lxccontainer.c revision 9123e4718d0db98de2a2935cb2d0bcca1997a333
1057N/A/* liblxcapi
1057N/A *
1057N/A * Copyright © 2012 Serge Hallyn <serge.hallyn@ubuntu.com>.
1057N/A * Copyright © 2012 Canonical Ltd.
1057N/A *
1057N/A * This program is free software; you can redistribute it and/or modify
660N/A * it under the terms of the GNU General Public License version 2, as
1057N/A * published by the Free Software Foundation.
1057N/A *
1057N/A * This program is distributed in the hope that it will be useful,
1057N/A * but WITHOUT ANY WARRANTY; without even the implied warranty of
1057N/A * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
1057N/A * GNU General Public License for more details.
1057N/A *
1057N/A * You should have received a copy of the GNU General Public License along
1057N/A * with this program; if not, write to the Free Software Foundation, Inc.,
1057N/A * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
1057N/A */
1057N/A
1057N/A#include "lxc.h"
1057N/A#include "state.h"
1057N/A#include "lxccontainer.h"
660N/A#include "conf.h"
1109N/A#include "config.h"
1109N/A#include "confile.h"
660N/A#include "cgroup.h"
660N/A#include "commands.h"
1057N/A#include "log.h"
660N/A#include <unistd.h>
1109N/A#include <sys/types.h>
1057N/A#include <sys/wait.h>
1057N/A#include <errno.h>
1057N/A#include <lxc/utils.h>
660N/A
660N/Alxc_log_define(lxc_container, lxc);
660N/A
660N/A/* LOCKING
1109N/A * c->privlock protects the struct lxc_container from multiple threads.
684N/A * c->slock protects the on-disk container data
684N/A * NOTHING mutexes two independent programs with their own struct
684N/A * lxc_container for the same c->name, between API calls. For instance,
684N/A * c->config_read(); c->start(); Between those calls, data on disk
684N/A * could change (which shouldn't bother the caller unless for instance
684N/A * the rootfs get moved). c->config_read(); update; c->config_write();
684N/A * Two such updaters could race. The callers should therefore check their
1109N/A * results. Trying to prevent that would necessarily expose us to deadlocks
1057N/A * due to hung callers. So I prefer to keep the locks only within our own
1057N/A * functions, not across functions.
1057N/A *
684N/A * If you're going to fork while holding a lxccontainer, increment
684N/A * c->numthreads (under privlock) before forking. When deleting,
684N/A * decrement numthreads under privlock, then if it hits 0 you can delete.
684N/A * Do not ever use a lxccontainer whose numthreads you did not bump.
1109N/A */
684N/A
684N/Astatic void lxc_container_free(struct lxc_container *c)
684N/A{
684N/A if (!c)
684N/A return;
684N/A
1057N/A if (c->configfile) {
1057N/A free(c->configfile);
1057N/A c->configfile = NULL;
684N/A }
684N/A if (c->error_string) {
684N/A free(c->error_string);
684N/A c->error_string = NULL;
684N/A }
1057N/A if (c->slock) {
1057N/A sem_close(c->slock);
684N/A c->slock = NULL;
1057N/A }
1057N/A if (c->privlock) {
1057N/A sem_destroy(c->privlock);
684N/A free(c->privlock);
684N/A c->privlock = NULL;
684N/A }
684N/A if (c->name) {
684N/A free(c->name);
684N/A c->name = NULL;
1057N/A }
684N/A if (c->lxc_conf) {
684N/A lxc_conf_free(c->lxc_conf);
684N/A c->lxc_conf = NULL;
684N/A }
684N/A if (c->config_path) {
684N/A free(c->config_path);
684N/A c->config_path = NULL;
684N/A }
684N/A free(c);
684N/A}
1109N/A
1057N/Aint lxc_container_get(struct lxc_container *c)
1057N/A{
1057N/A if (!c)
684N/A return 0;
684N/A
684N/A if (lxclock(c->privlock, 0))
684N/A return 0;
1109N/A if (c->numthreads < 1) {
684N/A // bail without trying to unlock, bc the privlock is now probably
684N/A // in freed memory
684N/A return 0;
1057N/A }
684N/A c->numthreads++;
684N/A lxcunlock(c->privlock);
1057N/A return 1;
1057N/A}
1057N/A
