lxc_attach.c revision 74476cf144523530022d76cef3a558b0662b592f
132N/A/*
132N/A * lxc: linux Container library
132N/A *
132N/A * (C) Copyright IBM Corp. 2007, 2010
132N/A *
132N/A * Authors:
132N/A * Daniel Lezcano <dlezcano at fr.ibm.com>
132N/A *
132N/A * This library is free software; you can redistribute it and/or
132N/A * modify it under the terms of the GNU Lesser General Public
132N/A * License as published by the Free Software Foundation; either
132N/A * version 2.1 of the License, or (at your option) any later version.
132N/A *
132N/A * This library is distributed in the hope that it will be useful,
132N/A * but WITHOUT ANY WARRANTY; without even the implied warranty of
132N/A * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
132N/A * Lesser General Public License for more details.
132N/A *
132N/A * You should have received a copy of the GNU Lesser General Public
132N/A * License along with this library; if not, write to the Free Software
132N/A * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
132N/A */
132N/A
132N/A#define _GNU_SOURCE
215N/A#include <unistd.h>
132N/A#include <errno.h>
132N/A#include <pwd.h>
132N/A#include <stdlib.h>
132N/A#include <sys/param.h>
132N/A#include <sys/types.h>
132N/A#include <sys/wait.h>
132N/A
132N/A#include "attach.h"
132N/A#include "commands.h"
132N/A#include "arguments.h"
132N/A#include "caps.h"
132N/A#include "cgroup.h"
132N/A#include "config.h"
132N/A#include "confile.h"
132N/A#include "start.h"
132N/A#include "sync.h"
132N/A#include "log.h"
132N/A#include "namespace.h"
132N/A
132N/A#if HAVE_SYS_PERSONALITY_H
132N/A#include <sys/personality.h>
132N/A#endif
132N/A
132N/Alxc_log_define(lxc_attach_ui, lxc);
132N/A
132N/Astatic const struct option my_longopts[] = {
132N/A {"elevated-privileges", no_argument, 0, 'e'},
132N/A {"arch", required_argument, 0, 'a'},
132N/A {"namespaces", required_argument, 0, 's'},
132N/A {"remount-sys-proc", no_argument, 0, 'R'},
132N/A LXC_COMMON_OPTIONS
132N/A};
132N/A
132N/Astatic int elevated_privileges = 0;
132N/Astatic signed long new_personality = -1;
132N/Astatic int namespace_flags = -1;
132N/Astatic int remount_sys_proc = 0;
132N/A
132N/Astatic int my_parser(struct lxc_arguments* args, int c, char* arg)
132N/A{
132N/A int ret;
132N/A
132N/A switch (c) {
132N/A case 'e': elevated_privileges = 1; break;
132N/A case 'R': remount_sys_proc = 1; break;
132N/A case 'a':
132N/A new_personality = lxc_config_parse_arch(arg);
132N/A if (new_personality < 0) {
132N/A lxc_error(args, "invalid architecture specified: %s", arg);
132N/A return -1;
132N/A }
132N/A break;
132N/A case 's':
132N/A namespace_flags = 0;
132N/A ret = lxc_fill_namespace_flags(arg, &namespace_flags);
132N/A if (ret)
132N/A return -1;
132N/A /* -s implies -e */
132N/A elevated_privileges = 1;
132N/A break;
132N/A }
132N/A
132N/A return 0;
132N/A}
219N/A
979N/Astatic struct lxc_arguments my_args = {
220N/A .progname = "lxc-attach",
341N/A .help = "\
341N/A--name=NAME\n\
379N/A\n\
411N/AExecute the specified command - enter the container NAME\n\
487N/A\n\
706N/AOptions :\n\
706N/A -n, --name=NAME NAME for name of the container\n\
706N/A -e, --elevated-privileges\n\
741N/A Use elevated privileges (capabilities, cgroup\n\
741N/A restrictions) instead of those of the container.\n\
706N/A WARNING: This may leak privleges into the container.\n\
706N/A Use with care.\n\
