~wgrant/ubuntu/quantal/lxc/bug-1050351
» Revision
144
: .pc/0216-hook-kmsg-to-console/src/lxc/conf.c
« back to all changes in this revision
Viewing changes to .pc/0216-hook-kmsg-to-console/src/lxc/conf.c
- browse files at revision 144
- compare with another revision
- download diff
- download tarball
- view history from revision 144
- Committer: Serge Hallyn
- Date: 2012-09-13 03:44:17 UTC
- Revision ID: serge.hallyn@ubuntu.com-20120913034417-6e0r9x73ry1ion1y
0216-hook-kmsg-to-console: link /dev/kmsg to /dev/console so init log
messages can be seen. (LP: #1049926)
messages can be seen. (LP: #1049926)
- files added:
- .pc/0216-hook-kmsg-to-console
- .pc/0216-hook-kmsg-to-console/src
- .pc/0216-hook-kmsg-to-console/src/lxc
- files modified:
- .pc/applied-patches
added
removed
.pc/0216-hook-kmsg-to-console/src/lxc/conf.c
1
/*
2
* lxc: linux Container library
3
*
4
* (C) Copyright IBM Corp. 2007, 2008
5
*
6
* Authors:
7
* Daniel Lezcano <dlezcano at fr.ibm.com>
8
*
9
* This library is free software; you can redistribute it and/or
10
* modify it under the terms of the GNU Lesser General Public
11
* License as published by the Free Software Foundation; either
12
* version 2.1 of the License, or (at your option) any later version.
13
*
14
* This library is distributed in the hope that it will be useful,
15
* but WITHOUT ANY WARRANTY; without even the implied warranty of
16
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17
* Lesser General Public License for more details.
18
*
19
* You should have received a copy of the GNU Lesser General Public
20
* License along with this library; if not, write to the Free Software
21
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
*/
23
#define _GNU_SOURCE
24
#include <stdio.h>
25
#undef _GNU_SOURCE
26
#include <stdlib.h>
27
#include <stdarg.h>
28
#include <errno.h>
29
#include <string.h>
30
#include <dirent.h>
31
#include <mntent.h>
32
#include <unistd.h>
33
#include <sys/wait.h>
34
#include <pty.h>
35
36
#include <linux/loop.h>
37
38
#include <sys/types.h>
39
#include <sys/utsname.h>
40
#include <sys/param.h>
41
#include <sys/stat.h>
42
#include <sys/socket.h>
43
#include <sys/mount.h>
44
#include <sys/mman.h>
45
#include <sys/prctl.h>
46
#include <sys/capability.h>
47
#include <sys/personality.h>
48
49
#include <arpa/inet.h>
50
#include <fcntl.h>
51
#include <netinet/in.h>
52
#include <net/if.h>
53
#include <libgen.h>
54
55
#include "network.h"
56
#include "error.h"
57
#include "parse.h"
58
#include "config.h"
59
#include "utils.h"
60
#include "conf.h"
61
#include "log.h"
62
#include "lxc.h" /* for lxc_cgroup_set() */
63
#include "caps.h" /* for lxc_caps_last_cap() */
64
65
lxc_log_define(lxc_conf, lxc);
66
67
#define MAXHWLEN 18
68
#define MAXINDEXLEN 20
69
#define MAXMTULEN 16
70
#define MAXLINELEN 128
71
72
#ifndef MS_DIRSYNC
73
#define MS_DIRSYNC 128
74
#endif
75
76
#ifndef MS_REC
77
#define MS_REC 16384
78
#endif
79
80
#ifndef MNT_DETACH
81
#define MNT_DETACH 2
82
#endif
83
84
#ifndef MS_RELATIME
85
#define MS_RELATIME (1 << 21)
86
#endif
87
88
#ifndef MS_STRICTATIME
89
#define MS_STRICTATIME (1 << 24)
90
#endif
91
92
#ifndef CAP_SETFCAP
93
#define CAP_SETFCAP 31
94
#endif
95
96
#ifndef CAP_MAC_OVERRIDE
97
#define CAP_MAC_OVERRIDE 32
98
#endif
99
100
#ifndef CAP_MAC_ADMIN
101
#define CAP_MAC_ADMIN 33
102
#endif
103
104
#ifndef PR_CAPBSET_DROP
105
#define PR_CAPBSET_DROP 24
106
#endif
107
108
char *lxchook_names[NUM_LXC_HOOKS] = {
109
"pre-start", "pre-mount", "mount", "start", "post-stop" };
110
111
extern int pivot_root(const char * new_root, const char * put_old);
112
113
typedef int (*instanciate_cb)(struct lxc_handler *, struct lxc_netdev *);
114
115
struct mount_opt {
116
char *name;
117
int clear;
118
int flag;
119
};
120
121
struct caps_opt {
122
char *name;
123
int value;
124
};
125
126
static int instanciate_veth(struct lxc_handler *, struct lxc_netdev *);
127
static int instanciate_macvlan(struct lxc_handler *, struct lxc_netdev *);
128
static int instanciate_vlan(struct lxc_handler *, struct lxc_netdev *);
129
static int instanciate_phys(struct lxc_handler *, struct lxc_netdev *);
130
static int instanciate_empty(struct lxc_handler *, struct lxc_netdev *);
131
132
static instanciate_cb netdev_conf[LXC_NET_MAXCONFTYPE + 1] = {
133
[LXC_NET_VETH] = instanciate_veth,
134
[LXC_NET_MACVLAN] = instanciate_macvlan,
135
[LXC_NET_VLAN] = instanciate_vlan,
136
[LXC_NET_PHYS] = instanciate_phys,
137
[LXC_NET_EMPTY] = instanciate_empty,
138
};
139
140
static struct mount_opt mount_opt[] = {
141
{ "defaults", 0, 0 },
142
{ "ro", 0, MS_RDONLY },
143
{ "rw", 1, MS_RDONLY },
144
{ "suid", 1, MS_NOSUID },
145
{ "nosuid", 0, MS_NOSUID },
146
{ "dev", 1, MS_NODEV },
147
{ "nodev", 0, MS_NODEV },
148
{ "exec", 1, MS_NOEXEC },
149
{ "noexec", 0, MS_NOEXEC },
150
{ "sync", 0, MS_SYNCHRONOUS },
151
{ "async", 1, MS_SYNCHRONOUS },
152
{ "dirsync", 0, MS_DIRSYNC },
153
{ "remount", 0, MS_REMOUNT },
154
{ "mand", 0, MS_MANDLOCK },
155
{ "nomand", 1, MS_MANDLOCK },
156
{ "atime", 1, MS_NOATIME },
157
{ "noatime", 0, MS_NOATIME },
158
{ "diratime", 1, MS_NODIRATIME },
159
{ "nodiratime", 0, MS_NODIRATIME },
160
{ "bind", 0, MS_BIND },
161
{ "rbind", 0, MS_BIND|MS_REC },
162
{ "relatime", 0, MS_RELATIME },
163
{ "norelatime", 1, MS_RELATIME },
164
{ "strictatime", 0, MS_STRICTATIME },
165
{ "nostrictatime", 1, MS_STRICTATIME },
166
{ NULL, 0, 0 },
167
};
168
169
static struct caps_opt caps_opt[] = {
170
{ "chown", CAP_CHOWN },
171
{ "dac_override", CAP_DAC_OVERRIDE },
172
{ "dac_read_search", CAP_DAC_READ_SEARCH },
173
{ "fowner", CAP_FOWNER },
174
{ "fsetid", CAP_FSETID },
175
{ "kill", CAP_KILL },
176
{ "setgid", CAP_SETGID },
177
{ "setuid", CAP_SETUID },
178
{ "setpcap", CAP_SETPCAP },
179
{ "linux_immutable", CAP_LINUX_IMMUTABLE },
180
{ "net_bind_service", CAP_NET_BIND_SERVICE },
181
{ "net_broadcast", CAP_NET_BROADCAST },
182
{ "net_admin", CAP_NET_ADMIN },
183
{ "net_raw", CAP_NET_RAW },
184
{ "ipc_lock", CAP_IPC_LOCK },
185
{ "ipc_owner", CAP_IPC_OWNER },
186
{ "sys_module", CAP_SYS_MODULE },
187
{ "sys_rawio", CAP_SYS_RAWIO },
188
{ "sys_chroot", CAP_SYS_CHROOT },
189
{ "sys_ptrace", CAP_SYS_PTRACE },
190
{ "sys_pacct", CAP_SYS_PACCT },
191
{ "sys_admin", CAP_SYS_ADMIN },
192
{ "sys_boot", CAP_SYS_BOOT },
193
{ "sys_nice", CAP_SYS_NICE },
194
{ "sys_resource", CAP_SYS_RESOURCE },
195
{ "sys_time", CAP_SYS_TIME },
196
{ "sys_tty_config", CAP_SYS_TTY_CONFIG },
197
{ "mknod", CAP_MKNOD },
198
{ "lease", CAP_LEASE },
199
#ifdef CAP_AUDIT_WRITE
200
{ "audit_write", CAP_AUDIT_WRITE },
201
#endif
202
#ifdef CAP_AUDIT_CONTROL
203
{ "audit_control", CAP_AUDIT_CONTROL },
204
#endif
205
{ "setfcap", CAP_SETFCAP },
206
{ "mac_override", CAP_MAC_OVERRIDE },
207
{ "mac_admin", CAP_MAC_ADMIN },
208
#ifdef CAP_SYSLOG
209
{ "syslog", CAP_SYSLOG },
210
#endif
211
#ifdef CAP_WAKE_ALARM
212
{ "wake_alarm", CAP_WAKE_ALARM },
213
#endif
214
};
215
216
static int run_script(const char *name, const char *section,
217
const char *script, ...)
