blob: 325795c52a92d157c6d7d90fa3cc8acb4e4506a4 [file] [log] [blame] [raw]
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/mount.h>
#include <fcntl.h>
#include <sched.h>
#include <dirent.h>
#include "vzerror.h"
#include "env.h"
#include "util.h"
#include "logger.h"
#include "script.h"
#include "cgroup.h"
#include "cpt.h"
#include "linux/vzctl_venet.h"
#define NETNS_RUN_DIR "/var/run/netns"
#ifndef HAVE_SETNS
#ifndef __NR_setns
#if defined __i386__
#define __NR_setns 346
#elif defined __x86_64__
#define __NR_setns 308
#else
#error "No setns syscall known for this arch"
#endif
#endif /* ! __NR_setns */
static int sys_setns(int fd, int nstype)
{
return syscall(__NR_setns, fd, nstype);
}
#define setns sys_setns
#endif /* ! HAVE_SETNS */
/* These comes from bits/sched.h */
#ifndef CLONE_NEWUTS
# define CLONE_NEWUTS 0x04000000 /* New utsname group. */
#endif
#ifndef CLONE_NEWIPC
# define CLONE_NEWIPC 0x08000000 /* New ipcs. */
#endif
#ifndef CLONE_NEWUSER
# define CLONE_NEWUSER 0x10000000 /* New user namespace. */
#endif
#ifndef CLONE_NEWPID
# define CLONE_NEWPID 0x20000000 /* New pid namespace. */
#endif
#ifndef CLONE_NEWNET
# define CLONE_NEWNET 0x40000000 /* New network namespace. */
#endif
/* From sys/mount.h */
#ifndef MS_REC
# define MS_REC 16384
#endif
#ifndef MS_PRIVATE
# define MS_PRIVATE (1 << 18)
#endif
#define UID_GID_RANGE 100000 /* how many users per container */
/* This function is there in GLIBC, but not in headers */
extern int pivot_root(const char * new_root, const char * put_old);
static int ct_is_run(vps_handler *h, envid_t veid)
{
return container_is_running(veid);
}
static int ct_destroy(vps_handler *h, envid_t veid)
{
char ctpath[STR_SIZE];
int ret;
ret = hackish_empty_container(veid);
if (ret)
return ret;
snprintf(ctpath, STR_SIZE, "%s/%d", NETNS_RUN_DIR, veid);
unlink(ctpath);
get_state_file(veid, ctpath, sizeof(ctpath));
unlink(ctpath);
return destroy_container(veid);
}
int ct_chroot(const char *root)
{
char oldroot[] = "vzctl-old-root.XXXXXX";
int ret = VZ_RESOURCE_ERROR;
if (chdir(root)) {
logger(-1, errno, "Can't chdir %s", root);
return ret;
}
if (mount("", "/", NULL, MS_PRIVATE|MS_REC, NULL) < 0) {
logger(-1, errno, "Can't remount root with MS_PRIVATE");
return ret;
}
if (mkdtemp(oldroot) == NULL) {
logger(-1, errno, "Can't mkdtemp %s", oldroot);
return ret;
}
if (pivot_root(".", oldroot)) {
logger(-1, errno, "Can't pivot_root(\".\", %s)", oldroot);
goto rmdir;
}
if (chdir("/")) {
logger(-1, errno, "Can't chdir /");
goto rmdir;
}
if (umount2(oldroot, MNT_DETACH)) {
logger(-1, 0, "Can't umount old mounts");
goto rmdir;
}
ret = 0;
rmdir:
if (rmdir(oldroot))
logger(-1, errno, "Can't rmdir %s", oldroot);
return ret;
}
#define add_value(val, var, mult) do { if (val) { var = *val * mult; } } while (0)
static int ct_setlimits(vps_handler *h, envid_t veid, struct ub_struct *ub)
{
unsigned long tcp = 0;
unsigned long kmem = 0;
unsigned long kmemall = 0;
unsigned long mem = 0;
unsigned long swap = 0;
int pagesize = sysconf(_SC_PAGESIZE);
add_value(ub->physpages, mem, pagesize);
add_value(ub->tcpsndbuf, tcp, 1);
add_value(ub->tcprcvbuf, tcp, 1);
add_value(ub->swappages, swap, pagesize);
/*
* OpenVZ beancounters traditionally acconted objects. Also, we could
* always get a very high granularity about which objects we are
* tracking. Our attempt in this implementation is to translate the
* historical beancounters into something that "makes sense" given the
* underlying Linux infrastructure, and provide something that would
* allow for more or less the kind of protection the user asked for. A
* 1:1 mapping, however, is not possible - and will never be.
