src/lxc/lxc_start.c

	lxc_start.c revision 304dc8b3ff5d14229942d314bb3bfc44cede68de
493N/A/*
493N/A * lxc: linux Container library
493N/A *
493N/A * (C) Copyright IBM Corp. 2007, 2008
493N/A *
493N/A * Authors:
493N/A * Daniel Lezcano <daniel.lezcano at free.fr>
493N/A *
493N/A * This library is free software; you can redistribute it and/or
493N/A * modify it under the terms of the GNU Lesser General Public
493N/A * License as published by the Free Software Foundation; either
493N/A * version 2.1 of the License, or (at your option) any later version.
493N/A *
493N/A * This library is distributed in the hope that it will be useful,
493N/A * but WITHOUT ANY WARRANTY; without even the implied warranty of
493N/A * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
493N/A * Lesser General Public License for more details.
493N/A *
493N/A * You should have received a copy of the GNU Lesser General Public
493N/A * License along with this library; if not, write to the Free Software
493N/A * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
493N/A */
493N/A#define _GNU_SOURCE
970N/A#include <stdio.h>
970N/A#undef _GNU_SOURCE
970N/A#include <libgen.h>
970N/A#include <stdlib.h>
970N/A#include <unistd.h>
970N/A#include <string.h>
970N/A#include <termios.h>
970N/A#include <errno.h>
970N/A#include <fcntl.h>
970N/A#include <signal.h>
493N/A#include <sys/param.h>
493N/A#include <sys/utsname.h>
493N/A#include <sys/types.h>
493N/A#include <sys/socket.h>
493N/A#include <sys/stat.h>
493N/A#include <arpa/inet.h>
493N/A#include <netinet/in.h>
493N/A#include <net/if.h>
493N/A
493N/A#include "log.h"
493N/A#include "caps.h"
493N/A#include "lxc.h"
493N/A#include <lxc/lxccontainer.h>
493N/A#include "conf.h"
493N/A#include "cgroup.h"
493N/A#include "utils.h"
493N/A#include "config.h"
493N/A#include "confile.h"
493N/A#include "arguments.h"
493N/A
493N/A#define OPT_SHARE_NET OPT_USAGE+1
493N/A#define OPT_SHARE_IPC OPT_USAGE+2
493N/A#define OPT_SHARE_UTS OPT_USAGE+3
493N/A
493N/Alxc_log_define(lxc_start_ui, lxc_start);
493N/A
493N/Astatic struct lxc_list defines;
493N/A
493N/Astatic int ensure_path(char **confpath, const char *path)
493N/A{
493N/A	int err = -1, fd;
493N/A	char *fullpath = NULL;
493N/A
493N/A	if (path) {
493N/A		if (access(path, W_OK)) {
493N/A			fd = creat(path, 0600);
493N/A			if (fd < 0 && errno != EEXIST) {
493N/A				SYSERROR("failed to create '%s'", path);
493N/A				goto err;
493N/A			}
493N/A			if (fd >= 0)
493N/A				close(fd);
493N/A		}
493N/A
493N/A		fullpath = realpath(path, NULL);
493N/A		if (!fullpath) {
493N/A			SYSERROR("failed to get the real path of '%s'", path);
493N/A			goto err;
493N/A		}
493N/A
493N/A		*confpath = strdup(fullpath);
493N/A		if (!*confpath) {
493N/A			ERROR("failed to dup string '%s'", fullpath);
493N/A			goto err;
493N/A		}
493N/A	}
493N/A	err = 0;
493N/A
493N/Aerr:
493N/A	if (fullpath)
493N/A		free(fullpath);
493N/A	return err;
493N/A}
493N/A
970N/Astatic int pid_from_lxcname(const char *lxcname_or_pid, const char *lxcpath) {
970N/A	char *eptr;
970N/A	int pid = strtol(lxcname_or_pid, &eptr, 10);
970N/A	if (*eptr != '\0' || pid < 1) {
970N/A		struct lxc_container *s;
970N/A		s = lxc_container_new(lxcname_or_pid, lxcpath);
970N/A		if (!s) {
970N/A			SYSERROR("'%s' is not a valid pid nor a container name", lxcname_or_pid);
493N/A			return -1;
493N/A		}
493N/A
493N/A		if (!s->may_control(s)) {
493N/A			SYSERROR("Insufficient privileges to control container '%s'", s->name);
493N/A			lxc_container_put(s);
493N/A			return -1;
493N/A		}
493N/A
493N/A		pid = s->init_pid(s);
493N/A		if (pid < 1) {
493N/A			SYSERROR("Is container '%s' running?", s->name);
493N/A			lxc_container_put(s);
493N/A			return -1;
493N/A		}
493N/A
493N/A		lxc_container_put(s);
493N/A	}
493N/A	if (kill(pid, 0) < 0) {
493N/A		SYSERROR("Can't send signal to pid %d", pid);
533N/A		return -1;
493N/A	}