218
{
219
int ret;
220
FILE *f;
221
char *buffer, *p, *output;
222
size_t size = 0;
223
va_list ap;
224
225
INFO("Executing script '%s' for container '%s', config section '%s'",
226
script, name, section);
227
228
va_start(ap, script);
229
while ((p = va_arg(ap, char *)))
230
size += strlen(p) + 1;
231
va_end(ap);
232
233
size += strlen(script);
234
size += strlen(name);
235
size += strlen(section);
236
size += 3;
237
238
if (size > INT_MAX)
239
return -1;
240
241
buffer = alloca(size);
242
if (!buffer) {
243
ERROR("failed to allocate memory");
244
return -1;
245
}
246
247
ret = snprintf(buffer, size, "%s %s %s", script, name, section);
248
if (ret < 0 || ret >= size) {
249
ERROR("Script name too long");
250
free(buffer);
251
return -1;
252
}
253
254
va_start(ap, script);
255
while ((p = va_arg(ap, char *))) {
256
int len = size-ret;
257
int rc;
258
rc = snprintf(buffer + ret, len, " %s", p);
259
if (rc < 0 || rc >= len) {
260
free(buffer);
261
ERROR("Script args too long");
262
return -1;
263
}
264
ret += rc;
265
}
266
va_end(ap);
267
268
f = popen(buffer, "r");
269
if (!f) {
270
SYSERROR("popen failed");
271
return -1;
272
}
273
274
output = malloc(LXC_LOG_BUFFER_SIZE);
275
if (!output) {
276
ERROR("failed to allocate memory for script output");
277
return -1;
278
}
279
280
while(fgets(output, LXC_LOG_BUFFER_SIZE, f))
281
DEBUG("script output: %s", output);
282
283
free(output);
284
285
if (pclose(f) == -1) {
286
SYSERROR("Script exited on error");
287
return -1;
288
}
289
290
return 0;
291
}
292
293
static int find_fstype_cb(char* buffer, void *data)
294
{
295
struct cbarg {
296
const char *rootfs;
297
const char *target;
298
int mntopt;
299
} *cbarg = data;
300
301
char *fstype;
302
303
/* we don't try 'nodev' entries */
304
if (strstr(buffer, "nodev"))
305
return 0;
306
307
fstype = buffer;
308
fstype += lxc_char_left_gc(fstype, strlen(fstype));
309
fstype[lxc_char_right_gc(fstype, strlen(fstype))] = '\0';
310
311
DEBUG("trying to mount '%s'->'%s' with fstype '%s'",
312
cbarg->rootfs, cbarg->target, fstype);
313
314
if (mount(cbarg->rootfs, cbarg->target, fstype, cbarg->mntopt, NULL)) {
315
DEBUG("mount failed with error: %s", strerror(errno));
316
return 0;
317
}
318
319
INFO("mounted '%s' on '%s', with fstype '%s'",
320
cbarg->rootfs, cbarg->target, fstype);
321
322
return 1;
323
}
324
325
static int mount_unknow_fs(const char *rootfs, const char *target, int mntopt)
326
{
327
int i;
328
329
struct cbarg {
330
const char *rootfs;
331
const char *target;
332
int mntopt;
333
} cbarg = {
334
.rootfs = rootfs,
335
.target = target,
336
.mntopt = mntopt,
337
};
338
339
/*
340
* find the filesystem type with brute force:
341
* first we check with /etc/filesystems, in case the modules
342
* are auto-loaded and fall back to the supported kernel fs
343
*/
344
char *fsfile[] = {
345
"/etc/filesystems",
346
"/proc/filesystems",
347
};
348
349
for (i = 0; i < sizeof(fsfile)/sizeof(fsfile[0]); i++) {
350
351
int ret;
352
353
if (access(fsfile[i], F_OK))
354
continue;
355
356
ret = lxc_file_for_each_line(fsfile[i], find_fstype_cb, &cbarg);
357
if (ret < 0) {
358
ERROR("failed to parse '%s'", fsfile[i]);
359
return -1;
360
}
361
362
if (ret)
363
return 0;
364
}
365
366
ERROR("failed to determine fs type for '%s'", rootfs);
367
return -1;
368
}
369
370
static int mount_rootfs_dir(const char *rootfs, const char *target)
371
{
372
return mount(rootfs, target, "none", MS_BIND | MS_REC, NULL);
373
}
374
375
static int setup_lodev(const char *rootfs, int fd, struct loop_info64 *loinfo)
376
{
377
int rfd;
378
int ret = -1;
379
380
rfd = open(rootfs, O_RDWR);
381
if (rfd < 0) {
382
SYSERROR("failed to open '%s'", rootfs);
383
return -1;
384
}
385
386
memset(loinfo, 0, sizeof(*loinfo));
387
388
loinfo->lo_flags = LO_FLAGS_AUTOCLEAR;
389
390
if (ioctl(fd, LOOP_SET_FD, rfd)) {
391
SYSERROR("failed to LOOP_SET_FD");
392
goto out;
393
}
394
395
if (ioctl(fd, LOOP_SET_STATUS64, loinfo)) {
396
SYSERROR("failed to LOOP_SET_STATUS64");
397
goto out;
398
}
399
400
ret = 0;
401
out:
402
close(rfd);
403
404
return ret;
405
}
406
407
static int mount_rootfs_file(const char *rootfs, const char *target)
408
{
409
struct dirent dirent, *direntp;
410
struct loop_info64 loinfo;
411
int ret = -1, fd = -1, rc;
412
DIR *dir;
413
char path[MAXPATHLEN];
414
415
dir = opendir("/dev");
416
if (!dir) {
417
SYSERROR("failed to open '/dev'");
418
return -1;
419
}
420
421
while (!readdir_r(dir, &dirent, &direntp)) {
422
423
if (!direntp)
424
break;
425
426
if (!strcmp(direntp->d_name, "."))
427
continue;
428
429
if (!strcmp(direntp->d_name, ".."))
430
continue;
431
432
if (strncmp(direntp->d_name, "loop", 4))
433
continue;
434
435
rc = snprintf(path, MAXPATHLEN, "/dev/%s", direntp->d_name);
436
if (rc < 0 || rc >= MAXPATHLEN)
437
continue;
438
439
fd = open(path, O_RDWR);
440
if (fd < 0)
441
continue;
442
443
if (ioctl(fd, LOOP_GET_STATUS64, &loinfo) == 0) {
444
close(fd);
445
continue;
446
}
447
448
if (errno != ENXIO) {
449
WARN("unexpected error for ioctl on '%s': %m",
450
direntp->d_name);
451
continue;
452
}
453
454
DEBUG("found '%s' free lodev", path);
455
456
ret = setup_lodev(rootfs, fd, &loinfo);
457
if (!ret)
458
ret = mount_unknow_fs(path, target, 0);
459
close(fd);
460
461
break;
462
}
463
464
if (closedir(dir))
465
WARN("failed to close directory");
466
467
return ret;
468
}
469
470
static int mount_rootfs_block(const char *rootfs, const char *target)
471
{
472
return mount_unknow_fs(rootfs, target, 0);
473
}
474
475
/*
476
* pin_rootfs
477
* if rootfs is a directory, then open ${rootfs}.hold for writing for the
478
* duration of the container run, to prevent the container from marking the
479
* underlying fs readonly on shutdown.
480
* return -1 on error.
481
* return -2 if nothing needed to be pinned.
482
* return an open fd (>=0) if we pinned it.
483
*/
484
int pin_rootfs(const char *rootfs)
485
{
486
char absrootfs[MAXPATHLEN];
487
char absrootfspin[MAXPATHLEN];
488
struct stat s;
489
int ret, fd;
490
491
if (rootfs == NULL || strlen(rootfs) == 0)
492
return 0;
493
494
if (!realpath(rootfs, absrootfs)) {
495
SYSERROR("failed to get real path for '%s'", rootfs);
496
return -1;
497
}
498
499
if (access(absrootfs, F_OK)) {
500
SYSERROR("'%s' is not accessible", absrootfs);
501
return -1;
502
}
503
504
if (stat(absrootfs, &s)) {
505
SYSERROR("failed to stat '%s'", absrootfs);
506
return -1;
507
}
508
509
if (!__S_ISTYPE(s.st_mode, S_IFDIR))
510
return -2;
511
512
ret = snprintf(absrootfspin, MAXPATHLEN, "%s%s", absrootfs, ".hold");
513
if (ret >= MAXPATHLEN) {
514
SYSERROR("pathname too long for rootfs hold file");
515
return -1;
516
}
517
518
fd = open(absrootfspin, O_CREAT | O_RDWR, S_IWUSR|S_IRUSR);
519
INFO("opened %s as fd %d\n", absrootfspin, fd);
520
return fd;
521
}
522
523
static int mount_rootfs(const char *rootfs, const char *target)
524
{
525
char absrootfs[MAXPATHLEN];
526
struct stat s;
527
int i;
528
529
typedef int (*rootfs_cb)(const char *, const char *);
530
531
struct rootfs_type {
532
int type;
533
rootfs_cb cb;
534
} rtfs_type[] = {
535
{ S_IFDIR, mount_rootfs_dir },
536
{ S_IFBLK, mount_rootfs_block },
537
{ S_IFREG, mount_rootfs_file },
538
};
539
540
if (!realpath(rootfs, absrootfs)) {
541
SYSERROR("failed to get real path for '%s'", rootfs);
542
return -1;
543
}
544
545
if (access(absrootfs, F_OK)) {
546
SYSERROR("'%s' is not accessible", absrootfs);
547
return -1;
548
}
549
550
if (stat(absrootfs, &s)) {
551
SYSERROR("failed to stat '%s'", absrootfs);
552
return -1;
553
}
554
555
for (i = 0; i < sizeof(rtfs_type)/sizeof(rtfs_type[0]); i++) {
556
557
if (!__S_ISTYPE(s.st_mode, rtfs_type[i].type))
558
continue;
559
560
return rtfs_type[i].cb(absrootfs, target);
561
}
562
563
ERROR("unsupported rootfs type for '%s'", absrootfs);
564
return -1;
565
}
566
567
static int setup_utsname(struct utsname *utsname)
568
{
569
if (!utsname)
570
return 0;
571
572
if (sethostname(utsname->nodename, strlen(utsname->nodename))) {
573
SYSERROR("failed to set the hostname to '%s'", utsname->nodename);
574
return -1;
575
}
576
577
INFO("'%s' hostname has been setup", utsname->nodename);
578
579
return 0;
580
}
581
582
static int setup_tty(const struct lxc_rootfs *rootfs,
583
const struct lxc_tty_info *tty_info, char *ttydir)
584
{
585
char path[MAXPATHLEN], lxcpath[MAXPATHLEN];
586
int i, ret;
587
588
if (!rootfs->path)
589
return 0;
590
591
for (i = 0; i < tty_info->nbtty; i++) {
592
593
struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
594
595
ret = snprintf(path, sizeof(path), "%s/dev/tty%d",
596
rootfs->mount, i + 1);
597
if (ret >= sizeof(path)) {
598
ERROR("pathname too long for ttys");
599
return -1;
600
}
601
if (ttydir) {
602
/* create dev/lxc/tty%d" */
603
ret = snprintf(lxcpath, sizeof(lxcpath), "%s/dev/%s/tty%d",
604
rootfs->mount, ttydir, i + 1);
605
if (ret >= sizeof(lxcpath)) {
606
ERROR("pathname too long for ttys");
607
return -1;
608
}
609
ret = creat(lxcpath, 0660);
610
if (ret==-1 && errno != EEXIST) {
611
SYSERROR("error creating %s\n", lxcpath);
612
return -1;
613
}
614
close(ret);
615
ret = unlink(path);
616
if (ret && errno != ENOENT) {
617
SYSERROR("error unlinking %s\n", path);
618
return -1;
619
}
620
621
if (mount(pty_info->name, lxcpath, "none", MS_BIND, 0)) {
622
WARN("failed to mount '%s'->'%s'",
623
pty_info->name, path);
624
continue;
625
}
626
627
ret = snprintf(lxcpath, sizeof(lxcpath), "%s/tty%d", ttydir, i+1);
628
if (ret >= sizeof(lxcpath)) {
629
ERROR("tty pathname too long");
630
return -1;
631
}
632
ret = symlink(lxcpath, path);
633
if (ret) {
634
SYSERROR("failed to create symlink for tty %d\n", i+1);
635
return -1;
636
}
637
} else {
638
if (mount(pty_info->name, path, "none", MS_BIND, 0)) {
639
WARN("failed to mount '%s'->'%s'",
640
pty_info->name, path);
641
continue;
642
}
643
}
644
}
645
646
INFO("%d tty(s) has been setup", tty_info->nbtty);
647
648
return 0;
649
}
650
651
static int setup_rootfs_pivot_root_cb(char *buffer, void *data)
652
{
653
struct lxc_list *mountlist, *listentry, *iterator;
654
char *pivotdir, *mountpoint, *mountentry;
655
int found;
656
void **cbparm;
657
658
mountentry = buffer;
659
cbparm = (void **)data;
660
661
mountlist = cbparm[0];
662
pivotdir = cbparm[1];
663
664
/* parse entry, first field is mountname, ignore */
665
mountpoint = strtok(mountentry, " ");
666
if (!mountpoint)
667
return -1;
668
669
/* second field is mountpoint */
670
mountpoint = strtok(NULL, " ");
671
if (!mountpoint)
672
return -1;
673
674
/* only consider mountpoints below old root fs */
675
if (strncmp(mountpoint, pivotdir, strlen(pivotdir)))
676
return 0;
677
678
/* filter duplicate mountpoints */
679
found = 0;
680
lxc_list_for_each(iterator, mountlist) {
681
if (!strcmp(iterator->elem, mountpoint)) {
682
found = 1;
683
break;
684
}
685
}
686
if (found)
687
return 0;
688
689
/* add entry to list */
690
listentry = malloc(sizeof(*listentry));
691
if (!listentry) {
692
SYSERROR("malloc for mountpoint listentry failed");
693
return -1;
694
}
695
696
listentry->elem = strdup(mountpoint);
697
if (!listentry->elem) {
698
SYSERROR("strdup failed");
699
return -1;
700
}
701
lxc_list_add_tail(mountlist, listentry);
702
703
return 0;
704
}
705
706
static int umount_oldrootfs(const char *oldrootfs)
707
{
708
char path[MAXPATHLEN];
709
void *cbparm[2];
710
struct lxc_list mountlist, *iterator;
711
int ok, still_mounted, last_still_mounted;
712
int rc;
713
714
/* read and parse /proc/mounts in old root fs */
715
lxc_list_init(&mountlist);
716
717
/* oldrootfs is on the top tree directory now */
718
rc = snprintf(path, sizeof(path), "/%s", oldrootfs);
719
if (rc >= sizeof(path)) {
720
ERROR("rootfs name too long");
721
return -1;
722
}
723
cbparm[0] = &mountlist;
724
725
cbparm[1] = strdup(path);
726
if (!cbparm[1]) {
727
SYSERROR("strdup failed");
728
return -1;
729
}
730
731
rc = snprintf(path, sizeof(path), "%s/proc/mounts", oldrootfs);
732
if (rc >= sizeof(path)) {
733
ERROR("container proc/mounts name too long");
734
return -1;
735
}
736
737
ok = lxc_file_for_each_line(path,
738
setup_rootfs_pivot_root_cb, &cbparm);
739
if (ok < 0) {
740
SYSERROR("failed to read or parse mount list '%s'", path);
741
return -1;
742
}
743
744
/* umount filesystems until none left or list no longer shrinks */
745
still_mounted = 0;
746
do {
747
last_still_mounted = still_mounted;
748
still_mounted = 0;
749
750
lxc_list_for_each(iterator, &mountlist) {
751
752
/* umount normally */
753
if (!umount(iterator->elem)) {
754
DEBUG("umounted '%s'", (char *)iterator->elem);
755
lxc_list_del(iterator);
756
continue;
757
}
758
759
still_mounted++;
760
}
761
762
} while (still_mounted > 0 && still_mounted != last_still_mounted);
763
764
765
lxc_list_for_each(iterator, &mountlist) {
766
767
/* let's try a lazy umount */
768
if (!umount2(iterator->elem, MNT_DETACH)) {
769
INFO("lazy unmount of '%s'", (char *)iterator->elem);
770
continue;
771
}
772
773
/* be more brutal (nfs) */
774
if (!umount2(iterator->elem, MNT_FORCE)) {
775
INFO("forced unmount of '%s'", (char *)iterator->elem);
776
continue;
777
}
778
779
WARN("failed to unmount '%s'", (char *)iterator->elem);
780
}
781
782
return 0;
783
}
784
785
static int setup_rootfs_pivot_root(const char *rootfs, const char *pivotdir)
786
{
787
char path[MAXPATHLEN];
788
int remove_pivotdir = 0;
789
int rc;
790
791
/* change into new root fs */
792
if (chdir(rootfs)) {
793
SYSERROR("can't chdir to new rootfs '%s'", rootfs);
794
return -1;
795
}
796
797
if (!pivotdir)
798
pivotdir = "mnt";
799
800
/* compute the full path to pivotdir under rootfs */
801
rc = snprintf(path, sizeof(path), "%s/%s", rootfs, pivotdir);
802
if (rc >= sizeof(path)) {
803
ERROR("pivot dir name too long");
804
return -1;
805
}
806
807
if (access(path, F_OK)) {
808
809
if (mkdir_p(path, 0755)) {
810
SYSERROR("failed to create pivotdir '%s'", path);
811
return -1;
812
}
813
814
remove_pivotdir = 1;
815
DEBUG("created '%s' directory", path);
816
}
817
818
DEBUG("mountpoint for old rootfs is '%s'", path);
819
820
/* pivot_root into our new root fs */
821
if (pivot_root(".", path)) {
822
SYSERROR("pivot_root syscall failed");
823
return -1;
824
}
825
826
if (chdir("/")) {
827
SYSERROR("can't chdir to / after pivot_root");
828
return -1;
829
}
830
831
DEBUG("pivot_root syscall to '%s' successful", rootfs);
832
833
/* we switch from absolute path to relative path */
834
if (umount_oldrootfs(pivotdir))
835
return -1;
836
837
/* remove temporary mount point, we don't consider the removing
838
* as fatal */
839
if (remove_pivotdir && rmdir(pivotdir))
840
WARN("can't remove mountpoint '%s': %m", pivotdir);
841
842
return 0;
843
}
844
845
static int setup_rootfs(const struct lxc_rootfs *rootfs)
846
{
847
if (!rootfs->path)
848
return 0;
849
850
if (access(rootfs->mount, F_OK)) {
851
SYSERROR("failed to access to '%s', check it is present",
852
rootfs->mount);
853
return -1;
854
}
855
856
if (mount_rootfs(rootfs->path, rootfs->mount)) {
857
ERROR("failed to mount rootfs");
858
return -1;
859
}
860
861
DEBUG("mounted '%s' on '%s'", rootfs->path, rootfs->mount);
862
863
return 0;
864
}
865
866
int setup_pivot_root(const struct lxc_rootfs *rootfs)
867
{
868
if (!rootfs->path)
869
return 0;
870
871
if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot)) {
872
ERROR("failed to setup pivot root");
873
return -1;
874
}
875
876
return 0;
877
}
878
879
static int setup_pts(int pts)
880
{
881
char target[PATH_MAX];
882
883
if (!pts)
884
return 0;
885
886
if (!access("/dev/pts/ptmx", F_OK) && umount("/dev/pts")) {
887
SYSERROR("failed to umount 'dev/pts'");
888
return -1;
889
}
890
891
if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL,
892
"newinstance,ptmxmode=0666")) {
893
SYSERROR("failed to mount a new instance of '/dev/pts'");
894
return -1;
895
}
896
897
if (access("/dev/ptmx", F_OK)) {
898
if (!symlink("/dev/pts/ptmx", "/dev/ptmx"))
899
goto out;
900
SYSERROR("failed to symlink '/dev/pts/ptmx'->'/dev/ptmx'");
901
return -1;
902
}
903
904
if (realpath("/dev/ptmx", target) && !strcmp(target, "/dev/pts/ptmx"))
905
goto out;
906
907
/* fallback here, /dev/pts/ptmx exists just mount bind */
908
if (mount("/dev/pts/ptmx", "/dev/ptmx", "none", MS_BIND, 0)) {
909
SYSERROR("mount failed '/dev/pts/ptmx'->'/dev/ptmx'");
910
return -1;
911
}
912
913
INFO("created new pts instance");
914
915
out:
916
return 0;
917
}
918
919
static int setup_personality(int persona)
920
{
921
if (persona == -1)
922
return 0;
923
924
if (personality(persona) < 0) {
925
SYSERROR("failed to set personality to '0x%x'", persona);
926
return -1;
927
}
928
929
INFO("set personality to '0x%x'", persona);
930
931
return 0;
932
}
933
934
static int setup_dev_console(const struct lxc_rootfs *rootfs,
935
const struct lxc_console *console)
936
{
937
char path[MAXPATHLEN];
938
struct stat s;
939
int ret;
940
941
ret = snprintf(path, sizeof(path), "%s/dev/console", rootfs->mount);
942
if (ret >= sizeof(path)) {
943
ERROR("console path too long\n");
944
return -1;
945
}
946
947
if (access(path, F_OK)) {
948
WARN("rootfs specified but no console found at '%s'", path);
949
return 0;
950
}
951
952
if (console->peer == -1) {
953
INFO("no console output required");
954
return 0;
955
}
956
957
if (stat(path, &s)) {
958
SYSERROR("failed to stat '%s'", path);
959
return -1;
960
}
961
962
if (chmod(console->name, s.st_mode)) {
963
SYSERROR("failed to set mode '0%o' to '%s'",
964
s.st_mode, console->name);
965
return -1;
966
}
967
968
if (mount(console->name, path, "none", MS_BIND, 0)) {
969
ERROR("failed to mount '%s' on '%s'", console->name, path);
970
return -1;
971
}
972
973
INFO("console has been setup");
974
return 0;
975
}
976
977
static int setup_ttydir_console(const struct lxc_rootfs *rootfs,
978
const struct lxc_console *console,
979
char *ttydir)
980
{
981
char path[MAXPATHLEN], lxcpath[MAXPATHLEN];
982
int ret;
983
984
/* create rootfs/dev/<ttydir> directory */
985
ret = snprintf(path, sizeof(path), "%s/dev/%s", rootfs->mount,
986
ttydir);
987
if (ret >= sizeof(path))
988
return -1;
989
ret = mkdir(path, 0755);
990
if (ret && errno != EEXIST) {
991
SYSERROR("failed with errno %d to create %s\n", errno, path);
992
return -1;
993
}
994
INFO("created %s\n", path);
995
996
ret = snprintf(lxcpath, sizeof(lxcpath), "%s/dev/%s/console",
997
rootfs->mount, ttydir);
998
if (ret >= sizeof(lxcpath)) {
999
ERROR("console path too long\n");
1000
return -1;
1001
}
1002
1003
snprintf(path, sizeof(path), "%s/dev/console", rootfs->mount);
1004
ret = unlink(path);
1005
if (ret && errno != ENOENT) {
1006
SYSERROR("error unlinking %s\n", path);
1007
return -1;
1008
}
1009
1010
ret = creat(lxcpath, 0660);
1011
if (ret==-1 && errno != EEXIST) {
1012
SYSERROR("error %d creating %s\n", errno, lxcpath);
1013
return -1;
1014
}
1015
close(ret);
1016
1017
if (console->peer == -1) {
1018
INFO("no console output required");
1019
return 0;
1020
}
1021
1022
if (mount(console->name, lxcpath, "none", MS_BIND, 0)) {
1023
ERROR("failed to mount '%s' on '%s'", console->name, lxcpath);
1024
return -1;
1025
}
1026
1027
/* create symlink from rootfs/dev/console to 'lxc/console' */
1028
ret = snprintf(lxcpath, sizeof(lxcpath), "%s/console", ttydir);
1029
if (ret >= sizeof(lxcpath)) {
1030
ERROR("lxc/console path too long");
1031
return -1;
1032
}
1033
ret = symlink(lxcpath, path);
1034
if (ret) {
1035
SYSERROR("failed to create symlink for console");
1036
return -1;
1037
}
1038
1039
INFO("console has been setup on %s", lxcpath);
1040
1041
return 0;
1042
}
1043
1044
static int setup_console(const struct lxc_rootfs *rootfs,
1045
const struct lxc_console *console,
1046
char *ttydir)
1047
{
1048
/* We don't have a rootfs, /dev/console will be shared */
1049
if (!rootfs->path)
1050
return 0;
1051
if (!ttydir)
1052
return setup_dev_console(rootfs, console);
1053
1054
return setup_ttydir_console(rootfs, console, ttydir);
1055
}
1056
1057
static int setup_cgroup(const char *name, struct lxc_list *cgroups)
1058
{
1059
struct lxc_list *iterator;
1060
struct lxc_cgroup *cg;
1061
int ret = -1;
1062
1063
if (lxc_list_empty(cgroups))
1064
return 0;
1065
1066
lxc_list_for_each(iterator, cgroups) {
1067
1068
cg = iterator->elem;
1069
1070
if (lxc_cgroup_set(name, cg->subsystem, cg->value))
1071
goto out;
1072
1073
DEBUG("cgroup '%s' set to '%s'", cg->subsystem, cg->value);
1074
}
1075
1076
ret = 0;
1077
INFO("cgroup has been setup");
1078
out:
1079
return ret;
1080
}
1081
1082
static void parse_mntopt(char *opt, unsigned long *flags, char **data)
1083
{
1084
struct mount_opt *mo;
1085
1086
/* If opt is found in mount_opt, set or clear flags.
1087
* Otherwise append it to data. */
1088
1089
for (mo = &mount_opt[0]; mo->name != NULL; mo++) {
1090
if (!strncmp(opt, mo->name, strlen(mo->name))) {
1091
if (mo->clear)
1092
*flags &= ~mo->flag;
1093
else
1094
*flags |= mo->flag;
1095
return;
1096
}
1097
}
1098
1099
if (strlen(*data))
1100
strcat(*data, ",");
1101
strcat(*data, opt);
1102
}
1103
1104
static int parse_mntopts(const char *mntopts, unsigned long *mntflags,
1105
char **mntdata)
1106
{
1107
char *s, *data;
1108
char *p, *saveptr = NULL;
1109
1110
*mntdata = NULL;
1111
*mntflags = 0L;
1112
1113
if (!mntopts)
1114
return 0;
1115
1116
s = strdup(mntopts);
1117
if (!s) {
1118
SYSERROR("failed to allocate memory");
1119
return -1;
1120
}
1121
1122
data = malloc(strlen(s) + 1);
1123
if (!data) {
1124
SYSERROR("failed to allocate memory");
1125
free(s);
1126
return -1;
1127
}
1128
*data = 0;
1129
1130
for (p = strtok_r(s, ",", &saveptr); p != NULL;
1131
p = strtok_r(NULL, ",", &saveptr))
1132
parse_mntopt(p, mntflags, &data);
1133
1134
if (*data)
1135
*mntdata = data;
1136
else
1137
free(data);
1138
free(s);
1139
1140
return 0;
1141
}
1142
1143
static int mount_entry(const char *fsname, const char *target,
1144
const char *fstype, unsigned long mountflags,
1145
const char *data)
1146
{
1147
if (mount(fsname, target, fstype, mountflags & ~MS_REMOUNT, data)) {
1148
SYSERROR("failed to mount '%s' on '%s'", fsname, target);
1149
return -1;
1150
}
1151
1152
if ((mountflags & MS_REMOUNT) || (mountflags & MS_BIND)) {
1153
1154
DEBUG("remounting %s on %s to respect bind or remount options",
1155
fsname, target);
1156
1157
if (mount(fsname, target, fstype,
1158
mountflags | MS_REMOUNT, data)) {
1159
SYSERROR("failed to mount '%s' on '%s'",
1160
fsname, target);
1161
return -1;
1162
}
1163
}
1164
1165
DEBUG("mounted '%s' on '%s', type '%s'", fsname, target, fstype);
1166
1167
return 0;
1168
}
1169
1170
static inline int mount_entry_on_systemfs(struct mntent *mntent)
1171
{
1172
unsigned long mntflags;
1173
char *mntdata;
1174
int ret;
1175
1176
if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
1177
ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
1178
return -1;
1179
}
1180
1181
ret = mount_entry(mntent->mnt_fsname, mntent->mnt_dir,
1182
mntent->mnt_type, mntflags, mntdata);
1183
1184
free(mntdata);
1185
1186
return ret;
1187
}
1188
1189
static int mount_entry_on_absolute_rootfs(struct mntent *mntent,
1190
const struct lxc_rootfs *rootfs,
1191
const char *lxc_name)
1192
{
1193
char *aux;
1194
char path[MAXPATHLEN];
1195
unsigned long mntflags;
1196
char *mntdata;
1197
int r, ret = 0, offset;
1198
1199
if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
1200
ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
1201
return -1;
1202
}
1203
1204
/* if rootfs->path is a blockdev path, allow container fstab to
1205
* use /var/lib/lxc/CN/rootfs as the target prefix */
1206
r = snprintf(path, MAXPATHLEN, "/var/lib/lxc/%s/rootfs", lxc_name);
1207
if (r < 0 || r >= MAXPATHLEN)
1208
goto skipvarlib;
1209
1210
aux = strstr(mntent->mnt_dir, path);
1211
if (aux) {
1212
offset = strlen(path);
1213
goto skipabs;
1214
}
1215
1216
skipvarlib:
1217
aux = strstr(mntent->mnt_dir, rootfs->path);
1218
if (!aux) {
1219
WARN("ignoring mount point '%s'", mntent->mnt_dir);
1220
goto out;
1221
}
1222
offset = strlen(rootfs->path);
1223
1224
skipabs:
1225
1226
r = snprintf(path, MAXPATHLEN, "%s/%s", rootfs->mount,
1227
aux + offset);
1228
if (r < 0 || r >= MAXPATHLEN) {
1229
WARN("pathnme too long for '%s'", mntent->mnt_dir);
1230
ret = -1;
1231
goto out;
1232
}
1233
1234
1235
ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type,
1236
mntflags, mntdata);
1237
1238
out:
1239
free(mntdata);
1240
return ret;
1241
}
1242
1243
static int mount_entry_on_relative_rootfs(struct mntent *mntent,
1244
const char *rootfs)
1245
{
1246
char path[MAXPATHLEN];
1247
unsigned long mntflags;
1248
char *mntdata;
1249
int ret;
1250
1251
if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
1252
ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
1253
return -1;
1254
}
1255
1256
/* relative to root mount point */
1257
ret = snprintf(path, sizeof(path), "%s/%s", rootfs, mntent->mnt_dir);
1258
if (ret >= sizeof(path)) {
1259
ERROR("path name too long");
1260
return -1;
1261
}
1262
1263
ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type,
1264
mntflags, mntdata);
1265
1266
free(mntdata);
1267
1268
return ret;
1269
}
1270
1271
static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file,
1272
const char *lxc_name)
1273
{
1274
struct mntent *mntent;
1275
int ret = -1;
1276
1277
while ((mntent = getmntent(file))) {
1278
1279
if (!rootfs->path) {
1280
if (mount_entry_on_systemfs(mntent))
1281
goto out;
1282
continue;
1283
}
1284
1285
/* We have a separate root, mounts are relative to it */
1286
if (mntent->mnt_dir[0] != '/') {
1287
if (mount_entry_on_relative_rootfs(mntent,
1288
rootfs->mount))
1289
goto out;
1290
continue;
1291
}
1292
1293
if (mount_entry_on_absolute_rootfs(mntent, rootfs, lxc_name))
1294
goto out;
1295
}
1296
1297
ret = 0;
1298
1299
INFO("mount points have been setup");
1300
out:
1301
return ret;
1302
}
1303
1304
static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
1305
const char *lxc_name)
1306
{
1307
FILE *file;
1308
int ret;
1309
1310
if (!fstab)
1311
return 0;
1312
1313
file = setmntent(fstab, "r");
1314
if (!file) {
1315
SYSERROR("failed to use '%s'", fstab);
1316
return -1;
1317
}
1318
1319
ret = mount_file_entries(rootfs, file, lxc_name);
1320
1321
endmntent(file);
1322
return ret;
1323
}
1324
1325
static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount,
1326
const char *lxc_name)
1327
{
1328
FILE *file;
1329
struct lxc_list *iterator;
1330
char *mount_entry;
1331
int ret;
1332
1333
file = tmpfile();
1334
if (!file) {
1335
ERROR("tmpfile error: %m");
1336
return -1;
1337
}
1338
1339
lxc_list_for_each(iterator, mount) {
1340
mount_entry = iterator->elem;
1341
fprintf(file, "%s\n", mount_entry);
1342
}
1343
1344
rewind(file);
1345
1346
ret = mount_file_entries(rootfs, file, lxc_name);
1347
1348
fclose(file);
1349
return ret;
1350
}
1351
1352
static int setup_caps(struct lxc_list *caps)
1353
{
1354
struct lxc_list *iterator;
1355
char *drop_entry;
1356
char *ptr;
1357
int i, capid;
1358
1359
lxc_list_for_each(iterator, caps) {
1360
1361
drop_entry = iterator->elem;
1362
1363
capid = -1;
1364
1365
for (i = 0; i < sizeof(caps_opt)/sizeof(caps_opt[0]); i++) {
1366
1367
if (strcmp(drop_entry, caps_opt[i].name))
1368
continue;
1369
1370
capid = caps_opt[i].value;
1371
break;
1372
}
1373
1374
if (capid < 0) {
1375
/* try to see if it's numeric, so the user may specify
1376
* capabilities that the running kernel knows about but
1377
* we don't */
1378
capid = strtol(drop_entry, &ptr, 10);
1379
if (!ptr || *ptr != '\0' ||
1380
capid == LONG_MIN || capid == LONG_MAX)
1381
/* not a valid number */
1382
capid = -1;
1383
else if (capid > lxc_caps_last_cap())
1384
/* we have a number but it's not a valid
1385
* capability */
1386
capid = -1;
1387
}
1388
1389
if (capid < 0) {
1390
ERROR("unknown capability %s", drop_entry);
1391
return -1;
1392
}
1393
1394
DEBUG("drop capability '%s' (%d)", drop_entry, capid);
1395
1396
if (prctl(PR_CAPBSET_DROP, capid, 0, 0, 0)) {
1397
SYSERROR("failed to remove %s capability", drop_entry);
1398
return -1;
1399
}
1400
1401
}
1402
1403
DEBUG("capabilities has been setup");
1404
1405
return 0;
1406
}
1407
1408
static int setup_hw_addr(char *hwaddr, const char *ifname)
1409
{
1410
struct sockaddr sockaddr;
1411
struct ifreq ifr;
1412
int ret, fd;
1413
1414
ret = lxc_convert_mac(hwaddr, &sockaddr);
1415
if (ret) {
1416
ERROR("mac address '%s' conversion failed : %s",
1417
hwaddr, strerror(-ret));
1418
return -1;
1419
}
1420
1421
memcpy(ifr.ifr_name, ifname, IFNAMSIZ);
1422
memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr));
1423
1424
fd = socket(AF_INET, SOCK_DGRAM, 0);
1425
if (fd < 0) {
1426
ERROR("socket failure : %s", strerror(errno));
1427
return -1;
1428
}
1429
1430
ret = ioctl(fd, SIOCSIFHWADDR, &ifr);
1431
close(fd);
1432
if (ret)
1433
ERROR("ioctl failure : %s", strerror(errno));
1434
1435
DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifname);
1436
1437
return ret;
1438
}
1439
1440
static int setup_ipv4_addr(struct lxc_list *ip, int ifindex)
1441
{
1442
struct lxc_list *iterator;
1443
struct lxc_inetdev *inetdev;
1444
int err;
1445
1446
lxc_list_for_each(iterator, ip) {
1447
1448
inetdev = iterator->elem;
1449
1450
err = lxc_ipv4_addr_add(ifindex, &inetdev->addr,
1451
&inetdev->bcast, inetdev->prefix);
1452
if (err) {
1453
ERROR("failed to setup_ipv4_addr ifindex %d : %s",
1454
ifindex, strerror(-err));
1455
return -1;
1456
}
1457
}
1458
1459
return 0;
1460
}
1461
1462
static int setup_ipv6_addr(struct lxc_list *ip, int ifindex)
1463
{
1464
struct lxc_list *iterator;
1465
struct lxc_inet6dev *inet6dev;
1466
int err;
1467
1468
lxc_list_for_each(iterator, ip) {
1469
1470
inet6dev = iterator->elem;
1471
1472
err = lxc_ipv6_addr_add(ifindex, &inet6dev->addr,
1473
&inet6dev->mcast, &inet6dev->acast,
1474
inet6dev->prefix);
1475
if (err) {
1476
ERROR("failed to setup_ipv6_addr ifindex %d : %s",
1477
ifindex, strerror(-err));
1478
return -1;
1479
}
1480
}
1481
1482
return 0;
1483
}
1484
1485
static int setup_netdev(struct lxc_netdev *netdev)
1486
{
1487
char ifname[IFNAMSIZ];
1488
char *current_ifname = ifname;
1489
int err;
1490
1491
/* empty network namespace */
1492
if (!netdev->ifindex) {
1493
if (netdev->flags & IFF_UP) {
1494
err = lxc_netdev_up("lo");
1495
if (err) {
1496
ERROR("failed to set the loopback up : %s",
1497
strerror(-err));
1498
return -1;
1499
}
1500
}
1501
return 0;
1502
}
1503
1504
/* retrieve the name of the interface */
1505
if (!if_indextoname(netdev->ifindex, current_ifname)) {
1506
ERROR("no interface corresponding to index '%d'",
1507
netdev->ifindex);
1508
return -1;
1509
}
1510
1511
/* default: let the system to choose one interface name */
1512
if (!netdev->name)
1513
netdev->name = netdev->type == LXC_NET_PHYS ?