736N/A -a, --arch=ARCH Use ARCH for program instead of container's own\n\
487N/A architecture.\n\
704N/A -s, --namespaces=FLAGS\n\
487N/A Don't attach to all the namespaces of the container\n\
704N/A but just to the following OR'd list of flags:\n\
704N/A MOUNT, PID, UTSNAME, IPC, USER or NETWORK\n\
487N/A WARNING: Using -s implies -e, it may therefore\n\
487N/A leak privileges into the container. Use with care.\n\
487N/A -R, --remount-sys-proc\n\
320N/A Remount /sys and /proc if not attaching to the\n\
336N/A mount namespace when using -s in order to properly\n\
336N/A reflect the correct namespace context. See the\n\
336N/A lxc-attach(1) manual page for details.\n",
949N/A .options = my_longopts,
949N/A .parser = my_parser,
336N/A .checker = NULL,
336N/A};
336N/A
341N/Aint main(int argc, char *argv[])
487N/A{
336N/A int ret;
336N/A pid_t pid, init_pid;
336N/A struct passwd *passwd;
379N/A struct lxc_proc_context_info *init_ctx;
379N/A struct lxc_handler *handler;
487N/A void *cgroup_data = NULL;
379N/A uid_t uid;
379N/A char *curdir;
411N/A
411N/A ret = lxc_caps_init();
487N/A if (ret)
411N/A return ret;
411N/A
411N/A ret = lxc_arguments_parse(&my_args, argc, argv);
320N/A if (ret)
336N/A return ret;
320N/A
336N/A ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
320N/A my_args.progname, my_args.quiet);
949N/A if (ret)
132N/A return ret;
949N/A
949N/A init_pid = get_init_pid(my_args.name);
949N/A if (init_pid < 0) {
949N/A ERROR("failed to get the init pid");
949N/A return -1;
949N/A }
949N/A
949N/A init_ctx = lxc_proc_get_context_info(init_pid);
949N/A if (!init_ctx) {
949N/A ERROR("failed to get context of the init process, pid = %d", init_pid);
949N/A return -1;
949N/A }
949N/A
949N/A if (!elevated_privileges) {
949N/A /* we have to do this now since /sys/fs/cgroup may not
949N/A * be available inside the container or we may not have
949N/A * the required permissions anymore
949N/A */
949N/A ret = lxc_cgroup_prepare_attach(my_args.name, &cgroup_data);
949N/A if (ret < 0) {
949N/A ERROR("failed to prepare attaching to cgroup");
949N/A return -1;
949N/A }
949N/A }
949N/A
132N/A curdir = getcwd(NULL, 0);
132N/A
230N/A /* determine which namespaces the container was created with
989N/A * by asking lxc-start
989N/A */
989N/A if (namespace_flags == -1) {
989N/A namespace_flags = lxc_get_clone_flags(my_args.name);
989N/A /* call failed */
989N/A if (namespace_flags == -1) {
230N/A ERROR("failed to automatically determine the "
230N/A "namespaces which the container unshared");
230N/A return -1;
935N/A }
935N/A }
230N/A
230N/A /* we need to attach before we fork since certain namespaces
230N/A * (such as pid namespaces) only really affect children of the
989N/A * current process and not the process itself
989N/A */
989N/A ret = lxc_attach_to_ns(init_pid, namespace_flags);
989N/A if (ret < 0) {
989N/A ERROR("failed to enter the namespace");
989N/A return -1;
989N/A }
989N/A
989N/A if (curdir && chdir(curdir))
989N/A WARN("could not change directory to '%s'", curdir);
989N/A
989N/A free(curdir);
989N/A
989N/A /* hack: we need sync.h infrastructure - and that needs a handler */
989N/A handler = calloc(1, sizeof(*handler));
989N/A
989N/A if (lxc_sync_init(handler)) {
989N/A ERROR("failed to initialize synchronization socket");
989N/A return -1;
989N/A }
989N/A
989N/A pid = fork();
989N/A