*
* Upstream Linux cgroup controllers went in a very different
* direction. First, resources tend to be viewed in its entirety. We
* have entities like "memory", or "kernel memory", instead of a list
* of all internal structures like dentry, siginfo, etc. For network
* buffers, we can specify the total buffer memory instead of send and
* receive buffers, etc.
*
* Also, all accounting is done in pages, not in objects - which is the
* only thing that makes sense if the accounting is done in an
* aggregate manner. We don't really know the size of those
* structures, so we use an estimate to get a value in pages. This is
* not a stable API of the kernel, so it is bound to change.
*
* Here is the size in bytes of the following structs, in Linux 3.4:
*
* dcache: 248, siginfo: 128, sock: 1072, task 8128
*/
#define DCACHE 248
#define SIGINFO 128
#define SOCK 1072
add_value(ub->kmemsize, kmem, 1);
add_value(ub->dcachesize, kmemall, DCACHE);
add_value(ub->numtcpsock, kmemall, SOCK);
add_value(ub->numsiginfo, kmemall, SIGINFO);
add_value(ub->numothersock, kmemall, SOCK);
add_value(ub->othersockbuf, kmemall, 1);
add_value(ub->numproc, kmemall, 2 * pagesize);
add_value(ub->dgramrcvbuf, kmemall, SOCK);
if (mem)
container_apply_config(veid, MEMORY, &mem);
if (tcp)
container_apply_config(veid, TCP, &tcp);
kmem = max_ul(kmem, kmemall);
if (kmem)
container_apply_config(veid, KMEMORY, &kmem);
if (swap)
container_apply_config(veid, SWAP, &swap);
return 0;
}
#undef add_value
static int write_uid_gid_mapping(vps_handler *h, unsigned long uid, unsigned long gid, pid_t pid)
{
char buf[STR_SIZE];
char map[STR_SIZE];
int fd;
int len;
int ret = VZ_RESOURCE_ERROR;
len = snprintf(map, sizeof(map), "0 %ld %d", uid, UID_GID_RANGE);
snprintf(buf, sizeof(buf), "/proc/%d/uid_map", pid);
if ((fd = open(buf, O_WRONLY)) < 0)
goto out;
if ((write(fd, map, len) != len))
goto out;
close(fd);
len = snprintf(map, sizeof(map), "0 %ld %d", gid, UID_GID_RANGE);
snprintf(buf, sizeof(map), "/proc/%d/gid_map", pid);
if ((fd = open(buf, O_WRONLY)) < 0)
goto out;
if ((write(fd, map, len) != len))
goto out;
ret = 0;
out:
if (fd >= 0)
close(fd);
return ret;
}
/*
* Those devices should exist in the container, and be valid device nodes with
* user access permission. But we need to be absolutely sure this is the case,
* so we will provide our own versions. That could actually happen since some
* distributions may come with emptied /dev's, waiting for udev to populate them.
* That won't happen, we do it ourselves.
*/
static void create_devices(vps_handler *h, envid_t veid, const char *root)
{
unsigned int i;
char *devices[] = {
"/dev/null",
"/dev/zero",
"/dev/random",
"/dev/urandom",
};
/*
* We will tolerate errors, and keep the container running, because it is
* likely we will be able to boot it to a barely functional state. But
* be vocal about it
*/
for (i = 0; i < ARRAY_SIZE(devices); i++) {
char ct_devname[STR_SIZE];
int ret;
snprintf(ct_devname, sizeof(ct_devname), "%s%s", root, devices[i]);
/*
* No need to be crazy about file flags. When we bind mount, the
* source permissions will be inherited.
