[lxc-devel] [lxc/master] tools: lxc-unshare: apply argument parser of lxc and log system of lxc
2xsec on Github
lxc-bot at linuxcontainers.org
Sat Jul 14 11:13:30 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 575 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180714/85252d4b/attachment.bin>
-------------- next part --------------
From 727b9b165986fb5b180932dbcada8ad5b7af9131 Mon Sep 17 00:00:00 2001
From: 2xsec <dh48.jeong at samsung.com>
Date: Sat, 14 Jul 2018 20:00:38 +0900
Subject: [PATCH] tools: lxc-unshare: apply argument parser of lxc and log
system of lxc
Signed-off-by: 2xsec <dh48.jeong at samsung.com>
---
src/lxc/namespace.c | 5 +-
src/lxc/tools/arguments.c | 11 +-
src/lxc/tools/arguments.h | 8 +-
src/lxc/tools/lxc_unshare.c | 316 ++++++++++++++++++++++++++------------------
4 files changed, 204 insertions(+), 136 deletions(-)
diff --git a/src/lxc/namespace.c b/src/lxc/namespace.c
index b6e3938b1..9512bfe5e 100644
--- a/src/lxc/namespace.c
+++ b/src/lxc/namespace.c
@@ -115,6 +115,7 @@ pid_t lxc_raw_clone(unsigned long flags)
: "=r"(in_child), "=r"(child_pid)
: "i"(__NR_clone), "r"(flags | SIGCHLD)
: "%o1", "%o0", "%g1");
+
if (in_child)
return 0;
else
@@ -174,6 +175,7 @@ const struct ns_info ns_info[LXC_NS_MAX] = {
int lxc_namespace_2_cloneflag(const char *namespace)
{
int i;
+
for (i = 0; i < LXC_NS_MAX; i++)
if (!strcasecmp(ns_info[i].proc_name, namespace))
return ns_info[i].clone_flag;
@@ -185,6 +187,7 @@ int lxc_namespace_2_cloneflag(const char *namespace)
int lxc_namespace_2_ns_idx(const char *namespace)
{
int i;
+
for (i = 0; i < LXC_NS_MAX; i++)
if (!strcmp(ns_info[i].proc_name, namespace))
return i;
@@ -239,7 +242,6 @@ int lxc_fill_namespace_flags(char *flaglist, int *flags)
token = strtok_r(flaglist, "|", &saveptr);
while (token) {
-
aflag = lxc_namespace_2_cloneflag(token);
if (aflag < 0)
return -1;
@@ -248,5 +250,6 @@ int lxc_fill_namespace_flags(char *flaglist, int *flags)
token = strtok_r(NULL, "|", &saveptr);
}
+
return 0;
}
diff --git a/src/lxc/tools/arguments.c b/src/lxc/tools/arguments.c
index daff4d816..30bb5dbb2 100644
--- a/src/lxc/tools/arguments.c
+++ b/src/lxc/tools/arguments.c
@@ -50,7 +50,6 @@ static int build_shortopts(const struct option *a_options, char *a_shortopts,
return -1;
for (opt = a_options; opt->name; opt++) {
-
if (!isascii(opt->val))
continue;
@@ -163,6 +162,7 @@ See the %s man page for further information.\n\n",
if (args->helpfn)
args->helpfn(args);
+
exit(code);
}
@@ -183,6 +183,7 @@ static int lxc_arguments_lxcpath_add(struct lxc_arguments *args,
lxc_error(args, "no memory");
return -ENOMEM;
}
+
args->lxcpath[args->lxcpath_cnt++] = lxcpath;
return 0;
}
@@ -207,6 +208,7 @@ extern int lxc_arguments_parse(struct lxc_arguments *args, int argc,
c = getopt_long(argc, argv, shortopts, args->options, &index);
if (c == -1)
break;
+
switch (c) {
case 'n':
args->name = optarg;
@@ -261,7 +263,8 @@ extern int lxc_arguments_parse(struct lxc_arguments *args, int argc,
}
/* Check the command options */
- if (!args->name && strcmp(args->progname, "lxc-autostart") != 0) {
+ if (!args->name && strncmp(args->progname, "lxc-autostart", strlen(args->progname)) != 0
+ && strncmp(args->progname, "lxc-unshare", strlen(args->progname)) != 0) {
if (args->argv) {
args->name = argv[optind];
optind++;
@@ -277,9 +280,11 @@ extern int lxc_arguments_parse(struct lxc_arguments *args, int argc,
if (args->checker)
ret = args->checker(args);
+
error:
if (ret)
lxc_error(args, "could not parse command line");
+
return ret;
}
@@ -333,4 +338,4 @@ bool lxc_setup_shared_ns(struct lxc_arguments *args, struct lxc_container *c)
}
return true;
-}
+}
\ No newline at end of file
diff --git a/src/lxc/tools/arguments.h b/src/lxc/tools/arguments.h
index 8acebc55c..43b3a86e2 100644
--- a/src/lxc/tools/arguments.h
+++ b/src/lxc/tools/arguments.h
@@ -94,7 +94,7 @@ struct lxc_arguments {
char *rbdname, *rbdpool;
char *zfsroot, *lowerdir, *dir;
- /* lxc-execute */
+ /* lxc-execute and lxc-unshare */
uid_t uid;
gid_t gid;
@@ -137,6 +137,12 @@ struct lxc_arguments {
/* lxc-copy */
bool tmpfs;
+ /* lxc-unshare */
+ int flags;
+ int want_default_mounts;
+ const char *want_hostname;
+ bool setuid;
+
/* remaining arguments */
char *const *argv;
int argc;
diff --git a/src/lxc/tools/lxc_unshare.c b/src/lxc/tools/lxc_unshare.c
index 85b9d4c02..c1ec99611 100644
--- a/src/lxc/tools/lxc_unshare.c
+++ b/src/lxc/tools/lxc_unshare.c
@@ -41,10 +41,112 @@
#include "arguments.h"
#include "caps.h"
-#include "conf.h"
+#include "log.h"
#include "namespace.h"
#include "utils.h"
+lxc_log_define(lxc_unshare, lxc);
+
+struct start_arg {
+ char *const *args;
+ int flags;
+ uid_t uid;
+ bool setuid;
+ int want_default_mounts;
+ int wait_fd;
+ const char *want_hostname;
+};
+
+struct my_iflist
+{
+ char *mi_ifname;
+ struct my_iflist *mi_next;
+};
+
+static int my_parser(struct lxc_arguments *args, int c, char *arg);
+static inline int sethostname_including_android(const char *name, size_t len);
+static int get_namespace_flags(char *namespaces);
+static bool lookup_user(const char *optarg, uid_t *uid);
+static int mount_fs(const char *source, const char *target, const char *type);
+static void lxc_setup_fs(void);
+static int do_start(void *arg);
+
+static struct my_iflist *tmpif, *my_iflist = NULL;
+
+static const struct option my_longopts[] = {
+ {"namespaces", required_argument, 0, 's'},
+ {"user", required_argument, 0, 'u'},
+ {"hostname", required_argument, 0, 'H'},
+ {"ifname", required_argument, 0, 'i'},
+ {"daemon", no_argument, 0, 'd'},
+ {"remount", no_argument, 0, 'M'},
+ LXC_COMMON_OPTIONS
+};
+
+static struct lxc_arguments my_args = {
+ .progname = "lxc-unshare",
+ .help = "\
+-s NAMESPACES COMMAND\n\
+\n\
+lxc-unshare run a COMMAND in a new set of NAMESPACES\n\
+\n\
+Options :\n\
+ -s, --namespaces=FLAGS\n\
+ ORed list of flags to unshare:\n\
+ MOUNT, PID, UTSNAME, IPC, USER, NETWORK\n\
+ -u, --user=USERID\n\
+ new id to be set if -s USER is specified\n\
+ -H, --hostname=HOSTNAME\n\
+ Set the hostname in the container\n\
+ -i, --ifname=IFNAME\n\
+ Interface name to be moved into container (presumably with NETWORK unsharing set)\n\
+ -d, --daemon Daemonize (do not wait for container to exit)\n\
+ -M, --remount Remount default fs inside container (/proc /dev/shm /dev/mqueue)\n\
+",
+ .options = my_longopts,
+ .parser = my_parser,
+ .checker = NULL,
+ .daemonize = 0,
+ .pidfile = NULL,
+};
+
+static int my_parser(struct lxc_arguments *args, int c, char *arg)
+{
+ switch (c) {
+ case 's':
+ args->flags = get_namespace_flags(arg);
+ if (args->flags < 0)
+ return -1;
+ break;
+ case 'u':
+ if (!lookup_user(arg, &args->uid))
+ return -1;
+
+ args->setuid = true;
+ break;
+ case 'H':
+ args->want_hostname = arg;
+ break;
+ case 'i':
+ if (!(tmpif = malloc(sizeof(*tmpif)))) {
+ SYSERROR("Failed to malloc()");
+ return -1;
+ }
+
+ tmpif->mi_ifname = arg;
+ tmpif->mi_next = my_iflist;
+ my_iflist = tmpif;
+ break;
+ case 'd':
+ args->daemonize = 1;
+ break;
+ case 'M':
+ args->want_default_mounts = 1;
+ break;
+ }
+ return 0;
+}
+
/* Define sethostname() if missing from the C library also workaround some
* quirky with having this defined in multiple places.
*/
@@ -62,25 +164,17 @@ static inline int sethostname_including_android(const char *name, size_t len)
#endif
}
-struct my_iflist
+static int get_namespace_flags(char *namespaces)
{
- char *mi_ifname;
- struct my_iflist *mi_next;
-};
+ int flags = 0;
-static void usage(char *cmd)
-{
- fprintf(stderr, "%s <options> command [command_arguments]\n", basename(cmd));
- fprintf(stderr, "Options are:\n");
- fprintf(stderr, "\t -s flags : ORed list of flags to unshare:\n" \
- "\t MOUNT, PID, UTSNAME, IPC, USER, NETWORK\n");
- fprintf(stderr, "\t -u <id> : new id to be set if -s USER is specified\n");
- fprintf(stderr, "\t -i <iface> : Interface name to be moved into container (presumably with NETWORK unsharing set)\n");
- fprintf(stderr, "\t -H <hostname>: Set the hostname in the container\n");
- fprintf(stderr, "\t -d : Daemonize (do not wait for container to exit)\n");
- fprintf(stderr, "\t -M : Remount default fs inside container (/proc /dev/shm /dev/mqueue)\n");
-
- _exit(EXIT_SUCCESS);
+ if (lxc_namespace_2_std_identifiers(namespaces) < 0)
+ return -1;
+
+ if (lxc_fill_namespace_flags(namespaces, &flags) < 0)
+ return -1;
+
+ return flags;
}
static bool lookup_user(const char *optarg, uid_t *uid)
@@ -113,9 +207,9 @@ static bool lookup_user(const char *optarg, uid_t *uid)
ret = getpwnam_r(name, &pwent, buf, bufsize, &pwentp);
if (!pwentp) {
if (ret == 0)
- fprintf(stderr, "Could not find matched password record\n");
+ SYSERROR("Could not find matched password record");
- fprintf(stderr, "Invalid username %s\n", name);
+ SYSERROR("Invalid username \"%s\"", name);
free(buf);
return false;
}
@@ -125,9 +219,9 @@ static bool lookup_user(const char *optarg, uid_t *uid)
ret = getpwuid_r(*uid, &pwent, buf, bufsize, &pwentp);
if (!pwentp) {
if (ret == 0)
- fprintf(stderr, "Could not find matched password record\n");
+ SYSERROR("Could not find matched password record");
- fprintf(stderr, "Invalid uid %u\n", *uid);
+ SYSERROR("Invalid uid : %u", *uid);
free(buf);
return false;
}
@@ -137,16 +231,6 @@ static bool lookup_user(const char *optarg, uid_t *uid)
return true;
}
-struct start_arg {
- char ***args;
- int *flags;
- uid_t *uid;
- bool setuid;
- int want_default_mounts;
- int wait_fd;
- const char *want_hostname;
-};
-
static int mount_fs(const char *source, const char *target, const char *type)
{
/* the umount may fail */
@@ -183,170 +267,140 @@ static int do_start(void *arg)
int ret;
uint64_t wait_val;
struct start_arg *start_arg = arg;
- char **args = *start_arg->args;
- int flags = *start_arg->flags;
- uid_t uid = *start_arg->uid;
- int want_default_mounts = start_arg->want_default_mounts;
+ char *const *args = start_arg->args;
const char *want_hostname = start_arg->want_hostname;
- int wait_fd = start_arg->wait_fd;
if (start_arg->setuid) {
/* waiting until uid maps is set */
- ret = read(wait_fd, &wait_val, sizeof(wait_val));
+ ret = read(start_arg->wait_fd, &wait_val, sizeof(wait_val));
if (ret == -1) {
- close(wait_fd);
- fprintf(stderr, "Failed to read eventfd\n");
+ SYSERROR("Failed to read eventfd");
+ close(start_arg->wait_fd);
_exit(EXIT_FAILURE);
}
}
- if ((flags & CLONE_NEWNS) && want_default_mounts)
+ if ((start_arg->flags & CLONE_NEWNS) && start_arg->want_default_mounts)
lxc_setup_fs();