989N/A if (pid < 0) {
230N/A SYSERROR("failed to fork");
230N/A return -1;
230N/A }
230N/A
230N/A if (pid) {
230N/A int status;
230N/A
230N/A lxc_sync_fini_child(handler);
301N/A
132N/A /* wait until the child has done configuring itself before
132N/A * we put it in a cgroup that potentially limits these
949N/A * possibilities */
213N/A if (lxc_sync_wait_child(handler, LXC_SYNC_CONFIGURE))
301N/A return -1;
741N/A
132N/A /* now that we are done with all privileged operations,
132N/A * we can add ourselves to the cgroup. Since we smuggled in
211N/A * the fds earlier, we still have write permission
213N/A */
213N/A if (!elevated_privileges) {
213N/A /* since setns() for pid namespaces only really
213N/A * affects child processes, the pid we have is
213N/A * still valid outside the container, so this is
213N/A * fine
213N/A */
213N/A ret = lxc_cgroup_finish_attach(cgroup_data, pid);
487N/A if (ret < 0) {
213N/A ERROR("failed to attach process to cgroup");
213N/A return -1;
213N/A }
213N/A }
213N/A
213N/A /* tell the child we are done initializing */
213N/A if (lxc_sync_wake_child(handler, LXC_SYNC_POST_CONFIGURE))
213N/A return -1;
213N/A
213N/A lxc_sync_fini(handler);
213N/A
213N/A again:
213N/A if (waitpid(pid, &status, 0) < 0) {
213N/A if (errno == EINTR)
213N/A goto again;
213N/A SYSERROR("failed to wait '%d'", pid);
213N/A return -1;
213N/A }
781N/A
845N/A if (WIFEXITED(status))
213N/A return WEXITSTATUS(status);
213N/A
213N/A return -1;
230N/A }
213N/A
213N/A if (!pid) {
211N/A lxc_sync_fini_parent(handler);
211N/A lxc_cgroup_dispose_attach(cgroup_data);
211N/A
211N/A /* A description of the purpose of this functionality is
211N/A * provided in the lxc-attach(1) manual page. We have to
246N/A * remount here and not in the parent process, otherwise
246N/A * /proc may not properly reflect the new pid namespace.
246N/A */
213N/A if (!(namespace_flags & CLONE_NEWNS) && remount_sys_proc) {
213N/A ret = lxc_attach_remount_sys_proc();
211N/A if (ret < 0) {
211N/A return -1;
132N/A }
211N/A }
949N/A
950N/A #if HAVE_SYS_PERSONALITY_H
144N/A if (new_personality < 0)
453N/A new_personality = init_ctx->personality;
144N/A
260N/A if (personality(new_personality) == -1) {
260N/A ERROR("could not ensure correct architecture: %s",
260N/A strerror(errno));
260N/A return -1;
260N/A }
260N/A #endif
260N/A
260N/A if (!elevated_privileges && lxc_attach_drop_privs(init_ctx)) {
144N/A ERROR("could not drop privileges");
219N/A return -1;
219N/A }
882N/A
679N/A /* tell parent we are done setting up the container and wait
219N/A * until we have been put in the container's cgroup, if
882N/A * applicable */
219N/A if (lxc_sync_barrier_parent(handler, LXC_SYNC_CONFIGURE))
219N/A return -1;
219N/A
220N/A lxc_sync_fini(handler);
220N/A
220N/A if (my_args.argc) {
220N/A execvp(my_args.argv[0], my_args.argv);
979N/A SYSERROR("failed to exec '%s'", my_args.argv[0]);
220N/A return -1;
220N/A }
220N/A
979N/A uid = getuid();
949N/A
949N/A passwd = getpwuid(uid);
220N/A if (!passwd) {
220N/A SYSERROR("failed to get passwd " \
979N/A "entry for uid '%d'", uid);
220N/A return -1;
979N/A }
979N/A
979N/A {
979N/A char *const args[] = {
220N/A passwd->pw_shell,
220N/A NULL,
979N/A };
220N/A
220N/A execvp(args[0], args);
220N/A SYSERROR("failed to exec '%s'", args[0]);
623N/A return -1;
220N/A }
981N/A
981N/A }
981N/A
220N/A return 0;
220N/A}
220N/A