/* * Copyright (C) 2010-2016 Red Hat, Inc. * Copyright IBM Corp. 2008 * * lxc_driver.c: linux container driver functions * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either * version 2.1 of the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library. If not, see * . */ #include #include #include #include #ifdef __linux__ # include #endif #include #include #include #include #include "virerror.h" #include "virlog.h" #include "datatypes.h" #include "lxc_cgroup.h" #include "lxc_conf.h" #include "lxc_container.h" #include "lxc_domain.h" #include "lxc_driver.h" #include "lxc_native.h" #include "lxc_process.h" #include "virnetdevbridge.h" #include "virnetdevveth.h" #include "virnetdevopenvswitch.h" #include "virhostcpu.h" #include "virhostmem.h" #include "viruuid.h" #include "virhook.h" #include "virfile.h" #include "virpidfile.h" #include "virfdstream.h" #include "domain_audit.h" #include "domain_cgroup.h" #include "domain_driver.h" #include "domain_nwfilter.h" #include "domain_validate.h" #include "virinitctl.h" #include "virnetdev.h" #include "virnetdevtap.h" #include "virnodesuspend.h" #include "virprocess.h" #include "virtime.h" #include "virtypedparam.h" #include "viruri.h" #include "virstring.h" #include "viraccessapicheck.h" #include "viraccessapichecklxc.h" #include "virhostdev.h" #include "netdev_bandwidth_conf.h" #include "virsocket.h" #include "virutil.h" #define VIR_FROM_THIS VIR_FROM_LXC VIR_LOG_INIT("lxc.lxc_driver"); #define LXC_NB_MEM_PARAM 3 #define LXC_NB_DOMAIN_BLOCK_STAT_PARAM 4 static int lxcStateInitialize(bool privileged, const char *root, virStateInhibitCallback callback, void *opaque); static int lxcStateCleanup(void); virLXCDriver *lxc_driver = NULL; /** * lxcDomObjFromDomain: * @domain: Domain pointer that has to be looked up * * This function looks up @domain and returns the appropriate virDomainObj * * that has to be released by calling virDomainObjEndAPI. * * Returns the domain object with incremented reference counter which is locked * on success, NULL otherwise. */ static virDomainObj * lxcDomObjFromDomain(virDomainPtr domain) { virDomainObj *vm; virLXCDriver *driver = domain->conn->privateData; char uuidstr[VIR_UUID_STRING_BUFLEN]; vm = virDomainObjListFindByUUID(driver->domains, domain->uuid); if (!vm) { virUUIDFormat(domain->uuid, uuidstr); virReportError(VIR_ERR_NO_DOMAIN, _("no domain with matching uuid '%s' (%s)"), uuidstr, domain->name); return NULL; } return vm; } /* Functions */ static int lxcConnectURIProbe(char **uri) { if (lxc_driver == NULL) return 0; *uri = g_strdup("lxc:///system"); return 1; } static virDrvOpenStatus lxcConnectOpen(virConnectPtr conn, virConnectAuthPtr auth G_GNUC_UNUSED, virConf *conf G_GNUC_UNUSED, unsigned int flags) { virCheckFlags(VIR_CONNECT_RO, VIR_DRV_OPEN_ERROR); /* If path isn't '/' then they typoed, tell them correct path */ if (STRNEQ(conn->uri->path, "") && STRNEQ(conn->uri->path, "/") && STRNEQ(conn->uri->path, "/system")) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unexpected LXC URI path '%s', try lxc:///system"), conn->uri->path); return VIR_DRV_OPEN_ERROR; } /* URI was good, but driver isn't active */ if (lxc_driver == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("lxc state driver is not active")); return VIR_DRV_OPEN_ERROR; } if (virConnectOpenEnsureACL(conn) < 0) return VIR_DRV_OPEN_ERROR; conn->privateData = lxc_driver; return VIR_DRV_OPEN_SUCCESS; } static int lxcConnectClose(virConnectPtr conn) { virLXCDriver *driver = conn->privateData; virCloseCallbacksRun(driver->closeCallbacks, conn, driver->domains, driver); conn->privateData = NULL; return 0; } static int lxcConnectIsSecure(virConnectPtr conn G_GNUC_UNUSED) { /* Trivially secure, since always inside the daemon */ return 1; } static int lxcConnectIsEncrypted(virConnectPtr conn G_GNUC_UNUSED) { /* Not encrypted, but remote driver takes care of that */ return 0; } static int lxcConnectIsAlive(virConnectPtr conn G_GNUC_UNUSED) { return 1; } static char *lxcConnectGetCapabilities(virConnectPtr conn) { virLXCDriver *driver = conn->privateData; virCaps *caps; char *xml; if (virConnectGetCapabilitiesEnsureACL(conn) < 0) return NULL; if (!(caps = virLXCDriverGetCapabilities(driver, true))) return NULL; xml = virCapabilitiesFormatXML(caps); virObjectUnref(caps); return xml; } static virDomainPtr lxcDomainLookupByID(virConnectPtr conn, int id) { virLXCDriver *driver = conn->privateData; virDomainObj *vm; virDomainPtr dom = NULL; vm = virDomainObjListFindByID(driver->domains, id); if (!vm) { virReportError(VIR_ERR_NO_DOMAIN, _("No domain with matching id %d"), id); goto cleanup; } if (virDomainLookupByIDEnsureACL(conn, vm->def) < 0) goto cleanup; dom = virGetDomain(conn, vm->def->name, vm->def->uuid, vm->def->id); cleanup: virDomainObjEndAPI(&vm); return dom; } static virDomainPtr lxcDomainLookupByUUID(virConnectPtr conn, const unsigned char *uuid) { virLXCDriver *driver = conn->privateData; virDomainObj *vm; virDomainPtr dom = NULL; vm = virDomainObjListFindByUUID(driver->domains, uuid); if (!vm) { char uuidstr[VIR_UUID_STRING_BUFLEN]; virUUIDFormat(uuid, uuidstr); virReportError(VIR_ERR_NO_DOMAIN, _("No domain with matching uuid '%s'"), uuidstr); goto cleanup; } if (virDomainLookupByUUIDEnsureACL(conn, vm->def) < 0) goto cleanup; dom = virGetDomain(conn, vm->def->name, vm->def->uuid, vm->def->id); cleanup: virDomainObjEndAPI(&vm); return dom; } static virDomainPtr lxcDomainLookupByName(virConnectPtr conn, const char *name) { virLXCDriver *driver = conn->privateData; virDomainObj *vm; virDomainPtr dom = NULL; vm = virDomainObjListFindByName(driver->domains, name); if (!vm) { virReportError(VIR_ERR_NO_DOMAIN, _("No domain with matching name '%s'"), name); goto cleanup; } if (virDomainLookupByNameEnsureACL(conn, vm->def) < 0) goto cleanup; dom = virGetDomain(conn, vm->def->name, vm->def->uuid, vm->def->id); cleanup: virDomainObjEndAPI(&vm); return dom; } static int lxcDomainIsActive(virDomainPtr dom) { virDomainObj *obj; int ret = -1; if (!(obj = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainIsActiveEnsureACL(dom->conn, obj->def) < 0) goto cleanup; ret = virDomainObjIsActive(obj); cleanup: virDomainObjEndAPI(&obj); return ret; } static int lxcDomainIsPersistent(virDomainPtr dom) { virDomainObj *obj; int ret = -1; if (!(obj = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainIsPersistentEnsureACL(dom->conn, obj->def) < 0) goto cleanup; ret = obj->persistent; cleanup: virDomainObjEndAPI(&obj); return ret; } static int lxcDomainIsUpdated(virDomainPtr dom) { virDomainObj *obj; int ret = -1; if (!