493N/A
493N/A	return pid;
493N/A}
493N/A
493N/Astatic int open_ns(int pid, const char *ns_proc_name) {
493N/A	int fd;
493N/A	char path[MAXPATHLEN];
493N/A	snprintf(path, MAXPATHLEN, "/proc/%d/ns/%s", pid, ns_proc_name);
493N/A
493N/A	fd = open(path, O_RDONLY);
493N/A	if (fd < 0) {
493N/A		SYSERROR("failed to open %s", path);
493N/A		return -1;
493N/A	}
493N/A	return fd;
493N/A}
493N/A
493N/Astatic int my_parser(struct lxc_arguments* args, int c, char* arg)
493N/A{
493N/A	switch (c) {
493N/A	case 'c': args->console = arg; break;
493N/A	case 'L': args->console_log = arg; break;
493N/A	case 'd': args->daemonize = 1; break;
493N/A	case 'f': args->rcfile = arg; break;
493N/A	case 'C': args->close_all_fds = 1; break;
493N/A	case 's': return lxc_config_define_add(&defines, arg);
493N/A	case 'p': args->pidfile = arg; break;
493N/A	case OPT_SHARE_NET: args->share_ns[LXC_NS_NET] = arg; break;
493N/A	case OPT_SHARE_IPC: args->share_ns[LXC_NS_IPC] = arg; break;
970N/A	case OPT_SHARE_UTS: args->share_ns[LXC_NS_UTS] = arg; break;
970N/A	}
493N/A	return 0;
493N/A}
493N/A
493N/Astatic const struct option my_longopts[] = {
493N/A	{"daemon", no_argument, 0, 'd'},
493N/A	{"rcfile", required_argument, 0, 'f'},
493N/A	{"define", required_argument, 0, 's'},
493N/A	{"console", required_argument, 0, 'c'},
493N/A	{"console-log", required_argument, 0, 'L'},
493N/A	{"close-all-fds", no_argument, 0, 'C'},
493N/A	{"pidfile", required_argument, 0, 'p'},
493N/A	{"share-net", required_argument, 0, OPT_SHARE_NET},
493N/A	{"share-ipc", required_argument, 0, OPT_SHARE_IPC},
493N/A	{"share-uts", required_argument, 0, OPT_SHARE_UTS},
493N/A	LXC_COMMON_OPTIONS
493N/A};
493N/A
493N/Astatic struct lxc_arguments my_args = {
493N/A	.progname = "lxc-start",
493N/A	.help     = "\
493N/A--name=NAME -- COMMAND\n\
493N/A\n\
493N/Alxc-start start COMMAND in specified container NAME\n\
493N/A\n\
493N/AOptions :\n\
493N/A  -n, --name=NAME        NAME for name of the container\n\
493N/A  -d, --daemon           daemonize the container\n\
493N/A  -p, --pidfile=FILE     Create a file with the process id\n\
493N/A  -f, --rcfile=FILE      Load configuration file FILE\n\
493N/A  -c, --console=FILE     Use specified FILE for the container console\n\
493N/A  -L, --console-log=FILE Log container console output to FILE\n\
493N/A  -C, --close-all-fds    If any fds are inherited, close them\n\
493N/A                         If not specified, exit with failure instead\n\
493N/A		         Note: --daemon implies --close-all-fds\n\
493N/A  -s, --define KEY=VAL   Assign VAL to configuration variable KEY\n\
493N/A      --share-[net|ipc|uts]=NAME Share a namespace with another container or pid\n\
493N/A",
493N/A	.options   = my_longopts,
493N/A	.parser    = my_parser,
493N/A	.checker   = NULL,
851N/A	.daemonize = 0,
851N/A	.pidfile = NULL,
493N/A};
493N/A
493N/Aint main(int argc, char *argv[])
493N/A{
970N/A	int err = -1;
970N/A	struct lxc_conf *conf;
970N/A	char *const *args;
970N/A	char *rcfile = NULL;
970N/A	char *const default_args[] = {
493N/A		"/sbin/init",
493N/A		'\0',
493N/A	};
493N/A	FILE *pid_fp = NULL;
493N/A	struct lxc_container *c;
493N/A
493N/A	lxc_list_init(&defines);
493N/A
493N/A	if (lxc_caps_init())
591N/A		return err;
591N/A
591N/A	if (lxc_arguments_parse(&my_args, argc, argv))
591N/A		return err;
591N/A
493N/A	if (!my_args.argc)
493N/A		args = default_args;
493N/A	else
493N/A		args = my_args.argv;
493N/A
493N/A	if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
493N/A			 my_args.progname, my_args.quiet, my_args.lxcpath[0]))
493N/A		return err;
493N/A
493N/A	const char *lxcpath = my_args.lxcpath[0];
493N/A
493N/A	/*
493N/A	 * rcfile possibilities:
493N/A	 * 1. rcfile from random path specified in cli option
493N/A	 * 2. rcfile not specified, use $lxcpath/$lxcname/config
493N/A	 * 3. rcfile not specified and does not exist.
