[lxc-devel] [lxc/master] tree-wide: remove aufs storage driver
brauner on Github
lxc-bot at linuxcontainers.org
Sun Mar 11 10:25:58 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 478 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180311/faa32b07/attachment.bin>
-------------- next part --------------
From 28cb6d08d3015ae804b8c7e18289519e42585647 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sat, 10 Mar 2018 23:40:59 +0100
Subject: [PATCH 1/3] conf: order includes
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/conf.c | 69 +++++++++++++++++++++++++++++-----------------------------
1 file changed, 34 insertions(+), 35 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a6635a348..1cea22831 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -24,38 +24,37 @@
#define _GNU_SOURCE
#include "config.h"
+#include <arpa/inet.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <grp.h>
#include <inttypes.h>
#include <libgen.h>
+#include <linux/loop.h>
+#include <net/if.h>
+#include <netinet/in.h>
#include <pwd.h>
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <time.h>
-#include <unistd.h>
-#include <arpa/inet.h>
-#include <linux/loop.h>
-#include <net/if.h>
-#include <netinet/in.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/param.h>
#include <sys/prctl.h>
-#include <sys/stat.h>
#include <sys/socket.h>
-#include <sys/sysmacros.h>
+#include <sys/stat.h>
#include <sys/syscall.h>
+#include <sys/sysmacros.h>
#include <sys/types.h>
#include <sys/utsname.h>
#include <sys/wait.h>
+#include <time.h>
+#include <unistd.h>
-/* makedev() */
#ifdef MAJOR_IN_MKDEV
-# include <sys/mkdev.h>
+#include <sys/mkdev.h>
#endif
#ifdef HAVE_STATVFS
@@ -68,8 +67,26 @@
#include <../include/openpty.h>
#endif
+#if HAVE_LIBCAP
+#include <sys/capability.h>
+#endif
+
+#if HAVE_SYS_PERSONALITY_H
+#include <sys/personality.h>
+#endif
+
+#if IS_BIONIC
+#include <../include/lxcmntent.h>
+#else
+#include <mntent.h>
+#endif
+
+#if !defined(HAVE_PRLIMIT) && defined(HAVE_PRLIMIT64)
+#include <../include/prlimit.h>
+#endif
+
#include "af_unix.h"
-#include "caps.h" /* for lxc_caps_last_cap() */
+#include "caps.h"
#include "cgroup.h"
#include "conf.h"
#include "confile_utils.h"
@@ -88,29 +105,19 @@
#include "terminal.h"
#include "utils.h"
-#if HAVE_LIBCAP
-#include <sys/capability.h>
-#endif
-
-#if HAVE_SYS_PERSONALITY_H
-#include <sys/personality.h>
-#endif
-
-#if IS_BIONIC
-#include <../include/lxcmntent.h>
-#else
-#include <mntent.h>
+#ifndef MS_PRIVATE
+#define MS_PRIVATE (1<<18)
#endif
-#if !defined(HAVE_PRLIMIT) && defined(HAVE_PRLIMIT64)
-#include <../include/prlimit.h>
+#ifndef MS_LAZYTIME
+#define MS_LAZYTIME (1<<25)
#endif
lxc_log_define(lxc_conf, lxc);
/* Define pivot_root() if missing from the C library */
#ifndef HAVE_PIVOT_ROOT
-static int pivot_root(const char * new_root, const char * put_old)
+static int pivot_root(const char *new_root, const char *put_old)
{
#ifdef __NR_pivot_root
return syscall(__NR_pivot_root, new_root, put_old);
@@ -120,15 +127,7 @@ static int pivot_root(const char * new_root, const char * put_old)
#endif
}
#else
-extern int pivot_root(const char * new_root, const char * put_old);
-#endif
-
-#ifndef MS_PRIVATE
-#define MS_PRIVATE (1<<18)
-#endif
-
-#ifndef MS_LAZYTIME
-#define MS_LAZYTIME (1<<25)
+extern int pivot_root(const char *new_root, const char *put_old);
#endif
char *lxchook_names[NUM_LXC_HOOKS] = {"pre-start", "pre-mount", "mount",
From 2b87dba8a65805b5d7f83d10d2847380412f5fde Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 11 Mar 2018 10:22:42 +0100
Subject: [PATCH 2/3] tree-wide: remove aufs storage driver
We've announced quite a while back and printed out errors and warning everytime
someone used the aufs driver.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
doc/lxc-copy.sgml.in | 29 +--
doc/lxc-snapshot.sgml.in | 2 +-
doc/lxc.container.conf.sgml.in | 4 +-
src/lxc/Makefile.am | 2 -
src/lxc/conf.c | 13 +-
src/lxc/confile.c | 13 +-
src/lxc/lxccontainer.c | 3 +-
src/lxc/storage/aufs.c | 455 ----------------------------------------
src/lxc/storage/aufs.h | 64 ------
src/lxc/storage/overlay.c | 3 -
src/lxc/storage/storage.c | 26 ---
src/lxc/storage/storage_utils.c | 3 -
src/lxc/tools/lxc_copy.c | 90 ++------
src/lxc/tools/lxc_create.c | 1 -
14 files changed, 44 insertions(+), 664 deletions(-)
delete mode 100644 src/lxc/storage/aufs.c
delete mode 100644 src/lxc/storage/aufs.h
diff --git a/doc/lxc-copy.sgml.in b/doc/lxc-copy.sgml.in
index 467af116a..921a07319 100644
--- a/doc/lxc-copy.sgml.in
+++ b/doc/lxc-copy.sgml.in
@@ -113,13 +113,13 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
root filesystem of the container is simply copied to the new container. Or
they can be snapshots, i.e. small copy-on-write copies of the original
container. In this case the specified backing storage for the copy must
- support snapshots. This currently includes aufs, btrfs, lvm (lvm devices
+ support snapshots. This currently includes btrfs, lvm (lvm devices
do not support snapshots of snapshots.), overlay, and zfs.
</para>
<para>
The copy's backing storage will be of the same type as the original
- container. aufs or overlayfs snapshots of directory backed containers are
+ container. overlay snapshots of directory backed containers are
exempted from this rule.
</para>
@@ -145,21 +145,22 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Containers created and started with <replaceable>-e</replaceable> can have
custom mounts. These are specified with the <replaceable>-m</replaceable>
flag. Currently three types of mounts are supported:
- <replaceable>aufs</replaceable>, <replaceable>bind</replaceable>, and
+ <replaceable>bind</replaceable>, and
<replaceable>overlay</replaceable>. Mount types are specified as suboptions
to the <replaceable>-m</replaceable> flag and can be specified multiple
- times separated by commas. <replaceable>aufs</replaceable> and
- <replaceable>overlay</replaceable> mounts are currently specified in the
- format <replaceable>-m overlay=/src:/dest</replaceable>. When no
- destination <replaceable>dest</replaceable> is specified
+ times separated by commas. <replaceable>overlay</replaceable> mounts are
+ currently specified in the format <replaceable>-m
+ overlay=/src:/dest</replaceable>. When no destination
+ <replaceable>dest</replaceable> is specified
<replaceable>dest</replaceable> will be identical to
<replaceable>src</replaceable>. Read-only <replaceable>bind</replaceable>
mounts are specified <replaceable>-m bind=/src:/dest:ro</replaceable> and
read-write <replaceable>bind</replaceable> mounts <replaceable>-m
- bind=/src:/dest:rw</replaceable>. Read-write <replaceable>bind</replaceable>
- mounts are the default and <replaceable>rw</replaceable> can be missing when
- a read-write mount is wanted. When <replaceable>dest</replaceable> is
- missing <replaceable>dest</replaceable> will be identical to
+ bind=/src:/dest:rw</replaceable>. Read-write
+ <replaceable>bind</replaceable> mounts are the default and
+ <replaceable>rw</replaceable> can be missing when a read-write mount is
+ wanted. When <replaceable>dest</replaceable> is missing
+ <replaceable>dest</replaceable> will be identical to
<replaceable>src</replaceable>. An example for multiple mounts would be
<replaceable>-m
bind=/src1:/dest1:ro,bind=/src2:ro,overlay=/src3:/dest3</replaceable>.
@@ -203,7 +204,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
<listitem>
<para> Create a snapshot of the original container. The backing
storage for the copy must support snapshots. This currently includes
- aufs, btrfs, lvm, overlay, and zfs. </para>
+ btrfs, lvm, overlay, and zfs. </para>
</listitem>
</varlistentry>
@@ -234,7 +235,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
<listitem>
<para> Specify a mount for a snapshot The
<replaceable>opts</replaceable> argument for the mount type can by
- of type {aufs, bind, overlay}. For example <option>-m
+ of type {bind, overlay}. For example <option>-m
bind=/src:/dest:ro,overlay=/src:/dest</option> (This option can
currently only be specified in conjunction with
<replaceable>-e</replaceable>.).</para>
@@ -258,7 +259,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
<term> <option>-B, --backingstorage <replaceable>backingstorage</replaceable></option></term>
<listitem>
<para>Specify the backing storage type to be used for the copy
- where 'backingstorage' is of type 'aufs', 'btrfs', 'dir', 'lvm', 'loop',
+ where 'backingstorage' is of type 'btrfs', 'dir', 'lvm', 'loop',
'overlay', or 'zfs'. </para>
</listitem>
</varlistentry>
diff --git a/doc/lxc-snapshot.sgml.in b/doc/lxc-snapshot.sgml.in
index 2986a3be5..f40b9220a 100644
--- a/doc/lxc-snapshot.sgml.in
+++ b/doc/lxc-snapshot.sgml.in
@@ -129,7 +129,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
<varlistentry>
<term> <option>-N, --newname</option> </term>
<listitem>
- <para> When restoring a snapshot, the last optional argument if not given explicitly via <command>--newname</command> is the name to use for the restored container. If the newname is identical to the original name of the container, then the original container will be destroyed and the restored container will take its place. Note that deleting the original snapshot is not possible in the case of aufs, overlayfs or zfs backed snapshots.</para>
+ <para> When restoring a snapshot, the last optional argument if not given explicitly via <command>--newname</command> is the name to use for the restored container. If the newname is identical to the original name of the container, then the original container will be destroyed and the restored container will take its place. Note that deleting the original snapshot is not possible in the case of overlayfs or zfs backed snapshots.</para>
</listitem>
</varlistentry>
diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index 665d67ef9..bd4195d9d 100644
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -1365,9 +1365,7 @@ dev/null proc/kcore none bind,relative 0 0
itself should be mounted. <filename>overlayfs:/lower:/upper</filename>
specifies that the rootfs should be an overlay with <filename>/upper</filename>
being mounted read-write over a read-only mount of <filename>/lower</filename>.
- <filename>aufs:/lower:/upper</filename> does the same using aufs in place
- of overlayfs. For both <filename>overlayfs</filename> and
- <filename>aufs</filename> multiple <filename>/lower</filename>
+ For <filename>overlay</filename> multiple <filename>/lower</filename>
directories can be specified. <filename>loop:/file</filename> tells lxc to attach
<filename>/file</filename> to a loop device and mount the loop device.
</para>
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index e56784bb9..86dfc93e3 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -6,7 +6,6 @@ pkginclude_HEADERS = \
noinst_HEADERS = \
attach.h \
storage/storage.h \
- storage/aufs.h \
storage/btrfs.h \
storage/dir.h \
storage/loop.h \
@@ -81,7 +80,6 @@ endif
lib_LTLIBRARIES = liblxc.la
liblxc_la_SOURCES = \
storage/storage.c storage/storage.h \
- storage/aufs.c storage/aufs.h \
storage/btrfs.c storage/btrfs.h \
storage/dir.c storage/dir.h \
storage/loop.c storage/loop.h \
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 1cea22831..40ccc348b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -100,7 +100,6 @@
#include "parse.h"
#include "ringbuf.h"
#include "storage.h"
-#include "storage/aufs.h"
#include "storage/overlay.h"
#include "terminal.h"
#include "utils.h"
@@ -2003,14 +2002,14 @@ static int mount_entry_create_dir_file(const struct mntent *mntent,
const char *lxc_name,
const char *lxc_path)
{
- int ret = 0;
+ int fd, ret;
+ char *p1, *p2;
- if (!strncmp(mntent->mnt_type, "overlay", 7))
+ if (strncmp(mntent->mnt_type, "overlay", 7) == 0) {
ret = ovl_mkdir(mntent, rootfs, lxc_name, lxc_path);
- else if (!strncmp(mntent->mnt_type, "aufs", 4))
- ret = aufs_mkdir(mntent, rootfs, lxc_name, lxc_path);
- if (ret < 0)
- return -1;
+ if (ret < 0)
+ return -1;
+ }
if (hasmntopt(mntent, "create=dir")) {
ret = mkdir_p(path, 0755);
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index a7fef897d..c1b4638d9 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -2582,17 +2582,16 @@ bool clone_update_unexp_ovl_paths(struct lxc_conf *conf, const char *oldpath,
if (p >= lend)
goto next;
- /* Whenever an lxc.mount.entry entry is found in a line we check
- * if the substring " overlay" or the substring " aufs" is
- * present before doing any further work. We check for "
- * overlay" and " aufs" since both substrings need to have at
- * least one space before them in a valid overlay
+ /* Whenever a lxc.mount.entry entry is found in a line we check
+ * if the substring "overlay" is present before doing any
+ * further work. We check for "overlay" because substrings need
+ * to have at least one space before them in a valid overlay
* lxc.mount.entry (/A B overlay). When the space before is
* missing it is very likely that these substrings are part of a
* path or something else. (Checking q >= lend ensures that we
* only count matches in the current line.) */
- if ((!(q = strstr(p, " overlay")) || q >= lend) &&
- (!(q = strstr(p, " aufs")) || q >= lend))
+ q = strstr(p, " overlay");
+ if (!q || q >= lend)
goto next;
if (!(q = strstr(p, olddir)) || (q >= lend))
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index ede0be58f..0df5791f7 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -3549,7 +3549,6 @@ sudo lxc-clone -o o1 -n n1 -s -L|-fssize fssize -v|--vgname vgname \
-s [ implies overlay]
-s -B overlay
--s -B aufs
only rootfs gets converted (copied/snapshotted) on clone.
*/
@@ -3936,7 +3935,7 @@ static int do_lxcapi_snapshot(struct lxc_container *c, const char *commentfile)
if (storage_is_dir(c->lxc_conf)) {
ERROR("Snapshot of directory-backed container requested.");
ERROR("Making a copy-clone. If you do want snapshots, then");
- ERROR("please create an aufs or overlay clone first, snapshot that");
+ ERROR("please create overlay clone first, snapshot that");
ERROR("and keep the original container pristine.");
flags &= ~LXC_CLONE_SNAPSHOT | LXC_CLONE_MAYBE_SNAPSHOT;
}
diff --git a/src/lxc/storage/aufs.c b/src/lxc/storage/aufs.c
deleted file mode 100644
index c275f88b3..000000000
--- a/src/lxc/storage/aufs.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#define _GNU_SOURCE
-#include <errno.h>
-#include <stdint.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-
-#include "aufs.h"
-#include "log.h"
-#include "rsync.h"
-#include "storage.h"
-#include "utils.h"
-
-lxc_log_define(aufs, lxc);
-
-/* the bulk of this needs to become a common helper */
-extern char *dir_new_path(char *src, const char *oldname, const char *name,
- const char *oldpath, const char *lxcpath);
-
-int lxc_rsync_delta(struct rsync_data_char *data)
-{
- int ret;
-
- ret = lxc_switch_uid_gid(0, 0);
- if (ret < 0)
- return -1;
-
- ret = lxc_setgroups(0, NULL);
- if (ret < 0)
- return -1;
-
- ret = lxc_rsync_exec(data->src, data->dest);
- if (ret < 0) {
- ERROR("Failed to rsync from \"%s\" into \"%s\"", data->src,
- data->dest);
- return -1;
- }
-
- return 0;
-}
-
-int lxc_rsync_delta_wrapper(void *data)
-{
- struct rsync_data_char *arg = data;
- return lxc_rsync_delta(arg);
-}
-
-int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
- const char *oldname, const char *cname, const char *oldpath,
- const char *lxcpath, int snap, uint64_t newsize,
- struct lxc_conf *conf)
-{
- char cmd_output[MAXPATHLEN];
-
- if (!snap) {
- ERROR("aufs is only for snapshot clones");
- return -22;
- }
-
- if (!orig->src || !orig->dest)
- return -1;
-
- new->dest = dir_new_path(orig->dest, oldname, cname, oldpath, lxcpath);
- if (!new->dest)
- return -1;
- if (mkdir_p(new->dest, 0755) < 0)
- return -1;
-
- if (am_guest_unpriv() && chown_mapped_root(new->dest, conf) < 0)
- WARN("Failed to update ownership of %s", new->dest);
-
- if (strcmp(orig->type, "dir") == 0) {
- char *delta, *lastslash;
- int ret, len, lastslashidx;
-
- // if we have /var/lib/lxc/c2/rootfs, then delta will be
- // /var/lib/lxc/c2/delta0
- lastslash = strrchr(new->dest, '/');
- if (!lastslash)
- return -22;
- if (strlen(lastslash) < 7)
- return -22;
- lastslash++;
- lastslashidx = lastslash - new->dest;
-
- delta = malloc(lastslashidx + 7);
- if (!delta)
- return -1;
- strncpy(delta, new->dest, lastslashidx+1);
- strcpy(delta+lastslashidx, "delta0");
- if ((ret = mkdir(delta, 0755)) < 0) {
- SYSERROR("error: mkdir %s", delta);
- free(delta);
- return -1;
- }
- if (am_guest_unpriv() && chown_mapped_root(delta, conf) < 0)
- WARN("Failed to update ownership of %s", delta);
-
- // the src will be 'aufs:lowerdir:upperdir'
- len = strlen(delta) + strlen(orig->src) + 12;
- new->src = malloc(len);
- if (!new->src) {
- free(delta);
- return -ENOMEM;
- }
- ret = snprintf(new->src, len, "aufs:%s:%s", orig->src, delta);
- free(delta);
- if (ret < 0 || ret >= len)
- return -ENOMEM;
- } else if (strcmp(orig->type, "aufs") == 0) {
- // What exactly do we want to do here?
