[lxc-devel] [lxc/master] fix logic for execute log file

Fri May 4 10:02:58 UTC 2018

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 760 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180504/8d518595/attachment.bin>
-------------- next part --------------
From cd90db2c0ec7948a9a52dfc83d3a2b92ed522511 Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho at tycho.ws>
Date: Thu, 3 May 2018 18:32:19 +0000
Subject: [PATCH 1/3] fix logic for execute log file

The problem here is that lxc-init runs *inside* the container. So if a
person has the log file set to /home/$USER/foo, lxc-init ends up making a
directory /home/$USER/foo inside the container to put the log file in. What
we really want are the logs to be propagated from inside the container to
the outside. We accomplish this by passing an fd without O_CLOEXEC, and
telling lxc-init to log to that file.

Signed-off-by: Tycho Andersen <tycho at tycho.ws>
---
 src/lxc/execute.c | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/src/lxc/execute.c b/src/lxc/execute.c
index c7320ab2d..9fe1af0eb 100644
--- a/src/lxc/execute.c
+++ b/src/lxc/execute.c
@@ -21,11 +21,13 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#define _GNU_SOURCE
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <errno.h>
 #include <unistd.h>
 #include <stdlib.h>
+#include <stdio.h>
 
 #include "conf.h"
 #include "log.h"
@@ -36,9 +38,9 @@ lxc_log_define(lxc_execute, lxc_start);
 
 static int execute_start(struct lxc_handler *handler, void* data)
 {
-	int j, i = 0;
+	int j, i = 0, log = -1;
 	struct execute_args *my_args = data;
-	char **argv;
+	char **argv, *logfd;
 	int argc = 0, argc_add;
 
 	while (my_args->argv[argc++]);
@@ -69,9 +71,25 @@ static int execute_start(struct lxc_handler *handler, void* data)
 		argv[i++] = (char *)lxc_log_priority_to_string(lxc_log_get_level());
 	}
 
-	if (handler->conf->logfile) {
+	if (current_config->logfd != -1 || lxc_log_fd != -1) {
+		int to_dup = current_config->logfd;
+
+		if (current_config->logfd == -1)
+			to_dup = lxc_log_fd;
+
+		log = dup(to_dup);
+		if (log < 0) {
+			SYSERROR("dup of log fd failed");
+			goto out2;
+		}
+
+		if (asprintf(&logfd, "/proc/1/fd/%d", log) < 0) {
+			ERROR("Couldn't allocate memory for log string");
+			goto out3;
+		}
+
 		argv[i++] = "-o";
-		argv[i++] = (char *)handler->conf->logfile;
+		argv[i++] = logfd;
 	}
 
 	if (my_args->quiet)
@@ -92,6 +110,9 @@ static int execute_start(struct lxc_handler *handler, void* data)
 	execvp(argv[0], argv);
 	SYSERROR("Failed to exec %s", argv[0]);
 
+	free(logfd);
+out3:
+	close(log);
 out2:
 	free(argv);
 out1:

From aa769a272f24d34d9190e04b7c6e93a6b8418376 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 4 May 2018 11:59:11 +0200
Subject: [PATCH 2/3] utils: add LXC_PROC_PID_FD_LEN

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/utils.h | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index b15076cbd..62f087311 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -101,6 +101,17 @@
 #define LXC_LINELEN 4096
 #define LXC_IDMAPLEN 4096
 #define LXC_MAX_BUFFER 4096
+/* /proc/       =    6
+ *                +
+ * <pid-as-str> =   LXC_NUMSTRLEN64
+ *                +
+ * /fd/         =    4
+ *                +
+ * <fd-as-str>  =   LXC_NUMSTRLEN64
+ *                +
+ * \0           =    1
+ */
+#define LXC_PROC_PID_FD_LEN (6 + LXC_NUMSTRLEN64 + 4 + LXC_NUMSTRLEN64 + 1)
 
 /* returns 1 on success, 0 if there were any failures */
 extern int lxc_rmdir_onedev(const char *path, const char *exclude);

From 321614a5da167f20bbafaaa1d2b3e8e365da953d Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 4 May 2018 11:59:27 +0200
Subject: [PATCH 3/3] execute: use static buffer

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/execute.c | 26 ++++++++++++++------------
 1 file changed, 14 insertions(+), 12 deletions(-)

diff --git a/src/lxc/execute.c b/src/lxc/execute.c
index 9fe1af0eb..0f789e1b2 100644
--- a/src/lxc/execute.c
+++ b/src/lxc/execute.c
@@ -38,10 +38,11 @@ lxc_log_define(lxc_execute, lxc_start);
 
 static int execute_start(struct lxc_handler *handler, void* data)
 {
-	int j, i = 0, log = -1;
+	int argc_add, j;
+	char **argv;
+	int argc = 0, i = 0, logfd = -1;
 	struct execute_args *my_args = data;
-	char **argv, *logfd;
-	int argc = 0, argc_add;
+	char logfile[LXC_PROC_PID_FD_LEN];
 
 	while (my_args->argv[argc++]);
 
@@ -49,8 +50,10 @@ static int execute_start(struct lxc_handler *handler, void* data)
 	argc_add = 5;
 	if (my_args->quiet)
 		argc_add++;
+
 	if (!handler->conf->rootfs.path)
 		argc_add += 2;
+
 	if (lxc_log_has_valid_level())
 		argc_add += 2;
 
@@ -72,24 +75,24 @@ static int execute_start(struct lxc_handler *handler, void* data)
 	}
 
 	if (current_config->logfd != -1 || lxc_log_fd != -1) {
+		int ret;
 		int to_dup = current_config->logfd;
 
 		if (current_config->logfd == -1)
 			to_dup = lxc_log_fd;
 
-		log = dup(to_dup);
-		if (log < 0) {
-			SYSERROR("dup of log fd failed");
+		logfd = dup(to_dup);
+		if (logfd < 0) {
+			SYSERROR("Failed to duplicate log file descriptor");
 			goto out2;
 		}
 
-		if (asprintf(&logfd, "/proc/1/fd/%d", log) < 0) {
-			ERROR("Couldn't allocate memory for log string");
+		ret = snprintf(logfile, sizeof(logfile), "/proc/1/fd/%d", logfd);
+		if (ret < 0 || (size_t)ret >= sizeof(logfile))
 			goto out3;
-		}
 
 		argv[i++] = "-o";
-		argv[i++] = logfd;
+		argv[i++] = logfile;
 	}
 
 	if (my_args->quiet)
@@ -110,9 +113,8 @@ static int execute_start(struct lxc_handler *handler, void* data)
 	execvp(argv[0], argv);
 	SYSERROR("Failed to exec %s", argv[0]);
 
-	free(logfd);
 out3:
-	close(log);
+	close(logfd);
 out2:
 	free(argv);
 out1:
