[lxc-devel] [PATCH] move monitor-fifo and monitor-sock to /run

Dwight Engen dwight.engen at oracle.com
Wed Sep 11 15:44:19 UTC 2013 

Moving these files should allow $lxcpath to be a read-only fs.

Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
---
Tested lxc-monitor and lxc-wait as root, do not have environment to test
unprivileged user (XDG_RUNTIME_DIR) case but believe that should work.

 src/lxc/lxc_monitord.c | 17 +++++++--------
 src/lxc/lxclock.c      |  5 +----
 src/lxc/monitor.c      | 56 ++++++++++++++++++++++++++++++++++++++++++++------
 src/lxc/monitor.h      |  2 ++
 src/lxc/utils.c        | 10 +++++++++
 src/lxc/utils.h        |  2 ++
 6 files changed, 72 insertions(+), 20 deletions(-)

diff --git a/src/lxc/lxc_monitord.c b/src/lxc/lxc_monitord.c
index c5e156e..fda6cf4 100644
--- a/src/lxc/lxc_monitord.c
+++ b/src/lxc/lxc_monitord.c
@@ -76,11 +76,9 @@ static int lxc_monitord_fifo_create(struct lxc_monitor *mon)
 	char fifo_path[PATH_MAX];
 	int ret;
 
-	ret = snprintf(fifo_path, sizeof(fifo_path), "%s/monitor-fifo", mon->lxcpath);
-	if (ret < 0 || ret >= sizeof(fifo_path)) {
-		ERROR("lxcpath too long to monitor fifo");
-		return -1;
-	}
+	ret = lxc_monitor_fifo_name(mon->lxcpath, fifo_path, sizeof(fifo_path), 1);
+	if (ret < 0)
+		return ret;
 
 	ret = mknod(fifo_path, S_IFIFO|S_IRUSR|S_IWUSR, 0);
 	if (ret < 0) {
@@ -102,11 +100,10 @@ static int lxc_monitord_fifo_delete(struct lxc_monitor *mon)
 	char fifo_path[PATH_MAX];
 	int ret;
 
-	ret = snprintf(fifo_path, sizeof(fifo_path), "%s/monitor-fifo", mon->lxcpath);
-	if (ret < 0 || ret >= sizeof(fifo_path)) {
-		ERROR("lxcpath too long to monitor fifo");
-		return -1;
-	}
+	ret = lxc_monitor_fifo_name(mon->lxcpath, fifo_path, sizeof(fifo_path), 0);
+	if (ret < 0)
+		return ret;
+
 	unlink(fifo_path);
 	return 0;
 }
diff --git a/src/lxc/lxclock.c b/src/lxc/lxclock.c
index 79ebf84..1d6a86c 100644
--- a/src/lxc/lxclock.c
+++ b/src/lxc/lxclock.c
@@ -56,10 +56,7 @@ static char *lxclock_name(const char *p, const char *n)
 
 	/* length of "/lock/lxc/" + $lxcpath + "/" + $lxcname + '\0' */
 	len = strlen("/lock/lxc/") + strlen(n) + strlen(p) + 2;
-	rundir = getenv("XDG_RUNTIME_DIR");
-	if (geteuid() == 0 || rundir == NULL)
-		rundir = "/run";
-
+	rundir = get_rundir();
 	len += strlen(rundir);
 
 	if ((dest = malloc(len)) == NULL)
diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
index 412d38f..bdcc581 100644
--- a/src/lxc/monitor.c
+++ b/src/lxc/monitor.c
@@ -40,6 +40,7 @@
 #include "af_unix.h"
 
 #include <lxc/log.h>
+#include <lxc/lxclock.h>
 #include <lxc/state.h>
 #include <lxc/monitor.h>
 #include <lxc/utils.h>
@@ -47,17 +48,45 @@
 lxc_log_define(lxc_monitor, lxc);
 
 /* routines used by monitor publishers (containers) */
+int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path, size_t fifo_path_sz,
+			  int do_mkdirp)
+{
+	int ret;
+	const char *rundir;
+
+	rundir = get_rundir();
+	if (do_mkdirp) {
+		ret = snprintf(fifo_path, fifo_path_sz, "%s/lxc/%s", rundir, lxcpath);
+		if (ret < 0 || ret >= fifo_path_sz) {
+			ERROR("rundir/lxcpath (%s/%s) too long for monitor fifo", rundir, lxcpath);
+			return -1;
+		}
+		process_lock();
+		ret = mkdir_p(fifo_path, 0755);
+		process_unlock();
+		if (ret < 0) {
+			ERROR("unable to create monitor fifo dir %s", fifo_path);
+			return ret;
+		}
+	}
+	ret = snprintf(fifo_path, fifo_path_sz, "%s/lxc/%s/monitor-fifo", rundir, lxcpath);
+	if (ret < 0 || ret >= fifo_path_sz) {
+		ERROR("rundir/lxcpath (%s/%s) too long for monitor fifo", rundir, lxcpath);
+		return -1;
+	}
+	return 0;
+}
+
 static void lxc_monitor_fifo_send(struct lxc_msg *msg, const char *lxcpath)
 {
 	int fd,ret;
 	char fifo_path[PATH_MAX];
 
 	BUILD_BUG_ON(sizeof(*msg) > PIPE_BUF); /* write not guaranteed atomic */
-	ret = snprintf(fifo_path, sizeof(fifo_path), "%s/monitor-fifo", lxcpath);
-	if (ret < 0 || ret >= sizeof(fifo_path)) {
-		ERROR("lxcpath too long to open monitor fifo");
+
+	ret = lxc_monitor_fifo_name(lxcpath, fifo_path, sizeof(fifo_path), 0);
+	if (ret < 0)
 		return;
-	}
 
 	fd = open(fifo_path, O_WRONLY);
 	if (fd < 0) {
@@ -98,6 +127,7 @@ int lxc_monitor_sock_name(const char *lxcpath, struct sockaddr_un *addr) {
 	size_t len;
 	int ret;
 	char *sockname = &addr->sun_path[0]; // 1 for abstract
+	const char *rundir;
 
 	/* addr.sun_path is only 108 bytes.
 	 * should we take a hash of lxcpath? a subset of it? ftok()? we need
@@ -106,9 +136,23 @@ int lxc_monitor_sock_name(const char *lxcpath, struct sockaddr_un *addr) {
 	memset(addr, 0, sizeof(*addr));
 	addr->sun_family = AF_UNIX;
 	len = sizeof(addr->sun_path) - 1;
-	ret = snprintf(sockname, len, "%s/monitor-sock", lxcpath);
+	rundir = get_rundir();
+	ret = snprintf(sockname, len, "%s/lxc/%s", rundir, lxcpath);
+	if (ret < 0 || ret >= len) {
+		ERROR("rundir/lxcpath (%s/%s) too long for monitor unix socket", rundir, lxcpath);
+		return -1;
+	}
+	process_lock();
+	ret = mkdir_p(sockname, 0755);
+	process_unlock();
+	if (ret < 0) {
+		ERROR("unable to create monitor sock %s", sockname);
+		return ret;
+	}
+
+	ret = snprintf(sockname, len, "%s/lxc/%s/monitor-sock", rundir, lxcpath);
 	if (ret < 0 || ret >= len) {
-		ERROR("lxcpath too long for unix socket");
+		ERROR("rundir/lxcpath (%s/%s) too long for monitor unix socket", rundir, lxcpath);
 		return -1;
 	}
 	return 0;
diff --git a/src/lxc/monitor.h b/src/lxc/monitor.h
index 2a61091..8093919 100644
--- a/src/lxc/monitor.h
+++ b/src/lxc/monitor.h
@@ -41,6 +41,8 @@ struct lxc_msg {
 
 extern int lxc_monitor_open(const char *lxcpath);
 extern int lxc_monitor_sock_name(const char *lxcpath, struct sockaddr_un *addr);
+extern int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path,
+				 size_t fifo_path_sz, int do_mkdirp);
 extern void lxc_monitor_send_state(const char *name, lxc_state_t state,
 			    const char *lxcpath);
 extern int lxc_monitord_spawn(const char *lxcpath);
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index ba0604a..2e66585 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -318,6 +318,16 @@ const char *default_lxc_path(void)
 	return lxc_global_config_value("lxcpath");
 }
 
+const char *get_rundir()
+{
+	const char *rundir;
+
+	rundir = getenv("XDG_RUNTIME_DIR");
+	if (geteuid() == 0 || rundir == NULL)
+		rundir = "/run";
+	return rundir;
+}
+
 int wait_for_pid(pid_t pid)
 {
 	int status, ret;
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index 1a7b551..9776d18 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -37,6 +37,8 @@ extern int lxc_rmdir_onedev(char *path);
 extern int lxc_setup_fs(void);
 extern int get_u16(unsigned short *val, const char *arg, int base);
 extern int mkdir_p(const char *dir, mode_t mode);
+extern const char *get_rundir(void);
+
 /*
  * Return a buffer containing the default container path.
  * Caller must NOT free this buffer, since it may be static.
-- 
1.8.1.4

More information about the lxc-devel mailing list