(obj = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainIsUpdatedEnsureACL(dom->conn, obj->def) < 0) goto cleanup; ret = obj->updated; cleanup: virDomainObjEndAPI(&obj); return ret; } static int lxcConnectListDomains(virConnectPtr conn, int *ids, int nids) { virLXCDriver *driver = conn->privateData; if (virConnectListDomainsEnsureACL(conn) < 0) return -1; return virDomainObjListGetActiveIDs(driver->domains, ids, nids, virConnectListDomainsCheckACL, conn); } static int lxcConnectNumOfDomains(virConnectPtr conn) { virLXCDriver *driver = conn->privateData; if (virConnectNumOfDomainsEnsureACL(conn) < 0) return -1; return virDomainObjListNumOfDomains(driver->domains, true, virConnectNumOfDomainsCheckACL, conn); } static int lxcConnectListDefinedDomains(virConnectPtr conn, char **const names, int nnames) { virLXCDriver *driver = conn->privateData; if (virConnectListDefinedDomainsEnsureACL(conn) < 0) return -1; return virDomainObjListGetInactiveNames(driver->domains, names, nnames, virConnectListDefinedDomainsCheckACL, conn); } static int lxcConnectNumOfDefinedDomains(virConnectPtr conn) { virLXCDriver *driver = conn->privateData; if (virConnectNumOfDefinedDomainsEnsureACL(conn) < 0) return -1; return virDomainObjListNumOfDomains(driver->domains, false, virConnectNumOfDefinedDomainsCheckACL, conn); } static virDomainPtr lxcDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) { virLXCDriver *driver = conn->privateData; virDomainDef *def = NULL; virDomainObj *vm = NULL; virDomainPtr dom = NULL; virObjectEvent *event = NULL; virDomainDef *oldDef = NULL; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); virCaps *caps = NULL; unsigned int parse_flags = VIR_DOMAIN_DEF_PARSE_INACTIVE; virCheckFlags(VIR_DOMAIN_DEFINE_VALIDATE, NULL); if (flags & VIR_DOMAIN_DEFINE_VALIDATE) parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; if (!(caps = virLXCDriverGetCapabilities(driver, false))) goto cleanup; if (!(def = virDomainDefParseString(xml, driver->xmlopt, NULL, parse_flags))) goto cleanup; if (virXMLCheckIllegalChars("name", def->name, "\n") < 0) goto cleanup; if (virDomainDefineXMLFlagsEnsureACL(conn, def) < 0) goto cleanup; if (virSecurityManagerVerify(driver->securityManager, def) < 0) goto cleanup; if ((def->nets != NULL) && !(cfg->have_netns)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("System lacks NETNS support")); goto cleanup; } if (!(vm = virDomainObjListAdd(driver->domains, def, driver->xmlopt, 0, &oldDef))) goto cleanup; def = NULL; vm->persistent = 1; if (virDomainDefSave(vm->newDef ? vm->newDef : vm->def, driver->xmlopt, cfg->configDir) < 0) { virDomainObjListRemove(driver->domains, vm); goto cleanup; } event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_DEFINED, !oldDef ? VIR_DOMAIN_EVENT_DEFINED_ADDED : VIR_DOMAIN_EVENT_DEFINED_UPDATED); dom = virGetDomain(conn, vm->def->name, vm->def->uuid, vm->def->id); cleanup: virDomainDefFree(def); virDomainDefFree(oldDef); virDomainObjEndAPI(&vm); virObjectEventStateQueue(driver->domainEventState, event); virObjectUnref(caps); virObjectUnref(cfg); return dom; } static virDomainPtr lxcDomainDefineXML(virConnectPtr conn, const char *xml) { return lxcDomainDefineXMLFlags(conn, xml, 0); } static int lxcDomainUndefineFlags(virDomainPtr dom, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; virObjectEvent *event = NULL; int ret = -1; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); virCheckFlags(0, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainUndefineFlagsEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (!vm->persistent) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot undefine transient domain")); goto cleanup; } if (virDomainDeleteConfig(cfg->configDir, cfg->autostartDir, vm) < 0) goto cleanup; event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_UNDEFINED, VIR_DOMAIN_EVENT_UNDEFINED_REMOVED); if (virDomainObjIsActive(vm)) vm->persistent = 0; else virDomainObjListRemove(driver->domains, vm); ret = 0; cleanup: virDomainObjEndAPI(&vm); virObjectEventStateQueue(driver->domainEventState, event); virObjectUnref(cfg); return ret; } static int lxcDomainUndefine(virDomainPtr dom) { return lxcDomainUndefineFlags(dom, 0); } static int lxcDomainGetInfo(virDomainPtr dom, virDomainInfoPtr info) { virDomainObj *vm; int ret = -1; virLXCDomainObjPrivate *priv; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainGetInfoEnsureACL(dom->conn, vm->def) < 0) goto cleanup; info->state = virDomainObjGetState(vm, NULL); if (!virDomainObjIsActive(vm)) { info->cpuTime = 0; info->memory = vm->def->mem.cur_balloon; } else { if (virCgroupGetCpuacctUsage(priv->cgroup, &(info->cpuTime)) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("Cannot read cputime for domain")); goto cleanup; } if (virCgroupGetMemoryUsage(priv->cgroup, &(info->memory)) < 0) { /* Don't fail if we can't read memory usage due to a lack of * kernel support */ if (virLastErrorIsSystemErrno(ENOENT)) { virResetLastError(); info->memory = 0; } else { goto cleanup; } } } info->maxMem = virDomainDefGetMemoryTotal(vm->def); info->nrVirtCpu = virDomainDefGetVcpus(vm->def); ret = 0; cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainGetState(virDomainPtr dom, int *state, int *reason, unsigned int flags) { virDomainObj *vm; int ret = -1; virCheckFlags(0, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainGetStateEnsureACL(dom->conn, vm->def) < 0) goto cleanup; *state = virDomainObjGetState(vm, reason); ret = 0; cleanup: virDomainObjEndAPI(&vm); return ret; } static char *lxcDomainGetOSType(virDomainPtr dom) { virDomainObj *vm; char *ret = NULL; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainGetOSTypeEnsureACL(dom->conn, vm->def) < 0) goto cleanup; ret = g_strdup(virDomainOSTypeToString(vm->def->os.type)); cleanup: virDomainObjEndAPI(&vm); return ret; } /* Returns max memory in kb, 0 if error */ static unsigned long long lxcDomainGetMaxMemory(virDomainPtr dom) { virDomainObj *vm; unsigned long long ret = 0; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainGetMaxMemoryEnsureACL(dom->conn, vm->def) < 0) goto cleanup; ret = virDomainDefGetMemoryTotal(vm->def); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainSetMemoryFlags(virDomainPtr dom, unsigned long newmem, unsigned int flags) { virDomainObj *vm; virDomainDef *def = NULL; virDomainDef *persistentDef = NULL; int ret = -1; virLXCDomainObjPrivate *priv; virLXCDriver *driver = dom->conn->privateData; virLXCDriverConfig *cfg = NULL; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG | VIR_DOMAIN_MEM_MAXIMUM, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; cfg = virLXCDriverGetConfig(driver); priv = vm->privateData; if (virDomainSetMemoryFlagsEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) goto endjob; if (flags & VIR_DOMAIN_MEM_MAXIMUM) { if (def) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot resize the max memory " "on an active domain")); goto endjob; } if (persistentDef) { virDomainDefSetMemoryTotal(persistentDef, newmem); if (persistentDef->mem.cur_balloon > newmem) persistentDef->mem.cur_balloon = newmem; if (virDomainDefSave(persistentDef, driver->xmlopt, cfg->configDir) < 0) goto endjob; } } else { unsigned long oldmax = 0; if (def) oldmax = virDomainDefGetMemoryTotal(def); if (persistentDef) { if (!oldmax || oldmax > virDomainDefGetMemoryTotal(persistentDef)) oldmax = virDomainDefGetMemoryTotal(persistentDef); } if (newmem > oldmax) { virReportError(VIR_ERR_INVALID_ARG, "%s", _("Cannot set memory higher than max memory")); goto endjob; } if (def) { if (virCgroupSetMemory(priv->cgroup, newmem) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("Failed