- // I think we want to use the original lowerdir, with a
- // private delta which is originally rsynced from the
- // original delta
- char *osrc, *odelta, *nsrc, *ndelta;
- int len, ret;
- if (!(osrc = strdup(orig->src)))
- return -22;
- nsrc = strchr(osrc, ':') + 1;
- if (nsrc != osrc + 5 || (odelta = strchr(nsrc, ':')) == NULL) {
- free(osrc);
- return -22;
- }
- *odelta = '\0';
- odelta++;
- ndelta = dir_new_path(odelta, oldname, cname, oldpath, lxcpath);
- if (!ndelta) {
- free(osrc);
- return -ENOMEM;
- }
- if ((ret = mkdir(ndelta, 0755)) < 0 && errno != EEXIST) {
- SYSERROR("error: mkdir %s", ndelta);
- free(osrc);
- free(ndelta);
- return -1;
- }
- if (am_guest_unpriv() && chown_mapped_root(ndelta, conf) < 0)
- WARN("Failed to update ownership of %s", ndelta);
-
- struct rsync_data_char rdata;
- rdata.src = odelta;
- rdata.dest = ndelta;
- if (am_guest_unpriv())
- ret = userns_exec_full(conf, lxc_rsync_delta_wrapper,
- &rdata, "lxc_rsync_delta_wrapper");
- else
- ret = run_command(cmd_output, sizeof(cmd_output),
- lxc_rsync_delta_wrapper,
- (void *)&rdata);
- if (ret) {
- free(osrc);
- free(ndelta);
- ERROR("copying aufs delta");
- return -1;
- }
- len = strlen(nsrc) + strlen(ndelta) + 12;
- new->src = malloc(len);
- if (!new->src) {
- free(osrc);
- free(ndelta);
- return -ENOMEM;
- }
- ret = snprintf(new->src, len, "aufs:%s:%s", nsrc, ndelta);
- free(osrc);
- free(ndelta);
- if (ret < 0 || ret >= len)
- return -ENOMEM;
- } else {
- ERROR("aufs clone of %s container is not yet supported",
- orig->type);
- // Note, supporting this will require aufs_mount supporting
- // mounting of the underlay. No big deal, just needs to be done.
- return -1;
- }
-
- return 0;
-}
-
-/*
- * to say 'lxc-create -t ubuntu -n o1 -B aufs' means you want
- * $lxcpath/$lxcname/rootfs to have the created container, while all
- * changes after starting the container are written to
- * $lxcpath/$lxcname/delta0
- */
-int aufs_create(struct lxc_storage *bdev, const char *dest, const char *n,
- struct bdev_specs *specs)
-{
- char *delta;
- int ret, len = strlen(dest), newlen;
-
- if (len < 8 || strcmp(dest+len-7, "/rootfs") != 0)
- return -1;
-
- if (!(bdev->dest = strdup(dest))) {
- ERROR("Out of memory");
- return -1;
- }
-
- delta = alloca(strlen(dest)+1);
- strcpy(delta, dest);
- strcpy(delta+len-6, "delta0");
-
- if (mkdir_p(delta, 0755) < 0) {
- ERROR("Error creating %s", delta);
- return -1;
- }
-
- /* aufs:lower:upper */
- newlen = (2 * len) + strlen("aufs:") + 2;
- bdev->src = malloc(newlen);
- if (!bdev->src) {
- ERROR("Out of memory");
- return -1;
- }
- ret = snprintf(bdev->src, newlen, "aufs:%s:%s", dest, delta);
- if (ret < 0 || ret >= newlen)
- return -1;
-
- if (mkdir_p(bdev->dest, 0755) < 0) {
- ERROR("Error creating %s", bdev->dest);
- return -1;
- }
-
- return 0;
-}
-
-int aufs_destroy(struct lxc_storage *orig)
-{
- char *upper;
-
- if (strncmp(orig->src, "aufs:", 5) != 0)
- return -22;
- upper = strchr(orig->src + 5, ':');
- if (!upper)
- return -22;
- upper++;
- return lxc_rmdir_onedev(upper, NULL);
-}
-
-bool aufs_detect(const char *path)
-{
- if (!strncmp(path, "aufs:", 5))
- return true;
-
- return false;
-}
-
-int aufs_mount(struct lxc_storage *bdev)
-{
- char *tmp, *options, *dup, *lower, *upper;
- int len;
- unsigned long mntflags;
- char *mntdata;
- int ret;
- const char *xinopath = "/dev/shm/aufs.xino";
-
- if (strcmp(bdev->type, "aufs"))
- return -22;
- if (!bdev->src || !bdev->dest)
- return -22;
-
- // separately mount it first
- // mount -t aufs -obr=${upper}=rw:${lower}=ro lower dest
- dup = alloca(strlen(bdev->src)+1);
- strcpy(dup, bdev->src);
- /* support multiple lower layers */
- if (!(lower = strstr(dup, ":/")))
- return -22;
- lower++;
- upper = lower;
- while ((tmp = strstr(++upper, ":/"))) {
- upper = tmp;
- }
- if (--upper == lower)
- return -22;
- *upper = '\0';
- upper++;
-
- if (parse_mntopts(bdev->mntopts, &mntflags, &mntdata) < 0) {
- free(mntdata);
- return -22;
- }
-
- // TODO We should check whether bdev->src is a blockdev, and if so
- // but for now, only support aufs of a basic directory
-
- // AUFS does not work on top of certain filesystems like (XFS or Btrfs)
- // so add xino=/dev/shm/aufs.xino parameter to mount options.
- // The same xino option can be specified to multiple aufs mounts, and
- // a xino file is not shared among multiple aufs mounts.
- //
- // see http://www.mail-archive.com/aufs-users@lists.sourceforge.net/msg02587.html
- // http://www.mail-archive.com/aufs-users@lists.sourceforge.net/msg05126.html
- if (mntdata) {
- len = strlen(lower) + strlen(upper) + strlen(xinopath) + strlen("br==rw:=ro,,xino=") + strlen(mntdata) + 1;
- options = alloca(len);
- ret = snprintf(options, len, "br=%s=rw:%s=ro,%s,xino=%s", upper, lower, mntdata, xinopath);
- }
- else {
- len = strlen(lower) + strlen(upper) + strlen(xinopath) + strlen("br==rw:=ro,xino=") + 1;
- options = alloca(len);
- ret = snprintf(options, len, "br=%s=rw:%s=ro,xino=%s", upper, lower, xinopath);
- }
-
- if (ret < 0 || ret >= len) {
- free(mntdata);
- return -1;
- }
-
- ret = mount(lower, bdev->dest, "aufs", MS_MGC_VAL | mntflags, options);
- if (ret < 0)
- SYSERROR("aufs: error mounting %s onto %s options %s",
- lower, bdev->dest, options);
- else
- INFO("aufs: mounted %s onto %s options %s",
- lower, bdev->dest, options);
- return ret;
-}
-
-int aufs_umount(struct lxc_storage *bdev)
-{
- if (strcmp(bdev->type, "aufs"))
- return -22;
- if (!bdev->src || !bdev->dest)
- return -22;
- return umount(bdev->dest);
-}
-
-char *aufs_get_rootfs(const char *rootfs_path, size_t *rootfslen)
-{
- char *rootfsdir = NULL;
- char *s1 = NULL;
- char *s2 = NULL;
- char *s3 = NULL;
-
- if (!rootfs_path || !rootfslen)
- return NULL;
-
- s1 = strdup(rootfs_path);
- if (!s1)
- return NULL;
-
- if ((s2 = strstr(s1, ":/"))) {
- s2 = s2 + 1;
- if ((s3 = strstr(s2, ":/")))
- *s3 = '\0';
- rootfsdir = strdup(s2);
- if (!rootfsdir) {
- free(s1);
- return NULL;
- }
- }
-
- if (!rootfsdir)
- rootfsdir = s1;
- else
- free(s1);
-
- *rootfslen = strlen(rootfsdir);
-
- return rootfsdir;
-}
-
-int aufs_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs,
- const char *lxc_name, const char *lxc_path)
-{
- char lxcpath[MAXPATHLEN];
- char *rootfs_path = NULL;
- char *rootfsdir = NULL;
- char *scratch = NULL;
- char *tmp = NULL;
- char *upperdir = NULL;
- char **opts = NULL;
- int fret = -1;
- int ret = 0;
- size_t arrlen = 0;
- size_t i;
- size_t len = 0;
- size_t rootfslen = 0;
-
- /* When rootfs == NULL we have a container without a rootfs. */
- if (rootfs && rootfs->path)
- rootfs_path = rootfs->path;
-
- opts = lxc_string_split(mntent->mnt_opts, ',');
- if (opts)
- arrlen = lxc_array_len((void **)opts);
- else
- goto err;
-
- for (i = 0; i < arrlen; i++) {
- if (strstr(opts[i], "br=") && (strlen(opts[i]) > (len = strlen("br="))))
- tmp = opts[i] + len;
- }
- if (!tmp)
- goto err;
-
- upperdir = strtok_r(tmp, ":=", &scratch);
- if (!upperdir)
- goto err;
-
- if (rootfs_path) {
- ret = snprintf(lxcpath, MAXPATHLEN, "%s/%s", lxc_path, lxc_name);
- if (ret < 0 || ret >= MAXPATHLEN)
- goto err;
-
- rootfsdir = aufs_get_rootfs(rootfs->path, &rootfslen);
- if (!rootfsdir)
- goto err;
- }
-
- /*
- * We neither allow users to create upperdirs and workdirs outside the
- * containerdir nor inside the rootfs. The latter might be debatable.
- * When we have a container without a rootfs we skip the checks.
- */
- ret = 0;
- if (!rootfs_path)
- ret = mkdir_p(upperdir, 0755);
- else if ((strncmp(upperdir, lxcpath, strlen(lxcpath)) == 0) && (strncmp(upperdir, rootfsdir, rootfslen) != 0))
- ret = mkdir_p(upperdir, 0755);
- if (ret < 0)
- WARN("Failed to create upperdir");
-
- fret = 0;
-
-err:
- free(rootfsdir);
- lxc_free_array((void **)opts, free);
- return fret;
-}
-
diff --git a/src/lxc/storage/aufs.h b/src/lxc/storage/aufs.h
deleted file mode 100644
index 7960a3a5e..000000000
--- a/src/lxc/storage/aufs.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * lxc: linux Container library
- *
- * (C) Copyright IBM Corp. 2007, 2008
- *
- * Authors:
- * Daniel Lezcano <daniel.lezcano at free.fr>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
- * License as published by the Free Software Foundation; either
- * version 2.1 of the License, or (at your option) any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this library; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
- */
-
-#ifndef __LXC_AUFS_H
-#define __LXC_AUFS_H
-
-#define _GNU_SOURCE
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdint.h>
-
-#include "storage.h"
-
-struct lxc_storage;
-
-struct bdev_specs;
-
-struct lxc_conf;
-
-struct lxc_rootfs;
-
-int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
- const char *oldname, const char *cname, const char *oldpath,
- const char *lxcpath, int snap, uint64_t newsize,
- struct lxc_conf *conf);
-int aufs_create(struct lxc_storage *bdev, const char *dest, const char *n,
- struct bdev_specs *specs);
-int aufs_destroy(struct lxc_storage *orig);
-bool aufs_detect(const char *path);
-int aufs_mount(struct lxc_storage *bdev);
-int aufs_umount(struct lxc_storage *bdev);
-
-/* Get rootfs path for aufs backed containers. Allocated memory must be freed by
- * caller.
- */
-char *aufs_get_rootfs(const char *rootfs_path, size_t *rootfslen);
-
-/*
- * Create directories for aufs mounts.
- */
-int aufs_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs,
- const char *lxc_name, const char *lxc_path);
-
-#endif /* __LXC_AUFS_H */
diff --git a/src/lxc/storage/overlay.c b/src/lxc/storage/overlay.c
index 35214af52..7acb9eac1 100644
--- a/src/lxc/storage/overlay.c
+++ b/src/lxc/storage/overlay.c
@@ -866,9 +866,6 @@ int ovl_update_abs_paths(struct lxc_conf *lxc_conf, const char *lxc_path,
if (strstr(mnt_entry, "overlay"))
tmp = "upperdir";
- else if (strstr(mnt_entry, "aufs"))
- tmp = "br";
-
if (!tmp)
continue;
diff --git a/src/lxc/storage/storage.c b/src/lxc/storage/storage.c
index c453fe744..cac085846 100644
--- a/src/lxc/storage/storage.c
+++ b/src/lxc/storage/storage.c
@@ -39,7 +39,6 @@
#include <sys/stat.h>
#include <sys/wait.h>
-#include "aufs.h"
#include "btrfs.h"
#include "conf.h"
#include "config.h"
@@ -67,20 +66,6 @@
lxc_log_define(storage, lxc);
-/* aufs */
-static const struct lxc_storage_ops aufs_ops = {
- .detect = &aufs_detect,
- .mount = &aufs_mount,
- .umount = &aufs_umount,
- .clone_paths = &aufs_clonepaths,
- .destroy = &aufs_destroy,
- .create = &aufs_create,
- .copy = NULL,
- .snapshot = NULL,
- .can_snapshot = true,
- .can_backup = true,
-};
-
/* btrfs */
static const struct lxc_storage_ops btrfs_ops = {
.detect = &btrfs_detect,
@@ -204,7 +189,6 @@ static const struct lxc_storage_type bdevs[] = {
{ .name = "lvm", .ops = &lvm_ops, },
{ .name = "rbd", .ops = &rbd_ops, },
{ .name = "btrfs", .ops = &btrfs_ops, },
- { .name = "aufs", .ops = &aufs_ops, },
{ .name = "overlay", .ops = &ovl_ops, },
{ .name = "overlayfs", .ops = &ovl_ops, },
{ .name = "loop", .ops = &loop_ops, },
@@ -284,11 +268,6 @@ struct lxc_storage *storage_get(const char *type)
bdev->ops = bdevs[i].ops;
bdev->type = bdevs[i].name;
- if (strcmp(bdev->type, "aufs") == 0)
- WARN("The \"aufs\" driver will is deprecated and will soon be "
- "removed. For similar functionality see the \"overlay\" "
- "storage driver");
-
return bdev;
}
@@ -655,11 +634,6 @@ struct lxc_storage *storage_init(struct lxc_conf *conf)
if (strcmp(bdev->type, "nbd") == 0)
bdev->nbd_idx = conf->nbd_idx;
- if (strcmp(bdev->type, "aufs") == 0)
- WARN("The \"aufs\" driver will is deprecated and will soon be "
- "removed. For similar functionality see the \"overlay\" "
- "storage driver");
-
return bdev;
}
diff --git a/src/lxc/storage/storage_utils.c b/src/lxc/storage/storage_utils.c
index 3cae81a59..1a67b6de0 100644
--- a/src/lxc/storage/storage_utils.c
+++ b/src/lxc/storage/storage_utils.c
@@ -423,7 +423,6 @@ bool unpriv_snap_allowed(struct lxc_storage *b, const char *t, bool snap,
* allowed).
*/
if (strcmp(b->type, "dir") == 0 ||
- strcmp(b->type, "aufs") == 0 ||
strcmp(b->type, "overlay") == 0 ||
strcmp(b->type, "overlayfs") == 0 ||
strcmp(b->type, "btrfs") == 0 ||
@@ -437,7 +436,6 @@ bool unpriv_snap_allowed(struct lxc_storage *b, const char *t, bool snap,
* In particular, not zfs, btrfs, or lvm.
*/
if (strcmp(t, "dir") == 0 ||
- strcmp(t, "aufs") == 0 ||
strcmp(t, "overlay") == 0 ||
strcmp(t, "overlayfs") == 0 ||
strcmp(t, "btrfs") == 0 ||
@@ -451,7 +449,6 @@ bool is_valid_storage_type(const char *type)
{
if (strcmp(type, "dir") == 0 ||
strcmp(type, "btrfs") == 0 ||
- strcmp(type, "aufs") == 0 ||
strcmp(type, "loop") == 0 ||
strcmp(type, "lvm") == 0 ||
strcmp(type, "nbd") == 0 ||
diff --git a/src/lxc/tools/lxc_copy.c b/src/lxc/tools/lxc_copy.c
index d9db9a787..b4e1178fd 100644
--- a/src/lxc/tools/lxc_copy.c
+++ b/src/lxc/tools/lxc_copy.c
@@ -44,7 +44,6 @@
enum mnttype {
LXC_MNT_BIND,
- LXC_MNT_AUFS,
LXC_MNT_OVL,
};
@@ -84,7 +83,6 @@ static const struct option my_longopts[] = {
/* mount keys */
static char *const keys[] = {
[LXC_MNT_BIND] = "bind",
- [LXC_MNT_AUFS] = "aufs",
[LXC_MNT_OVL] = "overlay",
NULL
};
@@ -93,7 +91,7 @@ static struct lxc_arguments my_args = {
.progname = "lxc-copy",
.help = "\n\
--name=NAME [-P lxcpath] -N newname [-p newpath] [-B backingstorage] [-s] [-K] [-M] [-L size [unit]] -- hook options\n\
---name=NAME [-P lxcpath] [-N newname] [-p newpath] [-B backingstorage] -e [-d] [-D] [-K] [-M] [-m {bind,aufs,overlay}=/src:/dest] -- hook options\n\
+--name=NAME [-P lxcpath] [-N newname] [-p newpath] [-B backingstorage] -e [-d] [-D] [-K] [-M] [-m {bind,overlay}=/src:/dest] -- hook options\n\
--name=NAME [-P lxcpath] -N newname -R\n\
\n\
lxc-copy clone a container\n\
@@ -108,7 +106,7 @@ Options :\n\
-d, --daemon daemonize the container (default)\n\
-e, --ephemeral start ephemeral container\n\
-m, --mount directory to mount into container, either \n\
- {bind,aufs,overlay}=/src-path or {bind,aufs,overlay}=/src-path:/dst-path\n\
+ {bind,overlay}=/src-path or {bind,overlay}=/src-path:/dst-path\n\
-B, --backingstorage=TYPE backingstorage type for the container\n\
-t, --tmpfs place ephemeral container on a tmpfs\n\
(WARNING: On reboot all changes made to the container will be lost.)\n\
@@ -146,13 +144,12 @@ static uint64_t get_fssize(char *s);
/* Place an ephemeral container started with -e flag on a tmpfs. Restrictions
* are that you cannot request the data to be kept while placing the container
- * on a tmpfs and that either overlay or aufs backing storage must be used.
+ * on a tmpfs and that either overlay storage driver must be used.
*/
static char *mount_tmpfs(const char *oldname, const char *newname,
const char *path, struct lxc_arguments *arg);
static int parse_mntsubopts(char *subopts, char *const *keys,
char *mntparameters);
-static int parse_aufs_mnt(char *mntstring, enum mnttype type);
static int parse_bind_mnt(char *mntstring, enum mnttype type);
static int parse_ovl_mnt(char *mntstring, enum mnttype type);
@@ -268,7 +265,7 @@ static int mk_rand_ovl_dirs(struct mnts *mnts, unsigned int num, struct lxc_argu
struct mnts *m = NULL;
for (i = 0, m = mnts; i < num; i++, m++) {
- if ((m->mnt_type == LXC_MNT_OVL) || (m->mnt_type == LXC_MNT_AUFS)) {
+ if (m->mnt_type == LXC_MNT_OVL) {
ret = snprintf(upperdir, TOOL_MAXPATHLEN, "%s/%s/delta#XXXXXX",
arg->newpath, arg->newname);
if (ret < 0 || ret >= TOOL_MAXPATHLEN)
@@ -317,20 +314,7 @@ static char *set_mnt_entry(struct mnts *m)
int ret = 0;
size_t len = 0;
- if (m->mnt_type == LXC_MNT_AUFS) {
- len = strlen(" aufs br==rw:=ro,xino=,create=dir") +
- 2 * strlen(m->src) + strlen(m->dest) + strlen(m->upper) +
- strlen(m->workdir) + 1;
-
- mntentry = malloc(len);
- if (!mntentry)
- goto err;
-
- ret = snprintf(mntentry, len, "%s %s aufs br=%s=rw:%s=ro,xino=%s,create=dir",
- m->src, m->dest, m->upper, m->src, m->workdir);
- if (ret < 0 || (size_t)ret >= len)
- goto err;
- } else if (m->mnt_type == LXC_MNT_OVL) {
+ if (m->mnt_type == LXC_MNT_OVL) {
len = strlen(" overlay lowerdir=,upperdir=,workdir=,create=dir") +
2 * strlen(m->src) + strlen(m->dest) + strlen(m->upper) +
strlen(m->workdir) + 1;
@@ -631,49 +615,6 @@ static int my_parser(struct lxc_arguments *args, int c, char *arg)
return 0;
}
-static int parse_aufs_mnt(char *mntstring, enum mnttype type)
-{
- int len = 0;
- const char *xinopath = "/dev/shm/aufs.xino";
- char **mntarray = NULL;
- struct mnts *m = NULL;
-
- m = add_mnt(&mnt_table, &mnt_table_size, type);
- if (!m)
- goto err;
-
- mntarray = lxc_string_split(mntstring, ':');
- if (!mntarray)
- goto err;
-
- m->src = construct_path(mntarray[0], true);
- if (!m->src)
- goto err;
-
- len = lxc_array_len((void **)mntarray);
- if (len == 1) /* aufs=src */
- m->dest = construct_path(mntarray[0], false);
- else if (len == 2) /* aufs=src:dest */
- m->dest = construct_path(mntarray[1], false);
- else
- printf("Excess elements in mount specification\n");
-
- if (!m->dest)
- goto err;
-
- m->workdir = strdup(xinopath);
- if (!m->workdir)
- goto err;
-
- lxc_free_array((void **)mntarray, free);
- return 0;
-
-err:
- free_mnts();
- lxc_free_array((void **)mntarray, free);
- return -1;
-}
-
static int parse_bind_mnt(char *mntstring, enum mnttype type)
{
int len = 0;
@@ -744,10 +685,6 @@ static int parse_mntsubopts(char *subopts, char *const *keys, char *mntparameter
if (parse_ovl_mnt(mntparameters, LXC_MNT_OVL) < 0)
return -1;
break;
- case LXC_MNT_AUFS:
- if (parse_aufs_mnt(mntparameters, LXC_MNT_AUFS) < 0)
- return -1;
- break;
default:
break;
}
@@ -793,7 +730,7 @@ static int parse_ovl_mnt(char *mntstring, enum mnttype type)
return -1;
}
-/* For ephemeral snapshots backed by overlay or aufs filesystems, this function
+/* For ephemeral snapshots backed by the overlay filesystem, this function
* mounts a fresh tmpfs over the containers directory if the user requests it.
* Because we mount a fresh tmpfs over the directory of the container the
* updated /etc/hostname file created during the clone residing in the upperdir
@@ -811,18 +748,19 @@ static char *mount_tmpfs(const char *oldname, const char *newname,
FILE *fp;
if (arg->tmpfs && arg->keepdata) {
- fprintf(stderr, "%s\n", "A container can only be placed on a "
- "tmpfs when storage backend is overlay "
- "or aufs.");
+ fprintf(stderr, "%s\n",
+ "A container can only be placed on a tmpfs when the "
+ "overlay storage driver is used");
goto err_free;
}
if (arg->tmpfs && !arg->bdevtype) {
arg->bdevtype = "overlayfs";
- } else if (arg->tmpfs && arg->bdevtype && strcmp(arg->bdevtype, "overlayfs") && strcmp(arg->bdevtype, "aufs")) {
- fprintf(stderr, "%s\n", "A container can only be placed on a "
- "tmpfs when storage backend is overlay "
- "or aufs.");
+ } else if (arg->tmpfs && arg->bdevtype &&
+ strcmp(arg->bdevtype, "overlayfs") != 0) {
+ fprintf(stderr, "%s\n",
+ "A container can only be placed on a tmpfs when the "
+ "overlay storage driver is used");
goto err_free;
}
diff --git a/src/lxc/tools/lxc_create.c b/src/lxc/tools/lxc_create.c
index f0c9caab1..3b0c4d401 100644
--- a/src/lxc/tools/lxc_create.c
+++ b/src/lxc/tools/lxc_create.c
@@ -205,7 +205,6 @@ static bool is_valid_storage_type(const char *type)
{
if (strcmp(type, "dir") == 0 ||
strcmp(type, "btrfs") == 0 ||
- strcmp(type, "aufs") == 0 ||
strcmp(type, "loop") == 0 ||
strcmp(type, "lvm") == 0 ||
strcmp(type, "nbd") == 0 ||
From fa1b57bd8930ab1cc2bf8ac39281dcb7e83aab1d Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 11 Mar 2018 00:23:41 +0100
Subject: [PATCH 3/3] conf: coding style changes
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/conf.c | 1379 +++++++++++++++++++++++++++++---------------------------
1 file changed, 706 insertions(+), 673 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 40ccc348b..570de62f3 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -114,6 +114,15 @@
lxc_log_define(lxc_conf, lxc);
+/* The lxc_conf of the container currently being worked on in an API call.
+ * This is used in the error calls.
+ */
+#ifdef HAVE_TLS
+__thread struct lxc_conf *current_config;
+#else
+struct lxc_conf *current_config;
+#endif
+
/* Define pivot_root() if missing from the C library */
#ifndef HAVE_PIVOT_ROOT
static int pivot_root(const char *new_root, const char *put_old)
@@ -129,10 +138,18 @@ static int pivot_root(const char *new_root, const char *put_old)
extern int pivot_root(const char *new_root, const char *put_old);
#endif
-char *lxchook_names[NUM_LXC_HOOKS] = {"pre-start", "pre-mount", "mount",
- "autodev", "start", "stop",
- "post-stop", "clone", "destroy",
- "start-host"};
+char *lxchook_names[NUM_LXC_HOOKS] = {
+ "pre-start",
+ "pre-mount",
+ "mount",
+ "autodev",
+ "start",
+ "stop",
+ "post-stop",
+ "clone",
+ "destroy",
+ "start-host"
+};
struct mount_opt {
char *name;
@@ -150,17 +167,6 @@ struct limit_opt {
int value;
};
-/*
- * The lxc_conf of the container currently being worked on in an
- * API call
- * This is used in the error calls
- */
-#ifdef HAVE_TLS
-__thread struct lxc_conf *current_config;
-#else
-struct lxc_conf *current_config;
-#endif
-
static struct mount_opt mount_opt[] = {
{ "async", 1, MS_SYNCHRONOUS },
{ "atime", 1, MS_NOATIME },
@@ -192,68 +198,68 @@ static struct mount_opt mount_opt[] = {
};
static struct mount_opt propagation_opt[] = {
- { "private", 0, MS_PRIVATE },
- { "shared", 0, MS_SHARED },
- { "slave", 0, MS_SLAVE },
- { "unbindable", 0, MS_UNBINDABLE },
- { "rprivate", 0, MS_PRIVATE|MS_REC },
- { "rshared", 0, MS_SHARED|MS_REC },
- { "rslave", 0, MS_SLAVE|MS_REC },
- { "runbindable", 0, MS_UNBINDABLE|MS_REC },
- { NULL, 0, 0 },
+ { "private", 0, MS_PRIVATE },
+ { "shared", 0, MS_SHARED },
+ { "slave", 0, MS_SLAVE },
+ { "unbindable", 0, MS_UNBINDABLE },
+ { "rprivate", 0, MS_PRIVATE|MS_REC },
+ { "rshared", 0, MS_SHARED|MS_REC },
+ { "rslave", 0, MS_SLAVE|MS_REC },
+ { "runbindable", 0, MS_UNBINDABLE|MS_REC },
+ { NULL, 0, 0 },
};
#if HAVE_LIBCAP
static struct caps_opt caps_opt[] = {
- { "chown", CAP_CHOWN },
- { "dac_override", CAP_DAC_OVERRIDE },
- { "dac_read_search", CAP_DAC_READ_SEARCH },
- { "fowner", CAP_FOWNER },
- { "fsetid", CAP_FSETID },
- { "kill", CAP_KILL },
- { "setgid", CAP_SETGID },
- { "setuid", CAP_SETUID },
- { "setpcap", CAP_SETPCAP },
- { "linux_immutable", CAP_LINUX_IMMUTABLE },
- { "net_bind_service", CAP_NET_BIND_SERVICE },
- { "net_broadcast", CAP_NET_BROADCAST },
- { "net_admin", CAP_NET_ADMIN },
- { "net_raw", CAP_NET_RAW },
- { "ipc_lock", CAP_IPC_LOCK },
- { "ipc_owner", CAP_IPC_OWNER },
- { "sys_module", CAP_SYS_MODULE },
- { "sys_rawio", CAP_SYS_RAWIO },
- { "sys_chroot", CAP_SYS_CHROOT },
- { "sys_ptrace", CAP_SYS_PTRACE },
- { "sys_pacct", CAP_SYS_PACCT },
- { "sys_admin", CAP_SYS_ADMIN },
- { "sys_boot", CAP_SYS_BOOT },
- { "sys_nice", CAP_SYS_NICE },
- { "sys_resource", CAP_SYS_RESOURCE },
- { "sys_time", CAP_SYS_TIME },
- { "sys_tty_config", CAP_SYS_TTY_CONFIG },
- { "mknod", CAP_MKNOD },
- { "lease", CAP_LEASE },
+ { "chown", CAP_CHOWN },
+ { "dac_override", CAP_DAC_OVERRIDE },
+ { "dac_read_search", CAP_DAC_READ_SEARCH },
+ { "fowner", CAP_FOWNER },
+ { "fsetid", CAP_FSETID },
+ { "kill", CAP_KILL },
+ { "setgid", CAP_SETGID },
+ { "setuid", CAP_SETUID },
+ { "setpcap", CAP_SETPCAP },
+ { "linux_immutable", CAP_LINUX_IMMUTABLE },
+ { "net_bind_service", CAP_NET_BIND_SERVICE },
+ { "net_broadcast", CAP_NET_BROADCAST },
+ { "net_admin", CAP_NET_ADMIN },
+ { "net_raw", CAP_NET_RAW },
+ { "ipc_lock", CAP_IPC_LOCK },
+ { "ipc_owner", CAP_IPC_OWNER },
+ { "sys_module", CAP_SYS_MODULE },
+ { "sys_rawio", CAP_SYS_RAWIO },
+ { "sys_chroot", CAP_SYS_CHROOT },
+ { "sys_ptrace", CAP_SYS_PTRACE },
+ { "sys_pacct", CAP_SYS_PACCT },
+ { "sys_admin", CAP_SYS_ADMIN },
+ { "sys_boot", CAP_SYS_BOOT },
+ { "sys_nice", CAP_SYS_NICE },
+ { "sys_resource", CAP_SYS_RESOURCE },
+ { "sys_time", CAP_SYS_TIME },
+ { "sys_tty_config", CAP_SYS_TTY_CONFIG },
+ { "mknod", CAP_MKNOD },
+ { "lease", CAP_LEASE },
#ifdef CAP_AUDIT_READ
- { "audit_read", CAP_AUDIT_READ },
+ { "audit_read", CAP_AUDIT_READ },
#endif
#ifdef CAP_AUDIT_WRITE
- { "audit_write", CAP_AUDIT_WRITE },
+ { "audit_write", CAP_AUDIT_WRITE },
#endif
#ifdef CAP_AUDIT_CONTROL
- { "audit_control", CAP_AUDIT_CONTROL },
+ { "audit_control", CAP_AUDIT_CONTROL },
#endif
- { "setfcap", CAP_SETFCAP },
- { "mac_override", CAP_MAC_OVERRIDE },
- { "mac_admin", CAP_MAC_ADMIN },
+ { "setfcap", CAP_SETFCAP },
+ { "mac_override", CAP_MAC_OVERRIDE },
+ { "mac_admin", CAP_MAC_ADMIN },
#ifdef CAP_SYSLOG
- { "syslog", CAP_SYSLOG },
+ { "syslog", CAP_SYSLOG },
#endif
#ifdef CAP_WAKE_ALARM
- { "wake_alarm", CAP_WAKE_ALARM },
+ { "wake_alarm", CAP_WAKE_ALARM },
#endif
#ifdef CAP_BLOCK_SUSPEND
- { "block_suspend", CAP_BLOCK_SUSPEND },
+ { "block_suspend", CAP_BLOCK_SUSPEND },
#endif
};
#else
@@ -313,9 +319,9 @@ static struct limit_opt limit_opt[] = {
static int run_buffer(char *buffer)
{
- struct lxc_popen_FILE *f;
- char *output;
int ret;
+ char *output;
+ struct lxc_popen_FILE *f;
f = lxc_popen(buffer);
if (!f) {
@@ -495,10 +501,10 @@ int run_script(const char *name, const char *section, const char *script, ...)
{
int ret;
char *buffer, *p;
- size_t size = 0;
va_list ap;
+ size_t size = 0;
- INFO("Executing script \"%s\" for container \"%s\", config section \"%s\".",
+ INFO("Executing script \"%s\" for container \"%s\", config section \"%s\"",
script, name, section);
va_start(ap, script);
@@ -516,26 +522,17 @@ int run_script(const char *name, const char *section, const char *script, ...)
return -1;
buffer = alloca(size);
- if (!buffer) {
- ERROR("Failed to allocate memory.");
- return -1;
- }
-
ret = snprintf(buffer, size, "exec %s %s %s", script, name, section);
- if (ret < 0 || ret >= size) {
- ERROR("Script name too long.");
+ if (ret < 0 || ret >= size)
return -1;
- }
va_start(ap, script);
while ((p = va_arg(ap, char *))) {
int len = size - ret;
int rc;
rc = snprintf(buffer + ret, len, " %s", p);
- if (rc < 0 || rc >= len) {
- ERROR("Script args too long.");
+ if (rc < 0 || rc >= len)
return -1;
- }
ret += rc;
}
va_end(ap);
@@ -543,8 +540,7 @@ int run_script(const char *name, const char *section, const char *script, ...)
return run_buffer(buffer);
}
-/*
- * pin_rootfs
+/* pin_rootfs
* if rootfs is a directory, then open ${rootfs}/lxc.hold for writing for
* the duration of the container run, to prevent the container from marking
* the underlying fs readonly on shutdown. unlink the file immediately so
@@ -555,10 +551,9 @@ int run_script(const char *name, const char *section, const char *script, ...)
*/
int pin_rootfs(const char *rootfs)
{
- char absrootfs[MAXPATHLEN];
- char absrootfspin[MAXPATHLEN];
+ int fd, ret;
+ char absrootfs[MAXPATHLEN], absrootfspin[MAXPATHLEN];
struct stat s;
- int ret, fd;
if (rootfs == NULL || strlen(rootfs) == 0)
return -2;
@@ -566,10 +561,12 @@ int pin_rootfs(const char *rootfs)
if (!realpath(rootfs, absrootfs))
return -2;
- if (access(absrootfs, F_OK))
+ ret = access(absrootfs, F_OK);
+ if (ret != 0)
return -1;
- if (stat(absrootfs, &s))
+ ret = stat(absrootfs, &s);
+ if (ret < 0)
return -1;
if (!S_ISDIR(s.st_mode))
@@ -579,21 +576,23 @@ int pin_rootfs(const char *rootfs)
if (ret >= MAXPATHLEN)
return -1;
- fd = open(absrootfspin, O_CREAT | O_RDWR, S_IWUSR|S_IRUSR);
+ fd = open(absrootfspin, O_CREAT | O_RDWR, S_IWUSR | S_IRUSR);
if (fd < 0)
return fd;
+
(void)unlink(absrootfspin);
+
return fd;
}
-/*
- * If we are asking to remount something, make sure that any
- * NOEXEC etc are honored.
+/* If we are asking to remount something, make sure that any NOEXEC etc are
+ * honored.
