External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-09-24 08:25:45 +00:00
Code Issues Packages Projects Releases Wiki Activity
d5c4067d7b
libvirt/src/lxc/lxc_controller.c

1191 lines
34 KiB
C
Raw Normal View History

Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
/*
cgroup: allow fine-tuning of device ACL permissions Adding audit points showed that we were granting too much privilege to qemu; it should not need any mknod rights to recreate any devices. On the other hand, lxc should have all device privileges. The solution is adding a flag parameter. This also lets us restrict write access to read-only disks. * src/util/cgroup.h (virCgroup*Device*): Adjust prototypes. * src/util/cgroup.c (virCgroupAllowDevice) (virCgroupAllowDeviceMajor, virCgroupAllowDevicePath) (virCgroupDenyDevice, virCgroupDenyDeviceMajor) (virCgroupDenyDevicePath): Add parameter. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update clients. * src/lxc/lxc_controller.c (lxcSetContainerResources): Likewise. * src/qemu/qemu_cgroup.c: Likewise. (qemuSetupDiskPathAllow): Also, honor read-only disks.
2011-03-09 03:13:18 +00:00
* Copyright (C) 2010-2011 Red Hat, Inc.
* Copyright IBM Corp. 2008
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
*
* lxc_controller.c: linux container process controller
*
* Authors:
* David L. Leskovec <dlesko at linux.vnet.ibm.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
#include <config.h>
#include <sys/epoll.h>
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
#include <sys/wait.h>
#include <sys/socket.h>
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
#include <sys/types.h>
#include <sys/un.h>
Allow 32-on-64 execution for LXC guests Using the 'personality(2)' system call, we can make a container on an x86_64 host appear to be i686. Likewise for most other Linux 64bit arches. * src/lxc/lxc_conf.c: Fill in 32bit capabilities for x86_64 hosts * src/lxc/lxc_container.h, src/lxc/lxc_container.c: Add API to check if an arch has a 32bit alternative * src/lxc/lxc_controller.c: Set the process personality when starting guest
2011-02-23 17:17:53 +00:00
#include <sys/utsname.h>
#include <sys/personality.h>
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
#include <unistd.h>
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
#include <paths.h>
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
#include <errno.h>
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
#include <fcntl.h>
#include <signal.h>
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
#include <getopt.h>
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
#include <sys/mount.h>
maint: improve i18n on non-Linux Per the gettext developer: http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00019.html http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00021.html gettext() doesn't work correctly on all platforms unless you have called setlocale(). Furthermore, gnulib's gettext.h has provisions for setting up a default locale, which is the preferred method for libraries to use gettext without having to call textdomain() and override the main program's default domain (virInitialize already calls bindtextdomain(), but this is insufficient without the setlocale() added in this patch; and a redundant bindtextdomain() in this patch doesn't hurt, but serves as a good example for other packages that need to bind a second translation domain). This patch is needed to silence a new gnulib 'make syntax-check' rule in the next patch. * daemon/libvirtd.c (main): Setup locale and gettext. * src/lxc/lxc_controller.c (main): Likewise. * src/security/virt-aa-helper.c (main): Likewise. * src/storage/parthelper.c (main): Likewise. * tools/virsh.c (main): Fix exit status. * src/internal.h (DEFAULT_TEXT_DOMAIN): Define, for gettext.h. (_): Simplify definition accordingly. * po/POTFILES.in: Add src/storage/parthelper.c.
2010-11-16 19:01:37 +00:00
#include <locale.h>
Allow use of file images for LXC container filesystems A previous commit gave the LXC driver the ability to mount block devices for the container filesystem. Through use of the loopback device functionality, we can build on this to support use of plain file images for LXC filesytems. By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that the loop device automatically disappears when the container dies / shuts down * src/lxc/lxc_container.c: Raise error if we see a file based filesystem, since it should have been turned into a loopback device already * src/lxc/lxc_controller.c: Rewrite any filesystems of type=file, into type=block, by binding the file image to a free loop device
2011-08-04 09:13:02 +00:00
#include <linux/loop.h>
#include <dirent.h>
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
Reduce LXC capabilities
2009-06-29 17:09:42 +00:00
#if HAVE_CAPNG
build: consistently indent preprocessor directives * global: patch created by running: for f in $(git ls-files '*.[ch]') ; do cppi $f > $f.t && mv $f.t $f done
2010-03-09 18:22:22 +00:00
# include <cap-ng.h>
Reduce LXC capabilities
2009-06-29 17:09:42 +00:00
#endif
Move internal error APIs into virterror_internal.h & drop leading __ prefix
2008-11-04 22:30:33 +00:00
#include "virterror_internal.h"
add new logging module, and move existing definitions there * src/logging.c src/logging.h proxy/Makefile.am proxy/libvirt_proxy.c src/Makefile.am src/cgroup.c src/datatypes.c src/domain_event.c src/internal.h src/libvirt.c src/lxc_container.c src/lxc_controller.c src/lxc_driver.c src/proxy_internal.c src/qemu_driver.c src/remote_internal.c src/storage_backend_disk.c src/util.c src/veth.c src/xen_internal.c src/xen_unified.c src/xend_internal.c: add new logging module, and move existing definitions there Daniel
2008-11-06 16:36:07 +00:00
#include "logging.h"
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
#include "util.h"
#include "lxc_conf.h"
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
#include "lxc_container.h"
#include "veth.h"
#include "memory.h"
#include "util.h"
build: rename files.h to virfile.h In preparation for a future patch adding new virFile APIs. * src/util/files.h, src/util/files.c: Move... * src/util/virfile.h, src/util/virfile.c: ...here, and rename functions to virFile prefix. Macro names are intentionally left alone. * *.c: All '#include "files.h"' uses changed. * src/Makefile.am (UTIL_SOURCES): Reflect rename. * cfg.mk (exclude_file_name_regexp--sc_prohibit_close): Likewise. * src/libvirt_private.syms: Likewise. * docs/hacking.html.in: Likewise. * HACKING: Regenerate.
2011-07-19 18:32:58 +00:00
#include "virfile.h"
Move pidfile functions into util/virpidfile.{c,h} The functions for manipulating pidfiles are in util/util.{c,h}. We will shortly be adding some further pidfile related functions. To avoid further growing util.c, this moves the pidfile related functions into a dedicated virpidfile.{c,h}. The functions are also all renamed to have 'virPidFile' as their name prefix * util/util.h, util/util.c: Remove all pidfile code * util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile handling. * lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c, qemu/qemu_process.c: Add virpidfile.h include and adapt for API renames
2011-08-05 13:13:12 +00:00
#include "virpidfile.h"
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
#define VIR_FROM_THIS VIR_FROM_LXC
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
struct cgroup_device_policy {
char type;
int major;
int minor;
};
Allow use of file images for LXC container filesystems A previous commit gave the LXC driver the ability to mount block devices for the container filesystem. Through use of the loopback device functionality, we can build on this to support use of plain file images for LXC filesytems. By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that the loop device automatically disappears when the container dies / shuts down * src/lxc/lxc_container.c: Raise error if we see a file based filesystem, since it should have been turned into a loopback device already * src/lxc/lxc_controller.c: Rewrite any filesystems of type=file, into type=block, by binding the file image to a free loop device
2011-08-04 09:13:02 +00:00
Avoid using "devname" as an identifier. /usr/lib/stdlib.h in Mac OS X and probably also in BSD's exports this symbol :(
2011-09-16 12:05:58 +00:00
static int lxcGetLoopFD(char **dev_name)
Allow use of file images for LXC container filesystems A previous commit gave the LXC driver the ability to mount block devices for the container filesystem. Through use of the loopback device functionality, we can build on this to support use of plain file images for LXC filesytems. By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that the loop device automatically disappears when the container dies / shuts down * src/lxc/lxc_container.c: Raise error if we see a file based filesystem, since it should have been turned into a loopback device already * src/lxc/lxc_controller.c: Rewrite any filesystems of type=file, into type=block, by binding the file image to a free loop device
2011-08-04 09:13:02 +00:00
{
int fd = -1;
DIR *dh = NULL;
struct dirent *de;
char *looppath;
struct loop_info64 lo;
VIR_DEBUG("Looking for loop devices in /dev");
if (!(dh = opendir("/dev"))) {
virReportSystemError(errno, "%s",
_("Unable to read /dev"));
goto cleanup;
}
while ((de = readdir(dh)) != NULL) {
if (!STRPREFIX(de->d_name, "loop"))
continue;
if (virAsprintf(&looppath, "/dev/%s", de->d_name) < 0) {
virReportOOMError();
goto cleanup;
}
VIR_DEBUG("Checking up on device %s", looppath);
if ((fd = open(looppath, O_RDWR)) < 0) {
virReportSystemError(errno,