to set memory for domain")); goto endjob; } def->mem.cur_balloon = newmem; if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) goto endjob; } if (persistentDef) { persistentDef->mem.cur_balloon = newmem; if (virDomainDefSave(persistentDef, driver->xmlopt, cfg->configDir) < 0) goto endjob; } } ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); virObjectUnref(cfg); return ret; } static int lxcDomainSetMemory(virDomainPtr dom, unsigned long newmem) { return lxcDomainSetMemoryFlags(dom, newmem, VIR_DOMAIN_AFFECT_LIVE); } static int lxcDomainSetMaxMemory(virDomainPtr dom, unsigned long newmax) { return lxcDomainSetMemoryFlags(dom, newmax, VIR_DOMAIN_MEM_MAXIMUM); } static int lxcDomainSetMemoryParameters(virDomainPtr dom, virTypedParameterPtr params, int nparams, unsigned int flags) { virDomainDef *def = NULL; virDomainDef *persistentDef = NULL; virDomainObj *vm = NULL; virLXCDomainObjPrivate *priv = NULL; virLXCDriverConfig *cfg = NULL; virLXCDriver *driver = dom->conn->privateData; int ret = -1; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); if (virTypedParamsValidate(params, nparams, VIR_DOMAIN_MEMORY_HARD_LIMIT, VIR_TYPED_PARAM_ULLONG, VIR_DOMAIN_MEMORY_SOFT_LIMIT, VIR_TYPED_PARAM_ULLONG, VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT, VIR_TYPED_PARAM_ULLONG, NULL) < 0) return -1; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; cfg = virLXCDriverGetConfig(driver); if (virDomainSetMemoryParametersEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; /* QEMU and LXC implementation are identical */ if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) goto endjob; if (def && !virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cgroup memory controller is not mounted")); goto endjob; } if (virDomainCgroupSetMemoryLimitParameters(priv->cgroup, vm, def, persistentDef, params, nparams) < 0) goto endjob; if (def && virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) goto endjob; if (persistentDef && virDomainDefSave(persistentDef, driver->xmlopt, cfg->configDir) < 0) goto endjob; /* QEMU and LXC implementations are identical */ ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); virObjectUnref(cfg); return ret; } static int lxcDomainGetMemoryParameters(virDomainPtr dom, virTypedParameterPtr params, int *nparams, unsigned int flags) { virDomainDef *persistentDef = NULL; virDomainDef *def = NULL; virDomainObj *vm = NULL; virLXCDomainObjPrivate *priv = NULL; unsigned long long val; int ret = -1; size_t i; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG | VIR_TYPED_PARAM_STRING_OKAY, -1); /* We don't return strings, and thus trivially support this flag. */ flags &= ~VIR_TYPED_PARAM_STRING_OKAY; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainGetMemoryParametersEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) goto cleanup; if (def && !virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_MEMORY)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cgroup memory controller is not mounted")); goto cleanup; } if ((*nparams) == 0) { /* Current number of memory parameters supported by cgroups */ *nparams = LXC_NB_MEM_PARAM; ret = 0; goto cleanup; } for (i = 0; i < LXC_NB_MEM_PARAM && i < *nparams; i++) { virTypedParameterPtr param = ¶ms[i]; val = 0; switch (i) { case 0: /* fill memory hard limit here */ if (persistentDef) { val = persistentDef->mem.hard_limit; } else if (virCgroupGetMemoryHardLimit(priv->cgroup, &val) < 0) { goto cleanup; } if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_HARD_LIMIT, VIR_TYPED_PARAM_ULLONG, val) < 0) goto cleanup; break; case 1: /* fill memory soft limit here */ if (persistentDef) { val = persistentDef->mem.soft_limit; } else if (virCgroupGetMemorySoftLimit(priv->cgroup, &val) < 0) { goto cleanup; } if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_SOFT_LIMIT, VIR_TYPED_PARAM_ULLONG, val) < 0) goto cleanup; break; case 2: /* fill swap hard limit here */ if (persistentDef) { val = persistentDef->mem.swap_hard_limit; } else if (virCgroupGetMemSwapHardLimit(priv->cgroup, &val) < 0) { goto cleanup; } if (virTypedParameterAssign(param, VIR_DOMAIN_MEMORY_SWAP_HARD_LIMIT, VIR_TYPED_PARAM_ULLONG, val) < 0) goto cleanup; break; } } if (*nparams > LXC_NB_MEM_PARAM) *nparams = LXC_NB_MEM_PARAM; ret = 0; cleanup: virDomainObjEndAPI(&vm); return ret; } static char *lxcDomainGetXMLDesc(virDomainPtr dom, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; char *ret = NULL; virCheckFlags(VIR_DOMAIN_XML_COMMON_FLAGS, NULL); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainGetXMLDescEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; ret = virDomainDefFormat((flags & VIR_DOMAIN_XML_INACTIVE) && vm->newDef ? vm->newDef : vm->def, driver->xmlopt, virDomainDefFormatConvertXMLFlags(flags)); cleanup: virDomainObjEndAPI(&vm); return ret; } static char *lxcConnectDomainXMLFromNative(virConnectPtr conn, const char *nativeFormat, const char *nativeConfig, unsigned int flags) { char *xml = NULL; virDomainDef *def = NULL; virLXCDriver *driver = conn->privateData; virCaps *caps = virLXCDriverGetCapabilities(driver, false); virCheckFlags(0, NULL); if (virConnectDomainXMLFromNativeEnsureACL(conn) < 0) goto cleanup; if (STRNEQ(nativeFormat, LXC_CONFIG_FORMAT)) { virReportError(VIR_ERR_INVALID_ARG, _("unsupported config type %s"), nativeFormat); goto cleanup; } if (!(def = lxcParseConfigString(nativeConfig, caps, driver->xmlopt))) goto cleanup; xml = virDomainDefFormat(def, driver->xmlopt, 0); cleanup: virObjectUnref(caps); virDomainDefFree(def); return xml; } /** * lxcDomainCreateWithFiles: * @dom: domain to start * @flags: Must be 0 for now * * Looks up domain and starts it. * * Returns 0 on success or -1 in case of error */ static int lxcDomainCreateWithFiles(virDomainPtr dom, unsigned int nfiles, int *files, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; virObjectEvent *event = NULL; int ret = -1; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); virCheckFlags(VIR_DOMAIN_START_AUTODESTROY, -1); virNWFilterReadLockFilterUpdates(); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainCreateWithFilesEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if ((vm->def->nets != NULL) && !