*/
unsigned long add_required_remount_flags(const char *s, const char *d,
unsigned long flags)
{
#ifdef HAVE_STATVFS
+ int ret;
struct statvfs sb;
unsigned long required_flags = 0;
@@ -605,7 +604,9 @@ unsigned long add_required_remount_flags(const char *s, const char *d,
if (!s)
return flags;
- if (statvfs(s, &sb) < 0)
+
+ ret = statvfs(s, &sb);
+ if (ret < 0)
return flags;
if (sb.f_flag & MS_NOSUID)
@@ -625,8 +626,7 @@ unsigned long add_required_remount_flags(const char *s, const char *d,
static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_handler *handler)
{
- int r;
- int i;
+ int i, r;
static struct {
int match_mask;
int match_flag;
@@ -636,83 +636,87 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
unsigned long flags;
const char *options;
} default_mounts[] = {
- /* Read-only bind-mounting... In older kernels, doing that required
- * to do one MS_BIND mount and then MS_REMOUNT|MS_RDONLY the same
- * one. According to mount(2) manpage, MS_BIND honors MS_RDONLY from
- * kernel 2.6.26 onwards. However, this apparently does not work on
- * kernel 3.8. Unfortunately, on that very same kernel, doing the
- * same trick as above doesn't seem to work either, there one needs
- * to ALSO specify MS_BIND for the remount, otherwise the entire
- * fs is remounted read-only or the mount fails because it's busy...
- * MS_REMOUNT|MS_BIND|MS_RDONLY seems to work for kernels as low as
- * 2.6.32...
+ /* Read-only bind-mounting... In older kernels, doing that
+ * required to do one MS_BIND mount and then
+ * MS_REMOUNT|MS_RDONLY the same one. According to mount(2)
+ * manpage, MS_BIND honors MS_RDONLY from kernel 2.6.26
+ * onwards. However, this apparently does not work on kernel
+ * 3.8. Unfortunately, on that very same kernel, doing the same
+ * trick as above doesn't seem to work either, there one needs
+ * to ALSO specify MS_BIND for the remount, otherwise the
+ * entire fs is remounted read-only or the mount fails because
+ * it's busy... MS_REMOUNT|MS_BIND|MS_RDONLY seems to work for
+ * kernels as low as 2.6.32...
*/
- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL },
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL },
/* proc/tty is used as a temporary placeholder for proc/sys/net which we'll move back in a few steps */
- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys/net", "%r/proc/tty", NULL, MS_BIND, NULL },
- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys", "%r/proc/sys", NULL, MS_BIND, NULL },
- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL },
- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/tty", "%r/proc/sys/net", NULL, MS_MOVE, NULL },
- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sysrq-trigger", "%r/proc/sysrq-trigger", NULL, MS_BIND, NULL },
- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sysrq-trigger", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL },
- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL },
- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW, "sysfs", "%r/sys", "sysfs", 0, NULL },
- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO, "sysfs", "%r/sys", "sysfs", MS_RDONLY, NULL },
- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys", "sysfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL },
- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys", "%r/sys", NULL, MS_BIND, NULL },
- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL },
- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys/devices/virtual/net", "sysfs", 0, NULL },
- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys/devices/virtual/net/devices/virtual/net", "%r/sys/devices/virtual/net", NULL, MS_BIND, NULL },
- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys/devices/virtual/net", NULL, MS_REMOUNT|MS_BIND|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL },
- { 0, 0, NULL, NULL, NULL, 0, NULL }
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys/net", "%r/proc/tty", NULL, MS_BIND, NULL },
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys", "%r/proc/sys", NULL, MS_BIND, NULL },
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL },
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/tty", "%r/proc/sys/net", NULL, MS_MOVE, NULL },
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sysrq-trigger", "%r/proc/sysrq-trigger", NULL, MS_BIND, NULL },
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sysrq-trigger", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL },
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL },
+ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW, "sysfs", "%r/sys", "sysfs", 0, NULL },
+ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO, "sysfs", "%r/sys", "sysfs", MS_RDONLY, NULL },
+ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys", "sysfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL },
+ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys", "%r/sys", NULL, MS_BIND, NULL },
+ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL },
+ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys/devices/virtual/net", "sysfs", 0, NULL },
+ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys/devices/virtual/net/devices/virtual/net", "%r/sys/devices/virtual/net", NULL, MS_BIND, NULL },
+ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys/devices/virtual/net", NULL, MS_REMOUNT|MS_BIND|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL },
+ { 0, 0, NULL, NULL, NULL, 0, NULL }
};
for (i = 0; default_mounts[i].match_mask; i++) {
- if ((flags & default_mounts[i].match_mask) == default_mounts[i].match_flag) {
- char *source = NULL;
- char *destination = NULL;
- int saved_errno;
- unsigned long mflags;
-
- if (default_mounts[i].source) {
- /* will act like strdup if %r is not present */
- source = lxc_string_replace("%r", conf->rootfs.path ? conf->rootfs.mount : "", default_mounts[i].source);
- if (!source) {
- SYSERROR("memory allocation error");
- return -1;
- }
- }
- if (!default_mounts[i].destination) {
- ERROR("BUG: auto mounts destination %d was NULL", i);
- free(source);
- return -1;
- }
+ int saved_errno;
+ unsigned long mflags;
+ char *destination = NULL;
+ char *source = NULL;
+ if ((flags & default_mounts[i].match_mask) != default_mounts[i].match_flag)
+ continue;
+
+ if (default_mounts[i].source) {
/* will act like strdup if %r is not present */
- destination = lxc_string_replace("%r", conf->rootfs.path ? conf->rootfs.mount : "", default_mounts[i].destination);
- if (!destination) {
- saved_errno = errno;
- SYSERROR("memory allocation error");
- free(source);
- errno = saved_errno;
+ source = lxc_string_replace("%r", conf->rootfs.path ? conf->rootfs.mount : "", default_mounts[i].source);
+ if (!source)
return -1;
- }
- mflags = add_required_remount_flags(source, destination,
- default_mounts[i].flags);
- r = safe_mount(source, destination, default_mounts[i].fstype, mflags, default_mounts[i].options, conf->rootfs.path ? conf->rootfs.mount : NULL);
- saved_errno = errno;
- if (r < 0 && errno == ENOENT) {
- INFO("Mount source or target for %s on %s doesn't exist. Skipping.", source, destination);
- r = 0;
- }
- else if (r < 0)
- SYSERROR("error mounting %s on %s flags %lu", source, destination, mflags);
+ }
+ if (!default_mounts[i].destination) {
+ ERROR("BUG: auto mounts destination %d was NULL", i);
free(source);
- free(destination);
- if (r < 0) {
- errno = saved_errno;
- return -1;
- }
+ return -1;
+ }
+
+ /* will act like strdup if %r is not present */
+ destination = lxc_string_replace("%r", conf->rootfs.path ? conf->rootfs.mount : "", default_mounts[i].destination);
+ if (!destination) {
+ saved_errno = errno;
+ free(source);
+ errno = saved_errno;
+ return -1;
+ }
+
+ mflags = add_required_remount_flags(source, destination,
+ default_mounts[i].flags);
+ r = safe_mount(source, destination, default_mounts[i].fstype,
+ mflags, default_mounts[i].options,
+ conf->rootfs.path ? conf->rootfs.mount : NULL);
+ saved_errno = errno;
+ if (r < 0 && errno == ENOENT) {
+ INFO("Mount source or target for \"%s\" on \"%s\" does "
+ "not exist. Skipping", source, destination);
+ r = 0;
+ } else if (r < 0) {
+ SYSERROR("Failed to mount \"%s\" on \"%s\" with flags %lu", source, destination, mflags);
+ }
+
+ free(source);
+ free(destination);
+ if (r < 0) {
+ errno = saved_errno;
+ return -1;
}
}
@@ -720,14 +724,16 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
int cg_flags;
cg_flags = flags & (LXC_AUTO_CGROUP_MASK & ~LXC_AUTO_CGROUP_FORCE);
- /* If the type of cgroup mount was not specified, it depends on the
- * container's capabilities as to what makes sense: if we have
- * CAP_SYS_ADMIN, the read-only part can be remounted read-write
- * anyway, so we may as well default to read-write; then the admin
- * will not be given a false sense of security. (And if they really
- * want mixed r/o r/w, then they can explicitly specify :mixed.)
- * OTOH, if the container lacks CAP_SYS_ADMIN, do only default to
- * :mixed, because then the container can't remount it read-write. */
+ /* If the type of cgroup mount was not specified, it depends on
+ * the container's capabilities as to what makes sense: if we
+ * have CAP_SYS_ADMIN, the read-only part can be remounted
+ * read-write anyway, so we may as well default to read-write;
+ * then the admin will not be given a false sense of security.
+ * (And if they really want mixed r/o r/w, then they can
+ * explicitly specify :mixed.) OTOH, if the container lacks
+ * CAP_SYS_ADMIN, do only default to :mixed, because then the
+ * container can't remount it read-write.
+ */
if (cg_flags == LXC_AUTO_CGROUP_NOSPEC || cg_flags == LXC_AUTO_CGROUP_FULL_NOSPEC) {
int has_sys_admin = 0;
@@ -741,10 +747,12 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
else
cg_flags = has_sys_admin ? LXC_AUTO_CGROUP_FULL_RW : LXC_AUTO_CGROUP_FULL_MIXED;
}
+
if (flags & LXC_AUTO_CGROUP_FORCE)
- cg_flags |= LXC_AUTO_CGROUP_FORCE;
+ cg_flags |= LXC_AUTO_CGROUP_FORCE;
+
if (!cgroup_mount(conf->rootfs.path ? conf->rootfs.mount : "", handler, cg_flags)) {
- SYSERROR("error mounting /sys/fs/cgroup");
+ SYSERROR("Failed to mount \"/sys/fs/cgroup\"");
return -1;
}
}
@@ -754,15 +762,18 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
static int setup_utsname(struct utsname *utsname)
{
+ int ret;
+
if (!utsname)
return 0;
- if (sethostname(utsname->nodename, strlen(utsname->nodename))) {
- SYSERROR("failed to set the hostname to '%s'", utsname->nodename);
+ ret = sethostname(utsname->nodename, strlen(utsname->nodename));
+ if (ret < 0) {
+ SYSERROR("Failed to set the hostname to \"%s\"", utsname->nodename);
return -1;
}
- INFO("'%s' hostname has been setup", utsname->nodename);
+ INFO("Set hostname to \"%s\"", utsname->nodename);
return 0;
}
@@ -773,44 +784,44 @@ struct dev_symlinks {
};
static const struct dev_symlinks dev_symlinks[] = {
- {"/proc/self/fd", "fd"},
- {"/proc/self/fd/0", "stdin"},
- {"/proc/self/fd/1", "stdout"},
- {"/proc/self/fd/2", "stderr"},
+ { "/proc/self/fd", "fd" },
+ { "/proc/self/fd/0", "stdin" },
+ { "/proc/self/fd/1", "stdout" },
+ { "/proc/self/fd/2", "stderr" },
};
static int lxc_setup_dev_symlinks(const struct lxc_rootfs *rootfs)
{
+ int i, ret;
char path[MAXPATHLEN];
- int ret,i;
struct stat s;
-
for (i = 0; i < sizeof(dev_symlinks) / sizeof(dev_symlinks[0]); i++) {
const struct dev_symlinks *d = &dev_symlinks[i];
- ret = snprintf(path, sizeof(path), "%s/dev/%s", rootfs->path ? rootfs->mount : "", d->name);
+
+ ret = snprintf(path, sizeof(path), "%s/dev/%s",
+ rootfs->path ? rootfs->mount : "", d->name);
if (ret < 0 || ret >= MAXPATHLEN)
return -1;
- /*
- * Stat the path first. If we don't get an error
- * accept it as is and don't try to create it
+ /* Stat the path first. If we don't get an error accept it as
+ * is and don't try to create it
*/
- if (!stat(path, &s)) {
+ ret = stat(path, &s);
+ if (ret == 0)
continue;
- }
ret = symlink(d->oldpath, path);
-
if (ret && errno != EEXIST) {
- if ( errno == EROFS ) {
- WARN("Warning: Read Only file system while creating %s", path);
+ if (errno == EROFS) {
+ WARN("Failed to create \"%s\". Read-only filesystem", path);
} else {
- SYSERROR("Error creating %s", path);
+ SYSERROR("Failed to create \"%s\"", path);
return -1;
}
}
}
+
return 0;
}
@@ -823,15 +834,19 @@ static bool append_ptyname(char **pp, char *name)
*pp = malloc(strlen(name) + strlen("container_ttys=") + 1);
if (!*pp)
return false;
+
sprintf(*pp, "container_ttys=%s", name);
return true;
}
+
p = realloc(*pp, strlen(*pp) + strlen(name) + 2);
if (!p)
return false;
+
*pp = p;
strcat(p, " ");
strcat(p, name);
+
return true;
}
@@ -879,7 +894,7 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
tty->name, path);
continue;
}
- DEBUG("bind mounted \"%s\" onto \"%s\"", tty->name,
+ DEBUG("Bind mounted \"%s\" onto \"%s\"", tty->name,
path);
ret = snprintf(lxcpath, sizeof(lxcpath), "%s/tty%d",
@@ -930,8 +945,8 @@ static int lxc_setup_ttys(struct lxc_conf *conf)
int lxc_allocate_ttys(const char *name, struct lxc_conf *conf)
{
- struct lxc_tty_info *ttys = &conf->ttys;
int i, ret;
+ struct lxc_tty_info *ttys = &conf->ttys;
/* no tty in the configuration */
if (!conf->tty)
@@ -947,26 +962,26 @@ int lxc_allocate_ttys(const char *name, struct lxc_conf *conf)
ret = openpty(&tty->master, &tty->slave,
tty->name, NULL, NULL);
if (ret) {
- SYSERROR("failed to create pty device number %d", i);
+ SYSERROR("Failed to create tty %d", i);
ttys->nbtty = i;
lxc_delete_tty(ttys);
return -ENOTTY;
}
- DEBUG("allocated pty \"%s\" with master fd %d and slave fd %d",
+ DEBUG("Created tty \"%s\" with master fd %d and slave fd %d",
tty->name, tty->master, tty->slave);
/* Prevent leaking the file descriptors to the container */
ret = fcntl(tty->master, F_SETFD, FD_CLOEXEC);
if (ret < 0)
- WARN("failed to set FD_CLOEXEC flag on master fd %d of "
- "pty device \"%s\": %s",
+ WARN("Failed to set FD_CLOEXEC flag on master fd %d of "
+ "tty device \"%s\": %s",
tty->master, tty->name, strerror(errno));
ret = fcntl(tty->slave, F_SETFD, FD_CLOEXEC);
if (ret < 0)
- WARN("failed to set FD_CLOEXEC flag on slave fd %d of "
- "pty device \"%s\": %s",
+ WARN("Failed to set FD_CLOEXEC flag on slave fd %d of "
+ "tty device \"%s\": %s",
tty->slave, tty->name, strerror(errno));
tty->busy = 0;
@@ -974,7 +989,7 @@ int lxc_allocate_ttys(const char *name, struct lxc_conf *conf)
ttys->nbtty = conf->tty;
- INFO("finished allocating %d pts devices", conf->tty);
+ INFO("Finished creating %d tty devices", conf->tty);
return 0;
}
@@ -997,12 +1012,12 @@ void lxc_delete_tty(struct lxc_tty_info *ttys)
static int lxc_send_ttys_to_parent(struct lxc_handler *handler)
{
int i;
+ int ret = -1;
struct lxc_conf *conf = handler->conf;
struct lxc_tty_info *ttys = &conf->ttys;
int sock = handler->data_sock[0];
- int ret = -1;
- if (!conf->tty)
+ if (conf->tty == 0)
return 0;
for (i = 0; i < conf->tty; i++) {
@@ -1016,7 +1031,7 @@ static int lxc_send_ttys_to_parent(struct lxc_handler *handler)
if (ret < 0)
break;
- TRACE("Send pty \"%s\" with master fd %d and slave fd %d to "
+ TRACE("Sent ty \"%s\" with master fd %d and slave fd %d to "
"parent", tty->name, tty->master, tty->slave);
}
@@ -1070,62 +1085,70 @@ static int lxc_create_ttys(struct lxc_handler *handler)
static int setup_rootfs_pivot_root(const char *rootfs)
{
- int oldroot = -1, newroot = -1;
+ int ret;
+ int newroot = -1, oldroot = -1;
oldroot = open("/", O_DIRECTORY | O_RDONLY);
if (oldroot < 0) {
- SYSERROR("Error opening old-/ for fchdir");
+ SYSERROR("Failed to open old root directory");
return -1;
}
+
newroot = open(rootfs, O_DIRECTORY | O_RDONLY);
if (newroot < 0) {
- SYSERROR("Error opening new-/ for fchdir");
- goto fail;
+ SYSERROR("Failed to open new root directory");
+ goto on_error;
}
/* change into new root fs */
- if (fchdir(newroot)) {
- SYSERROR("can't chdir to new rootfs '%s'", rootfs);
- goto fail;
+ ret = fchdir(newroot);
+ if (ret < 0) {
+ SYSERROR("Failed to change to new rootfs \"%s\"", rootfs);
+ goto on_error;
}
/* pivot_root into our new root fs */
- if (pivot_root(".", ".")) {
- SYSERROR("pivot_root syscall failed");
- goto fail;
+ ret = pivot_root(".", ".");
+ if (ret < 0) {
+ SYSERROR("Failed to pivot_root()");
+ goto on_error;
}
- /*
- * at this point the old-root is mounted on top of our new-root
- * To unmounted it we must not be chdir'd into it, so escape back
- * to old-root
+ /* At this point the old-root is mounted on top of our new-root To
+ * unmounted it we must not be chdir'd into it, so escape back to
+ * old-root.
*/
- if (fchdir(oldroot) < 0) {
- SYSERROR("Error entering oldroot");
- goto fail;
+ ret = fchdir(oldroot);
+ if (ret < 0) {
+ SYSERROR("Failed to enter old root directory");
+ goto on_error;
}
- if (umount2(".", MNT_DETACH) < 0) {
- SYSERROR("Error detaching old root");
- goto fail;
+
+ ret = umount2(".", MNT_DETACH);
+ if (ret < 0) {
+ SYSERROR("Failed to detach old root directory");
+ goto on_error;
}
- if (fchdir(newroot) < 0) {
- SYSERROR("Error re-entering newroot");
- goto fail;
+ ret = fchdir(newroot);
+ if (ret < 0) {
+ SYSERROR("Failed to re-enter new root directory");
+ goto on_error;
}
close(oldroot);
close(newroot);
- DEBUG("pivot_root syscall to '%s' successful", rootfs);
+ DEBUG("pivot_root(\"%s\") successful", rootfs);
return 0;
-fail:
+on_error:
if (oldroot != -1)
close(oldroot);
if (newroot != -1)
close(newroot);
+
return -1;
}
@@ -1277,22 +1300,25 @@ static int lxc_setup_rootfs(struct lxc_conf *conf)
rootfs = &conf->rootfs;
if (!rootfs->path) {
- if (mount("", "/", NULL, MS_SLAVE | MS_REC, 0)) {
- SYSERROR("Failed to make / rslave.");
+ ret = mount("", "/", NULL, MS_SLAVE | MS_REC, 0);
+ if (ret < 0) {
+ SYSERROR("Failed to make / rslave");
return -1;
}
+
return 0;
}
- if (access(rootfs->mount, F_OK)) {
- SYSERROR("Failed to access to \"%s\". Check it is present.",
+ ret = access(rootfs->mount, F_OK);
+ if (ret != 0) {
+ SYSERROR("Failed to access to \"%s\". Check it is present",
rootfs->mount);
return -1;
}
bdev = storage_init(conf);
if (!bdev) {
- ERROR("Failed to mount rootfs \"%s\" onto \"%s\" with options \"%s\".",
+ ERROR("Failed to mount rootfs \"%s\" onto \"%s\" with options \"%s\"",
rootfs->path, rootfs->mount,
rootfs->options ? rootfs->options : "(null)");
return -1;
@@ -1301,13 +1327,13 @@ static int lxc_setup_rootfs(struct lxc_conf *conf)
ret = bdev->ops->mount(bdev);
storage_put(bdev);
if (ret < 0) {
- ERROR("Failed to mount rootfs \"%s\" onto \"%s\" with options \"%s\".",
+ ERROR("Failed to mount rootfs \"%s\" onto \"%s\" with options \"%s\"",
rootfs->path, rootfs->mount,
rootfs->options ? rootfs->options : "(null)");
return -1;
}
- DEBUG("Mounted rootfs \"%s\" onto \"%s\" with options \"%s\".",
+ DEBUG("Mounted rootfs \"%s\" onto \"%s\" with options \"%s\"",
rootfs->path, rootfs->mount,
rootfs->options ? rootfs->options : "(null)");
@@ -1316,35 +1342,35 @@ static int lxc_setup_rootfs(struct lxc_conf *conf)
int prepare_ramfs_root(char *root)
{
- char buf[LXC_LINELEN], *p;
- char nroot[PATH_MAX];
+ int i, ret;
+ char *p, *p2;
+ char buf[LXC_LINELEN], nroot[PATH_MAX];
FILE *f;
- int i;
- char *p2;
- if (realpath(root, nroot) == NULL)
- return -errno;
+ if (!realpath(root, nroot))
+ return -1;
- if (chdir("/") == -1)
- return -errno;
+ ret = chdir("/");
+ if (ret < 0)
+ return -1;
- /*
- * We could use here MS_MOVE, but in userns this mount is
- * locked and can't be moved.
+ /* We could use here MS_MOVE, but in userns this mount is locked and
+ * can't be moved.
*/
- if (mount(root, "/", NULL, MS_REC | MS_BIND, NULL) < 0) {
- SYSERROR("Failed to move %s into /", root);
- return -errno;
+ ret = mount(root, "/", NULL, MS_REC | MS_BIND, NULL);
+ if (ret < 0) {
+ SYSERROR("Failed to move \"%s\" into \"/\"", root);
+ return -1;
}
- if (mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL) < 0) {
- SYSERROR("Failed to make . rprivate");
- return -errno;
+ ret = mount(NULL, "/", NULL, MS_REC | MS_PRIVATE, NULL);
+ if (ret < 0) {
+ SYSERROR("Failed to make \"/\" rprivate");
+ return -1;
}
- /*
- * The following code cleans up inhereted mounts which are not
- * required for CT.
+ /* The following code cleans up inhereted mounts which are not required
+ * for CT.
*
* The mountinfo file shows not all mounts, if a few points have been
* unmounted between read operations from the mountinfo. So we need to
@@ -1353,7 +1379,7 @@ int prepare_ramfs_root(char *root)
* This loop can be skipped if a container uses unserns, because all
* inherited mounts are locked and we should live with all this trash.
*/
- while (1) {
+ for (;;) {
int progress = 0;
f = fopen("./proc/self/mountinfo", "r");
@@ -1361,11 +1387,14 @@ int prepare_ramfs_root(char *root)
SYSERROR("Unable to open /proc/self/mountinfo");
return -1;
}
+
while (fgets(buf, LXC_LINELEN, f)) {
for (p = buf, i=0; p && i < 4; i++)
p = strchr(p+1, ' ');
+
if (!p)
continue;
+
p2 = strchr(p+1, ' ');
if (!p2)
continue;
@@ -1375,27 +1404,33 @@ int prepare_ramfs_root(char *root)
if (strcmp(p + 1, "/") == 0)
continue;
+
if (strcmp(p + 1, "/proc") == 0)
continue;
- if (umount2(p, MNT_DETACH) == 0)
+ ret = umount2(p, MNT_DETACH);
+ if (ret == 0)
progress++;
}
+
fclose(f);
+
if (!progress)
break;
}
- /* This also can be skipped if a container uses unserns */
- umount2("./proc", MNT_DETACH);
+ /* This also can be skipped if a container uses unserns. */
+ (void)umount2("./proc", MNT_DETACH);
/* It is weird, but chdir("..") moves us in a new root */
- if (chdir("..") == -1) {
+ ret = chdir("..");
+ if (ret < 0) {
SYSERROR("Unable to change working directory");
return -1;
}
- if (chroot(".") == -1) {
+ ret = chroot(".");
+ if (ret < 0) {
SYSERROR("Unable to chroot");
return -1;
}
@@ -1405,28 +1440,33 @@ int prepare_ramfs_root(char *root)
static int setup_pivot_root(const struct lxc_rootfs *rootfs)
{
+ int ret;
+
if (!rootfs->path) {
- DEBUG("container does not have a rootfs, so not doing pivot root");
+ DEBUG("Container does not have a rootfs");
return 0;
}
if (detect_ramfs_rootfs()) {
- DEBUG("detected that container is on ramfs");
- if (prepare_ramfs_root(rootfs->mount)) {
- ERROR("failed to prepare minimal ramfs root");
+ DEBUG("Detected that container is on ramfs");
+
+ ret = prepare_ramfs_root(rootfs->mount);
+ if (ret < 0) {
+ ERROR("Failed to prepare minimal ramfs root");
return -1;
}
- DEBUG("prepared ramfs root for container");
+ DEBUG("Prepared ramfs root for container");
return 0;
}
- if (setup_rootfs_pivot_root(rootfs->mount) < 0) {
- ERROR("failed to pivot root");
+ ret = setup_rootfs_pivot_root(rootfs->mount);
+ if (ret < 0) {
+ ERROR("Failed to pivot_root()");
return -1;
}
- DEBUG("finished pivot root");
+ DEBUG("Finished pivot_root()");
return 0;
}
@@ -1467,7 +1507,7 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
char devpts_mntopts[256];
if (conf->pts <= 0) {
- DEBUG("no new devpts instance will be mounted since no pts "
+ DEBUG("No new devpts instance will be mounted since no pts "
"devices are requested");
return 0;
}
@@ -1487,88 +1527,91 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
if (!ret) {
ret = umount("/dev/pts");
if (ret < 0) {
- SYSERROR("failed to unmount old devpts instance");
+ SYSERROR("Failed to unmount old devpts instance");
return -1;
}
- DEBUG("unmounted old /dev/pts instance");
+ DEBUG("Unmounted old devpts instance");
}
/* Create mountpoint for devpts instance. */
ret = mkdir("/dev/pts", 0755);
if (ret < 0 && errno != EEXIST) {
- SYSERROR("failed to create the \"/dev/pts\" directory");
+ SYSERROR("Failed to create \"/dev/pts\" directory");
return -1;
}
/* Mount new devpts instance. */
ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, devpts_mntopts);
if (ret < 0) {
- SYSERROR("failed to mount new devpts instance");
+ SYSERROR("Failed to mount new devpts instance");
return -1;
}
- DEBUG("mount new devpts instance with options \"%s\"", devpts_mntopts);
+ DEBUG("Mount new devpts instance with options \"%s\"", devpts_mntopts);
/* Remove any pre-existing /dev/ptmx file. */
ret = access("/dev/ptmx", F_OK);
if (!ret) {
ret = remove("/dev/ptmx");
if (ret < 0) {
- SYSERROR("failed to remove existing \"/dev/ptmx\"");
+ SYSERROR("Failed to remove existing \"/dev/ptmx\" file");
return -1;
}
- DEBUG("removed existing \"/dev/ptmx\"");
+ DEBUG("Removed existing \"/dev/ptmx\" file");
}
/* Create dummy /dev/ptmx file as bind mountpoint for /dev/pts/ptmx. */
ret = open("/dev/ptmx", O_CREAT, 0666);
if (ret < 0) {
- SYSERROR("failed to create dummy \"/dev/ptmx\" file as bind mount target");
+ SYSERROR("Failed to create dummy \"/dev/ptmx\" file as bind mount target");
return -1;
}
close(ret);
- DEBUG("created dummy \"/dev/ptmx\" file as bind mount target");
+ DEBUG("Created dummy \"/dev/ptmx\" file as bind mount target");
/* Fallback option: create symlink /dev/ptmx -> /dev/pts/ptmx */
ret = mount("/dev/pts/ptmx", "/dev/ptmx", NULL, MS_BIND, NULL);
if (!ret) {
- DEBUG("bind mounted \"/dev/pts/ptmx\" to \"/dev/ptmx\"");
+ DEBUG("Bind mounted \"/dev/pts/ptmx\" to \"/dev/ptmx\"");
return 0;
} else {
/* Fallthrough and try to create a symlink. */
- ERROR("failed to bind mount \"/dev/pts/ptmx\" to \"/dev/ptmx\"");
+ ERROR("Failed to bind mount \"/dev/pts/ptmx\" to \"/dev/ptmx\"");
}
/* Remove the dummy /dev/ptmx file we created above. */
ret = remove("/dev/ptmx");
if (ret < 0) {
- SYSERROR("failed to remove existing \"/dev/ptmx\"");
+ SYSERROR("Failed to remove existing \"/dev/ptmx\"");
return -1;
}
/* Fallback option: Create symlink /dev/ptmx -> /dev/pts/ptmx. */
ret = symlink("/dev/pts/ptmx", "/dev/ptmx");
if (ret < 0) {
- SYSERROR("failed to create symlink \"/dev/ptmx\" -> \"/dev/pts/ptmx\"");
+ SYSERROR("Failed to create symlink from \"/dev/ptmx\" to \"/dev/pts/ptmx\"");
return -1;
}
- DEBUG("created symlink \"/dev/ptmx\" -> \"/dev/pts/ptmx\"");
+ DEBUG("Created symlink from \"/dev/ptmx\" to \"/dev/pts/ptmx\"");
return 0;
}
static int setup_personality(int persona)
{
- #if HAVE_SYS_PERSONALITY_H
+ int ret;
+
+#if HAVE_SYS_PERSONALITY_H
if (persona == -1)
return 0;
- if (personality(persona) < 0) {
- SYSERROR("failed to set personality to '0x%x'", persona);
+ ret = personality(persona);
+ if (ret < 0) {
+ SYSERROR("Failed to set personality to \"0x%x\"", persona);
return -1;
}
- INFO("set personality to '0x%x'", persona);
- #endif
+ INFO("Set personality to \"0x%x\"", persona);
+#endif
return 0;
}
@@ -1576,8 +1619,8 @@ static int setup_personality(int persona)
static int lxc_setup_dev_console(const struct lxc_rootfs *rootfs,
const struct lxc_terminal *console)
{
+ int fd, ret;
char path[MAXPATHLEN];
- int ret, fd;
char *rootfs_path = rootfs->path ? rootfs->mount : "";
if (console->path && !strcmp(console->path, "none"))
@@ -1615,13 +1658,14 @@ static int lxc_setup_dev_console(const struct lxc_rootfs *rootfs,
ret = chmod(console->name, S_IXUSR | S_IXGRP | S_IXOTH);
if (ret < 0) {
- SYSERROR("Failed to set mode '0%o' to '%s'", S_IXUSR | S_IXGRP | S_IXOTH, console->name);
+ SYSERROR("Failed to set mode \"0%o\" to \"%s\"",
+ S_IXUSR | S_IXGRP | S_IXOTH, console->name);
return -errno;
}
ret = safe_mount(console->name, path, "none", MS_BIND, 0, rootfs_path);
if (ret < 0) {
- ERROR("Failed to mount '%s' on '%s'", console->name, path);
+ ERROR("Failed to mount \"%s\" on \"%s\"", console->name, path);
return -1;
}
@@ -1647,7 +1691,7 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs,
ret = mkdir(path, 0755);
if (ret && errno != EEXIST) {
- SYSERROR("Failed with errno %d to create %s", errno, path);
+ SYSERROR("Failed to create \"%s\"", path);
return -errno;
}
DEBUG("Created directory for console and tty devices at \"%s\"", path);
@@ -1658,7 +1702,7 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs,
ret = creat(lxcpath, 0660);
if (ret == -1 && errno != EEXIST) {
- SYSERROR("Error %d creating %s", errno, lxcpath);
+ SYSERROR("Failed to create \"%s\"", lxcpath);
return -errno;
}
if (ret >= 0)
@@ -1671,7 +1715,7 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs,
if (file_exists(path)) {
ret = lxc_unstack_mountpoint(path, false);
if (ret < 0) {
- ERROR("Failed to unmount \"%s\": %s", path, strerror(errno));
+ ERROR("%s - Failed to unmount \"%s\"", strerror(errno), path);
return -ret;
} else {
DEBUG("Cleared all (%d) mounts from \"%s\"", ret, path);
@@ -1690,14 +1734,15 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs,
ret = chmod(console->name, S_IXUSR | S_IXGRP | S_IXOTH);
if (ret < 0) {
- SYSERROR("Failed to set mode '0%o' to '%s'", S_IXUSR | S_IXGRP | S_IXOTH, console->name);
+ SYSERROR("Failed to set mode \"0%o\" to \"%s\"",
+ S_IXUSR | S_IXGRP | S_IXOTH, console->name);
return -errno;
}
/* bind mount console->name to '/dev/<ttydir>/console' */
ret = safe_mount(console->name, lxcpath, "none", MS_BIND, 0, rootfs_path);
if (ret < 0) {
- ERROR("Failed to mount '%s' on '%s'", console->name, lxcpath);
+ ERROR("Failed to mount \"%s\" on \"%s\"", console->name, lxcpath);
return -1;
}
DEBUG("Mounted \"%s\" onto \"%s\"", console->name, lxcpath);
@@ -1705,13 +1750,12 @@ static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs,
/* bind mount '/dev/<ttydir>/console' to '/dev/console' */
ret = safe_mount(lxcpath, path, "none", MS_BIND, 0, rootfs_path);
if (ret < 0) {
- ERROR("Failed to mount '%s' on '%s'", console->name, lxcpath);
+ ERROR("Failed to mount \"%s\" on \"%s\"", console->name, lxcpath);
return -1;
}
DEBUG("Mounted \"%s\" onto \"%s\"", console->name, lxcpath);
DEBUG("Console has been setup under \"%s\" and mounted to \"%s\"", lxcpath, path);
-
return 0;
}
@@ -1733,7 +1777,7 @@ static void parse_mntopt(char *opt, unsigned long *flags, char **data)
* Otherwise append it to data. */
for (mo = &mount_opt[0]; mo->name != NULL; mo++) {
- if (!strncmp(opt, mo->name, strlen(mo->name))) {
+ if (strncmp(opt, mo->name, strlen(mo->name)) == 0) {
if (mo->clear)
*flags &= ~mo->flag;
else
@@ -1747,11 +1791,10 @@ static void parse_mntopt(char *opt, unsigned long *flags, char **data)
strcat(*data, opt);
}
-int parse_mntopts(const char *mntopts, unsigned long *mntflags,
- char **mntdata)
+int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata)
{
- char *s, *data;
- char *p, *saveptr = NULL;
+ char *data, *p, *s;
+ char *saveptr = NULL;
*mntdata = NULL;
*mntflags = 0L;
@@ -1760,21 +1803,17 @@ int parse_mntopts(const char *mntopts, unsigned long *mntflags,
return 0;
s = strdup(mntopts);
- if (!s) {
- SYSERROR("failed to allocate memory");
+ if (!s)
return -1;
- }
data = malloc(strlen(s) + 1);
if (!data) {
- SYSERROR("failed to allocate memory");
free(s);
return -1;
}
*data = 0;
- for (p = strtok_r(s, ",", &saveptr); p != NULL;
- p = strtok_r(NULL, ",", &saveptr))
+ for (; (p = strtok_r(s, ",", &saveptr)); s = NULL)
parse_mntopt(p, mntflags, &data);
if (*data)
@@ -1791,23 +1830,23 @@ static void parse_propagationopt(char *opt, unsigned long *flags)
struct mount_opt *mo;
/* If opt is found in propagation_opt, set or clear flags. */
-
for (mo = &propagation_opt[0]; mo->name != NULL; mo++) {
- if (strncmp(opt, mo->name, strlen(mo->name)) == 0) {
- if (mo->clear)
- *flags &= ~mo->flag;
- else
- *flags |= mo->flag;
- return;
- }
+ if (strncmp(opt, mo->name, strlen(mo->name)) != 0)
+ continue;
+
+ if (mo->clear)
+ *flags &= ~mo->flag;
+ else
+ *flags |= mo->flag;
+
+ return;
}
}
static int parse_propagationopts(const char *mntopts, unsigned long *pflags)
{
- char *s;
- char *p, *saveptr = NULL;
- *pflags = 0L;
+ char *p, *s;
+ char *saveptr = NULL;
if (!mntopts)
return 0;
@@ -1818,11 +1857,11 @@ static int parse_propagationopts(const char *mntopts, unsigned long *pflags)
return -ENOMEM;
}
- for (p = strtok_r(s, ",", &saveptr); p != NULL;
- p = strtok_r(NULL, ",", &saveptr))
+ *pflags = 0L;
+ for (; (p = strtok_r(s, ",", &saveptr)); s = NULL)
parse_propagationopt(p, pflags);
-
free(s);
+
return 0;
}
@@ -1833,21 +1872,22 @@ static void null_endofword(char *word)
*word = '\0';
}
-/*
- * skip @nfields spaces in @src
- */
+/* skip @nfields spaces in @src */
static char *get_field(char *src, int nfields)
{
- char *p = src;
int i;
+ char *p = src;
for (i = 0; i < nfields; i++) {
while (*p && *p != ' ' && *p != '\t')
p++;
+
if (!*p)
break;
+
p++;
}
+
return p;
}
@@ -1876,8 +1916,9 @@ static int mount_entry(const char *fsname, const char *target,
rootfs);
if (ret < 0) {
if (optional) {
- INFO("Failed to mount \"%s\" on \"%s\" (optional): %s",
- srcpath ? srcpath : "(null)", target, strerror(errno));
+ INFO("%s - Failed to mount \"%s\" on \"%s\" "
+ "(optional)", strerror(errno),
+ srcpath ? srcpath : "(null)", target);
return 0;
}
@@ -1976,7 +2017,13 @@ static int mount_entry(const char *fsname, const char *target,
static void cull_mntent_opt(struct mntent *mntent)
{
int i;
- char *list[] = {"create=dir", "create=file", "optional", "relative", NULL};
+ char *list[] = {
+ "create=dir",
+ "create=file",
+ "optional",
+ "relative",
+ NULL
+ };
for (i = 0; list[i]; i++) {
char *p, *p2;
@@ -1999,8 +2046,7 @@ static void cull_mntent_opt(struct mntent *mntent)
static int mount_entry_create_dir_file(const struct mntent *mntent,
const char *path,
const struct lxc_rootfs *rootfs,
- const char *lxc_name,
- const char *lxc_path)
+ const char *lxc_name, const char *lxc_path)
{
int fd, ret;
char *p1, *p2;
@@ -2019,29 +2065,31 @@ static int mount_entry_create_dir_file(const struct mntent *mntent,
}
}
- if (hasmntopt(mntent, "create=file") && access(path, F_OK)) {
- int fd;
- char *p1, *p2;
+ if (!hasmntopt(mntent, "create=file"))
+ return 0;
- p1 = strdup(path);
- if (!p1)
- return -1;
+ ret = access(path, F_OK);
+ if (ret != 0)
+ return 0;
- p2 = dirname(p1);
+ p1 = strdup(path);
+ if (!p1)
+ return -1;
- ret = mkdir_p(p2, 0755);
- free(p1);
- if (ret < 0 && errno != EEXIST) {
- SYSERROR("Failed to create directory \"%s\"", path);
- return -1;
- }
+ p2 = dirname(p1);
- fd = open(path, O_CREAT, 0644);
- if (fd < 0)
- return -1;
- close(fd);
+ ret = mkdir_p(p2, 0755);
+ free(p1);
+ if (ret < 0 && errno != EEXIST) {
+ SYSERROR("Failed to create directory \"%s\"", path);
+ return -1;
}
+ fd = open(path, O_CREAT, 0644);
+ if (fd < 0)
+ return -1;
+ close(fd);
+
return 0;
}
@@ -2158,98 +2206,26 @@ static int mount_entry_on_relative_rootfs(struct mntent *mntent,
const char *lxc_name,
const char *lxc_path)
{
- char path[MAXPATHLEN];
int ret;
+ char path[MAXPATHLEN];
/* relative to root mount point */
ret = snprintf(path, sizeof(path), "%s/%s", rootfs->mount, mntent->mnt_dir);
- if (ret < 0 || ret >= sizeof(path)) {
- ERROR("path name too long");
+ if (ret < 0 || (size_t)ret >= sizeof(path))
return -1;
- }
return mount_entry_on_generic(mntent, path, rootfs, lxc_name, lxc_path);
}
-/* This logs a NOTICE() when a user specifies mounts that would conflict with
- * devices liblxc sets up automatically.
- */
-static void log_notice_on_conflict(const struct lxc_conf *conf, const char *src,
- const char *dest)
-{
- char *clean_mnt_fsname, *clean_mnt_dir, *tmp;
- bool needs_warning = false;
-
- clean_mnt_fsname = lxc_deslashify(src);
- if (!clean_mnt_fsname)
- return;
-
- clean_mnt_dir = lxc_deslashify(dest);
- if (!clean_mnt_dir) {
- free(clean_mnt_fsname);
- return;
- }
-
- tmp = clean_mnt_dir;
- if (*tmp == '/')
- tmp++;
-
- if (strncmp(src, "/dev", 4) || strncmp(tmp, "dev", 3)) {
- free(clean_mnt_dir);
- free(clean_mnt_fsname);
- return;
- }
-
- if (!conf->autodev && !conf->pts && !conf->tty &&
- (!conf->console.path || !strcmp(conf->console.path, "none"))) {
- free(clean_mnt_dir);
- free(clean_mnt_fsname);
- return;
- }
-
- if (!strcmp(tmp, "dev") && conf->autodev > 0)
- needs_warning = true;
- else if (!strcmp(tmp, "dev/pts") && (conf->autodev > 0 || conf->pts > 0))
- needs_warning = true;
- else if (!strcmp(tmp, "dev/ptmx") && (conf->autodev > 0 || conf->pts > 0))
- needs_warning = true;
- else if (!strcmp(tmp, "dev/pts/ptmx") && (conf->autodev > 0 || conf->pts > 0))
- needs_warning = true;
- else if (!strcmp(tmp, "dev/null") && conf->autodev > 0)
- needs_warning = true;
- else if (!strcmp(tmp, "dev/zero") && conf->autodev > 0)
- needs_warning = true;
- else if (!strcmp(tmp, "dev/full") && conf->autodev > 0)
- needs_warning = true;
- else if (!strcmp(tmp, "dev/urandom") && conf->autodev > 0)
- needs_warning = true;
- else if (!strcmp(tmp, "dev/random") && conf->autodev > 0)
- needs_warning = true;
- else if (!strcmp(tmp, "dev/tty") && conf->autodev > 0)
- needs_warning = true;
- else if (!strncmp(tmp, "dev/tty", 7) && (conf->autodev > 0 || conf->tty > 0))
- needs_warning = true;
-
- if (needs_warning)
- NOTICE("Requesting to mount \"%s\" on \"%s\" while requesting "
- "automatic device setup under \"/dev\"",
- clean_mnt_fsname, clean_mnt_dir);
-
- free(clean_mnt_dir);
- free(clean_mnt_fsname);
-}
-
static int mount_file_entries(const struct lxc_conf *conf,
const struct lxc_rootfs *rootfs, FILE *file,
const char *lxc_name, const char *lxc_path)
{
- struct mntent mntent;
char buf[4096];
+ struct mntent mntent;
int ret = -1;
while (getmntent_r(file, &mntent, buf, sizeof(buf))) {
- log_notice_on_conflict(conf, mntent.mnt_fsname, mntent.mnt_dir);
-
if (!rootfs->path)
ret = mount_entry_on_systemfs(&mntent);
else if (mntent.mnt_dir[0] != '/')
@@ -2263,7 +2239,7 @@ static int mount_file_entries(const struct lxc_conf *conf,
}
ret = 0;
- INFO("Set up mount entries");
+ INFO("Finished setting up mounts");
return ret;
}
@@ -2296,42 +2272,50 @@ FILE *make_anonymous_mount_file(struct lxc_list *mount)
int ret;
char *mount_entry;
struct lxc_list *iterator;
- FILE *f;
int fd = -1;
- fd = memfd_create("lxc_mount_file", MFD_CLOEXEC);
+ fd = memfd_create(".lxc_mount_file", MFD_CLOEXEC);
if (fd < 0) {
if (errno != ENOSYS)
return NULL;
- f = tmpfile();
+ fd = lxc_make_tmpfile((char *){P_tmpdir "/.lxc_mount_file"}, true);
+ if (fd < 0) {
+ SYSERROR("Could not create temporary mount file");
+ return NULL;
+ }
+
TRACE("Created temporary mount file");
- } else {
- f = fdopen(fd, "r+");
- TRACE("Created anonymous mount file");
}
-
- if (!f) {
- SYSERROR("Could not create mount file");
- if (fd != -1)
- close(fd);
+ if (fd < 0) {
+ SYSERROR("Could not create temporary mount file");
return NULL;
}
- lxc_list_for_each(iterator, mount) {
+ lxc_list_for_each (iterator, mount) {
+ size_t len;
+
mount_entry = iterator->elem;
- ret = fprintf(f, "%s\n", mount_entry);
- if (ret < strlen(mount_entry))
- WARN("Could not write mount entry to mount file");
- }
+ len = strlen(mount_entry);
- ret = fseek(f, 0, SEEK_SET);
- if (ret < 0) {
- SYSERROR("Failed to seek mount file");
- fclose(f);
- return NULL;
+ ret = write(fd, mount_entry, len);
+ if (ret != len)
+ goto on_error;
+
+ ret = write(fd, "\n", 1);
+ if (ret != 1)
+ goto on_error;
}
- return f;
+ ret = lseek(fd, 0, SEEK_SET);
+ if (ret < 0)
+ goto on_error;
+
+ return fdopen(fd, "r+");
+
+on_error:
+ SYSERROR("Failed to write mount entry to temporary mount file");
+ close(fd);
+ return NULL;
}
static int setup_mount_entries(const struct lxc_conf *conf,
@@ -2339,31 +2323,30 @@ static int setup_mount_entries(const struct lxc_conf *conf,
struct lxc_list *mount, const char *lxc_name,
const char *lxc_path)
{
- FILE *f;
int ret;
+ FILE *f;
f = make_anonymous_mount_file(mount);
if (!f)
return -1;
ret = mount_file_entries(conf, rootfs, f, lxc_name, lxc_path);
-
fclose(f);
+
return ret;
}
static int parse_cap(const char *cap)
{
- char *ptr = NULL;
size_t i;
int capid = -1;
+ char *ptr = NULL;
- if (!strcmp(cap, "none"))
+ if (strcmp(cap, "none") == 0)
return -2;
for (i = 0; i < sizeof(caps_opt)/sizeof(caps_opt[0]); i++) {
-
- if (strcmp(cap, caps_opt[i].name))
+ if (strcmp(cap, caps_opt[i].name) != 0)
continue;
capid = caps_opt[i].value;
@@ -2371,9 +2354,10 @@ static int parse_cap(const char *cap)
}
if (capid < 0) {
- /* try to see if it's numeric, so the user may specify
- * capabilities that the running kernel knows about but
- * we don't */
+ /* Try to see if it's numeric, so the user may specify
+ * capabilities that the running kernel knows about but we
+ * don't
+ */
errno = 0;
capid = strtol(cap, &ptr, 10);
if (!ptr || *ptr != '\0' || errno != 0)
@@ -2390,10 +2374,10 @@ static int parse_cap(const char *cap)
int in_caplist(int cap, struct lxc_list *caps)
{
- struct lxc_list *iterator;
int capid;
+ struct lxc_list *iterator;
- lxc_list_for_each(iterator, caps) {
+ lxc_list_for_each (iterator, caps) {
capid = parse_cap(iterator->elem);
if (capid == cap)
return 1;
@@ -2404,116 +2388,121 @@ int in_caplist(int cap, struct lxc_list *caps)
static int setup_caps(struct lxc_list *caps)
{
- struct lxc_list *iterator;
- char *drop_entry;
int capid;
+ char *drop_entry;
+ struct lxc_list *iterator;
- lxc_list_for_each(iterator, caps) {
+ lxc_list_for_each (iterator, caps) {
+ int ret;
drop_entry = iterator->elem;
capid = parse_cap(drop_entry);
-
- if (capid < 0) {
+ if (capid < 0) {
ERROR("unknown capability %s", drop_entry);
return -1;
}
- DEBUG("drop capability '%s' (%d)", drop_entry, capid);
-
- if (prctl(PR_CAPBSET_DROP, capid, 0, 0, 0)) {
- SYSERROR("failed to remove %s capability", drop_entry);
+ ret = prctl(PR_CAPBSET_DROP, capid, 0, 0, 0);
+ if (ret < 0) {
+ SYSERROR("Failed to remove %s capability", drop_entry);
return -1;
}
-
+ DEBUG("Dropped %s (%d) capability", drop_entry, capid);
}
- DEBUG("capabilities have been setup");
-
+ DEBUG("Capabilities have been setup");
return 0;
}
static int dropcaps_except(struct lxc_list *caps)
{
- struct lxc_list *iterator;
+ int i, capid, numcaps;
char *keep_entry;
- int i, capid;
- int numcaps = lxc_caps_last_cap() + 1;
- INFO("found %d capabilities", numcaps);
+ struct lxc_list *iterator;
+ numcaps = lxc_caps_last_cap() + 1;
if (numcaps <= 0 || numcaps > 200)
return -1;
+ TRACE("Found %d capabilities", numcaps);
/* caplist[i] is 1 if we keep capability i */
int *caplist = alloca(numcaps * sizeof(int));
memset(caplist, 0, numcaps * sizeof(int));
- lxc_list_for_each(iterator, caps) {
-
+ lxc_list_for_each (iterator, caps) {
keep_entry = iterator->elem;
capid = parse_cap(keep_entry);
-
if (capid == -2)
continue;
- if (capid < 0) {
- ERROR("unknown capability %s", keep_entry);
+ if (capid < 0) {
+ ERROR("Unknown capability %s", keep_entry);
return -1;
}
- DEBUG("keep capability '%s' (%d)", keep_entry, capid);
-
+ DEBUG("Keep capability %s (%d)", keep_entry, capid);
caplist[capid] = 1;
}
- for (i=0; i<numcaps; i++) {
+
+ for (i = 0; i < numcaps; i++) {
+ int ret;
+
if (caplist[i])
continue;
- if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0)) {
- SYSERROR("failed to remove capability %d", i);
+
+ ret = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
+ if (ret < 0) {
+ SYSERROR("Failed to remove capability %d", i);
return -1;
}
}
- DEBUG("capabilities have been setup");
-
+ DEBUG("Capabilities have been setup");
return 0;
}
-static int parse_resource(const char *res) {
+static int parse_resource(const char *res)
+{
+ int ret;
size_t i;
int resid = -1;
- for (i = 0; i < sizeof(limit_opt)/sizeof(limit_opt[0]); ++i) {
+ for (i = 0; i < sizeof(limit_opt) / sizeof(limit_opt[0]); ++i)
if (strcmp(res, limit_opt[i].name) == 0)
return limit_opt[i].value;
- }
- /* try to see if it's numeric, so the user may specify
+ /* Try to see if it's numeric, so the user may specify
* resources that the running kernel knows about but
- * we don't */
- if (lxc_safe_int(res, &resid) == 0)
- return resid;
- return -1;
+ * we don't.