_("Unable to open %s"), looppath);
goto cleanup;
}
if (ioctl(fd, LOOP_GET_STATUS64, &lo) < 0) {
/* Got a free device, return the fd */
if (errno == ENXIO)
goto cleanup;
VIR_FORCE_CLOSE(fd);
virReportSystemError(errno,
_("Unable to get loop status on %s"),
looppath);
goto cleanup;
}
/* Oh well, try the next device */
VIR_FORCE_CLOSE(fd);
VIR_FREE(looppath);
}
lxcError(VIR_ERR_INTERNAL_ERROR, "%s",
_("Unable to find a free loop device in /dev"));
cleanup:
if (fd != -1) {
VIR_DEBUG("Got free loop device %s %d", looppath, fd);
Avoid using "devname" as an identifier. /usr/lib/stdlib.h in Mac OS X and probably also in BSD's exports this symbol :(
2011-09-16 12:05:58 +00:00
*dev_name = looppath;
Allow use of file images for LXC container filesystems A previous commit gave the LXC driver the ability to mount block devices for the container filesystem. Through use of the loopback device functionality, we can build on this to support use of plain file images for LXC filesytems. By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that the loop device automatically disappears when the container dies / shuts down * src/lxc/lxc_container.c: Raise error if we see a file based filesystem, since it should have been turned into a loopback device already * src/lxc/lxc_controller.c: Rewrite any filesystems of type=file, into type=block, by binding the file image to a free loop device
2011-08-04 09:13:02 +00:00
} else {
VIR_DEBUG("No free loop devices available");
VIR_FREE(looppath);
}
if (dh)
closedir(dh);
return fd;
}
static int lxcSetupLoopDevice(virDomainFSDefPtr fs)
{
int lofd = -1;
int fsfd = -1;
struct loop_info64 lo;
char *loname = NULL;
int ret = -1;
if ((lofd = lxcGetLoopFD(&loname)) < 0)
return -1;
memset(&lo, 0, sizeof(lo));
lo.lo_flags = LO_FLAGS_AUTOCLEAR;
if ((fsfd = open(fs->src, O_RDWR)) < 0) {
virReportSystemError(errno,
_("Unable to open %s"), fs->src);
goto cleanup;
}
if (ioctl(lofd, LOOP_SET_FD, fsfd) < 0) {
virReportSystemError(errno,
_("Unable to attach %s to loop device"),
fs->src);
goto cleanup;
}
if (ioctl(lofd, LOOP_SET_STATUS64, &lo) < 0) {
virReportSystemError(errno, "%s",
_("Unable to mark loop device as autoclear"));
if (ioctl(lofd, LOOP_CLR_FD, 0) < 0)
VIR_WARN("Unable to detach %s from loop device", fs->src);
goto cleanup;
}
VIR_DEBUG("Attached loop device %s %d to %s", fs->src, lofd, loname);
/*
* We now change it into a block device type, so that
* the rest of container setup 'just works'
*/
fs->type = VIR_DOMAIN_FS_TYPE_BLOCK;
VIR_FREE(fs->src);
fs->src = loname;
loname = NULL;
ret = 0;
cleanup:
VIR_FREE(loname);
VIR_FORCE_CLOSE(fsfd);
if (ret == -1)
VIR_FORCE_CLOSE(lofd);
return lofd;
}
static int lxcSetupLoopDevices(virDomainDefPtr def, size_t *nloopDevs, int **loopDevs)
{
size_t i;
int ret = -1;
for (i = 0 ; i < def->nfss ; i++) {
int fd;
if (def->fss[i]->type != VIR_DOMAIN_FS_TYPE_FILE)
continue;
fd = lxcSetupLoopDevice(def->fss[i]);
if (fd < 0)
goto cleanup;
VIR_DEBUG("Saving loop fd %d", fd);
if (VIR_REALLOC_N(*loopDevs, *nloopDevs+1) < 0) {
VIR_FORCE_CLOSE(fd);
virReportOOMError();
goto cleanup;
}
(*loopDevs)[*nloopDevs++] = fd;
}
VIR_DEBUG("Setup all loop devices");
ret = 0;
cleanup:
return ret;
}
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
/**
* lxcSetContainerResources
* @def: pointer to virtual machine structure
*
* Creates a cgroup for the container, moves the task inside,
* and sets resource limits
*
* Returns 0 on success or -1 in case of error
*/
static int lxcSetContainerResources(virDomainDefPtr def)
{
Refactor cgroups to allow a group per driver to be managed directly Allow the driver level cgroup to be managed explicitly by the hypervisor drivers, in order to detect whether to enable or disable cgroup support for domains. Provides better error reporting of failures. Also allow for creation of cgroups for unprivileged drivers if controller is accessible by the user. * src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup * src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c: Obtain a driver cgroup at startup and use that instead of re-creating everytime. * src/util.c, src/util.h, src/libvirt_private.syms: Add a virGetUserName() helper
2009-07-10 10:40:04 +00:00
virCgroupPtr driver;
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
virCgroupPtr cgroup;
int rc = -1;
int i;
struct cgroup_device_policy devices[] = {
{'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL},
{'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO},
{'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL},
{'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM},
{'c', LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM},
Misc fixes for LXC cgroups setup When using the 'ns' cgroup controller, the moment a process calls 'unshare(CLONE_NEWNS)', it will be given a private cgroup tree under its current location. This really messages up the LXC controller process, because it ends up creating the containers' cgroup in the wrong place. The fix is fairly easy, just move the cgroup setup before the code which calls unshare(). The 'ns' controller will still create extra undesired cgroups, but they at least won't break libvirt's setup now. The patch also adds a missing cgroups allow rule for /dev/tty device node
2010-03-04 11:15:42 +00:00
{'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_TTY},
Fix /dev/ population to use char devices (Ryota Ozaki)
2009-05-08 10:22:46 +00:00
{'c', LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX},
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
{0, 0, 0}};
Refactor cgroups to allow a group per driver to be managed directly Allow the driver level cgroup to be managed explicitly by the hypervisor drivers, in order to detect whether to enable or disable cgroup support for domains. Provides better error reporting of failures. Also allow for creation of cgroups for unprivileged drivers if controller is accessible by the user. * src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup * src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c: Obtain a driver cgroup at startup and use that instead of re-creating everytime. * src/util.c, src/util.h, src/libvirt_private.syms: Add a virGetUserName() helper
2009-07-10 10:40:04 +00:00
rc = virCgroupForDriver("lxc", &driver, 1, 0);
if (rc != 0) {
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
/* Skip all if no driver cgroup is configured */
if (rc == -ENXIO || rc == -ENOENT)
return 0;
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(-rc, "%s",
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
_("Unable to get cgroup for driver"));
Refactor cgroups to allow a group per driver to be managed directly Allow the driver level cgroup to be managed explicitly by the hypervisor drivers, in order to detect whether to enable or disable cgroup support for domains. Provides better error reporting of failures. Also allow for creation of cgroups for unprivileged drivers if controller is accessible by the user. * src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup * src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c: Obtain a driver cgroup at startup and use that instead of re-creating everytime. * src/util.c, src/util.h, src/libvirt_private.syms: Add a virGetUserName() helper
2009-07-10 10:40:04 +00:00
return rc;
}
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
Refactor cgroups to allow a group per driver to be managed directly Allow the driver level cgroup to be managed explicitly by the hypervisor drivers, in order to detect whether to enable or disable cgroup support for domains. Provides better error reporting of failures. Also allow for creation of cgroups for unprivileged drivers if controller is accessible by the user. * src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup * src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c: Obtain a driver cgroup at startup and use that instead of re-creating everytime. * src/util.c, src/util.h, src/libvirt_private.syms: Add a virGetUserName() helper
2009-07-10 10:40:04 +00:00
rc = virCgroupForDomain(driver, def->name, &cgroup, 1);
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
if (rc != 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(-rc,
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
_("Unable to create cgroup for domain %s"),
def->name);
Refactor cgroups to allow a group per driver to be managed directly Allow the driver level cgroup to be managed explicitly by the hypervisor drivers, in order to detect whether to enable or disable cgroup support for domains. Provides better error reporting of failures. Also allow for creation of cgroups for unprivileged drivers if controller is accessible by the user. * src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup * src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c: Obtain a driver cgroup at startup and use that instead of re-creating everytime. * src/util.c, src/util.h, src/libvirt_private.syms: Add a virGetUserName() helper
2009-07-10 10:40:04 +00:00
goto cleanup;
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
}
LXC: LXC Blkio weight configuration support. LXC Blkio weight configuration support. Reviewed-by: "Nikunj A. Dadhania" <nikunj@linux.vnet.ibm.com> Signed-off-by: Gui Jianfeng <guijianfeng@cn.fujitsu.com>
2011-02-08 07:00:24 +00:00
if (def->blkio.weight) {
rc = virCgroupSetBlkioWeight(cgroup, def->blkio.weight);
if (rc != 0) {
virReportSystemError(-rc,
_("Unable to set Blkio weight for domain %s"),
def->name);
goto cleanup;
}
}
cputune: Support cputune for lxc driver LXC driver doesn't support vcpu affinity yet, so just need to modify it to support cpu shares.
2011-03-29 13:42:54 +00:00
if (def->cputune.shares) {
rc = virCgroupSetCpuShares(cgroup, def->cputune.shares);
if (rc != 0) {
virReportSystemError(-rc,
_("Unable to set cpu shares for domain %s"),
def->name);
goto cleanup;
}
}
XML parsing for memory tunables Adding parsing code for memory tunables in the domain xml file also change the internal define structures used for domain memory informations Adds a new specific test
2010-10-12 14:43:39 +00:00
rc = virCgroupSetMemory(cgroup, def->mem.max_balloon);
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
if (rc != 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(-rc,
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
_("Unable to set memory limit for domain %s"),
def->name);
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
goto cleanup;
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
}
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
if (def->mem.hard_limit) {
Adding memtunables to libvirt-lxc command libvirt-lxc now configures the hardlimit, softlimit and swaplimit, if specified in the domain xml file or picks up the defaults.
2010-10-12 16:14:44 +00:00
rc = virCgroupSetMemoryHardLimit(cgroup, def->mem.hard_limit);
if (rc != 0) {
virReportSystemError(-rc,
_("Unable to set memory hard limit for domain %s"),
def->name);
goto cleanup;
}
}
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
if (def->mem.soft_limit) {
Adding memtunables to libvirt-lxc command libvirt-lxc now configures the hardlimit, softlimit and swaplimit, if specified in the domain xml file or picks up the defaults.
2010-10-12 16:14:44 +00:00
rc = virCgroupSetMemorySoftLimit(cgroup, def->mem.soft_limit);
if (rc != 0) {
virReportSystemError(-rc,
_("Unable to set memory soft limit for domain %s"),
def->name);
goto cleanup;
}
}
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
if (def->mem.swap_hard_limit) {
virsh: fix memtune's help message for swap_hard_limit * Correct the documentation for cgroup: the swap_hard_limit indicates mem+swap_hard_limit. * Change cgroup private apis to: virCgroupGet/SetMemSwapHardLimit Signed-off-by: Nikunj A. Dadhania <nikunj@linux.vnet.ibm.com>
2011-03-16 05:07:12 +00:00
rc = virCgroupSetMemSwapHardLimit(cgroup, def->mem.swap_hard_limit);
Adding memtunables to libvirt-lxc command libvirt-lxc now configures the hardlimit, softlimit and swaplimit, if specified in the domain xml file or picks up the defaults.
2010-10-12 16:14:44 +00:00
if (rc != 0) {
virReportSystemError(-rc,
_("Unable to set swap hard limit for domain %s"),
def->name);
goto cleanup;
}
}
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
rc = virCgroupDenyAllDevices(cgroup);
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
if (rc != 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(-rc,
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
_("Unable to deny devices for domain %s"),
def->name);
goto cleanup;
}
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
for (i = 0; devices[i].type != 0; i++) {
struct cgroup_device_policy *dev = &devices[i];
rc = virCgroupAllowDevice(cgroup,
dev->type,
dev->major,
cgroup: allow fine-tuning of device ACL permissions Adding audit points showed that we were granting too much privilege to qemu; it should not need any mknod rights to recreate any devices. On the other hand, lxc should have all device privileges. The solution is adding a flag parameter. This also lets us restrict write access to read-only disks. * src/util/cgroup.h (virCgroup*Device*): Adjust prototypes. * src/util/cgroup.c (virCgroupAllowDevice) (virCgroupAllowDeviceMajor, virCgroupAllowDevicePath) (virCgroupDenyDevice, virCgroupDenyDeviceMajor) (virCgroupDenyDevicePath): Add parameter. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update clients. * src/lxc/lxc_controller.c (lxcSetContainerResources): Likewise. * src/qemu/qemu_cgroup.c: Likewise. (qemuSetupDiskPathAllow): Also, honor read-only disks.
2011-03-09 03:13:18 +00:00
dev->minor,
VIR_CGROUP_DEVICE_RWM);
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
if (rc != 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(-rc,
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
_("Unable to allow device %c:%d:%d for domain %s"),
dev->type, dev->major, dev->minor, def->name);
goto cleanup;
}
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
}
Allow use of block devices for guest filesystem Currently the LXC driver can only populate filesystems from host filesystems, using bind mounts. This patch allows host block devices to be mounted. It autodetects the filesystem format at mount time, and adds the block device to the cgroups ACL. Example usage is <filesystem type='block' accessmode='passthrough'> <source dev='/dev/sda1'/> <target dir='/home'/> </filesystem> * src/lxc/lxc_container.c: Mount block device filesystems * src/lxc/lxc_controller.c: Add block device filesystems to cgroups ACL
2011-07-22 12:02:51 +00:00
for (i = 0 ; i < def->nfss ; i++) {
if (def->fss[i]->type != VIR_DOMAIN_FS_TYPE_BLOCK)
continue;
rc = virCgroupAllowDevicePath(cgroup,
def->fss[i]->src,
def->fss[i]->readonly ?
VIR_CGROUP_DEVICE_READ :
VIR_CGROUP_DEVICE_RW);
if (rc != 0) {
virReportSystemError(-rc,
_("Unable to allow device %s for domain %s"),
def->fss[i]->src, def->name);
goto cleanup;
}
}
cgroup: allow fine-tuning of device ACL permissions Adding audit points showed that we were granting too much privilege to qemu; it should not need any mknod rights to recreate any devices. On the other hand, lxc should have all device privileges. The solution is adding a flag parameter. This also lets us restrict write access to read-only disks. * src/util/cgroup.h (virCgroup*Device*): Adjust prototypes. * src/util/cgroup.c (virCgroupAllowDevice) (virCgroupAllowDeviceMajor, virCgroupAllowDevicePath) (virCgroupDenyDevice, virCgroupDenyDeviceMajor) (virCgroupDenyDevicePath): Add parameter. * src/qemu/qemu_driver.c (qemudDomainSaveFlag): Update clients. * src/lxc/lxc_controller.c (lxcSetContainerResources): Likewise. * src/qemu/qemu_cgroup.c: Likewise. (qemuSetupDiskPathAllow): Also, honor read-only disks.
2011-03-09 03:13:18 +00:00
rc = virCgroupAllowDeviceMajor(cgroup, 'c', LXC_DEV_MAJ_PTY,
VIR_CGROUP_DEVICE_RWM);
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
if (rc != 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(-rc,
Fix typo in LXC cgroups setup error message * src/lxc/lxc_controller.c: s/PYT/PTY/
2011-08-04 14:34:07 +00:00
_("Unable to allow PTY devices for domain %s"),
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
def->name);
goto cleanup;
}
Fix up cgroup initialization order and allow /dev/pts device access in LXC
2008-10-21 16:46:47 +00:00
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
rc = virCgroupAddTask(cgroup, getpid());
if (rc != 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(-rc,
Don't try to activate cgroups if not present for LXC * src/lxc_controller.c: Don't throw error in LXC startup if the cgroups driver mount isn't available. Improve error logging for resource setup
2009-07-31 13:37:25 +00:00
_("Unable to add task %d to cgroup for domain %s"),
getpid(), def->name);
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
}
Refactor cgroups to allow a group per driver to be managed directly Allow the driver level cgroup to be managed explicitly by the hypervisor drivers, in order to detect whether to enable or disable cgroup support for domains. Provides better error reporting of failures. Also allow for creation of cgroups for unprivileged drivers if controller is accessible by the user. * src/cgroup.c, src/cgroup.h: Add an API to obtain a driver cgroup * src/lxc_conf.h, src/lxc_controller.c, src/lxc_driver.c: Obtain a driver cgroup at startup and use that instead of re-creating everytime. * src/util.c, src/util.h, src/libvirt_private.syms: Add a virGetUserName() helper
2009-07-10 10:40:04 +00:00
cleanup:
virCgroupFree(&driver);
Add cgroup manipulation and LXC driver
2008-10-03 16:46:01 +00:00
virCgroupFree(&cgroup);
return rc;
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
static char*lxcMonitorPath(virDomainDefPtr def)
{
char *sockpath;
use virAsprintf instead of asprintf
2008-12-23 13:03:29 +00:00
if (virAsprintf(&sockpath, "%s/%s.sock",
LXC_STATE_DIR, def->name) < 0)
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
return sockpath;
}
static int lxcMonitorServer(const char *sockpath)
{
int fd;
struct sockaddr_un addr;
if ((fd = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno,
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("failed to create server socket '%s'"),
sockpath);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto error;
}
unlink(sockpath);
memset(&addr, 0, sizeof(addr));
addr.sun_family = AF_UNIX;
Introduce virStrncpy. Add the virStrncpy function, which takes a dst string, source string, the number of bytes to copy and the number of bytes available in the dest string. If the source string is too large to fit into the destination string, including the \0 byte, then no data is copied and the function returns NULL. Otherwise, this function copies n bytes from source into dst, including the \0, and returns a pointer to the dst string. This function is intended to replace all unsafe uses of strncpy in the code base, since strncpy does *not* guarantee that the buffer terminates with a \0. Signed-off-by: Chris Lalancette <clalance@redhat.com>
2009-08-03 12:37:44 +00:00
if (virStrcpyStatic(addr.sun_path, sockpath) == NULL) {
Remove virConnectPtr from LXC driver
2010-02-09 18:22:56 +00:00
lxcError(VIR_ERR_INTERNAL_ERROR,
Introduce virStrncpy. Add the virStrncpy function, which takes a dst string, source string, the number of bytes to copy and the number of bytes available in the dest string. If the source string is too large to fit into the destination string, including the \0 byte, then no data is copied and the function returns NULL. Otherwise, this function copies n bytes from source into dst, including the \0, and returns a pointer to the dst string. This function is intended to replace all unsafe uses of strncpy in the code base, since strncpy does *not* guarantee that the buffer terminates with a \0. Signed-off-by: Chris Lalancette <clalance@redhat.com>
2009-08-03 12:37:44 +00:00
_("Socket path %s too long for destination"), sockpath);
goto error;
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if (bind(fd, (struct sockaddr *) &addr, sizeof(addr)) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno,
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("failed to bind server socket '%s'"),
sockpath);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto error;
}
if (listen(fd, 30 /* backlog */ ) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno,
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("failed to listen server socket %s"),
sockpath);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto error;
}
return fd;
error:
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(fd);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
return -1;
}
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
/**
* lxcFdForward:
* @readFd: file descriptor to read
* @writeFd: file desriptor to write
*
* Reads 1 byte of data from readFd and writes to writeFd.