(cfg->have_netns)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("System lacks NETNS support")); goto cleanup; } if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjIsActive(vm)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Domain is already running")); goto endjob; } ret = virLXCProcessStart(dom->conn, driver, vm, nfiles, files, (flags & VIR_DOMAIN_START_AUTODESTROY), VIR_DOMAIN_RUNNING_BOOTED); if (ret == 0) { event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STARTED, VIR_DOMAIN_EVENT_STARTED_BOOTED); virDomainAuditStart(vm, "booted", true); } else { virDomainAuditStart(vm, "booted", false); } endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); virObjectEventStateQueue(driver->domainEventState, event); virObjectUnref(cfg); virNWFilterUnlockFilterUpdates(); return ret; } /** * lxcDomainCreate: * @dom: domain to start * * Looks up domain and starts it. * * Returns 0 on success or -1 in case of error */ static int lxcDomainCreate(virDomainPtr dom) { return lxcDomainCreateWithFiles(dom, 0, NULL, 0); } /** * lxcDomainCreateWithFlags: * @dom: domain to start * * Looks up domain and starts it. * * Returns 0 on success or -1 in case of error */ static int lxcDomainCreateWithFlags(virDomainPtr dom, unsigned int flags) { return lxcDomainCreateWithFiles(dom, 0, NULL, flags); } /** * lxcDomainCreateXMLWithFiles: * @conn: pointer to connection * @xml: XML definition of domain * @nfiles: number of file descriptors passed * @files: list of file descriptors passed * @flags: bitwise-OR of supported virDomainCreateFlags * * Creates a domain based on xml and starts it * * Returns a new domain object or NULL in case of failure. */ static virDomainPtr lxcDomainCreateXMLWithFiles(virConnectPtr conn, const char *xml, unsigned int nfiles, int *files, unsigned int flags) { virLXCDriver *driver = conn->privateData; virDomainObj *vm = NULL; virDomainDef *def = NULL; virDomainPtr dom = NULL; virObjectEvent *event = NULL; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); virCaps *caps = NULL; unsigned int parse_flags = VIR_DOMAIN_DEF_PARSE_INACTIVE; virCheckFlags(VIR_DOMAIN_START_AUTODESTROY | VIR_DOMAIN_START_VALIDATE, NULL); if (flags & VIR_DOMAIN_START_VALIDATE) parse_flags |= VIR_DOMAIN_DEF_PARSE_VALIDATE_SCHEMA; virNWFilterReadLockFilterUpdates(); if (!(caps = virLXCDriverGetCapabilities(driver, false))) goto cleanup; if (!(def = virDomainDefParseString(xml, driver->xmlopt, NULL, parse_flags))) goto cleanup; if (virDomainCreateXMLWithFilesEnsureACL(conn, def) < 0) goto cleanup; if (virSecurityManagerVerify(driver->securityManager, def) < 0) goto cleanup; if ((def->nets != NULL) && !(cfg->have_netns)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("System lacks NETNS support")); goto cleanup; } if (!(vm = virDomainObjListAdd(driver->domains, def, driver->xmlopt, VIR_DOMAIN_OBJ_LIST_ADD_LIVE | VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE, NULL))) goto cleanup; def = NULL; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) { if (!vm->persistent) virDomainObjListRemove(driver->domains, vm); goto cleanup; } if (virLXCProcessStart(conn, driver, vm, nfiles, files, (flags & VIR_DOMAIN_START_AUTODESTROY), VIR_DOMAIN_RUNNING_BOOTED) < 0) { virDomainAuditStart(vm, "booted", false); virLXCDomainObjEndJob(driver, vm); if (!vm->persistent) virDomainObjListRemove(driver->domains, vm); goto cleanup; } event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STARTED, VIR_DOMAIN_EVENT_STARTED_BOOTED); virDomainAuditStart(vm, "booted", true); dom = virGetDomain(conn, vm->def->name, vm->def->uuid, vm->def->id); virLXCDomainObjEndJob(driver, vm); cleanup: virDomainDefFree(def); virDomainObjEndAPI(&vm); virObjectEventStateQueue(driver->domainEventState, event); virObjectUnref(caps); virObjectUnref(cfg); virNWFilterUnlockFilterUpdates(); return dom; } /** * lxcDomainCreateXML: * @conn: pointer to connection * @xml: XML definition of domain * @flags: bitwise-OR of supported virDomainCreateFlags * * Creates a domain based on xml and starts it * * Returns a new domain object or NULL in case of failure. */ static virDomainPtr lxcDomainCreateXML(virConnectPtr conn, const char *xml, unsigned int flags) { return lxcDomainCreateXMLWithFiles(conn, xml, 0, NULL, flags); } static int lxcDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr seclabel) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; int ret = -1; memset(seclabel, 0, sizeof(*seclabel)); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainGetSecurityLabelEnsureACL(dom->conn, vm->def) < 0) goto cleanup; /* * Theoretically, the pid can be replaced during this operation and * return the label of a different process. If atomicity is needed, * further validation will be required. * * Comment from Dan Berrange: * * Well the PID as stored in the virDomainObj *can't be changed * because you've got a locked object. The OS level PID could have * exited, though and in extreme circumstances have cycled through all * PIDs back to ours. We could sanity check that our PID still exists * after reading the label, by checking that our FD connecting to the * LXC monitor hasn't seen SIGHUP/ERR on poll(). */ if (virDomainObjIsActive(vm)) { virLXCDomainObjPrivate *priv = vm->privateData; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Init pid is not yet available")); goto cleanup; } if (virSecurityManagerGetProcessLabel(driver->securityManager, vm->def, priv->initpid, seclabel) < 0) goto cleanup; } ret = 0; cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcNodeGetSecurityModel(virConnectPtr conn, virSecurityModelPtr secmodel) { virLXCDriver *driver = conn->privateData; virCaps *caps = NULL; int ret = 0; memset(secmodel, 0, sizeof(*secmodel)); if (virNodeGetSecurityModelEnsureACL(conn) < 0) goto cleanup; if (!(caps = virLXCDriverGetCapabilities(driver, false))) goto cleanup; /* we treat no driver as success, but simply return no data in *secmodel */ if (caps->host.nsecModels == 0 || caps->host.secModels[0].model == NULL) goto cleanup; if (virStrcpy(secmodel->model, caps->host.secModels[0].model, VIR_SECURITY_MODEL_BUFLEN) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security model string exceeds max %d bytes"), VIR_SECURITY_MODEL_BUFLEN - 1); ret = -1; goto cleanup; } if (virStrcpy(secmodel->doi, caps->host.secModels[0].doi, VIR_SECURITY_DOI_BUFLEN) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("security DOI string exceeds max %d bytes"), VIR_SECURITY_DOI_BUFLEN-1); ret = -1; goto cleanup; } cleanup: virObjectUnref(caps); return ret; } static int lxcConnectDomainEventRegister(virConnectPtr conn, virConnectDomainEventCallback callback, void *opaque, virFreeCallback freecb) { virLXCDriver *driver = conn->privateData; if (virConnectDomainEventRegisterEnsureACL(conn) < 0) return -1; if (virDomainEventStateRegister(conn, driver->domainEventState, callback, opaque, freecb) < 0) return -1; return 0; } static int lxcConnectDomainEventDeregister(virConnectPtr conn, virConnectDomainEventCallback callback) { virLXCDriver *driver = conn->privateData; if (virConnectDomainEventDeregisterEnsureACL(conn) < 0) return -1; if (virDomainEventStateDeregister(conn, driver->domainEventState, callback) < 0) return -1; return 0; } static int lxcConnectDomainEventRegisterAny(virConnectPtr conn, virDomainPtr dom, int eventID, virConnectDomainEventGenericCallback callback, void *opaque, virFreeCallback freecb) { virLXCDriver *driver = conn->privateData; int ret; if (virConnectDomainEventRegisterAnyEnsureACL(conn) < 0) return -1; if (virDomainEventStateRegisterID(conn, driver->domainEventState, dom, eventID, callback, opaque, freecb, &ret) < 0) ret = -1; return ret; } static int lxcConnectDomainEventDeregisterAny(virConnectPtr conn, int callbackID) { virLXCDriver *driver = conn->privateData; if (virConnectDomainEventDeregisterAnyEnsureACL(conn) < 0) return -1; if (virObjectEventStateDeregisterID(conn, driver->domainEventState, callbackID, true) < 0) return -1; return 