684N/Aint lxc_container_put(struct lxc_container *c)
684N/A{
684N/A if (!c)
684N/A return -1;
684N/A if (lxclock(c->privlock, 0))
1057N/A return -1;
1057N/A if (--c->numthreads < 1) {
1057N/A lxcunlock(c->privlock);
1057N/A lxc_container_free(c);
1057N/A return 1;
1057N/A }
684N/A lxcunlock(c->privlock);
684N/A return 0;
684N/A}
684N/A
684N/Astatic bool file_exists(char *f)
684N/A{
1057N/A struct stat statbuf;
684N/A
684N/A return stat(f, &statbuf) == 0;
684N/A}
684N/A
1109N/Astatic bool lxcapi_is_defined(struct lxc_container *c)
684N/A{
684N/A struct stat statbuf;
684N/A bool ret = false;
1109N/A int statret;
684N/A
684N/A if (!c)
684N/A return false;
1109N/A
684N/A if (lxclock(c->privlock, 0))
684N/A return false;
684N/A if (!c->configfile)
1109N/A goto out;
684N/A statret = stat(c->configfile, &statbuf);
684N/A if (statret != 0)
684N/A goto out;
1109N/A ret = true;
684N/A
684N/Aout:
684N/A lxcunlock(c->privlock);
684N/A return ret;
1109N/A}
1057N/A
1057N/Astatic const char *lxcapi_state(struct lxc_container *c)
1057N/A{
1057N/A const char *ret;
1109N/A lxc_state_t s;
684N/A
684N/A if (!c)
684N/A return NULL;
1109N/A if (lxclock(c->slock, 0))
684N/A return NULL;
684N/A s = lxc_getstate(c->name, c->config_path);
684N/A ret = lxc_state2str(s);
684N/A lxcunlock(c->slock);
684N/A
684N/A return ret;
684N/A}
1109N/A
679N/Astatic bool is_stopped_nolock(struct lxc_container *c)
679N/A{
684N/A lxc_state_t s;
684N/A s = lxc_getstate(c->name, c->config_path);
684N/A return (s == STOPPED);
684N/A}
684N/A
684N/Astatic bool lxcapi_is_running(struct lxc_container *c)
1109N/A{
684N/A const char *s;
684N/A
684N/A if (!c)
1109N/A return false;
684N/A s = lxcapi_state(c);
684N/A if (!s || strcmp(s, "STOPPED") == 0)
684N/A return false;
684N/A return true;
1109N/A}
684N/A
684N/Astatic bool lxcapi_freeze(struct lxc_container *c)
684N/A{
684N/A int ret;
1109N/A if (!c)
684N/A return false;
684N/A
684N/A if (lxclock(c->slock, 0))
1109N/A return false;
684N/A ret = lxc_freeze(c->name, c->config_path);
684N/A lxcunlock(c->slock);
684N/A if (ret)
684N/A return false;
684N/A return true;
684N/A}
684N/A
684N/Astatic bool lxcapi_unfreeze(struct lxc_container *c)
1109N/A{
684N/A int ret;
684N/A if (!c)
684N/A return false;
684N/A
684N/A if (lxclock(c->slock, 0))
684N/A return false;
684N/A ret = lxc_unfreeze(c->name, c->config_path);
1109N/A lxcunlock(c->slock);
684N/A if (ret)
684N/A return false;
684N/A return true;
684N/A}
684N/A
684N/Astatic pid_t lxcapi_init_pid(struct lxc_container *c)
684N/A{
1109N/A pid_t ret;
684N/A if (!c)
684N/A return -1;
684N/A
679N/A if (lxclock(c->slock, 0))
684N/A return -1;
684N/A ret = get_init_pid(c->name, c->config_path);
684N/A lxcunlock(c->slock);
1109N/A return ret;
684N/A}
684N/A
684N/Astatic bool load_config_locked(struct lxc_container *c, const char *fname)
684N/A{
1109N/A if (!c->lxc_conf)
684N/A c->lxc_conf = lxc_conf_init();
684N/A if (c->lxc_conf && !lxc_config_read(fname, c->lxc_conf))
684N/A return true;
1109N/A return false;
684N/A}
684N/A
684N/Astatic bool lxcapi_load_config(struct lxc_container *c, const char *alt_file)
684N/A{
684N/A bool ret = false;
684N/A const char *fname;
684N/A if (!c)
684N/A return false;
1109N/A
1109N/A fname = c->configfile;
1109N/A if (alt_file)
1109N/A fname = alt_file;
1109N/A if (!fname)
684N/A return false;
684N/A if (lxclock(c->slock, 0))
684N/A return false;
1109N/A ret = load_config_locked(c, fname);
684N/A lxcunlock(c->slock);
684N/A return ret;
684N/A}
1109N/A
1109N/Astatic void lxcapi_want_daemonize(struct lxc_container *c)
684N/A{
684N/A if (!c)
684N/A return;
684N/A c->daemonize = 1;
1109N/A}
684N/A
684N/Astatic bool lxcapi_wait(struct lxc_container *c, const char *state, int timeout)
684N/A{
684N/A int ret;
684N/A