493N/A	 */
493N/A	/* rcfile is specified in the cli option */
493N/A	if (my_args.rcfile) {
606N/A		rcfile = (char *)my_args.rcfile;
606N/A		c = lxc_container_new(my_args.name, lxcpath);
606N/A		if (!c) {
606N/A			ERROR("Failed to create lxc_container");
493N/A			return err;
493N/A		}
493N/A		if (!c->load_config(c, rcfile)) {
493N/A			ERROR("Failed to load rcfile");
493N/A			lxc_container_put(c);
493N/A			return err;
493N/A		}
493N/A	} else {
493N/A		int rc;
493N/A
493N/A		rc = asprintf(&rcfile, "%s/%s/config", lxcpath, my_args.name);
493N/A		if (rc == -1) {
493N/A			SYSERROR("failed to allocate memory");
493N/A			return err;
493N/A		}
493N/A		INFO("using rcfile %s", rcfile);
493N/A
493N/A		/* container configuration does not exist */
493N/A		if (access(rcfile, F_OK)) {
493N/A			free(rcfile);
493N/A			rcfile = NULL;
493N/A		}
493N/A		c = lxc_container_new(my_args.name, lxcpath);
493N/A		if (!c) {
493N/A			ERROR("Failed to create lxc_container");
493N/A			return err;
493N/A		}
493N/A	}
493N/A
493N/A	/*
493N/A	 * We should use set_config_item() over &defines, which would handle
493N/A	 * unset c->lxc_conf for us and let us not use lxc_config_define_load()
493N/A	 */
493N/A	if (!c->lxc_conf)
493N/A		c->lxc_conf = lxc_conf_init();
493N/A	conf = c->lxc_conf;
493N/A
493N/A	if (lxc_config_define_load(&defines, conf))
493N/A		goto out;
493N/A
493N/A	if (!rcfile && !strcmp("/sbin/init", args[0])) {
493N/A		ERROR("Executing '/sbin/init' with no configuration file may crash the host");
493N/A		goto out;
493N/A	}
493N/A
493N/A	if (ensure_path(&conf->console.path, my_args.console) < 0) {
493N/A		ERROR("failed to ensure console path '%s'", my_args.console);
493N/A		goto out;
493N/A	}
493N/A
970N/A	if (ensure_path(&conf->console.log_path, my_args.console_log) < 0) {
970N/A		ERROR("failed to ensure console log '%s'", my_args.console_log);
970N/A		goto out;
970N/A	}
970N/A
970N/A	if (my_args.pidfile != NULL) {
970N/A		pid_fp = fopen(my_args.pidfile, "w");
587N/A		if (pid_fp == NULL) {
493N/A			SYSERROR("failed to create pidfile '%s' for '%s'",
493N/A				 my_args.pidfile, my_args.name);
493N/A			goto out;
493N/A		}
493N/A	}
493N/A
493N/A	int i;
493N/A	for (i = 0; i < LXC_NS_MAX; i++) {
493N/A		if (my_args.share_ns[i] == NULL)
970N/A			continue;
970N/A
970N/A		int pid = pid_from_lxcname(my_args.share_ns[i], lxcpath);
970N/A		if (pid < 1)
970N/A			goto out;
970N/A
970N/A		int fd = open_ns(pid, ns_info[i].proc_name);
970N/A		if (fd < 0)
970N/A			goto out;
970N/A		conf->inherit_ns_fd[i] = fd;
970N/A	}
970N/A
970N/A	if (my_args.daemonize) {
970N/A		c->want_daemonize(c);
970N/A	}
970N/A
970N/A	if (pid_fp != NULL) {
970N/A		if (fprintf(pid_fp, "%d\n", getpid()) < 0) {
970N/A			SYSERROR("failed to write '%s'", my_args.pidfile);
970N/A			goto out;
970N/A		}
970N/A		fclose(pid_fp);
970N/A	}
970N/A
493N/A	if (my_args.close_all_fds)
493N/A		c->want_close_all_fds(c);
493N/A
493N/A	err = c->start(c, 0, args) ? 0 : -1;
493N/A
493N/A	if (my_args.pidfile)
493N/A		unlink(my_args.pidfile);
493N/A
493N/Aout:
493N/A	lxc_container_put(c);
493N/A	return err;
851N/A}
493N/A
970N/A