0; } /** * lxcDomainDestroyFlags: * @dom: pointer to domain to destroy * @flags: extra flags; not used yet. * * Sends SIGKILL to container root process to terminate the container * * Returns 0 on success or -1 in case of error */ static int lxcDomainDestroyFlags(virDomainPtr dom, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; virObjectEvent *event = NULL; int ret = -1; virLXCDomainObjPrivate *priv; virCheckFlags(0, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainDestroyFlagsEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_DESTROY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; priv = vm->privateData; ret = virLXCProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_DESTROYED); event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_STOPPED, VIR_DOMAIN_EVENT_STOPPED_DESTROYED); priv->doneStopEvent = true; virDomainAuditStop(vm, "destroyed"); endjob: virLXCDomainObjEndJob(driver, vm); if (!vm->persistent) virDomainObjListRemove(driver->domains, vm); cleanup: virDomainObjEndAPI(&vm); virObjectEventStateQueue(driver->domainEventState, event); return ret; } /** * lxcDomainDestroy: * @dom: pointer to domain to destroy * * Sends SIGKILL to container root process to terminate the container * * Returns 0 on success or -1 in case of error */ static int lxcDomainDestroy(virDomainPtr dom) { return lxcDomainDestroyFlags(dom, 0); } static int lxcCheckNetNsSupport(void) { g_autoptr(virCommand) cmd = virCommandNewArgList("ip", "link", "set", "lo", "netns", "-1", NULL); int ip_rc; if (virCommandRun(cmd, &ip_rc) < 0 || ip_rc == 255) return 0; if (virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_NET) < 0) return 0; return 1; } static virSecurityManager * lxcSecurityInit(virLXCDriverConfig *cfg) { unsigned int flags = VIR_SECURITY_MANAGER_PRIVILEGED; virSecurityManager *mgr; VIR_INFO("lxcSecurityInit %s", cfg->securityDriverName); if (cfg->securityDefaultConfined) flags |= VIR_SECURITY_MANAGER_DEFAULT_CONFINED; if (cfg->securityRequireConfined) flags |= VIR_SECURITY_MANAGER_REQUIRE_CONFINED; mgr = virSecurityManagerNew(cfg->securityDriverName, LXC_DRIVER_NAME, flags); if (!mgr) goto error; return mgr; error: VIR_ERROR(_("Failed to initialize security drivers")); virObjectUnref(mgr); return NULL; } static int lxcStateInitialize(bool privileged, const char *root, virStateInhibitCallback callback G_GNUC_UNUSED, void *opaque G_GNUC_UNUSED) { virLXCDriverConfig *cfg = NULL; bool autostart = true; const char *defsecmodel; if (root != NULL) { virReportError(VIR_ERR_INVALID_ARG, "%s", _("Driver does not support embedded mode")); return -1; } /* Check that the user is root, silently disable if not */ if (!privileged) { VIR_INFO("Not running privileged, disabling driver"); return VIR_DRV_STATE_INIT_SKIPPED; } /* Check that this is a container enabled kernel */ if (virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_MNT | VIR_PROCESS_NAMESPACE_PID | VIR_PROCESS_NAMESPACE_UTS | VIR_PROCESS_NAMESPACE_IPC) < 0) { VIR_INFO("LXC support not available in this kernel, disabling driver"); return VIR_DRV_STATE_INIT_SKIPPED; } lxc_driver = g_new0(virLXCDriver, 1); lxc_driver->lockFD = -1; if (virMutexInit(&lxc_driver->lock) < 0) { g_free(lxc_driver); lxc_driver = NULL; return VIR_DRV_STATE_INIT_ERROR; } if (!(lxc_driver->domains = virDomainObjListNew())) goto cleanup; lxc_driver->domainEventState = virObjectEventStateNew(); if (!lxc_driver->domainEventState) goto cleanup; lxc_driver->hostsysinfo = virSysinfoRead(); if (!(lxc_driver->config = cfg = virLXCDriverConfigNew())) goto cleanup; cfg->log_libvirtd = false; /* by default log to container logfile */ cfg->have_netns = lxcCheckNetNsSupport(); /* Call function to load lxc driver configuration information */ if (virLXCLoadDriverConfig(cfg, SYSCONFDIR "/libvirt/lxc.conf") < 0) goto cleanup; if (!(lxc_driver->securityManager = lxcSecurityInit(cfg))) goto cleanup; if (!(lxc_driver->hostdevMgr = virHostdevManagerGetDefault())) goto cleanup; defsecmodel = virSecurityManagerGetModel(lxc_driver->securityManager); if (!(lxc_driver->xmlopt = lxcDomainXMLConfInit(lxc_driver, defsecmodel))) goto cleanup; if (!(lxc_driver->closeCallbacks = virCloseCallbacksNew())) goto cleanup; if (g_mkdir_with_parents(cfg->stateDir, 0777) < 0) { virReportSystemError(errno, _("Failed to mkdir %s"), cfg->stateDir); goto cleanup; } if ((lxc_driver->lockFD = virPidFileAcquire(cfg->stateDir, "driver", false, getpid())) < 0) goto cleanup; /* Get all the running persistent or transient configs first */ if (virDomainObjListLoadAllConfigs(lxc_driver->domains, cfg->stateDir, NULL, true, lxc_driver->xmlopt, NULL, NULL) < 0) goto cleanup; virLXCProcessReconnectAll(lxc_driver, lxc_driver->domains); /* Then inactive persistent configs */ if (virDomainObjListLoadAllConfigs(lxc_driver->domains, cfg->configDir, cfg->autostartDir, false, lxc_driver->xmlopt, NULL, NULL) < 0) goto cleanup; if (virDriverShouldAutostart(cfg->stateDir, &autostart) < 0) goto cleanup; if (autostart) virLXCProcessAutostartAll(lxc_driver); return VIR_DRV_STATE_INIT_COMPLETE; cleanup: lxcStateCleanup(); return VIR_DRV_STATE_INIT_ERROR; } static void lxcNotifyLoadDomain(virDomainObj *vm, int newVM, void *opaque) { virLXCDriver *driver = opaque; if (newVM) { virObjectEvent *event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_DEFINED, VIR_DOMAIN_EVENT_DEFINED_ADDED); virObjectEventStateQueue(driver->domainEventState, event); } } /** * lxcStateReload: * * Function to restart the LXC driver, it will recheck the configuration * files and perform autostart */ static int lxcStateReload(void) { virLXCDriverConfig *cfg = NULL; if (!lxc_driver) return 0; cfg = virLXCDriverGetConfig(lxc_driver); virDomainObjListLoadAllConfigs(lxc_driver->domains, cfg->configDir, cfg->autostartDir, false, lxc_driver->xmlopt, lxcNotifyLoadDomain, lxc_driver); virObjectUnref(cfg); return 0; } static int lxcStateCleanup(void) { if (lxc_driver == NULL) return -1; virObjectUnref(lxc_driver->domains); virObjectUnref(lxc_driver->domainEventState); virObjectUnref(lxc_driver->closeCallbacks); virSysinfoDefFree(lxc_driver->hostsysinfo); virObjectUnref(lxc_driver->hostdevMgr); virObjectUnref(lxc_driver->caps); virObjectUnref(lxc_driver->securityManager); virObjectUnref(lxc_driver->xmlopt); if (lxc_driver->lockFD != -1) virPidFileRelease(lxc_driver->config->stateDir, "driver", lxc_driver->lockFD); virObjectUnref(lxc_driver->config); virMutexDestroy(&lxc_driver->lock); g_free(lxc_driver); lxc_driver = NULL; return 0; } static int lxcConnectSupportsFeature(virConnectPtr conn, int feature) { if (virConnectSupportsFeatureEnsureACL(conn) < 0) return -1; switch ((virDrvFeature) feature) { case VIR_DRV_FEATURE_TYPED_PARAM_STRING: case VIR_DRV_FEATURE_NETWORK_UPDATE_HAS_CORRECT_ORDER: return 1; case VIR_DRV_FEATURE_FD_PASSING: case VIR_DRV_FEATURE_MIGRATE_CHANGE_PROTECTION: case VIR_DRV_FEATURE_MIGRATION_DIRECT: case VIR_DRV_FEATURE_MIGRATION_OFFLINE: case VIR_DRV_FEATURE_MIGRATION_P2P: case VIR_DRV_FEATURE_MIGRATION_PARAMS: case VIR_DRV_FEATURE_MIGRATION_V1: case VIR_DRV_FEATURE_MIGRATION_V2: case VIR_DRV_FEATURE_MIGRATION_V3: case