« back to all changes in this revision
Viewing changes to src/lxc/start.c
- browse files at revision 4
- compare with another revision
- download diff
- download tarball
- view history from revision 4
- Committer: Bazaar Package Importer
- Author(s): Guido Trotter
- Date: 2009-07-25 12:24:30 UTC
- mfrom: (1.1.1 upstream)
- Revision ID: james.westby@ubuntu.com-20090725122430-dxv1wb7ds07fc0sk
Tags: 0.6.3-1
* New Upstream Version
* Remove duplicate build-dependency on autotools-dev
* Build depend on linux-libc-dev
* Disable checking of netlink headers from configure
(currently fails under sid)
* Upgrade standards-version to 3.8.2
* Remove duplicate build-dependency on autotools-dev
* Build depend on linux-libc-dev
* Disable checking of netlink headers from configure
(currently fails under sid)
* Upgrade standards-version to 3.8.2
- files added:
- doc/common_options.sgml.in
- files removed:
- src/lxc/lxc_utils.h
- files modified:
- Makefile.am
added
removed
src/lxc/start.c
32
32
#include <signal.h>
33
33
#include <fcntl.h>
34
34
#include <termios.h>
35
#include <namespace.h>
35
36
#include <sys/param.h>
36
37
#include <sys/file.h>
37
38
#include <sys/mount.h>
38
39
#include <sys/types.h>
39
40
#include <sys/prctl.h>
41
#include <sys/types.h>
40
42
#include <sys/capability.h>
41
43
#include <sys/wait.h>
42
44
#include <sys/un.h>
95
97
96
98
lxc_log_define(lxc_start, lxc);
97
99
98
99
100
LXC_TTY_HANDLER(SIGINT);
100
101
LXC_TTY_HANDLER(SIGQUIT);
101
102
103
struct lxc_handler {
104
int sigfd;
105
int lock;
106
pid_t pid;
107
char tty[MAXPATHLEN];
108
sigset_t oldmask;
109
struct lxc_tty_info tty_info;
110
};
111
102
112
static int setup_sigchld_fd(sigset_t *oldmask)
103
113
{
104
114
sigset_t mask;
126
136
return -1;
127
137
}
128
138
139
DEBUG("sigchild handler set");
140
129
141
return fd;
130
142
}
131
143
156
168
static int sigchld_handler(int fd, void *data,
157
169
struct lxc_epoll_descr *descr)
158
170
{
159
pid_t *pid = data;
160
161
waitpid(*pid, NULL, 0);
171
DEBUG("child exited");
162
172
163
173
return 1;
164
174
}
202
212
if (lxc_af_unix_rcv_credential(conn, &ttynum, sizeof(ttynum)))
203
213
goto out_close;
204
214
205
if (ttynum <= 0 || ttynum > tty_info->nbtty)
206
goto out_close;
207
208
/* fixup index array (eg. tty1 is index 0) */
209
ttynum--;
210
211
if (tty_info->pty_info[ttynum].busy)
212
goto out_close;
213
214
if (lxc_af_unix_send_fd(conn, tty_info->pty_info[ttynum].master,
215
NULL, 0) < 0) {
215
if (ttynum > 0) {
216
if (ttynum > tty_info->nbtty)
217
goto out_close;
218
219
if (tty_info->pty_info[ttynum - 1].busy)
220
goto out_close;
221
222
goto out_send;
223
}
224
225
/* fixup index tty1 => [0] */
226
for (ttynum = 1;
227
ttynum <= tty_info->nbtty && tty_info->pty_info[ttynum - 1].busy;
228
ttynum++);
229
230
/* we didn't find any available slot for tty */
231
if (ttynum > tty_info->nbtty)
232
goto out_close;
233
234
out_send:
235
if (lxc_af_unix_send_fd(conn, tty_info->pty_info[ttynum - 1].master,
236
&ttynum, sizeof(ttynum)) < 0) {
216
237
ERROR("failed to send tty to client");
217
238
goto out_close;
218
239
}
219
240
220
if (lxc_mainloop_add_handler(descr, conn,
241
if (lxc_mainloop_add_handler(descr, conn,
221
242
ttyclient_handler, tty_info)) {
222
243
ERROR("failed to add tty client handler");
223
244
goto out_close;
224
245
}
225
246
226
tty_info->pty_info[ttynum].busy = conn;
247
tty_info->pty_info[ttynum - 1].busy = conn;
227
248
228
249
ret = 0;