*
* Returns 0 on success, EAGAIN if returned on read, or -1 in case of error
*/
static int lxcFdForward(int readFd, int writeFd)
{
int rc = -1;
char buf[2];
if (1 != (saferead(readFd, buf, 1))) {
if (EAGAIN == errno) {
rc = EAGAIN;
goto cleanup;
}
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno,
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("read of fd %d failed"),
readFd);
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
goto cleanup;
}
if (1 != (safewrite(writeFd, buf, 1))) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno,
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("write to fd %d failed"),
writeFd);
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
goto cleanup;
}
rc = 0;
cleanup:
return rc;
}
Reduce LXC capabilities
2009-06-29 17:09:42 +00:00
static int lxcControllerClearCapabilities(void)
{
#if HAVE_CAPNG
int ret;
capng_clear(CAPNG_SELECT_BOTH);
if ((ret = capng_apply(CAPNG_SELECT_BOTH)) < 0) {
Remove virConnectPtr from LXC driver
2010-02-09 18:22:56 +00:00
lxcError(VIR_ERR_INTERNAL_ERROR,
Reduce LXC capabilities
2009-06-29 17:09:42 +00:00
_("failed to apply capabilities: %d"), ret);
return -1;
}
#else
libvirt,logging: cleanup VIR_XXX0() These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead. How do these coversions works? The magic is using the gcc extension of ##. When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to avoid compile error. example: origin after CPP high_level_api("%d", a_int) low_level_api("%d", a_int) high_level_api("a string") low_level_api("a string") About 400 conversions. 8 special conversions: VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal) (for security) 6 conversions Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
2011-05-09 09:24:09 +00:00
VIR_WARN("libcap-ng support not compiled in, unable to clear capabilities");
Reduce LXC capabilities
2009-06-29 17:09:42 +00:00
#endif
return 0;
}
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
typedef struct _lxcTtyForwardFd_t {
int fd;
int active;
} lxcTtyForwardFd_t;
lxc_controller.c: don't ignore failed "accept" * src/lxc/lxc_controller.c (ignorable_epoll_accept_errno): New function. (lxcControllerMain): Handle a failed accept carefully: most errno values indicate legitimate failure and must be fatal. However, ignore a special case: that in which an incoming client quits between the poll() indicating its presence, and our accept() which is trying to process it.
2010-05-20 12:30:36 +00:00
/* Return true if it is ok to ignore an accept-after-epoll syscall
that fails with the specified errno value. Else false. */
static bool
ignorable_epoll_accept_errno(int errnum)
{
return (errnum == EINVAL
|| errnum == ECONNABORTED
|| errnum == EAGAIN
|| errnum == EWOULDBLOCK);
}
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
static bool
lxcPidGone(pid_t container)
{
waitpid(container, NULL, WNOHANG);
if (kill(container, 0) < 0 &&
errno == ESRCH)
return true;
return false;
}
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
/**
LXC fix wrong or out-of-date function descriptions * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: fix broken function comments
2009-11-05 12:35:13 +00:00
* lxcControllerMain
* @monitor: server socket fd to accept client requests
* @client: initial client which is the libvirtd daemon
* @appPty: open fd for application facing Pty
* @contPty: open fd for container facing Pty
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
*
* Forwards traffic between fds. Data read from appPty will be written to contPty
* This process loops forever.
* This uses epoll in edge triggered mode to avoid a hard loop on POLLHUP
* events when the user disconnects the virsh console via ctrl-]
*
* Returns 0 on success or -1 in case of error
*/
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
static int lxcControllerMain(int monitor,
int client,
int appPty,
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
int contPty,
pid_t container)
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
{
int rc = -1;
int epollFd;
struct epoll_event epollEvent;
int numEvents;
int numActive = 0;
lxcTtyForwardFd_t fdArray[2];
int timeout = -1;
int curFdOff = 0;
int writeFdOff = 0;
fdArray[0].fd = appPty;
fdArray[0].active = 0;
fdArray[1].fd = contPty;
fdArray[1].active = 0;
lxc: Change VIR_ERROR to VIR_DEBUG for just a debugging message The message is actually not of error but of debugging. 02:22:56.091: error : lxcControllerMain:316 : monitor=3 client=4 appPty=19 contPty=7
2010-06-26 18:39:41 +00:00
VIR_DEBUG("monitor=%d client=%d appPty=%d contPty=%d",
monitor, client, appPty, contPty);
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
/* create the epoll fild descriptor */
epollFd = epoll_create(2);
if (0 > epollFd) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("epoll_create(2) failed"));
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
goto cleanup;
}
/* add the file descriptors the epoll fd */
memset(&epollEvent, 0x00, sizeof(epollEvent));
epollEvent.events = EPOLLIN|EPOLLET; /* edge triggered */
epollEvent.data.fd = appPty;
if (0 > epoll_ctl(epollFd, EPOLL_CTL_ADD, appPty, &epollEvent)) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("epoll_ctl(appPty) failed"));
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
goto cleanup;
}
epollEvent.data.fd = contPty;
if (0 > epoll_ctl(epollFd, EPOLL_CTL_ADD, contPty, &epollEvent)) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("epoll_ctl(contPty) failed"));
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
goto cleanup;
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
epollEvent.events = EPOLLIN;
epollEvent.data.fd = monitor;
if (0 > epoll_ctl(epollFd, EPOLL_CTL_ADD, monitor, &epollEvent)) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("epoll_ctl(monitor) failed"));
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
goto cleanup;
}
epollEvent.events = EPOLLHUP;
epollEvent.data.fd = client;
if (0 > epoll_ctl(epollFd, EPOLL_CTL_ADD, client, &epollEvent)) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("epoll_ctl(client) failed"));
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
goto cleanup;
}
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
while (1) {
/* if active fd's, return if no events, else wait forever */
timeout = (numActive > 0) ? 0 : -1;
numEvents = epoll_wait(epollFd, &epollEvent, 1, timeout);
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
if (numEvents > 0) {
if (epollEvent.data.fd == monitor) {
int fd = accept(monitor, NULL, 0);
lxc_controller.c: don't ignore failed "accept" * src/lxc/lxc_controller.c (ignorable_epoll_accept_errno): New function. (lxcControllerMain): Handle a failed accept carefully: most errno values indicate legitimate failure and must be fatal. However, ignore a special case: that in which an incoming client quits between the poll() indicating its presence, and our accept() which is trying to process it.
2010-05-20 12:30:36 +00:00
if (fd < 0) {
/* First reflex may be simply to declare accept failure
to be a fatal error. However, accept may fail when
a client quits between the above epoll_wait and here.