VIR_DRV_FEATURE_PROGRAM_KEEPALIVE: case VIR_DRV_FEATURE_REMOTE: case VIR_DRV_FEATURE_REMOTE_CLOSE_CALLBACK: case VIR_DRV_FEATURE_REMOTE_EVENT_CALLBACK: case VIR_DRV_FEATURE_XML_MIGRATABLE: default: return 0; } } static int lxcConnectGetVersion(virConnectPtr conn, unsigned long *version) { struct utsname ver; uname(&ver); if (virConnectGetVersionEnsureACL(conn) < 0) return -1; if (virParseVersionString(ver.release, version, true) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, _("Unknown release: %s"), ver.release); return -1; } return 0; } static int lxcDomainInterfaceAddresses(virDomainPtr dom, virDomainInterfacePtr **ifaces, unsigned int source, unsigned int flags) { virDomainObj *vm = NULL; int ret = -1; virCheckFlags(0, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainInterfaceAddressesEnsureACL(dom->conn, vm->def, source) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto cleanup; switch (source) { case VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_LEASE: ret = virDomainNetDHCPInterfaces(vm->def, ifaces); break; case VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_ARP: ret = virDomainNetARPInterfaces(vm->def, ifaces); break; default: virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, _("Unknown IP address data source %d"), source); break; } cleanup: virDomainObjEndAPI(&vm); return ret; } static char *lxcConnectGetHostname(virConnectPtr conn) { if (virConnectGetHostnameEnsureACL(conn) < 0) return NULL; return virGetHostname(); } static char *lxcDomainGetSchedulerType(virDomainPtr dom, int *nparams) { char *ret = NULL; virDomainObj *vm; virLXCDomainObjPrivate *priv; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainGetSchedulerTypeEnsureACL(dom->conn, vm->def) < 0) goto cleanup; /* Domain not running, thus no cgroups - return defaults */ if (!virDomainObjIsActive(vm)) { if (nparams) *nparams = 3; ret = g_strdup("posix"); goto cleanup; } if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cgroup CPU controller is not mounted")); goto cleanup; } if (nparams) { if (virCgroupSupportsCpuBW(priv->cgroup)) *nparams = 3; else *nparams = 1; } ret = g_strdup("posix"); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcGetVcpuBWLive(virCgroup *cgroup, unsigned long long *period, long long *quota) { return virCgroupGetCpuPeriodQuota(cgroup, period, quota); } static int lxcSetVcpuBWLive(virCgroup *cgroup, unsigned long long period, long long quota) { return virCgroupSetupCpuPeriodQuota(cgroup, period, quota); } static int lxcDomainSetSchedulerParametersFlags(virDomainPtr dom, virTypedParameterPtr params, int nparams, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virCaps *caps = NULL; size_t i; virDomainObj *vm = NULL; virDomainDef *def = NULL; virDomainDef *persistentDefCopy = NULL; virDomainDef *persistentDef = NULL; int ret = -1; int rc; virLXCDomainObjPrivate *priv; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); if (virTypedParamsValidate(params, nparams, VIR_DOMAIN_SCHEDULER_CPU_SHARES, VIR_TYPED_PARAM_ULLONG, VIR_DOMAIN_SCHEDULER_VCPU_PERIOD, VIR_TYPED_PARAM_ULLONG, VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, VIR_TYPED_PARAM_LLONG, NULL) < 0) return -1; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainSetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (!(caps = virLXCDriverGetCapabilities(driver, false))) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) goto endjob; if (persistentDef) { /* Make a copy for updated domain. */ persistentDefCopy = virDomainObjCopyPersistentDef(vm, driver->xmlopt, NULL); if (!persistentDefCopy) goto endjob; } if (def) { if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cgroup CPU controller is not mounted")); goto endjob; } } for (i = 0; i < nparams; i++) { virTypedParameterPtr param = ¶ms[i]; if (STREQ(param->field, VIR_DOMAIN_SCHEDULER_CPU_SHARES)) { if (def) { if (virCgroupSetCpuShares(priv->cgroup, params[i].value.ul) < 0) goto endjob; def->cputune.shares = params[i].value.ul; def->cputune.sharesSpecified = true; } if (persistentDef) { persistentDefCopy->cputune.shares = params[i].value.ul; persistentDefCopy->cputune.sharesSpecified = true; } } else if (STREQ(param->field, VIR_DOMAIN_SCHEDULER_VCPU_PERIOD)) { if (def) { rc = lxcSetVcpuBWLive(priv->cgroup, params[i].value.ul, 0); if (rc != 0) goto endjob; if (params[i].value.ul) def->cputune.period = params[i].value.ul; } if (persistentDef) persistentDefCopy->cputune.period = params[i].value.ul; } else if (STREQ(param->field, VIR_DOMAIN_SCHEDULER_VCPU_QUOTA)) { if (def) { rc = lxcSetVcpuBWLive(priv->cgroup, 0, params[i].value.l); if (rc != 0) goto endjob; if (params[i].value.l) def->cputune.quota = params[i].value.l; } if (persistentDef) persistentDefCopy->cputune.quota = params[i].value.l; } } if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) goto endjob; if (persistentDef) { rc = virDomainDefSave(persistentDefCopy, driver->xmlopt, cfg->configDir); if (rc < 0) goto endjob; virDomainObjAssignDef(vm, persistentDefCopy, false, NULL); persistentDefCopy = NULL; } ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainDefFree(persistentDefCopy); virDomainObjEndAPI(&vm); virObjectUnref(caps); virObjectUnref(cfg); return ret; } static int lxcDomainSetSchedulerParameters(virDomainPtr domain, virTypedParameterPtr params, int nparams) { return lxcDomainSetSchedulerParametersFlags(domain, params, nparams, 0); } static int lxcDomainGetSchedulerParametersFlags(virDomainPtr dom, virTypedParameterPtr params, int *nparams, unsigned int flags) { virDomainObj *vm = NULL; virDomainDef *def; virDomainDef *persistentDef; unsigned long long shares = 0; unsigned long long period = 0; long long quota = 0; int ret = -1; int rc; bool cpu_bw_status = false; int saved_nparams = 0; virLXCDomainObjPrivate *priv; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG | VIR_TYPED_PARAM_STRING_OKAY, -1); /* We don't return strings, and thus trivially support this flag. */ flags &= ~VIR_TYPED_PARAM_STRING_OKAY; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainGetSchedulerParametersFlagsEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (*nparams > 1) cpu_bw_status = virCgroupSupportsCpuBW(priv->cgroup); if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) goto cleanup; if (persistentDef) { shares = persistentDef->cputune.shares; if (*nparams > 1) { period = persistentDef->cputune.period; quota = persistentDef->cputune.quota; cpu_bw_status = true; /* Allow copy of data to params[] */ } goto out; } if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPU)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cgroup CPU controller is not mounted")); goto cleanup; } if (virCgroupGetCpuShares(priv->cgroup, &shares) < 0) goto cleanup; if (*nparams > 1 && cpu_bw_status) { rc = lxcGetVcpuBWLive(priv->cgroup, &period, "a); if (rc != 0) goto cleanup; } out: if (virTypedParameterAssign(¶ms[0], VIR_DOMAIN_SCHEDULER_CPU_SHARES, VIR_TYPED_PARAM_ULLONG, shares) < 0) goto cleanup; saved_nparams++; if (cpu_bw_status) { if (*nparams > saved_nparams) { if (virTypedParameterAssign(¶ms[1], VIR_DOMAIN_SCHEDULER_VCPU_PERIOD, VIR_TYPED_PARAM_ULLONG, period) < 0) goto cleanup; saved_nparams++; } if (*nparams > saved_nparams) { if (virTypedParameterAssign(¶ms[2], VIR_DOMAIN_SCHEDULER_VCPU_QUOTA, VIR_TYPED_PARAM_LLONG, quota) < 0) goto cleanup; saved_nparams++; } } *nparams = saved_nparams; ret = 0; cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainGetSchedulerParameters(virDomainPtr domain, virTypedParameterPtr params, int *nparams) { return lxcDomainGetSchedulerParametersFlags(domain, params, nparams, 0); } static int lxcDomainBlockStats(virDomainPtr dom, const char *path, virDomainBlockStatsPtr stats) { virLXCDriver *driver = dom->conn->privateData; int ret = -1; virDomainObj *vm; virDomainDiskDef *disk = NULL; virLXCDomainObjPrivate *priv; if (!