1514
netdev->link : "eth%d";
1515
1516
/* rename the interface name */
1517
err = lxc_netdev_rename_by_name(ifname, netdev->name);
1518
if (err) {
1519
ERROR("failed to rename %s->%s : %s", ifname, netdev->name,
1520
strerror(-err));
1521
return -1;
1522
}
1523
1524
/* Re-read the name of the interface because its name has changed
1525
* and would be automatically allocated by the system
1526
*/
1527
if (!if_indextoname(netdev->ifindex, current_ifname)) {
1528
ERROR("no interface corresponding to index '%d'",
1529
netdev->ifindex);
1530
return -1;
1531
}
1532
1533
/* set a mac address */
1534
if (netdev->hwaddr) {
1535
if (setup_hw_addr(netdev->hwaddr, current_ifname)) {
1536
ERROR("failed to setup hw address for '%s'",
1537
current_ifname);
1538
return -1;
1539
}
1540
}
1541
1542
/* setup ipv4 addresses on the interface */
1543
if (setup_ipv4_addr(&netdev->ipv4, netdev->ifindex)) {
1544
ERROR("failed to setup ip addresses for '%s'",
1545
ifname);
1546
return -1;
1547
}
1548
1549
/* setup ipv6 addresses on the interface */
1550
if (setup_ipv6_addr(&netdev->ipv6, netdev->ifindex)) {
1551
ERROR("failed to setup ipv6 addresses for '%s'",
1552
ifname);
1553
return -1;
1554
}
1555
1556
/* set the network device up */
1557
if (netdev->flags & IFF_UP) {
1558
int err;
1559
1560
err = lxc_netdev_up(current_ifname);
1561
if (err) {
1562
ERROR("failed to set '%s' up : %s", current_ifname,
1563
strerror(-err));
1564
return -1;
1565
}
1566
1567
/* the network is up, make the loopback up too */
1568
err = lxc_netdev_up("lo");
1569
if (err) {
1570
ERROR("failed to set the loopback up : %s",
1571
strerror(-err));
1572
return -1;
1573
}
1574
}
1575
1576
/* We can only set up the default routes after bringing
1577
* up the interface, sine bringing up the interface adds
1578
* the link-local routes and we can't add a default
1579
* route if the gateway is not reachable. */
1580
1581
/* setup ipv4 gateway on the interface */
1582
if (netdev->ipv4_gateway) {
1583
if (!(netdev->flags & IFF_UP)) {
1584
ERROR("Cannot add ipv4 gateway for %s when not bringing up the interface", ifname);
1585
return -1;
1586
}
1587
1588
if (lxc_list_empty(&netdev->ipv4)) {
1589
ERROR("Cannot add ipv4 gateway for %s when not assigning an address", ifname);
1590
return -1;
1591
}
1592
1593
err = lxc_ipv4_gateway_add(netdev->ifindex, netdev->ipv4_gateway);
1594
if (err) {
1595
ERROR("failed to setup ipv4 gateway for '%s': %s",
1596
ifname, strerror(-err));
1597
if (netdev->ipv4_gateway_auto) {
1598
char buf[INET_ADDRSTRLEN];
1599
inet_ntop(AF_INET, netdev->ipv4_gateway, buf, sizeof(buf));
1600
ERROR("tried to set autodetected ipv4 gateway '%s'", buf);
1601
}
1602
return -1;
1603
}
1604
}
1605
1606
/* setup ipv6 gateway on the interface */
1607
if (netdev->ipv6_gateway) {
1608
if (!(netdev->flags & IFF_UP)) {
1609
ERROR("Cannot add ipv6 gateway for %s when not bringing up the interface", ifname);
1610
return -1;
1611
}
1612
1613
if (lxc_list_empty(&netdev->ipv6) && !IN6_IS_ADDR_LINKLOCAL(netdev->ipv6_gateway)) {
1614
ERROR("Cannot add ipv6 gateway for %s when not assigning an address", ifname);
1615
return -1;
1616
}
1617
1618
err = lxc_ipv6_gateway_add(netdev->ifindex, netdev->ipv6_gateway);
1619
if (err) {
1620
ERROR("failed to setup ipv6 gateway for '%s': %s",
1621
ifname, strerror(-err));
1622
if (netdev->ipv6_gateway_auto) {
1623
char buf[INET6_ADDRSTRLEN];
1624
inet_ntop(AF_INET6, netdev->ipv6_gateway, buf, sizeof(buf));
1625
ERROR("tried to set autodetected ipv6 gateway '%s'", buf);
1626
}
1627
return -1;
1628
}
1629
}
1630
1631
DEBUG("'%s' has been setup", current_ifname);
1632
1633
return 0;
1634
}
1635
1636
static int setup_network(struct lxc_list *network)
1637
{
1638
struct lxc_list *iterator;
1639
struct lxc_netdev *netdev;
1640
1641
lxc_list_for_each(iterator, network) {
1642
1643
netdev = iterator->elem;
1644
1645
if (setup_netdev(netdev)) {
1646
ERROR("failed to setup netdev");
1647
return -1;
1648
}
1649
}
1650
1651
if (!lxc_list_empty(network))
1652
INFO("network has been setup");
1653
1654
return 0;
1655
}
1656
1657
static int setup_private_host_hw_addr(char *veth1)
1658
{
1659
struct ifreq ifr;
1660
int err;
1661
int sockfd;
1662
1663
sockfd = socket(AF_INET, SOCK_DGRAM, 0);
1664
if (sockfd < 0)
1665
return -errno;
1666
1667
snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
1668
err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
1669
if (err < 0) {
1670
close(sockfd);
1671
return -errno;
1672
}
1673
1674
ifr.ifr_hwaddr.sa_data[0] = 0xfe;
1675
err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
1676
close(sockfd);
1677
if (err < 0)
1678
return -errno;
1679
1680
DEBUG("mac address of host interface '%s' changed to private "
1681
"%02x:%02x:%02x:%02x:%02x:%02x", veth1,
1682
ifr.ifr_hwaddr.sa_data[0] & 0xff,
1683
ifr.ifr_hwaddr.sa_data[1] & 0xff,
1684
ifr.ifr_hwaddr.sa_data[2] & 0xff,
1685
ifr.ifr_hwaddr.sa_data[3] & 0xff,
1686
ifr.ifr_hwaddr.sa_data[4] & 0xff,
1687
ifr.ifr_hwaddr.sa_data[5] & 0xff);
1688
1689
return 0;
1690
}
1691
1692
struct lxc_conf *lxc_conf_init(void)
1693
{
1694
struct lxc_conf *new;
1695
int i;
1696
1697
new = malloc(sizeof(*new));
1698
if (!new) {
1699
ERROR("lxc_conf_init : %m");
1700
return NULL;
1701
}
1702
memset(new, 0, sizeof(*new));
1703
1704
new->umount_proc = 0;
1705
new->personality = -1;
1706
new->console.path = NULL;
1707
new->console.peer = -1;
1708
new->console.master = -1;
1709
new->console.slave = -1;
1710
new->console.name[0] = '\0';
1711
new->rootfs.mount = LXCROOTFSMOUNT;
1712
lxc_list_init(&new->cgroup);
1713
lxc_list_init(&new->network);
1714
lxc_list_init(&new->mount_list);
1715
lxc_list_init(&new->caps);
1716
new->aa_profile = NULL;
1717
for (i=0; i<NUM_LXC_HOOKS; i++)
1718
lxc_list_init(&new->hooks[i]);
1719
1720
return new;
1721
}
1722
1723
static int instanciate_veth(struct lxc_handler *handler, struct lxc_netdev *netdev)
1724
{
1725
char veth1buf[IFNAMSIZ], *veth1;
1726
char veth2buf[IFNAMSIZ], *veth2;
1727
int err;
1728
1729
if (netdev->priv.veth_attr.pair)
1730
veth1 = netdev->priv.veth_attr.pair;
1731
else {
1732
err = snprintf(veth1buf, sizeof(veth1buf), "vethXXXXXX");
1733
if (err >= sizeof(veth1buf)) { /* can't *really* happen, but... */
1734
ERROR("veth1 name too long");
1735
return -1;
1736
}
1737
veth1 = mktemp(veth1buf);
1738
}
1739
1740
snprintf(veth2buf, sizeof(veth2buf), "vethXXXXXX");
1741
veth2 = mktemp(veth2buf);
1742
1743
if (!strlen(veth1) || !strlen(veth2)) {
1744
ERROR("failed to allocate a temporary name");
1745
return -1;
1746
}
1747
1748
err = lxc_veth_create(veth1, veth2);
1749
if (err) {
1750
ERROR("failed to create %s-%s : %s", veth1, veth2,
1751
strerror(-err));
1752
return -1;
1753
}
1754
1755
/* changing the high byte of the mac address to 0xfe, the bridge interface
1756
* will always keep the host's mac address and not take the mac address
1757
* of a container */
1758
err = setup_private_host_hw_addr(veth1);
1759
if (err) {
1760
ERROR("failed to change mac address of host interface '%s' : %s",
1761
veth1, strerror(-err));
1762
goto out_delete;
1763
}
1764
1765
if (netdev->mtu) {
1766
err = lxc_netdev_set_mtu(veth1, atoi(netdev->mtu));
1767
if (!err)
1768
err = lxc_netdev_set_mtu(veth2, atoi(netdev->mtu));
1769
if (err) {
1770
ERROR("failed to set mtu '%s' for %s-%s : %s",
1771
netdev->mtu, veth1, veth2, strerror(-err));
1772
goto out_delete;
1773
}
1774
}
1775
1776
if (netdev->link) {
1777
err = lxc_bridge_attach(netdev->link, veth1);
1778
if (err) {
1779
ERROR("failed to attach '%s' to the bridge '%s' : %s",
1780
veth1, netdev->link, strerror(-err));
1781
goto out_delete;
1782
}
1783
}
1784
1785
netdev->ifindex = if_nametoindex(veth2);
1786
if (!netdev->ifindex) {
1787
ERROR("failed to retrieve the index for %s", veth2);
1788
goto out_delete;
1789
}
1790
1791
err = lxc_netdev_up(veth1);
1792
if (err) {
1793
ERROR("failed to set %s up : %s", veth1, strerror(-err));
1794
goto out_delete;
1795
}
1796
1797
if (netdev->upscript) {
1798
err = run_script(handler->name, "net", netdev->upscript, "up",
1799
"veth", veth1, (char*) NULL);
1800
if (err)
1801
goto out_delete;
1802
}
1803
1804
DEBUG("instanciated veth '%s/%s', index is '%d'",
1805
veth1, veth2, netdev->ifindex);
1806
1807
return 0;
1808
1809
out_delete:
1810
lxc_netdev_delete_by_name(veth1);
1811
return -1;
1812
}
1813
1814
static int instanciate_macvlan(struct lxc_handler *handler, struct lxc_netdev *netdev)
1815
{
1816
char peerbuf[IFNAMSIZ], *peer;
1817
int err;
1818
1819
if (!netdev->link) {
1820
ERROR("no link specified for macvlan netdev");
1821
return -1;
1822
}
1823
1824
err = snprintf(peerbuf, sizeof(peerbuf), "mcXXXXXX");
1825
if (err >= sizeof(peerbuf))
1826
return -1;
1827
1828
peer = mktemp(peerbuf);
1829
if (!strlen(peer)) {
1830
ERROR("failed to make a temporary name");
1831
return -1;
1832
}
1833
1834
err = lxc_macvlan_create(netdev->link, peer,
1835
netdev->priv.macvlan_attr.mode);
1836
if (err) {
1837
ERROR("failed to create macvlan interface '%s' on '%s' : %s",
1838
peer, netdev->link, strerror(-err));
1839
return -1;
1840
}
1841
1842
netdev->ifindex = if_nametoindex(peer);
1843
if (!netdev->ifindex) {
1844
ERROR("failed to retrieve the index for %s", peer);
1845
lxc_netdev_delete_by_name(peer);
1846
return -1;
1847
}
1848
1849
if (netdev->upscript) {
1850
err = run_script(handler->name, "net", netdev->upscript, "up",
1851
"macvlan", netdev->link, (char*) NULL);
1852
if (err)
1853
return -1;
1854
}
1855
1856
DEBUG("instanciated macvlan '%s', index is '%d' and mode '%d'",
1857
peer, netdev->ifindex, netdev->priv.macvlan_attr.mode);
1858
1859
return 0;
1860
}
1861
1862
/* XXX: merge with instanciate_macvlan */
1863
static int instanciate_vlan(struct lxc_handler *handler, struct lxc_netdev *netdev)
1864
{
1865