That case is not fatal, but rather to be expected,
if not common, so ignore it. */
if (ignorable_epoll_accept_errno(errno))
continue;
virReportSystemError(errno, "%s",
_("accept(monitor,...) failed"));
goto cleanup;
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
if (client != -1) { /* Already connected, so kick new one out */
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(fd);
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
continue;
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
client = fd;
epollEvent.events = EPOLLHUP;
epollEvent.data.fd = client;
if (0 > epoll_ctl(epollFd, EPOLL_CTL_ADD, client, &epollEvent)) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("epoll_ctl(client) failed"));
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
goto cleanup;
}
} else if (client != -1 && epollEvent.data.fd == client) {
if (0 > epoll_ctl(epollFd, EPOLL_CTL_DEL, client, &epollEvent)) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("epoll_ctl(client) failed"));
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
goto cleanup;
}
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(client);
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
} else {
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
if (epollEvent.events & EPOLLIN) {
curFdOff = epollEvent.data.fd == appPty ? 0 : 1;
if (!fdArray[curFdOff].active) {
fdArray[curFdOff].active = 1;
++numActive;
}
} else if (epollEvent.events & EPOLLHUP) {
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
if (lxcPidGone(container))
goto cleanup;
curFdOff = epollEvent.data.fd == appPty ? 0 : 1;
if (fdArray[curFdOff].active) {
fdArray[curFdOff].active = 0;
--numActive;
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
continue;
} else {
Remove virConnectPtr from LXC driver
2010-02-09 18:22:56 +00:00
lxcError(VIR_ERR_INTERNAL_ERROR,
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
_("error event %d"), epollEvent.events);
goto cleanup;
}
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
}
} else if (0 == numEvents) {
if (2 == numActive) {
/* both fds active, toggle between the two */
curFdOff ^= 1;
} else {
/* only one active, if current is active, use it, else it */
/* must be the other one (ie. curFd just went inactive) */
curFdOff = fdArray[curFdOff].active ? curFdOff : curFdOff ^ 1;
}
} else {
if (EINTR == errno) {
continue;
}
/* error */
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("epoll_wait() failed"));
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
goto cleanup;
}
if (0 < numActive) {
writeFdOff = curFdOff ^ 1;
rc = lxcFdForward(fdArray[curFdOff].fd, fdArray[writeFdOff].fd);
if (EAGAIN == rc) {
/* this fd no longer has data, set it as inactive */
--numActive;
fdArray[curFdOff].active = 0;
} else if (-1 == rc) {
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
if (lxcPidGone(container))
goto cleanup;
continue;
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
}
}
}
rc = 0;
cleanup:
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(appPty);
VIR_FORCE_CLOSE(contPty);
VIR_FORCE_CLOSE(epollFd);
Re-arrange code between LXC driver files
2008-08-13 10:25:34 +00:00
return rc;
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
/**
* lxcControllerMoveInterfaces
* @nveths: number of interfaces
* @veths: interface names
* @container: pid of container
*
* Moves network interfaces into a container's namespace
*
* Returns 0 on success or -1 in case of error
*/
static int lxcControllerMoveInterfaces(unsigned int nveths,
char **veths,
pid_t container)
{
unsigned int i;
for (i = 0 ; i < nveths ; i++)
lxc: Fix return values of veth.c functions Previously, the functions in src/lxc/veth.c could sometimes return positive values on failure rather than -1. This made accurate error reporting difficult, and led to one failure to catch an error in a calling function. This patch makes all the functions in veth.c consistently return 0 on success, and -1 on failure. It also fixes up the callers to the veth.c functions where necessary. Note that this patch may be related to the bug: https://bugzilla.redhat.com/show_bug.cgi?id=607496. It will not fix the bug, but should unveil what happens. * po/POTFILES.in - add veth.c, which previously had no translatable strings * src/lxc/lxc_controller.c * src/lxc/lxc_container.c * src/lxc/lxc_driver.c - fixup callers to veth.c, and remove error logs, as they are now done in veth.c * src/lxc/veth.c - make all functions consistently return -1 on error. * src/lxc/veth.h - use ATTRIBUTE_NONNULL to protect against NULL args.
2010-07-23 17:25:56 +00:00
if (moveInterfaceToNetNs(veths[i], container) < 0)
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
return -1;
return 0;
}
/**
* lxcCleanupInterfaces:
LXC fix wrong or out-of-date function descriptions * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: fix broken function comments
2009-11-05 12:35:13 +00:00
* @nveths: number of interfaces
* @veths: interface names
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
*
* Cleans up the container interfaces by deleting the veth device pairs.
*
* Returns 0 on success or -1 in case of error
*/
static int lxcControllerCleanupInterfaces(unsigned int nveths,
char **veths)
{
unsigned int i;
for (i = 0 ; i < nveths ; i++)
lxc: Fix return values of veth.c functions Previously, the functions in src/lxc/veth.c could sometimes return positive values on failure rather than -1. This made accurate error reporting difficult, and led to one failure to catch an error in a calling function. This patch makes all the functions in veth.c consistently return 0 on success, and -1 on failure. It also fixes up the callers to the veth.c functions where necessary. Note that this patch may be related to the bug: https://bugzilla.redhat.com/show_bug.cgi?id=607496. It will not fix the bug, but should unveil what happens. * po/POTFILES.in - add veth.c, which previously had no translatable strings * src/lxc/lxc_controller.c * src/lxc/lxc_container.c * src/lxc/lxc_driver.c - fixup callers to veth.c, and remove error logs, as they are now done in veth.c * src/lxc/veth.c - make all functions consistently return -1 on error. * src/lxc/veth.h - use ATTRIBUTE_NONNULL to protect against NULL args.
2010-07-23 17:25:56 +00:00
vethDelete(veths[i]);
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
return 0;
}
Allow 32-on-64 execution for LXC guests Using the 'personality(2)' system call, we can make a container on an x86_64 host appear to be i686. Likewise for most other Linux 64bit arches. * src/lxc/lxc_conf.c: Fill in 32bit capabilities for x86_64 hosts * src/lxc/lxc_container.h, src/lxc/lxc_container.c: Add API to check if an arch has a 32bit alternative * src/lxc/lxc_controller.c: Set the process personality when starting guest
2011-02-23 17:17:53 +00:00
static int lxcSetPersonality(virDomainDefPtr def)
{
struct utsname utsname;
const char *altArch;
uname(&utsname);
altArch = lxcContainerGetAlt32bitArch(utsname.machine);
if (altArch &&
STREQ(def->os.arch, altArch)) {
if (personality(PER_LINUX32) < 0) {
virReportSystemError(errno, _("Unable to request personality for %s on %s"),
altArch, utsname.machine);
return -1;
}
}
return 0;
}
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
#ifndef MS_REC
build: consistently indent preprocessor directives * global: patch created by running: for f in $(git ls-files '*.[ch]') ; do cppi $f > $f.t && mv $f.t $f done
2010-03-09 18:22:22 +00:00
# define MS_REC 16384
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
#endif
#ifndef MS_SLAVE
build: consistently indent preprocessor directives * global: patch created by running: for f in $(git ls-files '*.[ch]') ; do cppi $f > $f.t && mv $f.t $f done
2010-03-09 18:22:22 +00:00
# define MS_SLAVE (1<<19)
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
#endif
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
static int
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
lxcControllerRun(virDomainDefPtr def,
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
unsigned int nveths,
char **veths,
int monitor,
int client,
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
int appPty,
int handshakefd)
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
{
int rc = -1;
int control[2] = { -1, -1};
lxc: controller: Improve container error reporting Add a handshake with the cloned container process to try and detect if it fails to start.
2011-06-02 15:52:32 +00:00
int containerhandshake[2] = { -1, -1 };
Various fixes following a code review * src/libvirt.c src/lxc/lxc_conf.c src/lxc/lxc_container.c src/lxc/lxc_controller.c src/node_device/node_device_hal.c src/openvz/openvz_conf.c src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.c src/remote/remote_driver.c src/storage/storage_backend_disk.c src/storage/storage_driver.c src/util/logging.c src/xen/sexpr.c src/xen/xend_internal.c src/xen/xm_internal.c: Steve Grubb <sgrubb@redhat.com> sent a code review and those are the fixes correcting the problems
2009-11-10 11:56:11 +00:00
int containerPty = -1;
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
char *containerPtyPath = NULL;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
pid_t container = -1;
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
virDomainFSDefPtr root;
char *devpts = NULL;
char *devptmx = NULL;
Allow use of file images for LXC container filesystems A previous commit gave the LXC driver the ability to mount block devices for the container filesystem. Through use of the loopback device functionality, we can build on this to support use of plain file images for LXC filesytems. By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that the loop device automatically disappears when the container dies / shuts down * src/lxc/lxc_container.c: Raise error if we see a file based filesystem, since it should have been turned into a loopback device already * src/lxc/lxc_controller.c: Rewrite any filesystems of type=file, into type=block, by binding the file image to a free loop device
2011-08-04 09:13:02 +00:00
size_t nloopDevs = 0;
int *loopDevs = NULL;
size_t i;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
if (socketpair(PF_UNIX, SOCK_STREAM, 0, control) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("sockpair failed"));
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
goto cleanup;
}
lxc: controller: Improve container error reporting Add a handshake with the cloned container process to try and detect if it fails to start.
2011-06-02 15:52:32 +00:00
if (socketpair(PF_UNIX, SOCK_STREAM, 0, containerhandshake) < 0) {
virReportSystemError(errno, "%s",
_("socketpair failed"));
goto cleanup;
}
Allow use of file images for LXC container filesystems A previous commit gave the LXC driver the ability to mount block devices for the container filesystem. Through use of the loopback device functionality, we can build on this to support use of plain file images for LXC filesytems. By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that the loop device automatically disappears when the container dies / shuts down * src/lxc/lxc_container.c: Raise error if we see a file based filesystem, since it should have been turned into a loopback device already * src/lxc/lxc_controller.c: Rewrite any filesystems of type=file, into type=block, by binding the file image to a free loop device
2011-08-04 09:13:02 +00:00
if (lxcSetupLoopDevices(def, &nloopDevs, &loopDevs) < 0)
goto cleanup;
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
root = virDomainGetRootFilesystem(def);
Misc fixes for LXC cgroups setup When using the 'ns' cgroup controller, the moment a process calls 'unshare(CLONE_NEWNS)', it will be given a private cgroup tree under its current location. This really messages up the LXC controller process, because it ends up creating the containers' cgroup in the wrong place. The fix is fairly easy, just move the cgroup setup before the code which calls unshare(). The 'ns' controller will still create extra undesired cgroups, but they at least won't break libvirt's setup now. The patch also adds a missing cgroups allow rule for /dev/tty device node
2010-03-04 11:15:42 +00:00
if (lxcSetContainerResources(def) < 0)
goto cleanup;
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
/*
* If doing a chroot style setup, we need to prepare
* a private /dev/pts for the child now, which they
* will later move into position.
*
* This is complex because 'virsh console' needs to
* use /dev/pts from the host OS, and the guest OS
* needs to use /dev/pts from the guest.
*
* This means that we (libvirt_lxc) need to see and
* use both /dev/pts instances. We're running in the
* host OS context though and don't want to expose
* the guest OS /dev/pts there.
*
* Thus we call unshare(CLONE_NS) so that we can see
* the guest's new /dev/pts, without it becoming
* visible to the host OS. We also put the root FS
* into slave mode, just in case it was currently
* marked as shared
*/
if (root) {
libvirt,logging: cleanup VIR_XXX0() These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead. How do these coversions works? The magic is using the gcc extension of ##. When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to avoid compile error. example: origin after CPP high_level_api("%d", a_int) low_level_api("%d", a_int) high_level_api("a string") low_level_api("a string") About 400 conversions. 8 special conversions: VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal) (for security) 6 conversions Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
2011-05-09 09:24:09 +00:00
VIR_DEBUG("Setting up private /dev/pts");
lxc: Verify root fs exists before mounting Otherwise the following virFileMakePath will create the directory for us and fail further ahead, which probably isn't intended.
2011-06-02 18:25:25 +00:00
if (!virFileExists(root->src)) {
virReportSystemError(errno,
_("root source %s does not exist"),
root->src);
goto cleanup;
}
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
if (unshare(CLONE_NEWNS) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("Cannot unshare mount namespace"));
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
goto cleanup;
}
if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("Failed to switch root mount into slave mode"));
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
goto cleanup;
}
if (virAsprintf(&devpts, "%s/dev/pts", root->src) < 0 ||
virAsprintf(&devptmx, "%s/dev/pts/ptmx", root->src) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
goto cleanup;
}
Fix return value semantic of virFileMakePath Some callers expected virFileMakePath to set errno, some expected it to return an errno value. Unify this to return 0 on success and -1 on error. Set errno to report detailed error information. Also optimize virFileMakePath if stat fails with an errno different from ENOENT.
2011-07-05 21:02:53 +00:00
if (virFileMakePath(devpts) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno,
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("Failed to make path %s"),
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
devpts);
goto cleanup;
}
VIR_DEBUG("Mouting 'devpts' on %s", devpts);
Fix group/mode for /dev/pts inside LXC container Normal practice for /dev/pts is to have it mode=620,gid=5 but LXC was leaving mode=000,gid=0 preventing unprivilegd users in the guest use of PTYs * src/lxc/lxc_controller.c: Fix /dev/pts setup
2011-02-22 14:06:09 +00:00
if (mount("devpts", devpts, "devpts", 0,
"newinstance,ptmxmode=0666,mode=0620,gid=5") < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno,
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("Failed to mount devpts on %s"),
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
devpts);
goto cleanup;
}
if (access(devptmx, R_OK) < 0) {
libvirt,logging: cleanup VIR_XXX0() These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead. How do these coversions works? The magic is using the gcc extension of ##. When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to avoid compile error. example: origin after CPP high_level_api("%d", a_int) low_level_api("%d", a_int) high_level_api("a string") low_level_api("a string") About 400 conversions. 8 special conversions: VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal) (for security) 6 conversions Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
2011-05-09 09:24:09 +00:00
VIR_WARN("Kernel does not support private devpts, using shared devpts");
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
VIR_FREE(devptmx);
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
}
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
if (devptmx) {
VIR_DEBUG("Opening tty on private %s", devptmx);
if (virFileOpenTtyAt(devptmx,
&containerPty,
&containerPtyPath,
0) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("Failed to allocate tty"));
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
goto cleanup;
}
} else {
libvirt,logging: cleanup VIR_XXX0() These VIR_XXXX0 APIs make us confused, use the non-0-suffix APIs instead. How do these coversions works? The magic is using the gcc extension of ##. When __VA_ARGS__ is empty, "##" will swallow the "," in "fmt," to avoid compile error. example: origin after CPP high_level_api("%d", a_int) low_level_api("%d", a_int) high_level_api("a string") low_level_api("a string") About 400 conversions. 8 special conversions: VIR_XXXX0("") -> VIR_XXXX("msg") (avoid empty format) 2 conversions VIR_XXXX0(string_literal_with_%) -> VIR_XXXX(%->%%) 0 conversions VIR_XXXX0(non_string_literal) -> VIR_XXXX("%s", non_string_literal) (for security) 6 conversions Signed-off-by: Lai Jiangshan <laijs@cn.fujitsu.com>
2011-05-09 09:24:09 +00:00
VIR_DEBUG("Opening tty on shared /dev/ptmx");
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
if (virFileOpenTty(&containerPty,
&containerPtyPath,
0) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("Failed to allocate tty"));
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
goto cleanup;
}
}
Allow 32-on-64 execution for LXC guests Using the 'personality(2)' system call, we can make a container on an x86_64 host appear to be i686. Likewise for most other Linux 64bit arches. * src/lxc/lxc_conf.c: Fill in 32bit capabilities for x86_64 hosts * src/lxc/lxc_container.h, src/lxc/lxc_container.c: Add API to check if an arch has a 32bit alternative * src/lxc/lxc_controller.c: Set the process personality when starting guest
2011-02-23 17:17:53 +00:00
if (lxcSetPersonality(def) < 0)
goto cleanup;
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
if ((container = lxcContainerStart(def,
nveths,
veths,
control[1],
lxc: controller: Improve container error reporting Add a handshake with the cloned container process to try and detect if it fails to start.
2011-06-02 15:52:32 +00:00
containerhandshake[1],
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
containerPtyPath)) < 0)
goto cleanup;
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(control[1]);
lxc: controller: Improve container error reporting Add a handshake with the cloned container process to try and detect if it fails to start.
2011-06-02 15:52:32 +00:00
VIR_FORCE_CLOSE(containerhandshake[1]);
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
if (lxcControllerMoveInterfaces(nveths, veths, container) < 0)
goto cleanup;
lxc: Don't report error in Wait/SendContinue We will reuse these shortly, and each use should have a different error message.
2011-06-02 15:18:14 +00:00
if (lxcContainerSendContinue(control[0]) < 0) {
virReportSystemError(errno, "%s",
_("Unable to send container continue message"));
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
goto cleanup;
lxc: Don't report error in Wait/SendContinue We will reuse these shortly, and each use should have a different error message.
2011-06-02 15:18:14 +00:00
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
lxc: controller: Improve container error reporting Add a handshake with the cloned container process to try and detect if it fails to start.