229
230
250
out:
231
251
return ret;
232
252
out_close:
234
254
goto out;
235
255
}
236
256
237
static int mainloop(const char *name, pid_t pid, int sigfd,
238
const struct lxc_tty_info *tty_info)
257
int lxc_poll(const char *name, struct lxc_handler *handler)
239
258
{
259
int sigfd = handler->sigfd;
260
int pid = handler->pid;
261
const struct lxc_tty_info *tty_info = &handler->tty_info;
262
240
263
int nfds, ttyfd = -1, ret = -1;
241
264
struct lxc_epoll_descr descr;
242
265
282
305
goto out;
283
306
}
284
307
285
int lxc_start(const char *name, char *argv[])
286
{
287
struct lxc_tty_info tty_info = { 0 };
288
sigset_t oldmask;
289
char init[MAXPATHLEN];
290
char tty[MAXPATHLEN];
291
char *val = NULL;
292
int fd, sigfd, lock, sv[2], sync = 0, err = -LXC_ERROR_INTERNAL;
293
pid_t pid;
294
int clone_flags;
295
296
lock = lxc_get_lock(name);
297
if (lock < 0)
298
return lock;
308
static int save_init_pid(const char *name, pid_t pid)
309
{
310
char init[MAXPATHLEN];
311
char *val;
312
int fd, err = -1;
313
314
snprintf(init, MAXPATHLEN, LXCPATH "/%s/init", name);
315
316
if (!asprintf(&val, "%d\n", pid)) {
317
SYSERROR("failed to allocate memory");
318
goto out;
319
}
320
321
fd = open(init, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
322
if (fd < 0) {
323
SYSERROR("failed to open '%s'", init);
324
goto out_free;
325
}
326
327
if (write(fd, val, strlen(val)) < 0) {
328
SYSERROR("failed to write the init pid");
329
goto out_close;
330
}
331
332
err = 0;
333
334
out_close:
335
close(fd);
336
out_free:
337
free(val);
338
out:
339
return err;
340
}
341
342
static void remove_init_pid(const char *name, pid_t pid)
343
{
344
char init[MAXPATHLEN];
345
346
snprintf(init, MAXPATHLEN, LXCPATH "/%s/init", name);
347
unlink(init);
348
}
349
350
static int fdname(int fd, char *name, size_t size)
351
{
352
char path[MAXPATHLEN];
353
ssize_t len;
354
355
snprintf(path, MAXPATHLEN, "/proc/self/fd/%d", fd);
356
357
len = readlink(path, name, size);
358
if (len > 0)
359
path[len] = '\0';
360
361
return (len <= 0) ? -1 : 0;
362
}
363
364
static int console_init(char *console, size_t size)
365
{
366
struct stat stat;
367
int i;
368
369
for (i = 0; i < 3; i++) {
370
if (!isatty(i))
371
continue;
372
373
if (ttyname_r(i, console, size)) {
374
SYSERROR("failed to retrieve tty name");
375
return -1;
376
}
377
378
return 0;
379
}
380
381
if (!fstat(0, &stat)) {
382
if (S_ISREG(stat.st_mode) || S_ISCHR(stat.st_mode) ||
383
S_ISFIFO(stat.st_mode) || S_ISLNK(stat.st_mode))
384
return fdname(0, console, size);
385
}
386
387
console[0] = '\0';
388
389
DEBUG("console initialized");
390
391
return 0;
392
}
393
394
struct lxc_handler *lxc_init(const char *name)
395
{
396
struct lxc_handler *handler;
397
398
handler = malloc(sizeof(*handler));
399
if (!handler)
400
return NULL;
401
402
memset(handler, 0, sizeof(*handler));
403
404
handler->lock = lxc_get_lock(name);
405
if (handler->lock < 0)
406
goto out_free;
299
407
300
408
/* Begin the set the state to STARTING*/
301
409
if (lxc_setstate(name, STARTING)) {
302
ERROR("failed to set state '%s'",
303
lxc_state2str(STARTING));
304
goto out;
305
}
306
307
/* If we are not attached to a tty, disable it */
308
if (ttyname_r(0, tty, sizeof(tty)))
309
tty[0] = '\0';
310
311
if (lxc_create_tty(name, &tty_info)) {
410
ERROR("failed to set state '%s'", lxc_state2str(STARTING));
411
goto out_put_lock;
412
}
413
414
if (console_init(handler->tty, sizeof(handler->tty))) {