684N/A if (!c)
684N/A return false;
684N/A
1109N/A ret = lxc_wait(c->name, state, timeout, c->config_path);
684N/A return ret == 0;
684N/A}
684N/A
684N/A
684N/Astatic bool wait_on_daemonized_start(struct lxc_container *c)
684N/A{
684N/A /* we'll probably want to make this timeout configurable? */
1109N/A int timeout = 5, ret, status;
684N/A
684N/A /*
684N/A * our child is going to fork again, then exit. reap the
684N/A * child
1109N/A */
684N/A ret = wait(&status);
684N/A if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0)
684N/A DEBUG("failed waiting for first dual-fork child");
684N/A return lxcapi_wait(c, "RUNNING", timeout);
1109N/A}
684N/A
684N/A/*
684N/A * I can't decide if it'd be more convenient for callers if we accept '...',
1109N/A * or a null-terminated array (i.e. execl vs execv)
684N/A */
684N/Astatic bool lxcapi_start(struct lxc_container *c, int useinit, char * const argv[])
684N/A{
1109N/A int ret;
679N/A struct lxc_conf *conf;
660N/A int daemonize = 0;
684N/A char *default_args[] = {
684N/A "/sbin/init",
660N/A '\0',
684N/A };
684N/A
684N/A /* container exists */
1109N/A if (!c)
679N/A return false;
684N/A /* container has been setup */
684N/A if (!c->lxc_conf)
684N/A return false;
1109N/A
679N/A /* is this app meant to be run through lxcinit, as in lxc-execute? */
684N/A if (useinit && !argv)
684N/A return false;
684N/A
1109N/A if (lxclock(c->privlock, 0))
1109N/A return false;
1109N/A conf = c->lxc_conf;
1109N/A daemonize = c->daemonize;
1109N/A lxcunlock(c->privlock);
1109N/A
1109N/A if (useinit) {
1109N/A ret = lxc_execute(c->name, argv, 1, conf, c->config_path);
1109N/A return ret == 0 ? true : false;
1109N/A }
1109N/A
1109N/A if (!argv)
1109N/A argv = default_args;
1109N/A
1109N/A /*
1109N/A * say, I'm not sure - what locks do we want here? Any?
1109N/A * Is liblxc's locking enough here to protect the on disk
1109N/A * container? We don't want to exclude things like lxc_info
1109N/A * while container is running...
1109N/A */
1109N/A if (daemonize) {
1109N/A if (!lxc_container_get(c))
1109N/A return false;
1109N/A pid_t pid = fork();
1109N/A if (pid < 0) {
1109N/A lxc_container_put(c);
1109N/A return false;
1109N/A }
1057N/A if (pid != 0)
1057N/A return wait_on_daemonized_start(c);
1057N/A /* second fork to be reparented by init */
1057N/A pid = fork();
1109N/A if (pid < 0) {
1109N/A SYSERROR("Error doing dual-fork");
1109N/A return false;
1109N/A }
1109N/A if (pid != 0)
1109N/A exit(0);
1109N/A /* like daemon(), chdir to / and redirect 0,1,2 to /dev/null */
1109N/A if (chdir("/")) {
1109N/A SYSERROR("Error chdir()ing to /.");
1109N/A return false;
1109N/A }
1109N/A close(0);
1109N/A close(1);
1109N/A close(2);
684N/A open("/dev/null", O_RDONLY);
684N/A open("/dev/null", O_RDWR);
684N/A open("/dev/null", O_RDWR);
1109N/A setsid();
684N/A }
684N/A
684N/A if (clearenv()) {
1109N/A SYSERROR("failed to clear environment");
1109N/A /* don't error out though */
684N/A }
684N/A
684N/A if (putenv("container=lxc")) {
1109N/A fprintf(stderr, "failed to set environment variable");
684N/A if (daemonize) {
684N/A lxc_container_put(c);
684N/A exit(1);
1109N/A } else {
1057N/A return false;
1057N/A }
1057N/A }
1109N/A
1057N/Areboot:
1057N/A conf->reboot = 0;
1057N/A ret = lxc_start(c->name, argv, conf, c->config_path);
1109N/A
1057N/A if (conf->reboot) {
1057N/A INFO("container requested reboot");
1057N/A conf->reboot = 0;
1109N/A goto reboot;
1057N/A }
1057N/A
1057N/A if (daemonize) {
1057N/A lxc_container_put(c);
1109N/A exit (ret == 0 ? true : false);
1057N/A } else {
1057N/A return (ret == 0 ? true : false);
1057N/A }
1109N/A}
1057N/A
1057N/A/*
1057N/A * note there MUST be an ending NULL
1109N/A */
1057N/Astatic bool lxcapi_startl(struct lxc_container *c, int useinit, ...)