2011-06-02 15:52:32 +00:00
if (lxcContainerWaitForContinue(containerhandshake[0]) < 0) {
virReportSystemError(errno, "%s",
_("error receiving signal from container"));
goto cleanup;
}
Allow use of file images for LXC container filesystems A previous commit gave the LXC driver the ability to mount block devices for the container filesystem. Through use of the loopback device functionality, we can build on this to support use of plain file images for LXC filesytems. By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that the loop device automatically disappears when the container dies / shuts down * src/lxc/lxc_container.c: Raise error if we see a file based filesystem, since it should have been turned into a loopback device already * src/lxc/lxc_controller.c: Rewrite any filesystems of type=file, into type=block, by binding the file image to a free loop device
2011-08-04 09:13:02 +00:00
/* Now the container is fully setup... */
/* ...we can close the loop devices... */
for (i = 0 ; i < nloopDevs ; i++)
VIR_FORCE_CLOSE(loopDevs[i]);
/* ...and reduce our privileges */
Reduce LXC capabilities
2009-06-29 17:09:42 +00:00
if (lxcControllerClearCapabilities() < 0)
goto cleanup;
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
if (lxcContainerSendContinue(handshakefd) < 0) {
virReportSystemError(errno, "%s",
_("error sending continue signal to parent"));
goto cleanup;
}
VIR_FORCE_CLOSE(handshakefd);
Make LXC container startup/shutdown/I/O more robust The current LXC I/O controller looks for HUP to detect when a guest has quit. This isn't reliable as during initial bootup it is possible that 'init' will close the console and let mingetty re-open it. The shutdown of containers was also flakey because it only killed the libvirt I/O controller and expected container processes to gracefully follow. Change the I/O controller such that when it see HUP or an I/O error, it uses kill($PID, 0) to see if the process has really quit. Change the container shutdown sequence to use the virCgroupKillPainfully function to ensure every really goes away This change makes the use of the 'cpu', 'devices' and 'memory' cgroups controllers compulsory with LXC * docs/drvlxc.html.in: Document that certain cgroups controllers are now mandatory * src/lxc/lxc_controller.c: Check if PID is still alive before quitting on I/O error/HUP * src/lxc/lxc_driver.c: Use virCgroupKillPainfully
2011-02-22 17:35:06 +00:00
rc = lxcControllerMain(monitor, client, appPty, containerPty, container);
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
cleanup:
Use a private /dev/pts instance in containers if kernel is new enough
2009-04-22 14:26:50 +00:00
VIR_FREE(devptmx);
VIR_FREE(devpts);
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(control[0]);
VIR_FORCE_CLOSE(control[1]);
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
VIR_FREE(containerPtyPath);
bye to close(), welcome to VIR_(FORCE_)CLOSE() Using automated replacement with sed and editing I have now replaced all occurrences of close() with VIR_(FORCE_)CLOSE() except for one, of course. Some replacements were straight forward, others I needed to pay attention. I hope I payed attention in all the right places... Please have a look. This should have at least solved one more double-close error.
2010-11-09 20:48:48 +00:00
VIR_FORCE_CLOSE(containerPty);
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
VIR_FORCE_CLOSE(handshakefd);
lxc: controller: Improve container error reporting Add a handshake with the cloned container process to try and detect if it fails to start.
2011-06-02 15:52:32 +00:00
VIR_FORCE_CLOSE(containerhandshake[0]);
VIR_FORCE_CLOSE(containerhandshake[1]);
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Allow use of file images for LXC container filesystems A previous commit gave the LXC driver the ability to mount block devices for the container filesystem. Through use of the loopback device functionality, we can build on this to support use of plain file images for LXC filesytems. By setting the LO_FLAGS_AUTOCLEAR flag we can ensure that the loop device automatically disappears when the container dies / shuts down * src/lxc/lxc_container.c: Raise error if we see a file based filesystem, since it should have been turned into a loopback device already * src/lxc/lxc_controller.c: Rewrite any filesystems of type=file, into type=block, by binding the file image to a free loop device
2011-08-04 09:13:02 +00:00
for (i = 0 ; i < nloopDevs ; i++)
VIR_FORCE_CLOSE(loopDevs[i]);
VIR_FREE(loopDevs);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if (container > 1) {
lxc: force kill of init process by sending SIGKILL if needed Init process may remain after sending SIGTERM for some reason. For example, if original init program is used, it is definitely not killed by SIGTERM. * src/lxc/lxc_controller.c: kill with SIGKILL if SIGTERM wasn't sufficient
2010-07-22 16:57:43 +00:00
int status;
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
kill(container, SIGTERM);
lxc: force kill of init process by sending SIGKILL if needed Init process may remain after sending SIGTERM for some reason. For example, if original init program is used, it is definitely not killed by SIGTERM. * src/lxc/lxc_controller.c: kill with SIGKILL if SIGTERM wasn't sufficient
2010-07-22 16:57:43 +00:00
if (!(waitpid(container, &status, WNOHANG) == 0 &&
WIFEXITED(status)))
kill(container, SIGKILL);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
waitpid(container, NULL, 0);
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
return rc;
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
int main(int argc, char *argv[])
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
{
pid_t pid;
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
int rc = 1;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
int client;
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
char *name = NULL;
int nveths = 0;
char **veths = NULL;
int monitor = -1;
int appPty = -1;
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
int handshakefd = -1;
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
int bg = 0;
virCapsPtr caps = NULL;
virDomainDefPtr def = NULL;
char *configFile = NULL;
char *sockpath = NULL;
build: enable redundant-const check * Makefile.cfg (local-checks-to-skip): Remove sc_redundant_const. * src/lxc_controller.c: Remove redundant "const"(s). * src/storage_backend_fs.c: Likewise. * src/util.h: Likewise. * src/xen_internal.c: Likewise. * tests/qparamtest.c: Likewise.
2009-02-03 13:08:59 +00:00
const struct option options[] = {
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
{ "background", 0, NULL, 'b' },
{ "name", 1, NULL, 'n' },
{ "veth", 1, NULL, 'v' },
{ "console", 1, NULL, 'c' },
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
{ "handshakefd", 1, NULL, 's' },
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
{ "help", 0, NULL, 'h' },
{ 0, 0, 0, 0 },
};
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
maint: improve i18n on non-Linux Per the gettext developer: http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00019.html http://lists.gnu.org/archive/html/bug-gnu-utils/2010-10/msg00021.html gettext() doesn't work correctly on all platforms unless you have called setlocale(). Furthermore, gnulib's gettext.h has provisions for setting up a default locale, which is the preferred method for libraries to use gettext without having to call textdomain() and override the main program's default domain (virInitialize already calls bindtextdomain(), but this is insufficient without the setlocale() added in this patch; and a redundant bindtextdomain() in this patch doesn't hurt, but serves as a good example for other packages that need to bind a second translation domain). This patch is needed to silence a new gnulib 'make syntax-check' rule in the next patch. * daemon/libvirtd.c (main): Setup locale and gettext. * src/lxc/lxc_controller.c (main): Likewise. * src/security/virt-aa-helper.c (main): Likewise. * src/storage/parthelper.c (main): Likewise. * tools/virsh.c (main): Fix exit status. * src/internal.h (DEFAULT_TEXT_DOMAIN): Define, for gettext.h. (_): Simplify definition accordingly. * po/POTFILES.in: Add src/storage/parthelper.c.