- if ((flags & CLONE_NEWUTS) && want_hostname)
+ if ((start_arg->flags & CLONE_NEWUTS) && want_hostname)
if (sethostname_including_android(want_hostname, strlen(want_hostname)) < 0) {
- fprintf(stderr, "Failed to set hostname %s: %s\n", want_hostname, strerror(errno));
+ SYSERROR("Failed to set hostname %s", want_hostname);
_exit(EXIT_FAILURE);
}
/* Setuid is useful even without a new user id space. */
- if (start_arg->setuid && setuid(uid)) {
- fprintf(stderr, "Failed to set uid %d: %s\n", uid, strerror(errno));
+ if (start_arg->setuid && setuid(start_arg->uid)) {
+ SYSERROR("Failed to set uid %d", start_arg->uid);
_exit(EXIT_FAILURE);
}
execvp(args[0], args);
- fprintf(stderr, "Failed to exec: '%s': %s\n", args[0], strerror(errno));
+ SYSERROR("Failed to exec: '%s'", args[0]);
return 1;
}
int main(int argc, char *argv[])
{
- char **args;
- int opt;
int ret;
- char *namespaces = NULL;
- int flags = 0, daemonize = 0;
- uid_t uid = 0; /* valid only if (flags & CLONE_NEWUSER) */
pid_t pid;
- uint64_t wait_val = 1;
- struct my_iflist *tmpif, *my_iflist = NULL;
- struct start_arg start_arg = {
- .args = &args,
- .uid = &uid,
- .setuid = false,
- .flags = &flags,
- .want_hostname = NULL,
- .want_default_mounts = 0,
- };
-
- while ((opt = getopt(argc, argv, "s:u:hH:i:dM")) != -1) {
- switch (opt) {
- case 's':
- namespaces = optarg;
- break;
- case 'i':
- if (!(tmpif = malloc(sizeof(*tmpif)))) {
- perror("malloc");
- exit(EXIT_FAILURE);
- }
+ struct lxc_log log;
+ struct start_arg start_arg;
- tmpif->mi_ifname = optarg;
- tmpif->mi_next = my_iflist;
- my_iflist = tmpif;
- break;
- case 'd':
- daemonize = 1;
- break;
- case 'M':
- start_arg.want_default_mounts = 1;
- break;
- case 'H':
- start_arg.want_hostname = optarg;
- break;
- case 'h':
- usage(argv[0]);
- break;
- case 'u':
- if (!lookup_user(optarg, &uid))
- exit(EXIT_FAILURE);
- start_arg.setuid = true;
- }
- }
+ if (lxc_caps_init())
+ exit(EXIT_FAILURE);
- if (argv[optind] == NULL) {
- fprintf(stderr, "A command to execute in the new namespace is required\n");
+ if (lxc_arguments_parse(&my_args, argc, argv))
exit(EXIT_FAILURE);
- }
- args = &argv[optind];
+ /* Only create log if explicitly instructed */
+ if (my_args.log_file || my_args.log_priority) {
+ log.name = my_args.name;
+ log.file = my_args.log_file;
+ log.level = my_args.log_priority;
+ log.prefix = my_args.progname;
+ log.quiet = my_args.quiet;
+ log.lxcpath = my_args.lxcpath[0];
- ret = lxc_caps_init();
- if (ret)
- exit(EXIT_FAILURE);
+ if (lxc_log_init(&log))
+ exit(EXIT_FAILURE);
+ }
- if (lxc_namespace_2_std_identifiers(namespaces) < 0)
- usage(argv[0]);
+ if (*my_args.argv == NULL) {
+ ERROR("A command to execute in the new namespace is required");
+ exit(EXIT_FAILURE);
+ }
- ret = lxc_fill_namespace_flags(namespaces, &flags);
- if (ret)
- usage(argv[0]);
+ if (my_args.flags == 0) {
+ ERROR("A namespace to execute command is required");
+ exit(EXIT_FAILURE);
+ }
- if (!(flags & CLONE_NEWNET) && my_iflist) {
- fprintf(stderr, "-i <interfacename> needs -s NETWORK option\n");
+ if (!(my_args.flags & CLONE_NEWNET) && my_iflist) {
+ ERROR("-i <interfacename> needs -s NETWORK option");
exit(EXIT_FAILURE);
}
- if (!(flags & CLONE_NEWUTS) && start_arg.want_hostname) {