char peer[IFNAMSIZ];
1866
int err;
1867
1868
if (!netdev->link) {
1869
ERROR("no link specified for vlan netdev");
1870
return -1;
1871
}
1872
1873
err = snprintf(peer, sizeof(peer), "vlan%d", netdev->priv.vlan_attr.vid);
1874
if (err >= sizeof(peer)) {
1875
ERROR("peer name too long");
1876
return -1;
1877
}
1878
1879
err = lxc_vlan_create(netdev->link, peer, netdev->priv.vlan_attr.vid);
1880
if (err) {
1881
ERROR("failed to create vlan interface '%s' on '%s' : %s",
1882
peer, netdev->link, strerror(-err));
1883
return -1;
1884
}
1885
1886
netdev->ifindex = if_nametoindex(peer);
1887
if (!netdev->ifindex) {
1888
ERROR("failed to retrieve the ifindex for %s", peer);
1889
lxc_netdev_delete_by_name(peer);
1890
return -1;
1891
}
1892
1893
DEBUG("instanciated vlan '%s', ifindex is '%d'", " vlan1000",
1894
netdev->ifindex);
1895
1896
return 0;
1897
}
1898
1899
static int instanciate_phys(struct lxc_handler *handler, struct lxc_netdev *netdev)
1900
{
1901
if (!netdev->link) {
1902
ERROR("no link specified for the physical interface");
1903
return -1;
1904
}
1905
1906
netdev->ifindex = if_nametoindex(netdev->link);
1907
if (!netdev->ifindex) {
1908
ERROR("failed to retrieve the index for %s", netdev->link);
1909
return -1;
1910
}
1911
1912
if (netdev->upscript) {
1913
int err;
1914
err = run_script(handler->name, "net", netdev->upscript,
1915
"up", "phys", netdev->link, (char*) NULL);
1916
if (err)
1917
return -1;
1918
}
1919
1920
return 0;
1921
}
1922
1923
static int instanciate_empty(struct lxc_handler *handler, struct lxc_netdev *netdev)
1924
{
1925
netdev->ifindex = 0;
1926
if (netdev->upscript) {
1927
int err;
1928
err = run_script(handler->name, "net", netdev->upscript,
1929
"up", "empty", (char*) NULL);
1930
if (err)
1931
return -1;
1932
}
1933
return 0;
1934
}
1935
1936
int lxc_create_network(struct lxc_handler *handler)
1937
{
1938
struct lxc_list *network = &handler->conf->network;
1939
struct lxc_list *iterator;
1940
struct lxc_netdev *netdev;
1941
1942
lxc_list_for_each(iterator, network) {
1943
1944
netdev = iterator->elem;
1945
1946
if (netdev->type < 0 || netdev->type > LXC_NET_MAXCONFTYPE) {
1947
ERROR("invalid network configuration type '%d'",
1948
netdev->type);
1949
return -1;
1950
}
1951
1952
if (netdev_conf[netdev->type](handler, netdev)) {
1953
ERROR("failed to create netdev");
1954
return -1;
1955
}
1956
1957
}
1958
1959
return 0;
1960
}
1961
1962
void lxc_delete_network(struct lxc_list *network)
1963
{
1964
struct lxc_list *iterator;
1965
struct lxc_netdev *netdev;
1966
1967
lxc_list_for_each(iterator, network) {
1968
netdev = iterator->elem;
1969
if (netdev->ifindex == 0)
1970
continue;
1971
1972
if (netdev->type == LXC_NET_PHYS) {
1973
if (lxc_netdev_rename_by_index(netdev->ifindex, netdev->link))
1974
WARN("failed to rename to the initial name the " \
1975
"netdev '%s'", netdev->link);
1976
continue;
1977
}
1978
1979
/* Recent kernel remove the virtual interfaces when the network
1980
* namespace is destroyed but in case we did not moved the
1981
* interface to the network namespace, we have to destroy it
1982
*/
1983
if (lxc_netdev_delete_by_index(netdev->ifindex))
1984
WARN("failed to remove interface '%s'", netdev->name);
1985
}
1986
}
1987
1988
int lxc_assign_network(struct lxc_list *network, pid_t pid)
1989
{
1990
struct lxc_list *iterator;
1991
struct lxc_netdev *netdev;
1992
int err;
1993
1994
lxc_list_for_each(iterator, network) {
1995
1996
netdev = iterator->elem;
1997
1998
/* empty network namespace, nothing to move */
1999
if (!netdev->ifindex)
2000
continue;
2001
2002
err = lxc_netdev_move_by_index(netdev->ifindex, pid);
2003
if (err) {
2004
ERROR("failed to move '%s' to the container : %s",
2005
netdev->link, strerror(-err));
2006
return -1;
2007
}
2008
2009
DEBUG("move '%s' to '%d'", netdev->name, pid);
2010
}
2011
2012
return 0;
2013
}
2014
2015
int lxc_find_gateway_addresses(struct lxc_handler *handler)
2016
{
2017
struct lxc_list *network = &handler->conf->network;
2018
struct lxc_list *iterator;
2019
struct lxc_netdev *netdev;
2020
int link_index;
2021
2022
lxc_list_for_each(iterator, network) {
2023
netdev = iterator->elem;
2024
2025
if (!netdev->ipv4_gateway_auto && !netdev->ipv6_gateway_auto)
2026
continue;
2027
2028
if (netdev->type != LXC_NET_VETH && netdev->type != LXC_NET_MACVLAN) {
2029
ERROR("gateway = auto only supported for "
2030
"veth and macvlan");
2031
return -1;
2032
}
2033
2034
if (!netdev->link) {
2035
ERROR("gateway = auto needs a link interface");
2036
return -1;
2037
}
2038
2039
link_index = if_nametoindex(netdev->link);
2040
if (!link_index)
2041
return -EINVAL;
2042
2043
if (netdev->ipv4_gateway_auto) {
2044
if (lxc_ipv4_addr_get(link_index, &netdev->ipv4_gateway)) {
2045
ERROR("failed to automatically find ipv4 gateway "
2046
"address from link interface '%s'", netdev->link);
2047
return -1;
2048
}
2049
}
2050
2051
if (netdev->ipv6_gateway_auto) {
2052
if (lxc_ipv6_addr_get(link_index, &netdev->ipv6_gateway)) {
2053
ERROR("failed to automatically find ipv6 gateway "
2054
"address from link interface '%s'", netdev->link);
2055
return -1;
2056
}
2057
}
2058
}
2059
2060
return 0;
2061
}
2062
2063
int lxc_create_tty(const char *name, struct lxc_conf *conf)
2064
{
2065
struct lxc_tty_info *tty_info = &conf->tty_info;
2066
int i;
2067
2068
/* no tty in the configuration */
2069
if (!conf->tty)
2070
return 0;
2071
2072
tty_info->pty_info =
2073
malloc(sizeof(*tty_info->pty_info)*conf->tty);
2074
if (!tty_info->pty_info) {
2075
SYSERROR("failed to allocate pty_info");
2076
return -1;
2077
}
2078
2079
for (i = 0; i < conf->tty; i++) {
2080
2081
struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
2082
2083
if (openpty(&pty_info->master, &pty_info->slave,
2084
pty_info->name, NULL, NULL)) {
2085
SYSERROR("failed to create pty #%d", i);
2086
tty_info->nbtty = i;
2087
lxc_delete_tty(tty_info);
2088
return -1;
2089
}
2090
2091
DEBUG("allocated pty '%s' (%d/%d)",
2092
pty_info->name, pty_info->master, pty_info->slave);
2093
2094
/* Prevent leaking the file descriptors to the container */
2095
fcntl(pty_info->master, F_SETFD, FD_CLOEXEC);
2096
fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC);
2097
2098
pty_info->busy = 0;
2099
}
2100
2101
tty_info->nbtty = conf->tty;
2102
2103
INFO("tty's configured");
2104
2105
return 0;
2106
}
2107
2108
void lxc_delete_tty(struct lxc_tty_info *tty_info)
2109
{
2110
int i;
2111
2112
for (i = 0; i < tty_info->nbtty; i++) {
2113
struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
2114
2115
close(pty_info->master);
2116
close(pty_info->slave);
2117
}
2118
2119
free(tty_info->pty_info);
2120
tty_info->nbtty = 0;
2121
}
2122
2123
/*
2124
* make sure /proc/self exists, and points to '1', since we are the
2125
* container init.
2126
* Else mount /proc. Return 0 if proc was
2127
* already mounted, 1 if we mounted it, -1 if we failed.
2128
*/
2129
static int mount_proc_if_needed(char *root_src, char *rootfs_tgt)
2130
{
2131
char path[MAXPATHLEN];
2132
char link[20];
2133
int linklen, ret;
2134
2135
ret = snprintf(path, MAXPATHLEN, "%s/proc/self", root_src ? rootfs_tgt : "");
2136
if (ret < 0 || ret >= MAXPATHLEN) {
2137
SYSERROR("proc path name too long");
2138
return -1;
2139
}
2140
memset(link, 0, 20);
2141
linklen = readlink(path, link, 20);
2142
INFO("I am %d, /proc/self points to %s\n", getpid(), link);
2143
ret = snprintf(path, MAXPATHLEN, "%s/proc", root_src ? rootfs_tgt : "");
2144
if (linklen < 0) /* /proc not mounted */
2145
goto domount;
2146
/* can't be longer than rootfs/proc/1 */
2147
if (strncmp(link, "1", linklen) != 0) {
2148
/* wrong /procs mounted */
2149
umount2(path, MNT_DETACH); /* ignore failure */
2150
goto domount;
2151
}
2152
/* the right proc is already mounted */
2153
return 0;
2154
2155
domount:
2156
if (mount("proc", path, "proc", 0, NULL))
2157
return -1;
2158
INFO("Mounted /proc for the container\n");
2159
return 1;
2160
}
2161
2162
int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
2163
{
2164
int mounted;
2165
2166
if (setup_utsname(lxc_conf->utsname)) {
2167
ERROR("failed to setup the utsname for '%s'", name);
2168
return -1;
2169
}
2170
2171
if (setup_network(&lxc_conf->network)) {
2172
ERROR("failed to setup the network for '%s'", name);
2173
return -1;
2174
}
2175
2176
if (run_lxc_hooks(name, "pre-mount", lxc_conf)) {
2177
ERROR("failed to run pre-mount hooks for container '%s'.", name);
2178
return -1;
2179
}
2180
2181
if (setup_rootfs(&lxc_conf->rootfs)) {
2182
ERROR("failed to setup rootfs for '%s'", name);
2183
return -1;
2184
}
2185
2186
if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) {
2187
ERROR("failed to setup the mounts for '%s'", name);
2188
return -1;
2189
}
2190
2191
if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name)) {
2192
ERROR("failed to setup the mount entries for '%s'", name);
2193
return -1;
2194
}
2195
2196
if (setup_cgroup(name, &lxc_conf->cgroup)) {
2197
ERROR("failed to setup the cgroups for '%s'", name);
2198
return -1;
2199
}
2200
if (run_lxc_hooks(name, "mount", lxc_conf)) {
2201
ERROR("failed to run mount hooks for container '%s'.", name);
2202
return -1;
2203
}
2204
2205
if (setup_console(&lxc_conf->rootfs, &lxc_conf->console, lxc_conf->ttydir)) {
2206
ERROR("failed to setup the console for '%s'", name);
2207
return -1;
2208
}
2209
2210
if (setup_tty(&lxc_conf->rootfs, &lxc_conf->tty_info, lxc_conf->ttydir)) {
2211
ERROR("failed to setup the ttys for '%s'", name);
2212
return -1;
2213
}
2214
2215
/* aa_change_onexec makes more sense since we want to transition when
2216
* /sbin/init is exec'd. But the transitions doesn't seem to work
2217
* then (refused). aa_change_onexec will work since we're doing it
2218
* right before the exec, so we'll just use that for now.