1057N/A{
1057N/A va_list ap;
1109N/A char **inargs = NULL, **temp;
1057N/A int n_inargs = 0;
1057N/A bool bret = false;
1057N/A
1109N/A /* container exists */
1057N/A if (!c)
1057N/A return false;
1057N/A
1109N/A /* build array of arguments if any */
1057N/A va_start(ap, useinit);
1057N/A while (1) {
1057N/A char *arg;
1109N/A arg = va_arg(ap, char *);
1057N/A if (!arg)
1057N/A break;
1057N/A n_inargs++;
1109N/A temp = realloc(inargs, n_inargs * sizeof(*inargs));
684N/A if (!temp)
684N/A goto out;
684N/A inargs = temp;
684N/A inargs[n_inargs - 1] = strdup(arg); // not sure if it's safe not to copy
684N/A }
684N/A va_end(ap);
684N/A
1109N/A /* add trailing NULL */
684N/A if (n_inargs) {
684N/A n_inargs++;
684N/A temp = realloc(inargs, n_inargs * sizeof(*inargs));
684N/A if (!temp)
684N/A goto out;
684N/A inargs = temp;
684N/A inargs[n_inargs - 1] = NULL;
684N/A }
684N/A
1109N/A bret = lxcapi_start(c, useinit, inargs);
679N/A
684N/Aout:
684N/A if (inargs) {
684N/A int i;
1109N/A for (i = 0; i < n_inargs; i++) {
1057N/A if (inargs[i])
1057N/A free(inargs[i]);
1057N/A }
1109N/A free(inargs);
684N/A }
684N/A
684N/A return bret;
1109N/A}
684N/A
684N/Astatic bool lxcapi_stop(struct lxc_container *c)
684N/A{
1109N/A int ret;
679N/A
684N/A if (!c)
684N/A return false;
684N/A
1109N/A ret = lxc_stop(c->name, c->config_path);
684N/A
684N/A return ret == 0;
684N/A}
684N/A
1109N/Astatic bool valid_template(char *t)
679N/A{
684N/A struct stat statbuf;
684N/A int statret;
684N/A
1109N/A statret = stat(t, &statbuf);
684N/A if (statret == 0)
684N/A return true;
684N/A return false;
684N/A}
1109N/A
1057N/A/*
1057N/A * create the standard expected container dir
1057N/A */
1057N/Astatic bool create_container_dir(struct lxc_container *c)
1109N/A{
1057N/A char *s;
1057N/A int len, ret;
1057N/A
1109N/A len = strlen(c->config_path) + strlen(c->name) + 2;
1057N/A s = malloc(len);
1057N/A if (!s)
1057N/A return false;
1057N/A ret = snprintf(s, len, "%s/%s", c->config_path, c->name);
1057N/A if (ret < 0 || ret >= len) {
1057N/A free(s);
1057N/A return false;
1109N/A }
1057N/A ret = mkdir(s, 0755);
1057N/A if (ret) {
1057N/A if (errno == EEXIST)
1109N/A ret = 0;
1057N/A else
1057N/A SYSERROR("failed to create container path for %s\n", c->name);
1057N/A }
1109N/A free(s);
1057N/A return ret == 0;
1057N/A}
1057N/A
1109N/A/*
1057N/A * backing stores not (yet) supported
1057N/A * for ->create, argv contains the arguments to pass to the template,
1057N/A * terminated by NULL. If no arguments, you can just pass NULL.
1109N/A */
1057N/Astatic bool lxcapi_create(struct lxc_container *c, char *t, char *const argv[])
1057N/A{
1057N/A bool bret = false;
1057N/A pid_t pid;
1057N/A int ret, status;
1109N/A char *tpath = NULL;
679N/A int len, nargs = 0;
679N/A char **newargv;
1057N/A
1057N/A if (!c)
1057N/A return false;
1057N/A
1057N/A len = strlen(LXCTEMPLATEDIR) + strlen(t) + strlen("/lxc-") + 1;
684N/A tpath = malloc(len);
1057N/A if (!tpath)
1057N/A return false;
1057N/A ret = snprintf(tpath, len, "%s/lxc-%s", LXCTEMPLATEDIR, t);
1057N/A if (ret < 0 || ret >= len)
1057N/A goto out;
1057N/A if (!valid_template(tpath)) {
1109N/A ERROR("bad template: %s\n", t);
684N/A goto out;
1057N/A }
1057N/A
1057N/A if (!create_container_dir(c))
1109N/A goto out;
1057N/A
1057N/A if (!c->save_config(c, NULL)) {
1057N/A ERROR("failed to save starting configuration for %s\n", c->name);
1109N/A goto out;
1057N/A }
1057N/A
1057N/A /* we're going to fork. but since we'll wait for our child, we
1109N/A don't need to lxc_container_get */
1057N/A
1057N/A if (lxclock(c->slock, 0)) {
1057N/A ERROR("failed to grab global container lock for %s\n", c->name);
1109N/A goto out;
1057N/A }
1057N/A
1057N/A pid = fork();
1109N/A if (pid < 0) {