(vm = lxcDomObjFromDomain(dom))) return ret; priv = vm->privateData; if (virDomainBlockStatsEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_QUERY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_BLKIO)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("blkio cgroup isn't mounted")); goto endjob; } if (!*path) { /* empty path - return entire domain blkstats instead */ ret = virCgroupGetBlkioIoServiced(priv->cgroup, &stats->rd_bytes, &stats->wr_bytes, &stats->rd_req, &stats->wr_req); goto endjob; } if (!(disk = virDomainDiskByName(vm->def, path, false))) { virReportError(VIR_ERR_INVALID_ARG, _("invalid path: %s"), path); goto endjob; } if (!disk->info.alias) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing disk device alias name for %s"), disk->dst); goto endjob; } ret = virCgroupGetBlkioIoDeviceServiced(priv->cgroup, disk->info.alias, &stats->rd_bytes, &stats->wr_bytes, &stats->rd_req, &stats->wr_req); endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainBlockStatsFlags(virDomainPtr dom, const char * path, virTypedParameterPtr params, int * nparams, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; int tmp, ret = -1; virDomainObj *vm; virDomainDiskDef *disk = NULL; virLXCDomainObjPrivate *priv; long long rd_req, rd_bytes, wr_req, wr_bytes; virTypedParameterPtr param; virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1); /* We don't return strings, and thus trivially support this flag. */ flags &= ~VIR_TYPED_PARAM_STRING_OKAY; if (!*nparams) { *nparams = LXC_NB_DOMAIN_BLOCK_STAT_PARAM; return 0; } if (!(vm = lxcDomObjFromDomain(dom))) return ret; priv = vm->privateData; if (virDomainBlockStatsFlagsEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_QUERY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_BLKIO)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("blkio cgroup isn't mounted")); goto endjob; } if (!*path) { /* empty path - return entire domain blkstats instead */ if (virCgroupGetBlkioIoServiced(priv->cgroup, &rd_bytes, &wr_bytes, &rd_req, &wr_req) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("domain stats query failed")); goto endjob; } } else { if (!(disk = virDomainDiskByName(vm->def, path, false))) { virReportError(VIR_ERR_INVALID_ARG, _("invalid path: %s"), path); goto endjob; } if (!disk->info.alias) { virReportError(VIR_ERR_INTERNAL_ERROR, _("missing disk device alias name for %s"), disk->dst); goto endjob; } if (virCgroupGetBlkioIoDeviceServiced(priv->cgroup, disk->info.alias, &rd_bytes, &wr_bytes, &rd_req, &wr_req) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("domain stats query failed")); goto endjob; } } tmp = 0; ret = -1; if (tmp < *nparams && wr_bytes != -1) { param = ¶ms[tmp]; if (virTypedParameterAssign(param, VIR_DOMAIN_BLOCK_STATS_WRITE_BYTES, VIR_TYPED_PARAM_LLONG, wr_bytes) < 0) goto endjob; tmp++; } if (tmp < *nparams && wr_req != -1) { param = ¶ms[tmp]; if (virTypedParameterAssign(param, VIR_DOMAIN_BLOCK_STATS_WRITE_REQ, VIR_TYPED_PARAM_LLONG, wr_req) < 0) goto endjob; tmp++; } if (tmp < *nparams && rd_bytes != -1) { param = ¶ms[tmp]; if (virTypedParameterAssign(param, VIR_DOMAIN_BLOCK_STATS_READ_BYTES, VIR_TYPED_PARAM_LLONG, rd_bytes) < 0) goto endjob; tmp++; } if (tmp < *nparams && rd_req != -1) { param = ¶ms[tmp]; if (virTypedParameterAssign(param, VIR_DOMAIN_BLOCK_STATS_READ_REQ, VIR_TYPED_PARAM_LLONG, rd_req) < 0) goto endjob; tmp++; } ret = 0; *nparams = tmp; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainSetBlkioParameters(virDomainPtr dom, virTypedParameterPtr params, int nparams, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm = NULL; virDomainDef *def = NULL; virDomainDef *persistentDef = NULL; int ret = -1; virLXCDriverConfig *cfg = NULL; virLXCDomainObjPrivate *priv; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); if (virTypedParamsValidate(params, nparams, VIR_DOMAIN_BLKIO_WEIGHT, VIR_TYPED_PARAM_UINT, VIR_DOMAIN_BLKIO_DEVICE_WEIGHT, VIR_TYPED_PARAM_STRING, VIR_DOMAIN_BLKIO_DEVICE_READ_IOPS, VIR_TYPED_PARAM_STRING, VIR_DOMAIN_BLKIO_DEVICE_WRITE_IOPS, VIR_TYPED_PARAM_STRING, VIR_DOMAIN_BLKIO_DEVICE_READ_BPS, VIR_TYPED_PARAM_STRING, VIR_DOMAIN_BLKIO_DEVICE_WRITE_BPS, VIR_TYPED_PARAM_STRING, NULL) < 0) return -1; if (!(vm = lxcDomObjFromDomain(dom))) return -1; priv = vm->privateData; cfg = virLXCDriverGetConfig(driver); if (virDomainSetBlkioParametersEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) goto endjob; if (def) { if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_BLKIO)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("blkio cgroup isn't mounted")); goto endjob; } } ret = 0; if (def) { ret = virDomainCgroupSetupDomainBlkioParameters(priv->cgroup, def, params, nparams); } if (ret < 0) goto endjob; if (persistentDef) { ret = virDomainDriverSetupPersistentDefBlkioParams(persistentDef, params, nparams); if (virDomainDefSave(persistentDef, driver->xmlopt, cfg->configDir) < 0) ret = -1; } endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); virObjectUnref(cfg); return ret; } #define LXC_NB_BLKIO_PARAM 6 static int lxcDomainGetBlkioParameters(virDomainPtr dom, virTypedParameterPtr params, int *nparams, unsigned int flags) { virDomainObj *vm = NULL; virDomainDef *def = NULL; virDomainDef *persistentDef = NULL; int maxparams = LXC_NB_BLKIO_PARAM; unsigned int val; int ret = -1; virLXCDomainObjPrivate *priv; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG | VIR_TYPED_PARAM_STRING_OKAY, -1); /* We blindly return a string, and let libvirt.c and * remote_driver.c do the filtering on behalf of older clients * that can't parse it. */ flags &= ~VIR_TYPED_PARAM_STRING_OKAY; if (!