*/
ret = open(ct_devname, O_RDWR|O_CREAT, 0);
if (ret < 0) {
logger(-1, errno, "Could not touch device %s", devices[i]);
continue;
}
close(ret);
ret = mount(devices[i], ct_devname, "", MS_BIND, 0);
if (ret < 0)
logger(-1, errno, "Could not bind mount device %s", devices[i]);
}
}
static int _env_create(void *data)
{
struct arg_start *arg = data;
struct env_create_param3 create_param;
int ret;
if ((arg->userns_p != -1) &&
(read(arg->userns_p, &ret, sizeof(ret)) != sizeof(ret))) {
logger(-1, errno, "Cannot read from user namespace pipe");
close(arg->userns_p);
return VZ_RESOURCE_ERROR;
}
/*
* Technically, because clone will clone both fds, we would have to
* close the other end as well. But we don't even know what it is,
* since our args only include our end of the pipe. This is not a
* problem because right before exec_container_init, we will call
* close_fds and get away with all of them. And if we fail, we'll
* exit anywyay.
*/
if (arg->userns_p != -1)
close(arg->userns_p);
if (arg->h->can_join_userns) {
create_devices(arg->h, arg->veid, arg->res->fs.root);
}
ret = ct_chroot(arg->res->fs.root);
/* Probably means chroot failed */
if (ret)
return ret;
if (arg->h->can_join_userns) {
int fd, ret;
setuid(0);
setgid(0);
/*
* We need the special flag "newinstance". This is a requirement
* of the userns-aware implementation of devpts as of Linux 3.9.
* Because of that special requirement, we do it here rather than
* later.
*/
ret = mkdir("/dev/pts", S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
if ((ret < 0) && (errno != EEXIST)) {
logger(-1, errno, "Cannot create container's /dev/pts");
return VZ_RESOURCE_ERROR;
}
ret = mount("devpts", "/dev/pts", "devpts", 0, "newinstance");
if (ret < 0) {
/* No need to cleanup mkdir, since we test for EEXIST */
logger(-1, errno, "Cannot mount container's /dev/pts");
return VZ_RESOURCE_ERROR;
}
/* /dev/ptmx, if it even exists, would refer to the root ptmx.
* We don't want that, we want our newly created instance to contain
* all ptys. So we bind mount the root device here
*/
fd = open("/dev/ptmx", O_CREAT, S_IRWXU|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH);
if (fd < 0) {
logger(-1, errno, "Cannot create container's /dev/ptmx");
/*
* No need to umount, we are in a private mnt namespace and it will
* disappear after we fail.
*/
return VZ_RESOURCE_ERROR;
}
close(fd);
ret = mount("/dev/pts/ptmx", "/dev/ptmx", "", MS_BIND, 0);
if (ret < 0) {
/* No need to cleanup mkdir, since we test for EEXIST */
logger(-1, errno, "Cannot bind mount container's /dev/ptmx");
return VZ_RESOURCE_ERROR;
}
}
/*
* If we are using the user namespace, we will have the full capability
* set in the target namespace. So we don't need any of that.
*/
if (!arg->h->can_join_userns &&
(ret = vps_set_cap(arg->veid, &arg->res->env, &arg->res->cap, 1)))
return ret;
fill_container_param(arg, &create_param);
/* Close all fds except stdin. stdin is status pipe */
close(STDERR_FILENO); close(STDOUT_FILENO);
close_fds(0, arg->wait_p, arg->err_p, -1);
return exec_container_init(arg, &create_param);
}
static int ct_env_create_real(struct arg_start *arg)
{
long stack_size;
char *child_stack;
int clone_flags;
int userns_p[2];
int ret, err, fd;
char pidpath[STR_SIZE];
stack_size = get_pagesize();
if (stack_size < 0)
return -VZ_RESOURCE_ERROR;
child_stack = alloca(stack_size);
if (child_stack == NULL) {
logger(-1, 0, "Unable to alloc");
return -VZ_RESOURCE_ERROR;
}
child_stack += stack_size;
/*
* Belong in the setup phase
*/
clone_flags = SIGCHLD;
clone_flags |= CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC;
clone_flags |= CLONE_NEWNET|CLONE_NEWNS;
if (!arg->h->can_join_userns) {
logger(-1, 0, "WARNING: Running container unprivileged. USER_NS not supported, or runtime disabled");
userns_p[0] = userns_p[1] = -1;
} else {
clone_flags |= CLONE_NEWUSER;
if (pipe(userns_p) < 0) {
logger(-1, errno, "Can not create userns pipe");
return -VZ_RESOURCE_ERROR;
}
}
arg->userns_p = userns_p[0];
get_state_file(arg->veid, pidpath, sizeof(pidpath));
fd = open(pidpath, O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0600);
if (fd == -1) {
logger(-1, errno, "Unable to create a state file %s", pidpath);
return VZ_RESOURCE_ERROR;
}
ret = clone(_env_create, child_stack, clone_flags, arg);
close(userns_p[0]);
if (ret < 0) {
logger(-1, errno, "Unable to clone");
close(fd);
/* FIXME: remove ourselves from container first */
close(userns_p[1]);
destroy_container(arg->veid);
return -VZ_RESOURCE_ERROR;
}
dprintf(fd, "%d", ret);
close(fd);
if (arg->h->can_join_userns) {
/*
* Now we need to write to the mapping file. It has to be us,
* since CAP_SETUID is required in the parent namespace. vzctl
* is run as root, so we should have it. But our cloned kid
* will start as the overflow uid 65534 in the new namespace.
*/
if (write_uid_gid_mapping(arg->h, *arg->res->misc.local_uid,
*arg->res->misc.local_gid, ret)) {
logger(-1, 0, "Can't write to userns mapping file");
close(userns_p[1]);
destroy_container(arg->veid);
return -VZ_RESOURCE_ERROR;
}
/*
* Nothing should proceed userns wide until we have the
* mapping. That creates many non-deterministic behaviors
* since some runs will execute with the mapping already done,
* while others with the mapping off. This is particularly
* important for setuid, for instance. It will categorically
* fail if called before a mapping is in place.
*/
if ((userns_p[1] != -1) &&
write(userns_p[1], &err, sizeof(err)) != sizeof(err)) {
logger(-1, errno, "Unable to write to userns pipe");
close(userns_p[1]);
destroy_container(arg->veid);
return -VZ_RESOURCE_ERROR;
}
close(userns_p[1]);
}
return ret;
}
int ct_env_create(struct arg_start *arg)
{
int ret;
char procpath[STR_SIZE];
char ctpath[STR_SIZE];
/* non-fatal */
if ((ret = ct_destroy(arg->h, arg->veid)))
logger(0, 0, "Could not properly cleanup container: %s",
container_error(ret));
snprintf(ctpath, STR_SIZE, "%s/%d", NETNS_RUN_DIR, arg->veid);
unlink(ctpath);
if ((ret = create_container(arg->veid))) {
logger(-1, 0, "Container creation failed: %s", container_error(ret));
return VZ_RESOURCE_ERROR;
}
if ((ret = ct_setlimits(arg->h, arg->veid, &arg->res->ub))) {
logger(-1, 0, "Could not apply container limits: %s", container_error(ret));
return VZ_RESOURCE_ERROR;
}
if ((ret = container_add_task(arg->veid))) {
logger(-1, 0, "Can't add task creator to container: %s", container_error(ret));
return VZ_RESOURCE_ERROR;
}
/* Return PID on success or -VZ_*_ERROR */
if (arg->fn)
ret = arg->fn(arg->h, arg->veid, &arg->res->fs,
arg->wait_p, arg->old_wait_p, arg->err_p, arg->data);
else
ret = ct_env_create_real(arg);
if (ret < 0)
return -ret;
snprintf(procpath, STR_SIZE, "/proc/%d/ns/net", ret);
ret = symlink(procpath, ctpath);
if (ret) {
logger(-1, errno, "Can't symlink into netns file %s", ctpath);
destroy_container(arg->veid);
return VZ_RESOURCE_ERROR;
}
return 0;
}
static int ct_enter(vps_handler *h, envid_t veid, const char *root, int flags)
{
DIR *dp;
struct dirent *ep;
char path[STR_SIZE]; /* long enough for any pid */
pid_t task_pid;
int ret = VZ_RESOURCE_ERROR;
int err;
bool joined_mnt_ns = false;
int fd;
if (!h->can_join_pidns) {
logger(-1, 0, "Kernel lacks setns for pid namespace");
return VZ_RESOURCE_ERROR;
}
task_pid = get_pid_from_container(veid);
if (task_pid < 0) {
logger(-1, 0, "Container doesn't seem to be started (no pids in container cgroup)");
return VZ_RESOURCE_ERROR;
}
if (snprintf(path, STR_SIZE, "/proc/%d/ns/", task_pid) < 0)
return VZ_RESOURCE_ERROR;
dp = opendir(path);
if (dp == NULL)
return VZ_RESOURCE_ERROR;
if ((err = container_add_task(veid))) {
logger(-1, 0, "Can't add task creator to container: %s", container_error(err));
goto out;
}
/*
* Because all namespaces are associated with an owner userns,
* and capabilities may be needed for issuing setns syscalls into
* some key target namespaces (like the mount namespace), we will
* first enter the user namespace if it is available. Only then we
* scan all others and join them as they appear
*/
if (h->can_join_userns) {
if (snprintf(path, sizeof(path), "/proc/%d/ns/user", task_pid) < 0)
goto out;
if ((fd = open(path, O_RDONLY)) < 0)
goto out;
if (setns(fd, CLONE_NEWUSER)) {
logger(-1, errno, "Failed to set context for user namespace");
close(fd);
goto out;
}
close(fd);
setuid(0);
setgid(0);
}
ret = VZ_RESOURCE_ERROR;
while ((ep = readdir (dp))) {
if (!strcmp(ep->d_name, "."))
continue;
if (!strcmp(ep->d_name, ".."))
continue;
/* already joined */
if ((!strcmp(ep->d_name, "user")))
continue;
if (snprintf(path, sizeof(path), "/proc/%d/ns/%s", task_pid, ep->d_name) < 0)
goto out;
if ((fd = open(path, O_RDONLY)) < 0)
goto out;
if (setns(fd, 0))
logger(-1, errno, "Failed to set context for %s", ep->d_name);
close(fd);
if (!strcmp(ep->d_name, "mnt"))
joined_mnt_ns = true;
}
/*
* If we can join the mount namespace, we don't need to call
* pivot_root, or any other follow up step, since we will already
* inherit any fs tree structure the process already has.
*
* As a matter of fact, we won't even be able to see the container
* directories to jump to
*/
if (!joined_mnt_ns && (ret = ct_chroot(root)))
goto out;
ret = 0;
out:
closedir(dp);
return ret;
}
static int ct_setcpus(vps_handler *h, envid_t veid, struct cpu_param *cpu)
{
int ret = 0;
/*
* Need to convert both cpulimit and vcpus to something comparable.
* So get both in percentages
*/
unsigned long max_lim = ~0UL;
if (cpu->mask)
ret = container_apply_config(veid, CPUMASK,
cpumask_bits(cpu->mask));
if (cpu->limit != NULL && *cpu->limit)
max_lim = min_ul(*cpu->limit, max_lim);
if (cpu->vcpus != NULL)
max_lim = min_ul(max_lim, *cpu->vcpus * 100);
if (max_lim != ~0UL)
ret |= container_apply_config(veid, CPULIMIT, &max_lim);
if (cpu->units != NULL) {
ret |= container_apply_config(veid, CPUSHARES, cpu->units);
} else if (cpu->weight != NULL) {
ret |= container_apply_config(veid, CPUSHARES, cpu->weight);
}
return ret;
}
static int deny_devices(vps_handler *h, envid_t veid, dev_res *dev)
{
char dev_str[STR_SIZE];
char perms[4];
int i = 0;
/*
* Attention: what we want to do is figure out which permissions we want
* to mask out, so this has to be a negative test. If all of them are
* masked out, we don't call allow, and revoke the device entirely
*/
if (!(dev->mask & S_IROTH))
perms[i++] = 'r';
if (!(dev->mask & S_IWOTH))
perms[i++] = 'w';
if (i == 0)
return 0;
/* revoke entirely */
if (i == 2)
perms[i++] = 'm';
perms[i++] = '\0';
snprintf(dev_str, STR_SIZE, "%c %d:%d %s",
S_ISBLK(dev->type) ? 'b' : 'c',
major(dev->dev), minor(dev->dev), perms);
return container_apply_config(veid, DEVICES_DENY, &dev_str);
}
static int ct_setdevperm(vps_handler *h, envid_t veid, dev_res *dev)
{
char dev_str[STR_SIZE];
char perms[4];
int i = 0;
int ret;
if ((dev->mask & S_IXGRP))
logger(1, 0, "Quota setup not implemented with upstream kernels, ignoring");
if ((ret = deny_devices(h, veid, dev)))
return ret;
if (dev->mask & S_IROTH)
perms[i++] = 'r';
if (dev->mask & S_IWOTH)
perms[i++] = 'w';
/*
* If the user has not specified any permissions, what we need to
* do is just remove the device from the list. In that case, we're done
* here
*/
if (i == 0)
return 0;
/*
* Since this is not specifiable from the cmdline, always give mknod
* permission
*/
perms[i++] = 'm';
perms[i++] = '\0';
snprintf(dev_str, STR_SIZE, "%c %d:%d %s",
S_ISBLK(dev->type) ? 'b' : 'c',
major(dev->dev), minor(dev->dev),
perms);
return container_apply_config(veid, DEVICES_ALLOW, &dev_str);
}
/*
* This will move an existing device from host to the container. We will
* signal that to the network scripts by setting HNAME == VNAME.
*
* This is an impossible situation for a normal device pair, so it is a safe
* thing to do, while removing the need to create yet another script just for
* the special case of device movement. Both device creation and device
* deletion will abide by this convention.
*/
static int ct_netdev_ctl(vps_handler *h, envid_t veid, int op, char *name)
{
char *envp[10];
char buf[STR_SIZE];
int i = 0;
int ret = 0;
snprintf(buf, sizeof(buf), "VEID=%d", veid);
envp[i++] = strdup(buf);
snprintf(buf, sizeof(buf), "VNAME=%s", name);
envp[i++] = strdup(buf);
snprintf(buf, sizeof(buf), "HNAME=%s", name);
envp[i++] = strdup(buf);
envp[i] = NULL;
if (op == VE_NETDEV_ADD) {
char *argv[] = { VPS_NETNS_DEV_ADD, NULL };
ret = run_script(VPS_NETNS_DEV_ADD, argv, envp, 0);
} else {
char *argv[] = { VPS_NETNS_DEV_DEL, NULL };
ret = run_script(VPS_NETNS_DEV_DEL, argv, envp, 0);
}
free_arg(envp);
return ret;
}
static int ct_ip_ctl(vps_handler *h, envid_t veid, int op, const char *ipstr)
{
int ret = -1;
char *envp[5];
char *argv[] = {NULL, NULL};
char buf[STR_SIZE];
int i = 0;
if (!h->can_join_pidns) {
logger(-1, 0, "Cannot join pid namespace: "
"--ipadd is not supported in kernels "
"without full pidns support");
return VZ_BAD_KERNEL;
}
envp[i++] = strdup("VNAME=venet0");
envp[i++] = strdup("BRIDGE=venet0");
snprintf(buf, sizeof(buf), "HNAME=venet0.%d", veid);
envp[i++] = strdup(buf);
snprintf(buf, sizeof(buf), "VEID=%d", veid);
envp[i++] = strdup(buf);
envp[i] = NULL;
if (op == VE_IP_ADD)
argv[0] = VPS_NETNS_DEV_ADD;
else
argv[0] = VPS_NETNS_DEV_DEL;
ret = run_script(argv[0], argv, envp, 0);
free_arg(envp);
return ret;
}
/*
* This function is the simplest one among the network handling functions.