+ */
+ ret = lxc_safe_int(res, &resid);
+ if (ret < 0)
+ return -1;
+
+ return resid;
}
-int setup_resource_limits(struct lxc_list *limits, pid_t pid) {
+int setup_resource_limits(struct lxc_list *limits, pid_t pid)
+{
+ int resid;
struct lxc_list *it;
struct lxc_limit *lim;
- int resid;
- lxc_list_for_each(it, limits) {
+ lxc_list_for_each (it, limits) {
lim = it->elem;
resid = parse_resource(lim->resource);
if (resid < 0) {
- ERROR("unknown resource %s", lim->resource);
+ ERROR("Unknown resource %s", lim->resource);
return -1;
}
#if HAVE_PRLIMIT || HAVE_PRLIMIT64
if (prlimit(pid, resid, &lim->limit, NULL) != 0) {
- ERROR("failed to set limit %s: %s", lim->resource, strerror(errno));
+ ERROR("Failed to set limit %s: %s", lim->resource,
+ strerror(errno));
return -1;
}
#else
@@ -2521,6 +2510,7 @@ int setup_resource_limits(struct lxc_list *limits, pid_t pid) {
return -1;
#endif
}
+
return 0;
}
@@ -2528,11 +2518,11 @@ int setup_sysctl_parameters(struct lxc_list *sysctls)
{
struct lxc_list *it;
struct lxc_sysctl *elem;
+ int ret = 0;
char *tmp = NULL;
char filename[MAXPATHLEN] = {0};
- int ret = 0;
- lxc_list_for_each(it, sysctls) {
+ lxc_list_for_each (it, sysctls) {
elem = it->elem;
tmp = lxc_string_replace(".", "/", elem->key);
if (!tmp) {
@@ -2547,12 +2537,15 @@ int setup_sysctl_parameters(struct lxc_list *sysctls)
return -1;
}
- ret = lxc_write_to_file(filename, elem->value, strlen(elem->value), false);
+ ret = lxc_write_to_file(filename, elem->value,
+ strlen(elem->value), false);
if (ret < 0) {
- ERROR("Failed to setup sysctl parameters %s to %s", elem->key, elem->value);
+ ERROR("Failed to setup sysctl parameters %s to %s",
+ elem->key, elem->value);
return -1;
}
}
+
return 0;
}
@@ -2560,11 +2553,11 @@ int setup_proc_filesystem(struct lxc_list *procs, pid_t pid)
{
struct lxc_list *it;
struct lxc_proc *elem;
+ int ret = 0;
char *tmp = NULL;
char filename[MAXPATHLEN] = {0};
- int ret = 0;
- lxc_list_for_each(it, procs) {
+ lxc_list_for_each (it, procs) {
elem = it->elem;
tmp = lxc_string_replace(".", "/", elem->filename);
if (!tmp) {
@@ -2579,12 +2572,15 @@ int setup_proc_filesystem(struct lxc_list *procs, pid_t pid)
return -1;
}
- ret = lxc_write_to_file(filename, elem->value, strlen(elem->value), false);
+ ret = lxc_write_to_file(filename, elem->value,
+ strlen(elem->value), false);
if (ret < 0) {
- ERROR("Failed to setup proc filesystem %s to %s", elem->filename, elem->value);
+ ERROR("Failed to setup proc filesystem %s to %s",
+ elem->filename, elem->value);
return -1;
}
}
+
return 0;
}
@@ -2592,14 +2588,12 @@ static char *default_rootfs_mount = LXCROOTFSMOUNT;
struct lxc_conf *lxc_conf_init(void)
{
- struct lxc_conf *new;
int i;
+ struct lxc_conf *new;
new = malloc(sizeof(*new));
- if (!new) {
- ERROR("lxc_conf_init : %s", strerror(errno));
+ if (!new)
return NULL;
- }
memset(new, 0, sizeof(*new));
new->loglevel = LXC_LOG_LEVEL_NOTSET;
@@ -2622,7 +2616,6 @@ struct lxc_conf *lxc_conf_init(void)
new->nbd_idx = -1;
new->rootfs.mount = strdup(default_rootfs_mount);
if (!new->rootfs.mount) {
- ERROR("lxc_conf_init : %s", strerror(errno));
free(new);
return NULL;
}
@@ -2664,17 +2657,15 @@ struct lxc_conf *lxc_conf_init(void)
int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
size_t buf_size)
{
- char path[MAXPATHLEN];
int fd, ret;
+ char path[MAXPATHLEN];
if (geteuid() != 0 && idtype == ID_TYPE_GID) {
size_t buflen;
ret = snprintf(path, MAXPATHLEN, "/proc/%d/setgroups", pid);
- if (ret < 0 || ret >= MAXPATHLEN) {
- ERROR("Failed to create string");
+ if (ret < 0 || ret >= MAXPATHLEN)
return -E2BIG;
- }
fd = open(path, O_WRONLY);
if (fd < 0 && errno != ENOENT) {
@@ -2687,7 +2678,8 @@ int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
errno = 0;
ret = lxc_write_nointr(fd, "deny\n", buflen);
if (ret != buflen) {
- SYSERROR("Failed to write \"deny\" to \"/proc/%d/setgroups\"", pid);
+ SYSERROR("Failed to write \"deny\" to "
+ "\"/proc/%d/setgroups\"", pid);
close(fd);
return -1;
}
@@ -2697,10 +2689,8 @@ int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
ret = snprintf(path, MAXPATHLEN, "/proc/%d/%cid_map", pid,
idtype == ID_TYPE_UID ? 'u' : 'g');
- if (ret < 0 || ret >= MAXPATHLEN) {
- ERROR("Failed to create string");
+ if (ret < 0 || ret >= MAXPATHLEN)
return -E2BIG;
- }
fd = open(path, O_WRONLY);
if (fd < 0) {
@@ -2727,7 +2717,6 @@ int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf,
* @return 0 if binary exists but is lacking privilege
* @return -ENOENT if binary does not exist
* @return -EINVAL if cap to check is neither CAP_SETUID nor CAP_SETGID
- *
*/
static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap)
{
@@ -2751,18 +2740,18 @@ static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap)
/* Check if the binary is setuid. */
if (st.st_mode & S_ISUID) {
- DEBUG("The binary \"%s\" does have the setuid bit set.", path);
+ DEBUG("The binary \"%s\" does have the setuid bit set", path);
fret = 1;
goto cleanup;
}
- #if HAVE_LIBCAP && LIBCAP_SUPPORTS_FILE_CAPABILITIES
+#if HAVE_LIBCAP && LIBCAP_SUPPORTS_FILE_CAPABILITIES
/* Check if it has the CAP_SETUID capability. */
if ((cap & CAP_SETUID) &&
lxc_file_cap_is_set(path, CAP_SETUID, CAP_EFFECTIVE) &&
lxc_file_cap_is_set(path, CAP_SETUID, CAP_PERMITTED)) {
DEBUG("The binary \"%s\" has CAP_SETUID in its CAP_EFFECTIVE "
- "and CAP_PERMITTED sets.", path);
+ "and CAP_PERMITTED sets", path);
fret = 1;
goto cleanup;
}
@@ -2772,19 +2761,19 @@ static int idmaptool_on_path_and_privileged(const char *binary, cap_value_t cap)
lxc_file_cap_is_set(path, CAP_SETGID, CAP_EFFECTIVE) &&
lxc_file_cap_is_set(path, CAP_SETGID, CAP_PERMITTED)) {
DEBUG("The binary \"%s\" has CAP_SETGID in its CAP_EFFECTIVE "
- "and CAP_PERMITTED sets.", path);
+ "and CAP_PERMITTED sets", path);
fret = 1;
goto cleanup;
}
- #else
+#else
/* If we cannot check for file capabilities we need to give the benefit
* of the doubt. Otherwise we might fail even though all the necessary
* file capabilities are set.
*/
DEBUG("Cannot check for file capabilites as full capability support is "
- "missing. Manual intervention needed.");
+ "missing. Manual intervention needed");
fret = 1;
- #endif
+#endif
cleanup:
free(path);
@@ -2799,13 +2788,13 @@ int lxc_map_ids_exec_wrapper(void *args)
int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
{
- struct id_map *map;
- struct lxc_list *iterator;
- enum idtype type;
+ int fill, left;
char u_or_g;
char *pos;
- int fill, left;
char cmd_output[MAXPATHLEN];
+ struct id_map *map;
+ struct lxc_list *iterator;
+ enum idtype type;
/* strlen("new at idmap") = 9
* +
* strlen(" ") = 1
@@ -2817,9 +2806,9 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
* We add some additional space to make sure that we really have
* LXC_IDMAPLEN bytes available for our the {g,u]id mapping.
*/
+ int ret = 0, gidmap = 0, uidmap = 0;
char mapbuf[9 + 1 + LXC_NUMSTRLEN64 + 1 + LXC_IDMAPLEN] = {0};
- int ret = 0, uidmap = 0, gidmap = 0;
- bool use_shadow = false, had_entry = false;
+ bool had_entry = false, use_shadow = false;
/* If new{g,u}idmap exists, that is, if shadow is handing out subuid
* ranges, then insist that root also reserve ranges in subuid. This
@@ -2839,7 +2828,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
WARN("newgidmap is lacking necessary privileges");
if (uidmap > 0 && gidmap > 0) {
- DEBUG("Functional newuidmap and newgidmap binary found.");
+ DEBUG("Functional newuidmap and newgidmap binary found");
use_shadow = true;
} else {
/* In case unprivileged users run application containers via
@@ -2848,7 +2837,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
* doing so by requiring geteuid() == 0.
*/
DEBUG("No newuidmap and newgidmap binary found. Trying to "
- "write directly with euid %d.", geteuid());
+ "write directly with euid %d", geteuid());
}
for (type = ID_TYPE_UID, u_or_g = 'u'; type <= ID_TYPE_GID;
@@ -2911,24 +2900,22 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
return 0;
}
-/*
- * return the host uid/gid to which the container root is mapped in
- * *val.
+/* Return the host uid/gid to which the container root is mapped in val.
* Return true if id was found, false otherwise.
*/
bool get_mapped_rootid(struct lxc_conf *conf, enum idtype idtype,
unsigned long *val)
{
- struct lxc_list *it;
- struct id_map *map;
unsigned nsid;
+ struct id_map *map;
+ struct lxc_list *it;
if (idtype == ID_TYPE_UID)
nsid = (conf->root_nsuid_map != NULL) ? 0 : conf->init_uid;
else
nsid = (conf->root_nsgid_map != NULL) ? 0 : conf->init_gid;
- lxc_list_for_each(it, &conf->id_map) {
+ lxc_list_for_each (it, &conf->id_map) {
map = it->elem;
if (map->idtype != idtype)
continue;
@@ -2943,33 +2930,39 @@ bool get_mapped_rootid(struct lxc_conf *conf, enum idtype idtype,
int mapped_hostid(unsigned id, struct lxc_conf *conf, enum idtype idtype)
{
- struct lxc_list *it;
struct id_map *map;
- lxc_list_for_each(it, &conf->id_map) {
+ struct lxc_list *it;
+
+ lxc_list_for_each (it, &conf->id_map) {
map = it->elem;
if (map->idtype != idtype)
continue;
+
if (id >= map->hostid && id < map->hostid + map->range)
return (id - map->hostid) + map->nsid;
}
+
return -1;
}
int find_unmapped_nsid(struct lxc_conf *conf, enum idtype idtype)
{
- struct lxc_list *it;
struct id_map *map;
+ struct lxc_list *it;
unsigned int freeid = 0;
+
again:
- lxc_list_for_each(it, &conf->id_map) {
+ lxc_list_for_each (it, &conf->id_map) {
map = it->elem;
if (map->idtype != idtype)
continue;
+
if (freeid >= map->nsid && freeid < map->nsid + map->range) {
freeid = map->nsid + map->range;
goto again;
}
}
+
return freeid;
}
@@ -2979,8 +2972,7 @@ int chown_mapped_root_exec_wrapper(void *args)
return -1;
}
-/*
- * chown_mapped_root: for an unprivileged user with uid/gid X to
+/* chown_mapped_root: for an unprivileged user with uid/gid X to
* chown a dir to subuid/subgid Y, he needs to run chown as root
* in a userns where nsid 0 is mapped to hostuid/hostgid Y, and
* nsid Y is mapped to hostuid/hostgid X. That way, the container
@@ -3020,6 +3012,7 @@ int chown_mapped_root(const char *path, struct lxc_conf *conf)
return -1;
}
rootuid = (uid_t)val;
+
if (!get_mapped_rootid(conf, ID_TYPE_GID, &val)) {
ERROR("No gid mapping for container root");
return -1;
@@ -3031,6 +3024,7 @@ int chown_mapped_root(const char *path, struct lxc_conf *conf)
ERROR("Error chowning %s", path);
return -1;
}
+
return 0;
}
@@ -3126,7 +3120,7 @@ int lxc_create_tmp_proc_mount(struct lxc_conf *conf)
mounted = lxc_mount_proc_if_needed(conf->rootfs.path ? conf->rootfs.mount : "");
if (mounted == -1) {
- SYSERROR("failed to mount /proc in the container");
+ SYSERROR("Failed to mount proc in the container");
/* continue only if there is no rootfs */
if (conf->rootfs.path)
return -1;
@@ -3139,39 +3133,47 @@ int lxc_create_tmp_proc_mount(struct lxc_conf *conf)
void tmp_proc_unmount(struct lxc_conf *lxc_conf)
{
- if (lxc_conf->tmp_umount_proc == 1) {
- umount("/proc");
- lxc_conf->tmp_umount_proc = 0;
- }
+ if (lxc_conf->tmp_umount_proc != 1)
+ return;
+
+ umount("/proc");
+ lxc_conf->tmp_umount_proc = 0;
}
+/* Walk /proc/mounts and change any shared entries to slave. */
void remount_all_slave(void)
{
- /* walk /proc/mounts and change any shared entries to slave */
- FILE *f = fopen("/proc/self/mountinfo", "r");
- char *line = NULL;
+ FILE *f;
size_t len = 0;
+ char *line = NULL;
+ f = fopen("/proc/self/mountinfo", "r");
if (!f) {
- SYSERROR("Failed to open /proc/self/mountinfo to mark all shared");
+ SYSERROR("Failed to open \"/proc/self/mountinfo\" to mark all shared");
ERROR("Continuing container startup...");
return;
}
while (getline(&line, &len, f) != -1) {
- char *target, *opts;
+ int ret;
+ char *opts, *target;
+
target = get_field(line, 4);
if (!target)
continue;
+
opts = get_field(target, 2);
if (!opts)
continue;
+
null_endofword(opts);
if (!strstr(opts, "shared"))
continue;
+
null_endofword(target);
- if (mount(NULL, target, NULL, MS_SLAVE, NULL)) {
- SYSERROR("Failed to make %s rslave", target);
+ ret = mount(NULL, target, NULL, MS_SLAVE, NULL);
+ if (ret < 0) {
+ SYSERROR("Failed to make \"%s\" MS_SLAVE", target);
ERROR("Continuing...");
}
}
@@ -3192,24 +3194,22 @@ static int lxc_execute_bind_init(struct lxc_conf *conf)
}
ret = snprintf(path, PATH_MAX, SBINDIR "/init.lxc.static");
- if (ret < 0 || ret >= PATH_MAX) {
- ERROR("Path name too long searching for lxc.init.static");
+ if (ret < 0 || ret >= PATH_MAX)
return -1;
- }
if (!file_exists(path)) {
- ERROR("%s does not exist on host", path);
+ ERROR("The file \"%s\" does not exist on host", path);
return -1;
}
ret = snprintf(destpath, PATH_MAX, "%s%s", conf->rootfs.mount, "/init.lxc.static");
- if (ret < 0 || ret >= PATH_MAX) {
- ERROR("Path name too long for container's lxc.init.static");
+ if (ret < 0 || ret >= PATH_MAX)
return -1;
- }
if (!file_exists(destpath)) {
- FILE *pathfile = fopen(destpath, "wb");
+ FILE *pathfile;
+
+ pathfile = fopen(destpath, "wb");
if (!pathfile) {
SYSERROR("Failed to create mount target \"%s\"", destpath);
return -1;
@@ -3220,7 +3220,7 @@ static int lxc_execute_bind_init(struct lxc_conf *conf)
ret = safe_mount(path, destpath, "none", MS_BIND, NULL, conf->rootfs.mount);
if (ret < 0) {
- SYSERROR("Failed to bind lxc.init.static into container");
+ SYSERROR("Failed to bind mount lxc.init.static into container");
return -1;
}
@@ -3228,34 +3228,40 @@ static int lxc_execute_bind_init(struct lxc_conf *conf)
return 0;
}
-/*
- * This does the work of remounting / if it is shared, calling the
- * container pre-mount hooks, and mounting the rootfs.
+/* This does the work of remounting / if it is shared, calling the container
+ * pre-mount hooks, and mounting the rootfs.