2010-11-16 19:01:37 +00:00
if (setlocale(LC_ALL, "") == NULL ||
bindtextdomain(PACKAGE, LOCALEDIR) == NULL ||
textdomain(PACKAGE) == NULL) {
fprintf(stderr, _("%s: initialization failed\n"), argv[0]);
exit(EXIT_FAILURE);
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
while (1) {
int c;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
c = getopt_long(argc, argv, "dn:v:m:c:s:h",
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
options, NULL);
if (c == -1)
break;
switch (c) {
case 'b':
bg = 1;
break;
case 'n':
if ((name = strdup(optarg)) == NULL) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
break;
case 'v':
if (VIR_REALLOC_N(veths, nveths+1) < 0) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if ((veths[nveths++] = strdup(optarg)) == NULL) {
Remove conn parameter from virReportOOMError
2010-02-04 18:19:08 +00:00
virReportOOMError();
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
break;
case 'c':
if (virStrToLong_i(optarg, NULL, 10, &appPty) < 0) {
fprintf(stderr, "malformed --console argument '%s'", optarg);
goto cleanup;
}
break;
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
case 's':
if (virStrToLong_i(optarg, NULL, 10, &handshakefd) < 0) {
fprintf(stderr, "malformed --handshakefd argument '%s'",
optarg);
goto cleanup;
}
break;
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
case 'h':
case '?':
fprintf(stderr, "\n");
fprintf(stderr, "syntax: %s [OPTIONS]\n", argv[0]);
fprintf(stderr, "\n");
fprintf(stderr, "Options\n");
fprintf(stderr, "\n");
fprintf(stderr, " -b, --background\n");
fprintf(stderr, " -n NAME, --name NAME\n");
fprintf(stderr, " -c FD, --console FD\n");
fprintf(stderr, " -v VETH, --veth VETH\n");
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
fprintf(stderr, " -s FD, --handshakefd FD\n");
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
fprintf(stderr, " -h, --help\n");
fprintf(stderr, "\n");
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
}
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if (name == NULL) {
fprintf(stderr, "%s: missing --name argument for configuration\n", argv[0]);
goto cleanup;
}
if (appPty < 0) {
fprintf(stderr, "%s: missing --console argument for container PTY\n", argv[0]);
goto cleanup;
}
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
if (handshakefd < 0) {
fprintf(stderr, "%s: missing --handshake argument for container PTY\n",
argv[0]);
goto cleanup;
}
Various fixes following a code review * src/libvirt.c src/lxc/lxc_conf.c src/lxc/lxc_container.c src/lxc/lxc_controller.c src/node_device/node_device_hal.c src/openvz/openvz_conf.c src/qemu/qemu_driver.c src/qemu/qemu_monitor_text.c src/remote/remote_driver.c src/storage/storage_backend_disk.c src/storage/storage_driver.c src/util/logging.c src/xen/sexpr.c src/xen/xend_internal.c src/xen/xm_internal.c: Steve Grubb <sgrubb@redhat.com> sent a code review and those are the fixes correcting the problems
2009-11-10 11:56:11 +00:00
if (getuid() != 0) {
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
fprintf(stderr, "%s: must be run as the 'root' user\n", argv[0]);
goto cleanup;
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if ((caps = lxcCapsInit()) == NULL)
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Remove virConnectPtr from all domain XML parsing/formatting APIs
2010-02-09 18:58:01 +00:00
if ((configFile = virDomainConfigFile(LXC_STATE_DIR,
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
name)) == NULL)
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Remove virConnectPtr from all domain XML parsing/formatting APIs
2010-02-09 18:58:01 +00:00
if ((def = virDomainDefParseFile(caps, configFile,
Add domain type checking The drivers were accepting domain configs without checking if those were actually meant for them. For example the LXC driver happily accepts configs with type QEMU. Add a check for the expected domain types to the virDomainDefParse* functions.
2011-07-11 17:29:09 +00:00
1 << VIR_DOMAIN_VIRT_LXC,
Differentiate between active and inactive configs by honoring the VIR_DOMAIN_XML_INACTIVE flag.
2008-12-04 12:02:59 +00:00
VIR_DOMAIN_XML_INACTIVE)) == NULL)
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Switch domain device objects to array instead of linked list
2008-10-10 16:08:01 +00:00
if (def->nnets != nveths) {
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
fprintf(stderr, "%s: expecting %d veths, but got %d\n",
Switch domain device objects to array instead of linked list
2008-10-10 16:08:01 +00:00
argv[0], def->nnets, nveths);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if ((sockpath = lxcMonitorPath(def)) == NULL)
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if ((monitor = lxcMonitorServer(sockpath)) < 0)
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if (bg) {
if ((pid = fork()) < 0)
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if (pid > 0) {
Move pidfile functions into util/virpidfile.{c,h} The functions for manipulating pidfiles are in util/util.{c,h}. We will shortly be adding some further pidfile related functions. To avoid further growing util.c, this moves the pidfile related functions into a dedicated virpidfile.{c,h}. The functions are also all renamed to have 'virPidFile' as their name prefix * util/util.h, util/util.c: Remove all pidfile code * util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile handling. * lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c, qemu/qemu_process.c: Add virpidfile.h include and adapt for API renames
2011-08-05 13:13:12 +00:00
if ((rc = virPidFileWrite(LXC_STATE_DIR, name, pid)) < 0) {
util: change virFile*Pid functions to return < 0 on failure Although most functions in libvirt return 0 on success and < 0 on failure, there are a few functions lingering around that return errno (a positive value) on failure, and sometimes code calling those functions incorrectly assumes the <0 standard. I noticed one of these the other day when auditing networkStartDhcpDaemon after Guido Gunther found a place where success was improperly returned on failure (that patch has been acked and is pending a push). The problem was that it expected the return value from virFileReadPid to be < 0 on failure, but it was actually positive (it was also neglected to set the return code in this case, similar to the bug found by Guido). This all led to the fact that *all* of the virFile*Pid functions in util.c are returning errno on failure. This patch remedies that problem by changing them all to return -errno on failure, and makes any necessary changes to callers of the functions. (In the meantime, I also properly set the return code on failure of virFileReadPid in networkStartDhcpDaemon).
2011-07-25 18:11:38 +00:00
virReportSystemError(-rc,
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("Unable to write pid file '%s/%s.pid'"),
LXC_STATE_DIR, name);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
_exit(1);
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
/* First child now exits, allowing original caller
* (ie libvirtd's LXC driver to complete their
* waitpid & continue */
_exit(0);
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
}
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
/* Don't hold onto any cwd we inherit from libvirtd either */
if (chdir("/") < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("Unable to change to root dir"));
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto cleanup;
}
if (setsid() < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
Make error reporting threadsafe by avoiding strerror
2009-01-20 17:13:33 +00:00
_("Unable to become session leader"));
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto cleanup;
}
}
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
LXC initialize logging configuration * src/lxc/lxc_driver.c src/lxc/lxc_controller.c: before launching the lxc controller, have the lxc driver query the log settings and setup envp[]. This provides the advantage of honoring the actual log configuration instead of only what had been set in the environment. The lxc controller now simply has to call virLogSetFromEnv().
2009-10-08 15:16:08 +00:00
/* Initialize logging */
virLogSetFromEnv();
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
/* Accept initial client which is the libvirtd daemon */
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
if ((client = accept(monitor, NULL, 0)) < 0) {
Remove conn parameter from virReportSystemError
2010-02-04 20:02:58 +00:00
virReportSystemError(errno, "%s",
LXC messages cleanup and fix lxcError * src/lxc/lxc_container.c src/lxc/lxc_controller.c src/lxc/lxc_driver.c src/lxc/veth.c: most of cleanups are just capitalizing their messages though, some fixes wrong error messages and awkward indentations, and improves error messages.
2009-11-05 12:39:09 +00:00
_("Failed to accept a connection from driver"));
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
goto cleanup;
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
}
lxc: Improve guest startup error reporting Add a simple handshake with the lxc_controller process so we can detect process startup failures. We do this by adding a new --handshake cli arg to lxc_controller for passing a file descriptor. If the process fails to launch, we scrape all output from the logfile and report it to the user.
2011-06-01 22:17:00 +00:00
rc = lxcControllerRun(def, nveths, veths, monitor, client, appPty,
handshakefd);
Make LXC I/O controller process a parent of the container process
2008-08-13 10:52:15 +00:00
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
cleanup:
don't crash when called without arguments
2009-05-07 07:17:25 +00:00
if (def)
Move pidfile functions into util/virpidfile.{c,h} The functions for manipulating pidfiles are in util/util.{c,h}. We will shortly be adding some further pidfile related functions. To avoid further growing util.c, this moves the pidfile related functions into a dedicated virpidfile.{c,h}. The functions are also all renamed to have 'virPidFile' as their name prefix * util/util.h, util/util.c: Remove all pidfile code * util/virpidfile.c, util/virpidfile.h: Add new APIs for pidfile handling. * lxc/lxc_controller.c, lxc/lxc_driver.c, network/bridge_driver.c, qemu/qemu_process.c: Add virpidfile.h include and adapt for API renames
2011-08-05 13:13:12 +00:00
virPidFileDelete(LXC_STATE_DIR, def->name);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
lxcControllerCleanupInterfaces(nveths, veths);
lxc: don't unlink(NULL) in main * src/lxc_controller.c (main): Unlink sockpath only if it's non-NULL.
2009-09-02 08:02:49 +00:00
if (sockpath)
unlink(sockpath);
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
VIR_FREE(sockpath);
util: change virFile*Pid functions to return < 0 on failure Although most functions in libvirt return 0 on success and < 0 on failure, there are a few functions lingering around that return errno (a positive value) on failure, and sometimes code calling those functions incorrectly assumes the <0 standard. I noticed one of these the other day when auditing networkStartDhcpDaemon after Guido Gunther found a place where success was improperly returned on failure (that patch has been acked and is pending a push). The problem was that it expected the return value from virFileReadPid to be < 0 on failure, but it was actually positive (it was also neglected to set the return code in this case, similar to the bug found by Guido). This all led to the fact that *all* of the virFile*Pid functions in util.c are returning errno on failure. This patch remedies that problem by changing them all to return -errno on failure, and makes any necessary changes to callers of the functions. (In the meantime, I also properly set the return code on failure of virFileReadPid in networkStartDhcpDaemon).
2011-07-25 18:11:38 +00:00
return rc ? EXIT_FAILURE : EXIT_SUCCESS;
Create lxc_controller standalone binary
2008-08-20 20:55:32 +00:00
}
Reference in New Issue Copy Permalink