* It will create a veth pair, and move one of its ends to the container.
*
* MAC addresses and Bridge parameters are optional
*/
static int ct_veth_ctl(vps_handler *h, envid_t veid, int op, veth_dev *dev)
{
int ret = -1;
char *envp[10];
char buf[STR_SIZE];
int i = 0;
snprintf(buf, sizeof(buf), "VEID=%d", veid);
envp[i++] = strdup(buf);
snprintf(buf, sizeof(buf), "VNAME=%s", dev->dev_name_ve);
envp[i++] = strdup(buf);
if (dev->addrlen_ve) {
snprintf(buf, sizeof(buf), "VMAC=" MAC2STR_FMT,
MAC2STR(dev->dev_addr_ve));
envp[i++] = strdup(buf);
}
if (dev->addrlen) {
snprintf(buf, sizeof(buf), "HMAC=" MAC2STR_FMT,
MAC2STR(dev->dev_addr));
envp[i++] = strdup(buf);
}
if (dev->dev_name[0]) {
snprintf(buf, sizeof(buf), "HNAME=%s", dev->dev_name);
envp[i++] = strdup(buf);
}
if (dev->dev_bridge[0]) {
snprintf(buf, sizeof(buf), "BRIDGE=%s", dev->dev_bridge);
envp[i++] = strdup(buf);
}
envp[i] = NULL;
if (op == ADD) {
char *argv[] = { VPS_NETNS_DEV_ADD, NULL };
ret = run_script(VPS_NETNS_DEV_ADD, argv, envp, 0);
} else {
char *argv[] = { VPS_NETNS_DEV_DEL, NULL };
ret = run_script(VPS_NETNS_DEV_DEL, argv, envp, 0);
}
free_arg(envp);
return ret;
}
static int ct_setcontext(envid_t veid)
{
return 0;
}
static int ct_chkpnt(vps_handler *h, envid_t veid,
const fs_param *fs, int cmd, cpt_param *param)
{
const char *dumpfile = NULL;
char statefile[STR_SIZE], buf[STR_SIZE];
char *arg[2], *env[4];
FILE *sfile;
pid_t pid;
int ret;
get_dump_file(veid, param->dumpdir, buf, sizeof(buf));
dumpfile = strdup(buf);
arg[0] = SCRIPTDIR "/vps-cpt";
arg[1] = NULL;
get_state_file(veid, statefile, sizeof(statefile));
sfile = fopen(statefile, "r");
if (sfile == NULL) {
logger(-1, errno, "Unable to open %s", statefile);
return VZ_CHKPNT_ERROR;
}
ret = fscanf(sfile, "%d", &pid);
if (ret != 1) {
logger(-1, errno, "Unable to read PID from %s", statefile);
fclose(sfile);
return VZ_CHKPNT_ERROR;
}
fclose(sfile);
snprintf(buf, sizeof(buf), "VE_ROOT=%s", fs->root);
env[0] = strdup(buf);
snprintf(buf, sizeof(buf), "VE_PID=%d", pid);
env[1] = strdup(buf);
snprintf(buf, sizeof(buf), "VE_DUMP_DIR=%s", dumpfile);
env[2] = strdup(buf);
env[3] = NULL;
ret = run_script(arg[0], arg, env, 0);
free_arg(env);
if (ret)
ret=VZ_CHKPNT_ERROR;
return ret;
}
static int ct_restore_fn(vps_handler *h, envid_t veid, const fs_param *fs,
int wait_p, int old_wait_p, int err_p, void *data)
{
char *argv[2], *env[4];
const char *dumpfile = NULL;
const char *statefile = NULL;
cpt_param *param = data;
char buf[STR_SIZE];
pid_t pid = -1;
int ret;
FILE *sfile;
get_dump_file(veid, param->dumpdir, buf, sizeof(buf));
dumpfile = strdup(buf);
get_state_file(veid, buf, sizeof(buf));
statefile = strdup(buf);
argv[0] = SCRIPTDIR "/vps-rst";
argv[1] = NULL;
snprintf(buf, sizeof(buf), "VE_ROOT=%s", fs->root);
env[0] = strdup(buf);
snprintf(buf, sizeof(buf), "VE_DUMP_DIR=%s", dumpfile);