1057N/A SYSERROR("failed to fork task for container creation template\n");
1057N/A goto out_unlock;
1057N/A }
1109N/A
1057N/A if (pid == 0) { // child
1057N/A char *patharg, *namearg;
1057N/A int i;
1057N/A
1109N/A close(0);
1057N/A close(1);
1057N/A close(2);
1057N/A open("/dev/null", O_RDONLY);
1057N/A open("/dev/null", O_RDWR);
1109N/A open("/dev/null", O_RDWR);
1057N/A
1057N/A /*
1057N/A * create our new array, pre-pend the template name and
1109N/A * base args
1057N/A */
1057N/A if (argv)
1057N/A for (; argv[nargs]; nargs++) ;
1109N/A nargs += 3; // template, path and name args
1057N/A newargv = malloc(nargs * sizeof(*newargv));
1057N/A if (!newargv)
1057N/A exit(1);
1109N/A newargv[0] = t;
1057N/A
1057N/A len = strlen(c->config_path) + strlen(c->name) + strlen("--path=") + 2;
1057N/A patharg = malloc(len);
1109N/A if (!patharg)
1057N/A exit(1);
1057N/A ret = snprintf(patharg, len, "--path=%s/%s", c->config_path, c->name);
1057N/A if (ret < 0 || ret >= len)
1109N/A exit(1);
1057N/A newargv[1] = patharg;
1057N/A len = strlen("--name=") + strlen(c->name) + 1;
1057N/A namearg = malloc(len);
1109N/A if (!namearg)
1057N/A exit(1);
1057N/A ret = snprintf(namearg, len, "--name=%s", c->name);
1057N/A if (ret < 0 || ret >= len)
1109N/A exit(1);
1057N/A newargv[2] = namearg;
1057N/A
1057N/A /* add passed-in args */
1109N/A if (argv)
1057N/A for (i = 3; i < nargs; i++)
1057N/A newargv[i] = argv[i-3];
1057N/A
1109N/A /* add trailing NULL */
1057N/A nargs++;
1057N/A newargv = realloc(newargv, nargs * sizeof(*newargv));
1057N/A if (!newargv)
1109N/A exit(1);
1057N/A newargv[nargs - 1] = NULL;
1057N/A
1057N/A /* execute */
1109N/A ret = execv(tpath, newargv);
1057N/A SYSERROR("failed to execute template %s", tpath);
1057N/A exit(1);
1057N/A }
1109N/A
1057N/Aagain:
1057N/A ret = waitpid(pid, &status, 0);
1057N/A if (ret == -1) {
1109N/A if (errno == -EINTR)
1057N/A goto again;
1057N/A SYSERROR("waitpid failed");
1057N/A goto out_unlock;
1109N/A }
725N/A if (ret != pid)
725N/A goto again;
725N/A if (!WIFEXITED(status)) { // did not exit normally
1109N/A // we could set an error code and string inside the
1057N/A // container_struct here if we like
1057N/A ERROR("container creation template exited abnormally\n");
1057N/A goto out_unlock;
1057N/A }
1057N/A
1109N/A if (WEXITSTATUS(status) != 0) {
725N/A ERROR("container creation template for %s exited with %d\n",
725N/A c->name, WEXITSTATUS(status));
725N/A goto out_unlock;
1109N/A }
1057N/A
1057N/A // now clear out the lxc_conf we have, reload from the created
1057N/A // container
1057N/A if (c->lxc_conf)
1057N/A lxc_conf_free(c->lxc_conf);
1109N/A c->lxc_conf = NULL;
684N/A bret = load_config_locked(c, c->configfile);
684N/A
684N/Aout_unlock:
684N/A lxcunlock(c->slock);
1109N/Aout:
684N/A if (tpath)
684N/A free(tpath);
684N/A return bret;
684N/A}
1109N/A
684N/Astatic bool lxcapi_shutdown(struct lxc_container *c, int timeout)
1057N/A{
684N/A bool retv;
1057N/A pid_t pid;
1057N/A
1109N/A if (!c)
1057N/A return false;
1057N/A
1057N/A if (!timeout)
1057N/A timeout = -1;
1057N/A if (!c->is_running(c))
1109N/A return true;
684N/A pid = c->init_pid(c);
684N/A if (pid <= 0)
684N/A return true;
1109N/A kill(pid, SIGPWR);
1057N/A retv = c->wait(c, "STOPPED", timeout);
1057N/A if (!retv && timeout > 0) {
1057N/A c->stop(c);
1057N/A retv = c->wait(c, "STOPPED", 0); // 0 means don't wait
1109N/A }
684N/A return retv;
1057N/A}
1057N/A
1057N/Astatic bool lxcapi_createl(struct lxc_container *c, char *t, ...)
1109N/A{
1057N/A bool bret = false;
1057N/A char **args = NULL, **temp;
1057N/A va_list ap;
1109N/A int nargs = 0;
684N/A
684N/A if (!c)
684N/A return false;
684N/A
1109N/A /*
1057N/A * since we're going to wait for create to finish, I don't think we
1057N/A * need to get a copy of the arguments.