- fprintf(stderr, "-H <hostname> needs -s UTSNAME option\n");
+ if (!(my_args.flags & CLONE_NEWUTS) && my_args.want_hostname) {
+ ERROR("-H <hostname> needs -s UTSNAME option");
exit(EXIT_FAILURE);
}
- if (!(flags & CLONE_NEWNS) && start_arg.want_default_mounts) {
- fprintf(stderr, "-M needs -s MOUNT option\n");
+ if (!(my_args.flags & CLONE_NEWNS) && my_args.want_default_mounts) {
+ ERROR("-M needs -s MOUNT option");
exit(EXIT_FAILURE);
}
- if (start_arg.setuid) {
+ if (my_args.setuid) {
start_arg.wait_fd = eventfd(0, EFD_CLOEXEC);
if (start_arg.wait_fd < 0) {
- fprintf(stderr, "Failed to create eventfd\n");
+ SYSERROR("Failed to create eventfd");
exit(EXIT_FAILURE);
}
}
- pid = lxc_clone(do_start, &start_arg, flags);
+ /* set start arguments for lxc_clone from lxc_arguments */
+ start_arg.args = my_args.argv;
+ start_arg.uid = my_args.uid; /* valid only if (flags & CLONE_NEWUSER) */
+ start_arg.setuid = my_args.setuid;
+ start_arg.flags = my_args.flags;
+ start_arg.want_hostname = my_args.want_hostname;
+ start_arg.want_default_mounts = my_args.want_default_mounts;
+ start_arg.wait_fd = -1;
+
+ pid = lxc_clone(do_start, &start_arg, my_args.flags);
if (pid < 0) {
- fprintf(stderr, "Failed to clone\n");
+ ERROR("Failed to clone");
exit(EXIT_FAILURE);
}
- if (start_arg.setuid) {
+ if (my_args.setuid) {
+ uint64_t wait_val = 1;
/* enough space to accommodate uids */
char *umap = (char *)alloca(100);
/* create new uid mapping using current UID and the one
* specified as parameter
*/
- ret = snprintf(umap, 100, "%d %d 1\n" , *(start_arg.uid), getuid());
+ ret = snprintf(umap, 100, "%d %d 1\n" , my_args.uid, getuid());
if (ret < 0 || ret >= 100) {
+ ERROR("snprintf is failed");
close(start_arg.wait_fd);
- fprintf(stderr, "snprintf is failed\n");
exit(EXIT_FAILURE);
}
ret = write_id_mapping(ID_TYPE_UID, pid, umap, strlen(umap));
if (ret < 0) {
+ ERROR("Failed to map uid");
close(start_arg.wait_fd);
- fprintf(stderr, "uid mapping failed\n");
exit(EXIT_FAILURE);
}
ret = write(start_arg.wait_fd, &wait_val, sizeof(wait_val));
if (ret < 0) {
+ SYSERROR("Failed to write eventfd");
close(start_arg.wait_fd);
- fprintf(stderr, "Failed to write eventfd\n");
exit(EXIT_FAILURE);
}
}
@@ -356,10 +410,11 @@ int main(int argc, char *argv[])
pid_t pid;
pid = fork();
- if (pid < 0)
- fprintf(stderr, "Failed to move network device "
- "\"%s\" to network namespace\n",
- tmpif->mi_ifname);
+ if (pid < 0) {
+ SYSERROR("Failed to move network device \"%s\" to network namespace",
+ tmpif->mi_ifname);
+ continue;
+ }
if (pid == 0) {
char buf[256];
@@ -373,20 +428,19 @@ int main(int argc, char *argv[])
}
if (wait_for_pid(pid) != 0)
- fprintf(stderr, "Could not move interface %s "
- "into container %d: %s\n",
- tmpif->mi_ifname, pid, strerror(errno));
+ SYSERROR("Could not move interface \"%s\" into container %d",
+ tmpif->mi_ifname, pid);
}
}
- if (daemonize)
+ if (my_args.daemonize)
exit(EXIT_SUCCESS);
if (wait_for_pid(pid) != 0) {
- fprintf(stderr, "Failed to wait for '%d'\n", pid);
+ SYSERROR("Failed to wait for '%d'", pid);
exit(EXIT_FAILURE);
}
/* Call exit() directly on this function because it retuns an exit code. */
exit(EXIT_SUCCESS);
-}
+}
\ No newline at end of file
More information about the lxc-devel
mailing list