2219
* In case the container fstab didn't mount /proc, we mount it.
2220
*/
2221
INFO("rootfs path is .%s., mount is .%s.", lxc_conf->rootfs.path,
2222
lxc_conf->rootfs.mount);
2223
2224
mounted = mount_proc_if_needed(lxc_conf->rootfs.path, lxc_conf->rootfs.mount);
2225
if (mounted == -1) {
2226
SYSERROR("failed to mount /proc in the container.");
2227
return -1;
2228
} else if (mounted == 1) {
2229
lxc_conf->umount_proc = 1;
2230
}
2231
2232
if (setup_pivot_root(&lxc_conf->rootfs)) {
2233
ERROR("failed to set rootfs for '%s'", name);
2234
return -1;
2235
}
2236
2237
if (setup_pts(lxc_conf->pts)) {
2238
ERROR("failed to setup the new pts instance");
2239
return -1;
2240
}
2241
2242
if (setup_personality(lxc_conf->personality)) {
2243
ERROR("failed to setup personality");
2244
return -1;
2245
}
2246
2247
if (setup_caps(&lxc_conf->caps)) {
2248
ERROR("failed to drop capabilities");
2249
return -1;
2250
}
2251
2252
NOTICE("'%s' is setup.", name);
2253
2254
return 0;
2255
}
2256
2257
int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf)
2258
{
2259
int which = -1;
2260
struct lxc_list *it;
2261
2262
if (strcmp(hook, "pre-start") == 0)
2263
which = LXCHOOK_PRESTART;
2264
else if (strcmp(hook, "pre-mount") == 0)
2265
which = LXCHOOK_PREMOUNT;
2266
else if (strcmp(hook, "mount") == 0)
2267
which = LXCHOOK_MOUNT;
2268
else if (strcmp(hook, "start") == 0)
2269
which = LXCHOOK_START;
2270
else if (strcmp(hook, "post-stop") == 0)
2271
which = LXCHOOK_POSTSTOP;
2272
else
2273
return -1;
2274
lxc_list_for_each(it, &conf->hooks[which]) {
2275
int ret;
2276
char *hookname = it->elem;
2277
ret = run_script(name, "lxc", hookname, hook, NULL);
2278
if (ret)
2279
return ret;
2280
}
2281
return 0;
2282
}
2283
2284
static void lxc_remove_nic(struct lxc_list *it)
2285
{
2286
struct lxc_netdev *netdev = it->elem;
2287
struct lxc_list *it2;
2288
2289
lxc_list_del(it);
2290
2291
if (netdev->link)
2292
free(netdev->link);
2293
if (netdev->name)
2294
free(netdev->name);
2295
if (netdev->upscript)
2296
free(netdev->upscript);
2297
if (netdev->hwaddr)
2298
free(netdev->hwaddr);
2299
if (netdev->mtu)
2300
free(netdev->mtu);
2301
if (netdev->ipv4_gateway)
2302
free(netdev->ipv4_gateway);
2303
if (netdev->ipv6_gateway)
2304
free(netdev->ipv6_gateway);
2305
lxc_list_for_each(it2, &netdev->ipv4) {
2306
lxc_list_del(it2);
2307
free(it2->elem);
2308
free(it2);
2309
}
2310
lxc_list_for_each(it2, &netdev->ipv6) {
2311
lxc_list_del(it2);
2312
free(it2->elem);
2313
free(it2);
2314
}
2315
free(it);
2316
}
2317
2318
/* we get passed in something like '0', '0.ipv4' or '1.ipv6' */
2319
int lxc_clear_nic(struct lxc_conf *c, char *key)
2320
{
2321
char *p1;
2322
int ret, idx, i;
2323
struct lxc_list *it;
2324
struct lxc_netdev *netdev;
2325
2326
p1 = index(key, '.');
2327
if (!p1 || *(p1+1) == '\0')
2328
p1 = NULL;
2329
2330
ret = sscanf(key, "%d", &idx);
2331
if (ret != 1) return -1;
2332
if (idx < 0)
2333
return -1;
2334
2335
i = 0;
2336
lxc_list_for_each(it, &c->network) {
2337
if (i == idx)
2338
break;
2339
i++;
2340
}
2341
if (i < idx) // we don't have that many nics defined
2342
return -1;
2343
2344
if (!it || !it->elem)
2345
return -1;
2346
2347
netdev = it->elem;
2348
2349
if (!p1) {
2350
lxc_remove_nic(it);
2351
} else if (strcmp(p1, "ipv4") == 0) {
2352
struct lxc_list *it2;
2353
lxc_list_for_each(it2, &netdev->ipv4) {
2354
lxc_list_del(it2);
2355
free(it2->elem);
2356
free(it2);
2357
}
2358
} else if (strcmp(p1, "ipv6") == 0) {
2359
struct lxc_list *it2;
2360
lxc_list_for_each(it2, &netdev->ipv6) {
2361
lxc_list_del(it2);
2362
free(it2->elem);
2363
free(it2);
2364
}
2365
} else if (strcmp(p1, "link") == 0) {
2366
if (netdev->link) {
2367
free(netdev->link);
2368
netdev->link = NULL;
2369
}
2370
} else if (strcmp(p1, "name") == 0) {
2371
if (netdev->name) {
2372
free(netdev->name);
2373
netdev->name = NULL;
2374
}
2375
} else if (strcmp(p1, "script.up") == 0) {
2376
if (netdev->upscript) {
2377
free(netdev->upscript);
2378
netdev->upscript = NULL;
2379
}
2380
} else if (strcmp(p1, "hwaddr") == 0) {
2381
if (netdev->hwaddr) {
2382
free(netdev->hwaddr);
2383
netdev->hwaddr = NULL;
2384
}
2385
} else if (strcmp(p1, "mtu") == 0) {
2386
if (netdev->mtu) {
2387
free(netdev->mtu);
2388
netdev->mtu = NULL;
2389
}
2390
} else if (strcmp(p1, "ipv4_gateway") == 0) {
2391
if (netdev->ipv4_gateway) {
2392
free(netdev->ipv4_gateway);
2393
netdev->ipv4_gateway = NULL;
2394
}
2395
} else if (strcmp(p1, "ipv6_gateway") == 0) {
2396
if (netdev->ipv6_gateway) {
2397
free(netdev->ipv6_gateway);
2398
netdev->ipv6_gateway = NULL;
2399
}
2400
}
2401
else return -1;
2402
2403
return 0;
2404
}
2405
2406
int lxc_clear_config_network(struct lxc_conf *c)
2407
{
2408
struct lxc_list *it;
2409
lxc_list_for_each(it, &c->network) {
2410
lxc_remove_nic(it);
2411
}
2412
return 0;
2413
}
2414
2415
int lxc_clear_config_caps(struct lxc_conf *c)
2416
{
2417
struct lxc_list *it;
2418
2419
lxc_list_for_each(it, &c->caps) {
2420
lxc_list_del(it);
2421
free(it->elem);
2422
free(it);
2423
}
2424
return 0;
2425
}
2426
2427
int lxc_clear_cgroups(struct lxc_conf *c, char *key)
2428
{
2429
struct lxc_list *it;
2430
bool all = false;
2431
char *k = key + 11;
2432
2433
if (strcmp(key, "lxc.cgroup") == 0)
2434
all = true;
2435
2436
lxc_list_for_each(it, &c->cgroup) {
2437
struct lxc_cgroup *cg = it->elem;
2438
if (!all && strcmp(cg->subsystem, k) != 0)
2439
continue;
2440
lxc_list_del(it);
2441
free(cg->subsystem);
2442
free(cg->value);
2443
free(cg);
2444
free(it);
2445
}
2446
return 0;
2447
}
2448
2449
int lxc_clear_mount_entries(struct lxc_conf *c)
2450
{
2451
struct lxc_list *it;
2452
2453
lxc_list_for_each(it, &c->mount_list) {
2454
lxc_list_del(it);
2455
free(it->elem);
2456
free(it);
2457
}
2458
return 0;
2459
}
2460
2461
int lxc_clear_hooks(struct lxc_conf *c)
2462
{
2463
struct lxc_list *it;
2464
int i;
2465
2466
for (i=0; i<NUM_LXC_HOOKS; i++) {
2467
lxc_list_for_each(it, &c->hooks[i]) {
2468
lxc_list_del(it);
2469
free(it->elem);
2470
free(it);
2471
}
2472
}
2473
return 0;
2474
}
2475
2476
void lxc_conf_free(struct lxc_conf *conf)
2477
{
2478
if (!conf)
2479
return;
2480
if (conf->console.path)
2481
free(conf->console.path);
2482
if (conf->rootfs.mount != LXCROOTFSMOUNT)
2483
free(conf->rootfs.mount);
2484
lxc_clear_config_network(conf);
2485
if (conf->aa_profile)
2486
free(conf->aa_profile);
2487
lxc_clear_config_caps(conf);
2488
lxc_clear_cgroups(conf, "lxc.cgroup");
2489
lxc_clear_hooks(conf);
2490
lxc_clear_mount_entries(conf);
2491
free(conf);
2492
}
Loggerhead is a web-based interface for Breezy
Version: 2.0.1