env[1] = strdup(buf);
snprintf(buf, sizeof(buf), "VE_STATE_FILE=%s", statefile);
env[2] = strdup(buf);
env[3] = NULL;
ret = run_script(argv[0], argv, env, 0);
free_arg(env);
if (ret)
return -VZ_RESTORE_ERROR;
sfile = fopen(statefile, "r");
if (sfile == NULL) {
logger(-1, errno, "Unable to open %s", statefile);
goto err_destroy;
}
if (fscanf(sfile, "%d", &pid) != 1)
logger(-1, errno, "Unable to read PID from %s", statefile);
fclose(sfile);
err_destroy:
if (pid < 0)
destroy_container(veid);
return pid > 0 ? pid : -VZ_RESTORE_ERROR;
}
static int ct_restore(vps_handler *h, envid_t veid, vps_param *vps_p, int cmd,
cpt_param *param, skipFlags skip)
{
return vps_start_custom(h, veid, vps_p,
SKIP_CONFIGURE | SKIP_ACTION_SCRIPT | skip,
NULL, ct_restore_fn, param);
}
int ct_do_open(vps_handler *h, vps_param *param)
{
int ret;
char path[STR_SIZE];
char upath[STR_SIZE];
struct stat st;
unsigned long *local_uid = param->res.misc.local_uid;
ret = container_init();
if (ret) {
/*
* We will use fprintf to stderr, and not the logger, because some commands,
* like vzctl status, will disable the logger altogether. We are early, and
* all those errors are considered fatal.
*/
fprintf(stderr, "Container init failed: %s\n", container_error(ret));
return VZ_RESOURCE_ERROR;
}
if (snprintf(path, sizeof(path), "/proc/%d/ns/pid", getpid()) < 0)
return VZ_RESOURCE_ERROR;
if (snprintf(upath, sizeof(upath), "/proc/%d/ns/user", getpid()) < 0)
return VZ_RESOURCE_ERROR;
ret = mkdir(NETNS_RUN_DIR, S_IRWXU|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
if (ret && (errno != EEXIST)) {
fprintf(stderr, "Can't create directory %s: %s\n",
NETNS_RUN_DIR, strerror(errno));
return VZ_RESOURCE_ERROR;
}
h->can_join_pidns = !stat(path, &st);
/*
* Being able to join the user namespace is a good indication that the
* user namespace is complete. For a long time, the user namespace
* existed, but were far away from being feature complete. When
* running in such a kernel, joining the user namespace will just
* cripple our container, since we won't be able to do anything. It is
* only good for people who are okay running containers as root.
*
* It is not enough, however, for user namespaces to be present in the
* kernel. The container must have been setup to use it (we need the
* mapped user to own the files, etc. So we also need to find suitable
* configuration in the config files.
*/
h->can_join_userns = !stat(upath, &st) && local_uid && (*local_uid != 0);
h->is_run = ct_is_run;
h->enter = ct_enter;
h->destroy = ct_destroy;
h->env_create = ct_env_create;
h->env_chkpnt = ct_chkpnt;
h->env_restore = ct_restore;
h->setlimits = ct_setlimits;
h->setcpus = ct_setcpus;
h->setcontext = ct_setcontext;
h->setdevperm = ct_setdevperm;
h->netdev_ctl = ct_netdev_ctl;
h->ip_ctl = ct_ip_ctl;
h->veth_ctl = ct_veth_ctl;
return 0;
}