*/
int do_rootfs_setup(struct lxc_conf *conf, const char *name, const char *lxcpath)
{
+ int ret;
+
if (conf->rootfs_setup) {
- /*
- * rootfs was set up in another namespace. bind-mount it
- * to give us a mount in our own ns so we can pivot_root to it
- */
const char *path = conf->rootfs.mount;
- if (mount(path, path, "rootfs", MS_BIND, NULL) < 0) {
- ERROR("Failed to bind-mount container / onto itself");
+
+ /* The rootfs was set up in another namespace. bind-mount it to
+ * give us a mount in our own ns so we can pivot_root to it
+ */
+ ret = mount(path, path, "rootfs", MS_BIND, NULL);
+ if (ret < 0) {
+ ERROR("Failed to bind mount container / onto itself");
return -1;
}
+
+ TRACE("Bind mounted container / onto itself");
return 0;
}
remount_all_slave();
- if (run_lxc_hooks(name, "pre-mount", conf, NULL)) {
- ERROR("failed to run pre-mount hooks for container '%s'.", name);
+ ret = run_lxc_hooks(name, "pre-mount", conf, NULL);
+ if (ret < 0) {
+ ERROR("Failed to run pre-mount hooks");
return -1;
}
- if (lxc_setup_rootfs(conf)) {
- ERROR("failed to setup rootfs for '%s'", name);
+ ret = lxc_setup_rootfs(conf);
+ if (ret < 0) {
+ ERROR("Failed to setup rootfs for");
return -1;
}
@@ -3265,23 +3271,27 @@ int do_rootfs_setup(struct lxc_conf *conf, const char *name, const char *lxcpath
static bool verify_start_hooks(struct lxc_conf *conf)
{
- struct lxc_list *it;
char path[MAXPATHLEN];
- lxc_list_for_each(it, &conf->hooks[LXCHOOK_START]) {
- char *hookname = it->elem;
- struct stat st;
+ struct lxc_list *it;
+
+ lxc_list_for_each (it, &conf->hooks[LXCHOOK_START]) {
int ret;
+ struct stat st;
+ char *hookname = it->elem;
ret = snprintf(path, MAXPATHLEN, "%s%s",
- conf->rootfs.path ? conf->rootfs.mount : "", hookname);
+ conf->rootfs.path ? conf->rootfs.mount : "",
+ hookname);
if (ret < 0 || ret >= MAXPATHLEN)
return false;
+
ret = stat(path, &st);
- if (ret) {
+ if (ret < 0) {
SYSERROR("Start hook %s not found in container",
- hookname);
+ hookname);
return false;
}
+
return true;
}
@@ -3291,9 +3301,8 @@ static bool verify_start_hooks(struct lxc_conf *conf)
int lxc_setup(struct lxc_handler *handler)
{
int ret;
- const char *name = handler->name;
+ const char *lxcpath = handler->lxcpath, *name = handler->name;
struct lxc_conf *lxc_conf = handler->conf;
- const char *lxcpath = handler->lxcpath;
ret = do_rootfs_setup(lxc_conf, name, lxcpath);
if (ret < 0) {
@@ -3304,7 +3313,7 @@ int lxc_setup(struct lxc_handler *handler)
if (handler->nsfd[LXC_NS_UTS] == -1) {
ret = setup_utsname(lxc_conf->utsname);
if (ret < 0) {
- ERROR("failed to setup the utsname for '%s'", name);
+ ERROR("Failed to setup the utsname %s", name);
return -1;
}
}
@@ -3499,7 +3508,7 @@ int run_lxc_hooks(const char *name, char *hookname, struct lxc_conf *conf,
else
return -1;
- lxc_list_for_each(it, &conf->hooks[which]) {
+ lxc_list_for_each (it, &conf->hooks[which]) {
int ret;
char *hook = it->elem;
@@ -3516,11 +3525,12 @@ int lxc_clear_config_caps(struct lxc_conf *c)
{
struct lxc_list *it, *next;
- lxc_list_for_each_safe(it, &c->caps, next) {
+ lxc_list_for_each_safe (it, &c->caps, next) {
lxc_list_del(it);
free(it->elem);
free(it);
}
+
return 0;
}
@@ -3528,7 +3538,7 @@ static int lxc_free_idmap(struct lxc_list *id_map)
{
struct lxc_list *it, *next;
- lxc_list_for_each_safe(it, id_map, next) {
+ lxc_list_for_each_safe (it, id_map, next) {
lxc_list_del(it);
free(it->elem);
free(it);
@@ -3544,13 +3554,14 @@ int lxc_clear_idmaps(struct lxc_conf *c)
int lxc_clear_config_keepcaps(struct lxc_conf *c)
{
- struct lxc_list *it,*next;
+ struct lxc_list *it, *next;
- lxc_list_for_each_safe(it, &c->keepcaps, next) {
+ lxc_list_for_each_safe (it, &c->keepcaps, next) {
lxc_list_del(it);
free(it->elem);
free(it);
}
+
return 0;
}
@@ -3565,12 +3576,12 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
if (version == CGROUP2_SUPER_MAGIC) {
global_token = "lxc.cgroup2";
namespaced_token = "lxc.cgroup2.";
- namespaced_token_len = sizeof("lxc.cgroup2.") - 1;;
+ namespaced_token_len = sizeof("lxc.cgroup2.") - 1;
list = &c->cgroup2;
} else if (version == CGROUP_SUPER_MAGIC) {
global_token = "lxc.cgroup";
namespaced_token = "lxc.cgroup.";
- namespaced_token_len = sizeof("lxc.cgroup.") - 1;;
+ namespaced_token_len = sizeof("lxc.cgroup.") - 1;
list = &c->cgroup;
} else {
return -EINVAL;
@@ -3583,7 +3594,7 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
else
return -EINVAL;
- lxc_list_for_each_safe(it, list, next) {
+ lxc_list_for_each_safe (it, list, next) {
struct lxc_cgroup *cg = it->elem;
if (!all && strcmp(cg->subsystem, k) != 0)
@@ -3602,8 +3613,8 @@ int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version)
int lxc_clear_limits(struct lxc_conf *c, const char *key)
{
struct lxc_list *it, *next;
- bool all = false;
const char *k = NULL;
+ bool all = false;
if (strcmp(key, "lxc.limit") == 0 || strcmp(key, "lxc.prlimit") == 0)
all = true;
@@ -3614,10 +3625,12 @@ int lxc_clear_limits(struct lxc_conf *c, const char *key)
else
return -1;
- lxc_list_for_each_safe(it, &c->limits, next) {
+ lxc_list_for_each_safe (it, &c->limits, next) {
struct lxc_limit *lim = it->elem;
+
if (!all && strcmp(lim->resource, k) != 0)
continue;
+
lxc_list_del(it);
free(lim->resource);
free(lim);
@@ -3630,8 +3643,8 @@ int lxc_clear_limits(struct lxc_conf *c, const char *key)
int lxc_clear_sysctls(struct lxc_conf *c, const char *key)
{
struct lxc_list *it, *next;
- bool all = false;
const char *k = NULL;
+ bool all = false;
if (strcmp(key, "lxc.sysctl") == 0)
all = true;
@@ -3640,24 +3653,27 @@ int lxc_clear_sysctls(struct lxc_conf *c, const char *key)
else
return -1;
- lxc_list_for_each_safe(it, &c->sysctls, next) {
+ lxc_list_for_each_safe (it, &c->sysctls, next) {
struct lxc_sysctl *elem = it->elem;
+
if (!all && strcmp(elem->key, k) != 0)
continue;
+
lxc_list_del(it);
free(elem->key);
free(elem->value);
free(elem);
free(it);
}
+
return 0;
}
int lxc_clear_procs(struct lxc_conf *c, const char *key)
{
- struct lxc_list *it,*next;
- bool all = false;
+ struct lxc_list *it, *next;
const char *k = NULL;
+ bool all = false;
if (strcmp(key, "lxc.proc") == 0)
all = true;
@@ -3666,10 +3682,12 @@ int lxc_clear_procs(struct lxc_conf *c, const char *key)
else
return -1;
- lxc_list_for_each_safe(it, &c->procs, next) {
+ lxc_list_for_each_safe (it, &c->procs, next) {
struct lxc_proc *proc = it->elem;
+
if (!all && strcmp(proc->filename, k) != 0)
continue;
+
lxc_list_del(it);
free(proc->filename);
free(proc->value);
@@ -3682,37 +3700,40 @@ int lxc_clear_procs(struct lxc_conf *c, const char *key)
int lxc_clear_groups(struct lxc_conf *c)
{
- struct lxc_list *it,*next;
+ struct lxc_list *it, *next;
- lxc_list_for_each_safe(it, &c->groups, next) {
+ lxc_list_for_each_safe (it, &c->groups, next) {
lxc_list_del(it);
free(it->elem);
free(it);
}
+
return 0;
}
int lxc_clear_environment(struct lxc_conf *c)
{
- struct lxc_list *it,*next;
+ struct lxc_list *it, *next;
- lxc_list_for_each_safe(it, &c->environment, next) {
+ lxc_list_for_each_safe (it, &c->environment, next) {
lxc_list_del(it);
free(it->elem);
free(it);
}
+
return 0;
}
int lxc_clear_mount_entries(struct lxc_conf *c)
{
- struct lxc_list *it,*next;
+ struct lxc_list *it, *next;
- lxc_list_for_each_safe(it, &c->mount_list, next) {
+ lxc_list_for_each_safe (it, &c->mount_list, next) {
lxc_list_del(it);
free(it->elem);
free(it);
}
+
return 0;
}
@@ -3724,25 +3745,26 @@ int lxc_clear_automounts(struct lxc_conf *c)
int lxc_clear_hooks(struct lxc_conf *c, const char *key)
{
- struct lxc_list *it,*next;
- bool all = false, done = false;
- const char *k = NULL;
int i;
+ struct lxc_list *it, *next;
+ const char *k = NULL;
+ bool all = false, done = false;
if (strcmp(key, "lxc.hook") == 0)
all = true;
- else if (strncmp(key, "lxc.hook.", sizeof("lxc.hook.")-1) == 0)
- k = key + sizeof("lxc.hook.")-1;
+ else if (strncmp(key, "lxc.hook.", sizeof("lxc.hook.") - 1) == 0)
+ k = key + sizeof("lxc.hook.") - 1;
else
return -1;
- for (i=0; i<NUM_LXC_HOOKS; i++) {
+ for (i = 0; i < NUM_LXC_HOOKS; i++) {
if (all || strcmp(k, lxchook_names[i]) == 0) {
- lxc_list_for_each_safe(it, &c->hooks[i], next) {
+ lxc_list_for_each_safe (it, &c->hooks[i], next) {
lxc_list_del(it);
free(it->elem);
free(it);
}
+
done = true;
}
}
@@ -3751,14 +3773,15 @@ int lxc_clear_hooks(struct lxc_conf *c, const char *key)
ERROR("Invalid hook key: %s", key);
return -1;
}
+
return 0;
}
static inline void lxc_clear_aliens(struct lxc_conf *conf)
{
- struct lxc_list *it,*next;
+ struct lxc_list *it, *next;
- lxc_list_for_each_safe(it, &conf->aliens, next) {
+ lxc_list_for_each_safe (it, &conf->aliens, next) {
lxc_list_del(it);
free(it->elem);
free(it);
@@ -3767,9 +3790,9 @@ static inline void lxc_clear_aliens(struct lxc_conf *conf)
void lxc_clear_includes(struct lxc_conf *conf)
{
- struct lxc_list *it,*next;
+ struct lxc_list *it, *next;
- lxc_list_for_each_safe(it, &conf->includes, next) {
+ lxc_list_for_each_safe (it, &conf->includes, next) {
lxc_list_del(it);
free(it->elem);
free(it);
@@ -3780,6 +3803,7 @@ void lxc_conf_free(struct lxc_conf *conf)
{
if (!conf)
return;
+
if (current_config == conf)
current_config = NULL;
lxc_terminal_conf_free(&conf->console);
@@ -3832,8 +3856,8 @@ struct userns_fn_data {
static int run_userns_fn(void *data)
{
- struct userns_fn_data *d = data;
char c;
+ struct userns_fn_data *d = data;
/* Close write end of the pipe. */
close(d->p[1]);
@@ -3849,6 +3873,7 @@ static int run_userns_fn(void *data)
if (d->fn_name)
TRACE("calling function \"%s\"", d->fn_name);
+
/* Call function to run. */
return d->fn(d->arg);
}
@@ -3873,11 +3898,11 @@ static struct id_map *mapped_nsid_add(struct lxc_conf *conf, unsigned id,
static struct id_map *find_mapped_hostid_entry(struct lxc_conf *conf,
unsigned id, enum idtype idtype)
{
- struct lxc_list *it;
struct id_map *map;
+ struct lxc_list *it;
struct id_map *retmap = NULL;
- lxc_list_for_each(it, &conf->id_map) {
+ lxc_list_for_each (it, &conf->id_map) {
map = it->elem;
if (map->idtype != idtype)
continue;
@@ -3891,11 +3916,11 @@ static struct id_map *find_mapped_hostid_entry(struct lxc_conf *conf,
return retmap;
}
-/*
- * Allocate a new {g,u}id mapping for the given {g,u}id. Re-use an already
+/* Allocate a new {g,u}id mapping for the given {g,u}id. Re-use an already
* existing one or establish a new one.
*/
-static struct id_map *mapped_hostid_add(struct lxc_conf *conf, uid_t id, enum idtype type)
+static struct id_map *mapped_hostid_add(struct lxc_conf *conf, uid_t id,
+ enum idtype type)
{
int hostid_mapped;
struct id_map *entry = NULL, *tmp = NULL;
@@ -4053,11 +4078,11 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data,
const char *fn_name)
{
pid_t pid;
- struct userns_fn_data d;
int p[2];
- char c = '1';
- int ret = -1, status = -1;
+ struct userns_fn_data d;
struct lxc_list *idmap;
+ int ret = -1, status = -1;
+ char c = '1';
idmap = get_minimal_idmap(conf);
if (!idmap)
@@ -4077,7 +4102,7 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data,
/* Clone child in new user namespace. */
pid = lxc_raw_clone_cb(run_userns_fn, &d, CLONE_NEWUSER);
if (pid < 0) {
- ERROR("failed to clone child process in new user namespace");
+ ERROR("Failed to clone process in new user namespace");
goto on_error;
}
@@ -4086,23 +4111,23 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data,
if (lxc_log_get_level() == LXC_LOG_LEVEL_TRACE ||
conf->loglevel == LXC_LOG_LEVEL_TRACE) {
- struct lxc_list *it;
struct id_map *map;
+ struct lxc_list *it;
- lxc_list_for_each(it, idmap) {
+ lxc_list_for_each (it, idmap) {
map = it->elem;
TRACE("Establishing %cid mapping for \"%d\" in new "
"user namespace: nsuid %lu - hostid %lu - range "
- "%lu", (map->idtype == ID_TYPE_UID) ? 'u' : 'g',
- pid, map->nsid, map->hostid, map->range);
+ "%lu",
+ (map->idtype == ID_TYPE_UID) ? 'u' : 'g', pid,
+ map->nsid, map->hostid, map->range);
}
}
/* Set up {g,u}id mapping for user namespace of child process. */
ret = lxc_map_ids(idmap, pid);
if (ret < 0) {
- ERROR("Error setting up {g,u}id mappings for child process "
- "\"%d\"", pid);
+ ERROR("Error setting up {g,u}id mappings for child process \"%d\"", pid);
goto on_error;
}
@@ -4132,12 +4157,12 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
{
pid_t pid;
uid_t euid, egid;
- struct userns_fn_data d;
int p[2];
struct id_map *map;
struct lxc_list *cur;
- char c = '1';
+ struct userns_fn_data d;
int ret = -1;
+ char c = '1';
struct lxc_list *idmap = NULL, *tmplist = NULL;
struct id_map *container_root_uid = NULL, *container_root_gid = NULL,
*host_uid_map = NULL, *host_gid_map = NULL;
@@ -4156,7 +4181,7 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
/* Clone child in new user namespace. */
pid = lxc_clone(run_userns_fn, &d, CLONE_NEWUSER);
if (pid < 0) {
- ERROR("failed to clone child process in new user namespace");
+ ERROR("Failed to clone process in new user namespace");
goto on_error;
}
@@ -4173,7 +4198,7 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
lxc_list_init(idmap);
/* Find container root. */
- lxc_list_for_each(cur, &conf->id_map) {
+ lxc_list_for_each (cur, &conf->id_map) {
struct id_map *tmpmap;
tmplist = malloc(sizeof(*tmplist));
@@ -4263,7 +4288,7 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
if (lxc_log_get_level() == LXC_LOG_LEVEL_TRACE ||
conf->loglevel == LXC_LOG_LEVEL_TRACE) {
- lxc_list_for_each(cur, idmap) {
+ lxc_list_for_each (cur, idmap) {
map = cur->elem;
TRACE("establishing %cid mapping for \"%d\" in new "
"user namespace: nsuid %lu - hostid %lu - range "
@@ -4276,14 +4301,13 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
/* Set up {g,u}id mapping for user namespace of child process. */
ret = lxc_map_ids(idmap, pid);
if (ret < 0) {
- ERROR("error setting up {g,u}id mappings for child process "
- "\"%d\"", pid);
+ ERROR("error setting up {g,u}id mappings for child process \"%d\"", pid);
goto on_error;
}
/* Tell child to proceed. */
if (write(p[1], &c, 1) != 1) {
- SYSERROR("failed telling child process \"%d\" to proceed", pid);
+ SYSERROR("Failed telling child process \"%d\" to proceed", pid);
goto on_error;
}
@@ -4307,7 +4331,7 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data,
}
/* not thread-safe, do not use from api without first forking */
-static char* getuname(void)
+static char *getuname(void)
{
struct passwd *result;
@@ -4333,16 +4357,18 @@ static char *getgname(void)
/* not thread-safe, do not use from api without first forking */
void suggest_default_idmap(void)
{
+ char *uname, *gname;
FILE *f;
unsigned int uid = 0, urange = 0, gid = 0, grange = 0;
- char *line = NULL;
- char *uname, *gname;
size_t len = 0;
+ char *line = NULL;
- if (!(uname = getuname()))
+ uname = getuname();
+ if (!uname)
return;
- if (!(gname = getgname())) {
+ gname = getgname();
+ if (!gname) {
free(uname);
return;
}
@@ -4354,17 +4380,22 @@ void suggest_default_idmap(void)
free(uname);
return;
}
+
while (getline(&line, &len, f) != -1) {
+ char *p, *p2;
size_t no_newline = 0;
- char *p = strchr(line, ':'), *p2;
+
+ p = strchr(line, ':');
if (*line == '#')
continue;
if (!p)
continue;
*p = '\0';
p++;
+
if (strcmp(line, uname))
continue;
+
p2 = strchr(p, ':');
if (!p2)
continue;
@@ -4376,9 +4407,9 @@ void suggest_default_idmap(void)
p2[no_newline] = '\0';
if (lxc_safe_uint(p, &uid) < 0)
- WARN("Could not parse UID.");
+ WARN("Could not parse UID");
if (lxc_safe_uint(p2, &urange) < 0)
- WARN("Could not parse UID range.");
+ WARN("Could not parse UID range");
}
fclose(f);
@@ -4389,17 +4420,22 @@ void suggest_default_idmap(void)
free(uname);
return;
}
+
while (getline(&line, &len, f) != -1) {
+ char *p, *p2;
size_t no_newline = 0;
- char *p = strchr(line, ':'), *p2;
+
+ p = strchr(line, ':');
if (*line == '#')
continue;
if (!p)
continue;
*p = '\0';
p++;
+
if (strcmp(line, uname))
continue;
+
p2 = strchr(p, ':');
if (!p2)
continue;
@@ -4411,9 +4447,9 @@ void suggest_default_idmap(void)
p2[no_newline] = '\0';
if (lxc_safe_uint(p, &gid) < 0)
- WARN("Could not parse GID.");
+ WARN("Could not parse GID");
if (lxc_safe_uint(p2, &grange) < 0)
- WARN("Could not parse GID range.");
+ WARN("Could not parse GID range");
}
fclose(f);
@@ -4440,48 +4476,45 @@ static void free_cgroup_settings(struct lxc_list *result)
{
struct lxc_list *iterator, *next;
- lxc_list_for_each_safe(iterator, result, next) {
+ lxc_list_for_each_safe (iterator, result, next) {
lxc_list_del(iterator);
free(iterator);
}
free(result);
}
-/*
- * Return the list of cgroup_settings sorted according to the following rules
+/* Return the list of cgroup_settings sorted according to the following rules
* 1. Put memory.limit_in_bytes before memory.memsw.limit_in_bytes
*/
-struct lxc_list *sort_cgroup_settings(struct lxc_list* cgroup_settings)
+struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings)
{
struct lxc_list *result;
- struct lxc_list *memsw_limit = NULL;
- struct lxc_list *it = NULL;
struct lxc_cgroup *cg = NULL;
- struct lxc_list *item = NULL;
+ struct lxc_list *it = NULL, *item = NULL, *memsw_limit = NULL;
result = malloc(sizeof(*result));
- if (!result) {
- ERROR("failed to allocate memory to sort cgroup settings");
+ if (!result)
return NULL;
- }
lxc_list_init(result);
- /*Iterate over the cgroup settings and copy them to the output list*/
- lxc_list_for_each(it, cgroup_settings) {
+ /* Iterate over the cgroup settings and copy them to the output list. */
+ lxc_list_for_each (it, cgroup_settings) {
item = malloc(sizeof(*item));
if (!item) {
- ERROR("failed to allocate memory to sort cgroup settings");
free_cgroup_settings(result);
return NULL;
}
+
item->elem = it->elem;
cg = it->elem;
if (strcmp(cg->subsystem, "memory.memsw.limit_in_bytes") == 0) {
/* Store the memsw_limit location */
memsw_limit = item;
- } else if (strcmp(cg->subsystem, "memory.limit_in_bytes") == 0 && memsw_limit != NULL) {
- /* lxc.cgroup.memory.memsw.limit_in_bytes is found before
- * lxc.cgroup.memory.limit_in_bytes, swap these two items */
+ } else if (strcmp(cg->subsystem, "memory.limit_in_bytes") == 0 &&
+ memsw_limit != NULL) {
+ /* lxc.cgroup.memory.memsw.limit_in_bytes is found
+ * before lxc.cgroup.memory.limit_in_bytes, swap these
+ * two items */
item->elem = memsw_limit->elem;
memsw_limit->elem = it->elem;
}
More information about the lxc-devel
mailing list