1057N/A */
1109N/A va_start(ap, t);
1057N/A while (1) {
1057N/A char *arg;
1057N/A arg = va_arg(ap, char *);
1109N/A if (!arg)
1057N/A break;
1057N/A nargs++;
1057N/A temp = realloc(args, (nargs+1) * sizeof(*args));
1057N/A if (!temp)
1109N/A goto out;
1057N/A args = temp;
1057N/A args[nargs - 1] = arg;
1057N/A }
1109N/A va_end(ap);
1057N/A args[nargs] = NULL;
1057N/A
1057N/A bret = c->create(c, t, args);
1057N/A
1109N/Aout:
684N/A if (args)
684N/A free(args);
684N/A return bret;
684N/A}
1109N/A
1057N/Astatic bool lxcapi_clear_config_item(struct lxc_container *c, const char *key)
1057N/A{
1057N/A int ret;
1057N/A
1057N/A if (!c || !c->lxc_conf)
1057N/A return false;
1057N/A if (lxclock(c->privlock, 0)) {
1057N/A return false;
1057N/A }
1057N/A ret = lxc_clear_config_item(c->lxc_conf, key);
1057N/A lxcunlock(c->privlock);
1057N/A return ret == 0;
1057N/A}
1057N/A
1109N/Astatic int lxcapi_get_config_item(struct lxc_container *c, const char *key, char *retv, int inlen)
684N/A{
684N/A int ret;
684N/A
684N/A if (!c || !c->lxc_conf)
1109N/A return -1;
684N/A if (lxclock(c->privlock, 0)) {
684N/A return -1;
684N/A }
1109N/A ret = lxc_get_config_item(c->lxc_conf, key, retv, inlen);
684N/A lxcunlock(c->privlock);
684N/A return ret;
684N/A}
1109N/A
684N/Astatic int lxcapi_get_keys(struct lxc_container *c, const char *key, char *retv, int inlen)
684N/A{
684N/A if (!key)
1109N/A return lxc_listconfigs(retv, inlen);
684N/A /*
684N/A * Support 'lxc.network.<idx>', i.e. 'lxc.network.0'
684N/A * This is an intelligent result to show which keys are valid given
1109N/A * the type of nic it is
684N/A */
684N/A if (!c || !c->lxc_conf)
684N/A return -1;
1109N/A if (lxclock(c->privlock, 0))
684N/A return -1;
684N/A int ret = -1;
684N/A if (strncmp(key, "lxc.network.", 12) == 0)
684N/A ret = lxc_list_nicconfigs(c->lxc_conf, key, retv, inlen);
1109N/A lxcunlock(c->privlock);
1057N/A return ret;
1057N/A}
1057N/A
1057N/A
1109N/A/* default config file - should probably come through autoconf */
1057N/A#define LXC_DEFAULT_CONFIG "/etc/lxc/default.conf"
1057N/Astatic bool lxcapi_save_config(struct lxc_container *c, const char *alt_file)
1057N/A{
1057N/A if (!alt_file)
1109N/A alt_file = c->configfile;
684N/A if (!alt_file)
684N/A return false; // should we write to stdout if no file is specified?
684N/A if (!c->lxc_conf)
684N/A if (!c->load_config(c, LXC_DEFAULT_CONFIG)) {
1109N/A ERROR("Error loading default configuration file %s while saving %s\n", LXC_DEFAULT_CONFIG, c->name);
684N/A return false;
684N/A }
684N/A
684N/A FILE *fout = fopen(alt_file, "w");
1109N/A if (!fout)
684N/A return false;
684N/A if (lxclock(c->privlock, 0)) {
684N/A fclose(fout);
684N/A return false;
684N/A }
684N/A write_config(fout, c->lxc_conf);
684N/A fclose(fout);
1109N/A lxcunlock(c->privlock);
684N/A return true;
684N/A}
684N/A
1109N/Astatic bool lxcapi_destroy(struct lxc_container *c)
1057N/A{
1057N/A pid_t pid;
1057N/A int ret, status;
1057N/A
1109N/A if (!c)
684N/A return false;
684N/A
684N/A pid = fork();
1109N/A if (pid < 0)
684N/A return false;
684N/A if (pid == 0) { // child
684N/A ret = execlp("lxc-destroy", "lxc-destroy", "-n", c->name, NULL);
684N/A perror("execl");
1109N/A exit(1);
679N/A }
679N/A
679N/Aagain:
1057N/A ret = waitpid(pid, &status, 0);
684N/A if (ret == -1) {
679N/A if (errno == -EINTR)
679N/A goto again;
1057N/A perror("waitpid");
684N/A return false;
684N/A }
1109N/A if (ret != pid)
684N/A goto again;
684N/A if (!WIFEXITED(status)) { // did not exit normally
684N/A // we could set an error code and string inside the
684N/A // container_struct here if we like
684N/A return false;
