[lxc-devel] [PATCH 1/1] add c->may_control

Dwight Engen dwight.engen at oracle.com
Mon Sep 30 13:53:56 UTC 2013 

On Fri, 27 Sep 2013 21:01:07 -0500
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:

> This is an api function which will return false if the container
> is running, and the caller may not talk to its monitor over its
> command socket.  Otherwise - if the container is not running, or
> the caller may access it - it returns true.
> 
> We can use this in several tools early on to prevent the segvs
> etc which we currently get.
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Dwight Engen <dwight.engen at oracle.com>

> ---
>  src/lxc/commands.c      | 30 ++++++++++++++++++++++++++++++
>  src/lxc/commands.h      |  1 +
>  src/lxc/lxccontainer.c  |  6 ++++++
>  src/lxc/lxccontainer.h  |  6 ++++++
>  src/tests/Makefile.am   |  6 ++++--
>  src/tests/may_control.c | 46
> ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 93
> insertions(+), 2 deletions(-) create mode 100644
> src/tests/may_control.c
> 
> diff --git a/src/lxc/commands.c b/src/lxc/commands.c
> index 7c538c6..fa6e3fb 100644
> --- a/src/lxc/commands.c
> +++ b/src/lxc/commands.c
> @@ -291,6 +291,36 @@ out:
>  	return ret;
>  }
>  
> +int lxc_try_cmd(const char *name, const char *lxcpath)
> +{
> +	int stopped, ret;
> +	struct lxc_cmd_rr cmd = {
> +		.req = { .cmd = LXC_CMD_GET_INIT_PID },
> +	};
> +
> +	ret = lxc_cmd(name, &cmd, &stopped, lxcpath);
> +
> +	if (stopped)
> +		return 0;
> +	if (ret > 0 && cmd.rsp.ret < 0) {
> +		errno = cmd.rsp.ret;
> +		return -1;
> +	}
> +	if (ret > 0)
> +		return 0;
> +
> +	/*
> +	 * At this point we weren't denied access, and the
> +	 * container *was* started.  There was some inexplicable
> +	 * error in the protocol.
> +	 * I'm not clear on whether we should return -1 here, but
> +	 * we didn't receive a -EACCES, so technically it's not that
> +	 * we're not allowed to control the container - it's just not
> +	 * behaving.
> +	 */
> +	return 0;
> +}
> +
>  /* Implentations of the commands and their callbacks */
>  
>  /*
> diff --git a/src/lxc/commands.h b/src/lxc/commands.h
> index 2c0258c..7829aef 100644
> --- a/src/lxc/commands.h
> +++ b/src/lxc/commands.h
> @@ -88,5 +88,6 @@ extern int lxc_cmd_init(const char *name, struct
> lxc_handler *handler, const char *lxcpath);
>  extern int lxc_cmd_mainloop_add(const char *name, struct
> lxc_epoll_descr *descr, struct lxc_handler *handler);
> +extern int lxc_try_cmd(const char *name, const char *lxcpath);
>  
>  #endif /* __commands_h */
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 1b3f2f5..060bb70 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -2589,6 +2589,11 @@ static bool lxcapi_snapshot_restore(struct
> lxc_container *c, char *snapname, cha return b;
>  }
>  
> +static bool lxcapi_may_control(struct lxc_container *c)
> +{
> +	return lxc_try_cmd(c->name, c->config_path) == 0;
> +}
> +
>  static int lxcapi_attach_run_waitl(struct lxc_container *c,
> lxc_attach_options_t *options, const char *program, const char
> *arg, ...) { va_list ap;
> @@ -2708,6 +2713,7 @@ struct lxc_container *lxc_container_new(const
> char *name, const char *configpath c->snapshot = lxcapi_snapshot;
>  	c->snapshot_list = lxcapi_snapshot_list;
>  	c->snapshot_restore = lxcapi_snapshot_restore;
> +	c->may_control = lxcapi_may_control;
>  
>  	/* we'll allow the caller to update these later */
>  	if (lxc_log_init(NULL, "none", NULL, "lxc_container", 0,
> c->config_path)) { diff --git a/src/lxc/lxccontainer.h
> b/src/lxc/lxccontainer.h index 225fb39..20ab8e8 100644
> --- a/src/lxc/lxccontainer.h
> +++ b/src/lxc/lxccontainer.h
> @@ -223,6 +223,12 @@ struct lxc_container {
>  	 * Returns true on success, false on failure.
>  	 */
>  	bool (*snapshot_restore)(struct lxc_container *c, char
> *snapname, char *newname); +
> +	/*
> +	 * Return false if there is a control socket for the
> container monitor,
> +	 * and the caller may not access it.  Return true otherwise.
> +	 */
> +	bool (*may_control)(struct lxc_container *c);
>  };
>  
>  struct lxc_snapshot {
> diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> index 8157407..479facc 100644
> --- a/src/tests/Makefile.am
> +++ b/src/tests/Makefile.am
> @@ -19,6 +19,7 @@ lxc_usernic_test_SOURCES
> = ../lxc/lxc_user_nic.c ../lxc/nl.c lxc_usernic_test_CFLAGS = -DISTEST
>  lxc_test_snapshot_SOURCES = snapshot.c
>  lxc_test_concurrent_SOURCES = concurrent.c
> +lxc_test_may_control_SOURCES = may_control.c
>  
>  AM_CFLAGS=-I$(top_srcdir)/src \
>  	-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
> @@ -31,7 +32,7 @@ bin_PROGRAMS = lxc-test-containertests
> lxc-test-locktests lxc-test-startone \ lxc-test-destroytest
> lxc-test-saveconfig lxc-test-createtest \ lxc-test-shutdowntest
> lxc-test-get_item lxc-test-getkeys lxc-test-lxcpath \ lxc-test-cgpath
> lxc-test-clonetest lxc-test-console lxc-usernic-test \
> -	lxc-test-snapshot lxc-test-concurrent
> +	lxc-test-snapshot lxc-test-concurrent lxc-test-may-control
>  
>  bin_SCRIPTS = lxc-test-usernic
>  
> @@ -53,4 +54,5 @@ EXTRA_DIST = \
>  	console.c \
>  	lxc-test-usernic \
>  	snapshot.c \
> -	concurrent.c
> +	concurrent.c \
> +	may_control.c
> diff --git a/src/tests/may_control.c b/src/tests/may_control.c
> new file mode 100644
> index 0000000..c176087
> --- /dev/null
> +++ b/src/tests/may_control.c
> @@ -0,0 +1,46 @@
> +/* control.c
> + *
> + * Copyright © 2013 Canonical, Inc
> + * Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> + *
> + * This program is free software; you can redistribute it and/or
> modify
> + * it under the terms of the GNU General Public License version 2, as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> along
> + * with this program; if not, write to the Free Software Foundation,
> Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + */
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <lxc/lxccontainer.h>
> +
> +void usage(char *me)
> +{
> +	printf("Usage: %s name [lxcpath]\n", me);
> +	exit(0);
> +}
> +
> +int main(int argc, char *argv[])
> +{
> +	char *lxcpath = NULL, *name;
> +	bool may = false;
> +	struct lxc_container *c;
> +
> +	if (argc < 2)
> +		usage(argv[0]);
> +	name = argv[1];
> +	if (argc == 3)
> +		lxcpath = argv[2];
> +	c = lxc_container_new(name, lxcpath);
> +	if (c)
> +		may = c->may_control(c);
> +	printf("You may%s control %s\n", may ? "" : " not", name);
> +	exit(may ? 0 : 1);
> +}

More information about the lxc-devel mailing list