes());
	41	let _ = out.write_all(
	42	concat!(
	43	"[options] SOCKET_PATH\n",
	44	"options:\n",
	45	" -h, --help show this help message\n",
	46	" --system \
	47	run as systemd daemon (use sd_notify() when ready to accept connections)\n",
86ee36e8 WB	48	)
86ee36e8 WB	49	.as_bytes(),
d54e9e5a WB	50	);
	51	std::process::exit(status);
	52	}
	53
9aa2a15a	54	fn main() {
d54e9e5a WB	55	let mut args = std::env::args_os();
	56	let program = args.next().unwrap(); // program name always exists
	57
	58	let mut use_sd_notify = false;
	59	let mut path = None;
	60
750b5cb3 WB	61	let mut nonopt_arg = \|arg: OsString\| {
	62	if path.is_some() {
	63	let _ = stderr().write_all(b"unexpected extra parameter: ");
	64	let _ = stderr().write_all(arg.as_bytes());
	65	let _ = stderr().write_all(b"\n");
	66	usage(1, &program, &mut stderr());
	67	}
	68
	69	path = Some(arg);
	70	};
	71
d54e9e5a WB	72	for arg in &mut args {
	73	if arg == "-h" \|\| arg == "--help" {
	74	usage(0, &program, &mut stdout());
	75	}
	76
	77	if arg == "--" {
	78	break;
	79	} else if arg == "--system" {
	80	use_sd_notify = true;
	81	} else {
750b5cb3	82	if arg.as_bytes().starts_with(b"-") {
d54e9e5a WB	83	let _ = stderr().write_all(b"unexpected option: ");
d54e9e5a WB	84	let _ = stderr().write_all(arg.as_bytes());
750b5cb3	85	let _ = stderr().write_all(b"\n");
d54e9e5a WB	86	usage(1, &program, &mut stderr());
	87	}
	88
750b5cb3	89	nonopt_arg(arg);
d54e9e5a WB	90	}
	91	}
	92
750b5cb3 WB	93	for arg in &mut args {
	94	nonopt_arg(arg);
	95	}
750b5cb3	96
d54e9e5a WB	97	let path = match path {
	98	Some(path) => path,
	99	None => {
	100	eprintln!("missing path");
	101	usage(1, &program, &mut stderr());
	102	}
	103	};
	104
53d40cee WB	105	let cpus = num_cpus::get();
	106
	107	let rt = tokio::runtime::Builder::new_multi_thread()
	108	.enable_all()
	109	.worker_threads(cpus.max(2).min(4))
	110	.build()
	111	.expect("failed to spawn tokio runtime");
e420f6f9	112
d54e9e5a	113	if let Err(err) = rt.block_on(do_main(use_sd_notify, path)) {
9cffeac4 WB	114	eprintln!("error: {}", err);
	115	std::process::exit(1);
	116	}
	117	}
	118
d54e9e5a	119	async fn do_main(use_sd_notify: bool, socket_path: OsString) -> Result<(), Error> {
571dbe03	120	match std::fs::remove_file(&socket_path) {
9cffeac4	121	Ok(_) => (),
8dd26985	122	Err(ref e) if e.kind() == StdIo::ErrorKind::NotFound => (), // Ok
9cffeac4 WB	123	Err(e) => bail!("failed to remove previous socket: {}", e),
	124	}
	125
571dbe03	126	let address =
b8cb8723	127	UnixAddr::new(socket_path.as_os_str()).expect("cannot create struct sockaddr_un?");
9cffeac4	128
8dd26985	129	let mut listener = SeqPacketListener::bind(&address)
9cffeac4	130	.map_err(\|e\| format_err!("failed to create listening socket: {}", e))?;
d54e9e5a WB	131
	132	if use_sd_notify {
	133	notify_systemd()?;
	134	}
	135
9cffeac4 WB	136	loop {
9cffeac4 WB	137	let client = listener.accept().await?;
e420f6f9	138	let client = client::Client::new(client);
9aa2a15a	139	spawn(client.main());
9cffeac4 WB	140	}
9cffeac4 WB	141	}
d54e9e5a WB	142
	143	#[link(name = "systemd")]
	144	extern "C" {
	145	fn sd_notify(unset_environment: libc::c_int, state: *const libc::c_char) -> libc::c_int;
	146	}
	147
	148	fn notify_systemd() -> StdIo::Result<()> {
	149	let err = unsafe { sd_notify(0, c_str!("READY=1\n").as_ptr()) };
7bb69bd3	150	if err >= 0 {
d54e9e5a WB	151	Ok(())
	152	} else {
	153	Err(StdIo::Error::from_raw_os_error(-err))
	154	}
	155	}