684N/A }
684N/A
1109N/A return WEXITSTATUS(status) == 0;
1057N/A}
1057N/A
1057N/Astatic bool lxcapi_set_config_item(struct lxc_container *c, const char *key, const char *v)
1057N/A{
1057N/A int ret;
1057N/A bool b = false;
1057N/A struct lxc_config_t *config;
1057N/A
1057N/A if (!c)
1057N/A return false;
1057N/A
1057N/A if (lxclock(c->privlock, 0))
1057N/A return false;
1109N/A
1057N/A if (!c->lxc_conf)
1057N/A c->lxc_conf = lxc_conf_init();
1057N/A if (!c->lxc_conf)
1057N/A goto err;
1057N/A config = lxc_getconfig(key);
1057N/A if (!config)
1057N/A goto err;
1057N/A ret = config->cb(key, v, c->lxc_conf);
1057N/A if (!ret)
1057N/A b = true;
1057N/A
1057N/Aerr:
1109N/A lxcunlock(c->privlock);
684N/A return b;
684N/A}
684N/A
684N/Astatic char *lxcapi_config_file_name(struct lxc_container *c)
684N/A{
684N/A if (!c || !c->configfile)
684N/A return NULL;
1109N/A return strdup(c->configfile);
684N/A}
684N/A
684N/Astatic const char *lxcapi_get_config_path(struct lxc_container *c)
684N/A{
684N/A if (!c || !c->config_path)
684N/A return NULL;
684N/A return (const char *)(c->config_path);
1109N/A}
684N/A
684N/A/*
684N/A * not for export
1109N/A * Just recalculate the c->configfile based on the
1057N/A * c->config_path, which must be set.
1057N/A * The lxc_container must be locked or not yet public.
1057N/A */
1057N/Astatic bool set_config_filename(struct lxc_container *c)
1057N/A{
1057N/A char *newpath;
1057N/A int len, ret;
1057N/A
1057N/A if (!c->config_path)
1057N/A return false;
1109N/A
679N/A /* $lxc_path + "/" + c->name + "/" + "config" + '\0' */
679N/A len = strlen(c->config_path) + strlen(c->name) + strlen("config") + 3;
684N/A newpath = malloc(len);
679N/A if (!newpath)
684N/A return false;
1057N/A
1057N/A ret = snprintf(newpath, len, "%s/%s/config", c->config_path, c->name);
679N/A if (ret < 0 || ret >= len) {
684N/A fprintf(stderr, "Error printing out config file name\n");
679N/A free(newpath);
684N/A return false;
684N/A }
684N/A
684N/A if (c->configfile)
1109N/A free(c->configfile);
1109N/A c->configfile = newpath;
1109N/A
1109N/A return true;
1109N/A}
1057N/A
1057N/Astatic bool lxcapi_set_config_path(struct lxc_container *c, const char *path)
1057N/A{
1109N/A char *p;
1057N/A bool b = false;
1057N/A char *oldpath = NULL;
1057N/A
1057N/A if (!c)
1057N/A return b;
1057N/A
1057N/A if (lxclock(c->privlock, 0))
1057N/A return b;
1109N/A
1109N/A p = strdup(path);
1057N/A if (!p) {
1057N/A ERROR("Out of memory setting new lxc path");
1109N/A goto err;
1109N/A }
1109N/A
1109N/A b = true;
1057N/A if (c->config_path)
1057N/A oldpath = c->config_path;
1057N/A c->config_path = p;
1109N/A
1109N/A /* Since we've changed the config path, we have to change the
1109N/A * config file name too */
1109N/A if (!set_config_filename(c)) {
1109N/A ERROR("Out of memory setting new config filename");
1057N/A b = false;
1057N/A free(c->config_path);
1057N/A c->config_path = oldpath;
1109N/A oldpath = NULL;
1057N/A }
1057N/Aerr:
1057N/A if (oldpath)
1109N/A free(oldpath);
1057N/A lxcunlock(c->privlock);
1057N/A return b;
1057N/A}
1057N/A
1109N/A
1109N/Astatic bool lxcapi_set_cgroup_item(struct lxc_container *c, const char *subsys, const char *value)
1109N/A{
1109N/A int ret;
1109N/A bool b = false;
1109N/A
1109N/A if (!c)
1109N/A return false;
1057N/A
1057N/A if (lxclock(c->privlock, 0))
1057N/A return false;
1109N/A
1057N/A if (is_stopped_nolock(c))
1057N/A goto err;
1057N/A
1109N/A ret = lxc_cgroup_set(c->name, subsys, value);
1057N/A if (!ret)
1057N/A b = true;
1057N/Aerr:
1109N/A lxcunlock(c->privlock);
1109N/A return b;
1109N/A}
1109N/A