415
ERROR("failed to initialize the console");
416
goto out_aborting;
417
}
418
419
if (lxc_create_tty(name, &handler->tty_info)) {
312
420
ERROR("failed to create the ttys");
313
goto out;
421
goto out_aborting;
314
422
}
315
423
316
424
/* the signal fd has to be created before forking otherwise
317
425
* if the child process exits before we setup the signal fd,
318
426
* the event will be lost and the command will be stuck */
319
sigfd = setup_sigchld_fd(&oldmask);
320
if (sigfd < 0) {
427
handler->sigfd = setup_sigchld_fd(&handler->oldmask);
428
if (handler->sigfd < 0) {
321
429
ERROR("failed to set sigchild fd handler");
322
return -1;
323
}
430
goto out_delete_tty;
431
}
432
433
/* Avoid signals from terminal */
434
LXC_TTY_ADD_HANDLER(SIGINT);
435
LXC_TTY_ADD_HANDLER(SIGQUIT);
436
437
out:
438
if (handler)
439
INFO("'%s' is initialized", name);
440
441
return handler;
442
443
out_delete_tty:
444
lxc_delete_tty(&handler->tty_info);
445
out_aborting:
446
lxc_setstate(name, ABORTING);
447
out_put_lock:
448
lxc_put_lock(handler->lock);
449
out_free:
450
free(handler);
451
handler = NULL;
452
goto out;
453
}
454
455
void lxc_fini(const char *name, struct lxc_handler *handler)
456
{
457
/* The STOPPING state is there for future cleanup code
458
* which can take awhile
459
*/
460
lxc_setstate(name, STOPPING);
461
lxc_setstate(name, STOPPED);
462
lxc_unlink_nsgroup(name);
463
464
if (handler) {
465
remove_init_pid(name, handler->pid);
466
lxc_delete_tty(&handler->tty_info);
467
lxc_put_lock(handler->lock);
468
free(handler);
469
}
470
471
LXC_TTY_DEL_HANDLER(SIGQUIT);
472
LXC_TTY_DEL_HANDLER(SIGINT);
473
}
474
475
void lxc_abort(const char *name, struct lxc_handler *handler)
476
{
477
lxc_setstate(name, ABORTING);
478
kill(handler->pid, SIGKILL);
479
}
480
481
struct start_arg {
482
const char *name;
483
char *const *argv;
484
struct lxc_handler *handler;
485
int *sv;
486
};
487
488
static int do_start(void *arg)
489
{
490
struct start_arg *start_arg = arg;
491
struct lxc_handler *handler = start_arg->handler;
492
const char *name = start_arg->name;
493
char *const *argv = start_arg->argv;
494
int *sv = start_arg->sv;
495
int err = -1, sync;
496
497
if (sigprocmask(SIG_SETMASK, &handler->oldmask, NULL)) {
498
SYSERROR("failed to set sigprocmask");
499
goto out_child;
500
}
501
502
close(sv[1]);
503
504
/* Be sure we don't inherit this after the exec */
505
fcntl(sv[0], F_SETFD, FD_CLOEXEC);
506
507
/* Tell our father he can begin to configure the container */
508
if (write(sv[0], &sync, sizeof(sync)) < 0) {
509
SYSERROR("failed to write socket");
510
goto out_child;
511
}
512
513
/* Wait for the father to finish the configuration */
514
if (read(sv[0], &sync, sizeof(sync)) < 0) {
515
SYSERROR("failed to read socket");
516
goto out_child;
517
}
518
519
/* Setup the container, ip, names, utsname, ... */
520
if (lxc_setup(name, handler->tty, &handler->tty_info)) {
521
ERROR("failed to setup the container");
522
goto out_warn_father;
523
}
524
525
if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
526
SYSERROR("failed to remove CAP_SYS_BOOT capability");
527
goto out_child;
528
}
529
530
NOTICE("exec'ing '%s'", argv[0]);
531
532
execvp(argv[0], argv);
533
SYSERROR("failed to exec %s", argv[0]);
534
535
out_warn_father:
536
/* If the exec fails, tell that to our father */
537
if (write(sv[0], &err, sizeof(err)) < 0)
538
SYSERROR("failed to write the socket");
539
out_child:
540
return -1;
541
}
542
543
int lxc_spawn(const char *name, struct lxc_handler *handler, char *const argv[])
544
{
545
int sv[2];
546
int clone_flags;
547
int err = -1, sync;
548
549
struct start_arg start_arg = {
550
.name = name,
551
.argv = argv,
552
.handler = handler,
553
.sv = sv,
554
};
324
555
325
556
/* Synchro socketpair */
326
557
if (socketpair(AF_LOCAL, SOCK_STREAM, 0, sv)) {
328
559
goto out;
329
560
}
330
561
331
/* Avoid signals from terminal */
332
LXC_TTY_ADD_HANDLER(SIGINT);
333
LXC_TTY_ADD_HANDLER(SIGQUIT);
334
335
clone_flags = CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
336
if (conf_has_utsname(name))
337
clone_flags |= CLONE_NEWUTS;
562
clone_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
338
563
if (conf_has_network(name))
339
564
clone_flags |= CLONE_NEWNET;
340
565
341
566
/* Create a process in a new set of namespaces */
342
pid = fork_ns(clone_flags);
343
if (pid < 0) {
567
handler->pid = lxc_clone(do_start, &start_arg, clone_flags);
568
if (handler->pid < 0) {
344
569
SYSERROR("failed to fork into a new namespace");
345
goto err_fork_ns;
346
}
347
348
if (!pid) {
349
350
if (sigprocmask(SIG_SETMASK, &oldmask, NULL)) {
351
SYSERROR("failed to set sigprocmask");
352
return -1;
353
}
354
355
close(sv[1]);
356
357
/* Be sure we don't inherit this after the exec */
358
fcntl(sv[0], F_SETFD, FD_CLOEXEC);
359
360
/* Tell our father he can begin to configure the container */
361
if (write(sv[0], &sync, sizeof(sync)) < 0) {
362
SYSERROR("failed to write socket");
363
goto out_child;
364
}
365
366
/* Wait for the father to finish the configuration */
367
if (read(sv[0], &sync, sizeof(sync)) < 0) {
368
SYSERROR("failed to read socket");
369
goto out_child;
370
}
371
372
/* Setup the container, ip, names, utsname, ... */
373
err = lxc_setup(name, tty, &tty_info);
374
if (err) {
375
ERROR("failed to setup the container");
376
if (write(sv[0], &err, sizeof(err)) < 0)
377
SYSERROR("failed to write the socket");
378
goto out_child;
379
}
380
381
if (prctl(PR_CAPBSET_DROP, CAP_SYS_BOOT, 0, 0, 0)) {
382
SYSERROR("failed to remove CAP_SYS_BOOT capability");
383
goto out_child;
384
}
385
386
execvp(argv[0], argv);
387
SYSERROR("failed to exec %s", argv[0]);
388
389
err = LXC_ERROR_WRONG_COMMAND;
390
/* If the exec fails, tell that to our father */
391
if (write(sv[0], &err, sizeof(err)) < 0)
392
SYSERROR("failed to write the socket");
393
394
out_child:
395
exit(err);
570
goto out_close;
396
571
}
397
572
398
573
close(sv[0]);
400
575
/* Wait for the child to be ready */
401
576
if (read(sv[1], &sync, sizeof(sync)) < 0) {
402
577
SYSERROR("failed to read the socket");
403
goto err_pipe_read;
578
goto out_abort;
404
579
}
405
580
406
if (lxc_link_nsgroup(name, pid))
407
WARN("cgroupfs not found: cgroup disabled");
581
if (lxc_rename_nsgroup(name, handler->pid) || lxc_link_nsgroup(name))
582
goto out_abort;
408
583
409
584
/* Create the network configuration */
410
if (clone_flags & CLONE_NEWNET && conf_create_network(name, pid)) {
585
if (clone_flags & CLONE_NEWNET &&
586
conf_create_network(name, handler->pid)) {
411
587
ERROR("failed to create the configured network");
412
goto err_create_network;
588
goto out_abort;
413
589
}
414
590
415
591
/* Tell the child to continue its initialization */
416
592
if (write(sv[1], &sync, sizeof(sync)) < 0) {
417
593
SYSERROR("failed to write the socket");
418
goto err_pipe_write;
594
goto out_abort;
419
595
}