1109N/Astatic int lxcapi_get_cgroup_item(struct lxc_container *c, const char *subsys, char *retv, int inlen)
1057N/A{
1057N/A int ret = -1;
1057N/A
1109N/A if (!c || !c->lxc_conf)
1057N/A return -1;
1057N/A
1057N/A if (lxclock(c->privlock, 0))
1109N/A return -1;
1057N/A
1057N/A if (is_stopped_nolock(c))
1057N/A goto out;
1109N/A
1057N/A ret = lxc_cgroup_get(c->name, subsys, retv, inlen);
1057N/A
1057N/Aout:
1109N/A lxcunlock(c->privlock);
1057N/A return ret;
1057N/A}
1057N/A
1109N/Aconst char *lxc_get_default_config_path(void)
1057N/A{
1057N/A return default_lxc_path();
1057N/A}
1109N/A
1057N/Astruct lxc_container *lxc_container_new(const char *name, const char *configpath)
1057N/A{
1057N/A struct lxc_container *c;
1109N/A
1057N/A c = malloc(sizeof(*c));
1057N/A if (!c) {
1057N/A fprintf(stderr, "failed to malloc lxc_container\n");
1109N/A return NULL;
1057N/A }
1057N/A memset(c, 0, sizeof(*c));
1057N/A
1109N/A if (configpath)
1057N/A c->config_path = strdup(configpath);
1057N/A else
1057N/A c->config_path = strdup(default_lxc_path());
1109N/A
1057N/A if (!c->config_path) {
1057N/A fprintf(stderr, "Out of memory");
1057N/A goto err;
1109N/A }
1057N/A
1057N/A c->name = malloc(strlen(name)+1);
1057N/A if (!c->name) {
1109N/A fprintf(stderr, "Error allocating lxc_container name\n");
1057N/A goto err;
1057N/A }
1057N/A strcpy(c->name, name);
1109N/A
1057N/A c->numthreads = 1;
1057N/A c->slock = lxc_newlock(name);
1057N/A if (!c->slock) {
1109N/A fprintf(stderr, "failed to create lock\n");
1057N/A goto err;
1057N/A }
1057N/A
1109N/A c->privlock = lxc_newlock(NULL);
1057N/A if (!c->privlock) {
1057N/A fprintf(stderr, "failed to alloc privlock\n");
1057N/A goto err;
1057N/A }
1109N/A
1109N/A if (!set_config_filename(c)) {
1109N/A fprintf(stderr, "Error allocating config file pathname\n");
1109N/A goto err;
1109N/A }
1109N/A
1057N/A if (file_exists(c->configfile))
1057N/A lxcapi_load_config(c, NULL);
1109N/A
1109N/A // assign the member functions
1057N/A c->is_defined = lxcapi_is_defined;
1057N/A c->state = lxcapi_state;
1109N/A c->is_running = lxcapi_is_running;
1109N/A c->freeze = lxcapi_freeze;
1057N/A c->unfreeze = lxcapi_unfreeze;
1057N/A c->init_pid = lxcapi_init_pid;
1109N/A c->load_config = lxcapi_load_config;
1109N/A c->want_daemonize = lxcapi_want_daemonize;
1057N/A c->start = lxcapi_start;
1057N/A c->startl = lxcapi_startl;
1109N/A c->stop = lxcapi_stop;
1109N/A c->config_file_name = lxcapi_config_file_name;
1057N/A c->wait = lxcapi_wait;
1057N/A c->set_config_item = lxcapi_set_config_item;
1109N/A c->destroy = lxcapi_destroy;
1109N/A c->save_config = lxcapi_save_config;
1057N/A c->get_keys = lxcapi_get_keys;
1057N/A c->create = lxcapi_create;
1109N/A c->createl = lxcapi_createl;
1109N/A c->shutdown = lxcapi_shutdown;
1109N/A c->clear_config_item = lxcapi_clear_config_item;
1109N/A c->get_config_item = lxcapi_get_config_item;
1109N/A c->get_cgroup_item = lxcapi_get_cgroup_item;
1109N/A c->set_cgroup_item = lxcapi_set_cgroup_item;
1109N/A c->get_config_path = lxcapi_get_config_path;
1109N/A c->set_config_path = lxcapi_set_config_path;
1109N/A
1109N/A /* we'll allow the caller to update these later */
1109N/A if (lxc_log_init(NULL, "none", NULL, "lxc_container", 0)) {
1109N/A fprintf(stderr, "failed to open log\n");
1109N/A goto err;
1109N/A }
1109N/A
1109N/A return c;
1109N/A
1109N/Aerr:
1109N/A lxc_container_free(c);
1109N/A return NULL;
1109N/A}
1109N/A
1109N/Aint lxc_get_wait_states(const char **states)
1109N/A{
1057N/A int i;
1057N/A
1057N/A if (states)
1109N/A for (i=0; i<MAX_STATE; i++)
1057N/A states[i] = lxc_state2str(i);
1057N/A return MAX_STATE;
1057N/A}
1109N/A