420
596
421
597
/* Wait for the child to exec or returning an error */
422
err = read(sv[1], &sync, sizeof(sync));
423
if (err < 0) {
598
if (read(sv[1], &sync, sizeof(sync)) < 0) {
424
599
ERROR("failed to read the socket");
425
goto err_pipe_read2;
426
}
427
428
if (err > 0) {
429
err = sync;
430
waitpid(pid, NULL, 0);
431
goto err_child_failed;
432
}
433
434
if (!asprintf(&val, "%d\n", pid)) {
435
SYSERROR("failed to allocate memory");
436
goto err_child_failed;
437
}
438
439
snprintf(init, MAXPATHLEN, LXCPATH "/%s/init", name);
440
441
fd = open(init, O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR);
442
if (fd < 0) {
443
SYSERROR("failed to open '%s'", init);
444
goto err_write;
445
}
446
447
if (write(fd, val, strlen(val)) < 0) {
448
SYSERROR("failed to write the init pid");
449
goto err_write;
450
}
451
452
close(fd);
600
goto out_abort;
601
}
602
603
if (save_init_pid(name, handler->pid)) {
604
ERROR("failed to save the init pid info");
605
goto out_abort;
606
}
453
607
454
608
if (lxc_setstate(name, RUNNING)) {
455
609
ERROR("failed to set state to %s",
456
610
lxc_state2str(RUNNING));
457
goto err_state_failed;
458
}
459
460
if (mainloop(name, pid, sigfd, &tty_info)) {
611
goto out_abort;
612
}
613
614
err = 0;
615
616
NOTICE("'%s' started with pid '%d'", argv[0], handler->pid);
617
618
out_close:
619
close(sv[0]);
620
close(sv[1]);
621
out:
622
return err;
623
624
out_abort:
625
lxc_abort(name, handler);
626
goto out_close;
627
}
628
629
int lxc_start(const char *name, char *const argv[])
630
{
631
struct lxc_handler *handler;
632
int err = -1;
633
int status;
634
635
handler = lxc_init(name);
636
if (!handler) {
637
ERROR("failed to initialize the container");
638
goto out;
639
}
640
641
err = lxc_spawn(name, handler, argv);
642
if (err) {
643
ERROR("failed to spawn '%s'", argv[0]);
644
goto out;
645
}
646
647
err = lxc_close_all_inherited_fd();
648
if (err) {
649
ERROR("unable to close inherited fds");
650
goto out_abort;
651
}
652
653
err = lxc_poll(name, handler);
654
if (err) {
461
655
ERROR("mainloop exited with an error");
462
goto err_mailoop_failed;
656
goto out_abort;
463
657
}
464
658
465
if (lxc_setstate(name, STOPPING))
466
ERROR("failed to set state %s", lxc_state2str(STOPPING));
467
468
if (clone_flags & CLONE_NEWNET && conf_destroy_network(name))
469
ERROR("failed to destroy the network");
470
471
err = 0;
659
while (waitpid(handler->pid, &status, 0) < 0 && errno == EINTR)
660
continue;
661
662
err = lxc_error_set_and_log(handler->pid, status);
472
663
out:
473
if (lxc_setstate(name, STOPPED))
474
ERROR("failed to set state %s", lxc_state2str(STOPPED));
475
476
lxc_delete_tty(&tty_info);
477
lxc_unlink_nsgroup(name);
478
unlink(init);
479
free(val);
480
lxc_put_lock(lock);
481
LXC_TTY_DEL_HANDLER(SIGQUIT);
482
LXC_TTY_DEL_HANDLER(SIGINT);
483
664
lxc_fini(name, handler);
484
665
return err;
485
666
486
err_write:
487
close(fd);
488
489
err_state_failed:
490
err_child_failed:
491
err_pipe_read2:
492
err_pipe_write:
493
if (clone_flags & CLONE_NEWNET)
494
conf_destroy_network(name);
495
err_create_network:
496
err_pipe_read:
497
err_mailoop_failed:
498
if (lxc_setstate(name, ABORTING))
499
ERROR("failed to set state %s", lxc_state2str(STOPPED));
500
501
kill(pid, SIGKILL);
502
err_fork_ns:
503
close(sv[0]);
504
close(sv[1]);
667
out_abort:
668
lxc_abort(name, handler);
505
669
goto out;
506
670
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1