(vm = lxcDomObjFromDomain(dom))) return -1; priv = vm->privateData; if (virDomainGetBlkioParametersEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if ((*nparams) == 0) { /* Current number of blkio parameters supported by cgroups */ *nparams = LXC_NB_BLKIO_PARAM; ret = 0; goto cleanup; } else if (*nparams < maxparams) { maxparams = *nparams; } *nparams = 0; if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) goto cleanup; if (def) { if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_BLKIO)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("blkio cgroup isn't mounted")); goto cleanup; } /* fill blkio weight here */ if (virCgroupGetBlkioWeight(priv->cgroup, &val) < 0) goto cleanup; if (virTypedParameterAssign(&(params[(*nparams)++]), VIR_DOMAIN_BLKIO_WEIGHT, VIR_TYPED_PARAM_UINT, val) < 0) goto cleanup; if (virDomainGetBlkioParametersAssignFromDef(def, params, nparams, maxparams) < 0) goto cleanup; } else if (persistentDef) { /* fill blkio weight here */ if (virTypedParameterAssign(&(params[(*nparams)++]), VIR_DOMAIN_BLKIO_WEIGHT, VIR_TYPED_PARAM_UINT, persistentDef->blkio.weight) < 0) goto cleanup; if (virDomainGetBlkioParametersAssignFromDef(persistentDef, params, nparams, maxparams) < 0) goto cleanup; } ret = 0; cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainInterfaceStats(virDomainPtr dom, const char *device, virDomainInterfaceStatsPtr stats) { virDomainObj *vm; int ret = -1; virLXCDriver *driver = dom->conn->privateData; virDomainNetDef *net = NULL; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainInterfaceStatsEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_QUERY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; if (!(net = virDomainNetFind(vm->def, device))) goto endjob; if (virNetDevTapInterfaceStats(net->ifname, stats, !virDomainNetTypeSharesHostView(net)) < 0) goto endjob; ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainGetAutostart(virDomainPtr dom, int *autostart) { virDomainObj *vm; int ret = -1; if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainGetAutostartEnsureACL(dom->conn, vm->def) < 0) goto cleanup; *autostart = vm->autostart; ret = 0; cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainSetAutostart(virDomainPtr dom, int autostart) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; g_autofree char *configFile = NULL; g_autofree char *autostartLink = NULL; int ret = -1; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainSetAutostartEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (!vm->persistent) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot set autostart for transient domain")); goto endjob; } autostart = (autostart != 0); if (vm->autostart == autostart) { ret = 0; goto endjob; } configFile = virDomainConfigFile(cfg->configDir, vm->def->name); if (configFile == NULL) goto endjob; autostartLink = virDomainConfigFile(cfg->autostartDir, vm->def->name); if (autostartLink == NULL) goto endjob; if (autostart) { if (g_mkdir_with_parents(cfg->autostartDir, 0777) < 0) { virReportSystemError(errno, _("Cannot create autostart directory %s"), cfg->autostartDir); goto endjob; } if (symlink(configFile, autostartLink) < 0) { virReportSystemError(errno, _("Failed to create symlink '%s to '%s'"), autostartLink, configFile); goto endjob; } } else { if (unlink(autostartLink) < 0 && errno != ENOENT && errno != ENOTDIR) { virReportSystemError(errno, _("Failed to delete symlink '%s'"), autostartLink); goto endjob; } } vm->autostart = autostart; ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); virObjectUnref(cfg); return ret; } static int lxcFreezeContainer(virDomainObj *vm) { int timeout = 1000; /* In milliseconds */ int check_interval = 1; /* In milliseconds */ int exp = 10; int waited_time = 0; g_autofree char *state = NULL; virLXCDomainObjPrivate *priv = vm->privateData; while (waited_time < timeout) { int r; /* * Writing "FROZEN" to the "freezer.state" freezes the group, * i.e., the container, temporarily transiting "FREEZING" state. * Once the freezing is completed, the state of the group transits * to "FROZEN". * (see linux-2.6/Documentation/cgroups/freezer-subsystem.txt) */ r = virCgroupSetFreezerState(priv->cgroup, "FROZEN"); /* * Returning EBUSY explicitly indicates that the group is * being frozen but incomplete, and other errors are true * errors. */ if (r < 0 && r != -EBUSY) { VIR_DEBUG("Writing freezer.state failed with errno: %d", r); goto error; } if (r == -EBUSY) VIR_DEBUG("Writing freezer.state gets EBUSY"); /* * Unfortunately, returning 0 (success) is likely to happen * even when the freezing has not been completed. Sometimes * the state of the group remains "FREEZING" like when * returning -EBUSY and even worse may never transit to * "FROZEN" even if writing "FROZEN" again. * * So we don't trust the return value anyway and always * decide that the freezing has been complete only with * the state actually transit to "FROZEN". */ g_usleep(check_interval * 1000); r = virCgroupGetFreezerState(priv->cgroup, &state); if (r < 0) { VIR_DEBUG("Reading freezer.state failed with errno: %d", r); goto error; } VIR_DEBUG("Read freezer.state: %s", state); if (STREQ(state, "FROZEN")) return 0; waited_time += check_interval; /* * Increasing check_interval exponentially starting with * small initial value treats nicely two cases; One is * a container is under no load and waiting for long period * makes no sense. The other is under heavy load. The container * may stay longer time in FREEZING or never transit to FROZEN. * In that case, eager polling will just waste CPU time. */ check_interval *= exp; } VIR_DEBUG("lxcFreezeContainer timeout"); error: /* * If timeout or an error on reading the state occurs, * activate the group again and return an error. * This is likely to fall the group back again gracefully. */ virCgroupSetFreezerState(priv->cgroup, "THAWED"); return -1; } static int lxcDomainSuspend(virDomainPtr dom) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; virObjectEvent *event = NULL; int ret = -1; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainSuspendEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; if (virDomainObjGetState(vm, NULL) != VIR_DOMAIN_PAUSED) { if (lxcFreezeContainer(vm) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("Suspend operation failed")); goto endjob; } virDomainObjSetState(vm, VIR_DOMAIN_PAUSED, VIR_DOMAIN_PAUSED_USER); event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_SUSPENDED, VIR_DOMAIN_EVENT_SUSPENDED_PAUSED); } if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) goto endjob; ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virObjectEventStateQueue(driver->domainEventState, event); virDomainObjEndAPI(&vm); virObjectUnref(cfg); return ret; } static int lxcDomainResume(virDomainPtr dom) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; virObjectEvent *event = NULL; int ret = -1; int state; virLXCDomainObjPrivate *priv; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainResumeEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; state = virDomainObjGetState(vm, NULL); if (state == VIR_DOMAIN_RUNNING) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("domain is already running")); goto endjob; } else if (state == VIR_DOMAIN_PAUSED) { if (virCgroupSetFreezerState(priv->cgroup, "THAWED") < 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("Resume operation failed")); goto endjob; } virDomainObjSetState(vm, VIR_DOMAIN_RUNNING, VIR_DOMAIN_RUNNING_UNPAUSED); event = virDomainEventLifecycleNewFromObj(vm, VIR_DOMAIN_EVENT_RESUMED, VIR_DOMAIN_EVENT_RESUMED_UNPAUSED); } if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) goto endjob; ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virObjectEventStateQueue(driver->domainEventState, event); virDomainObjEndAPI(&vm); virObjectUnref(cfg); return ret; } static int lxcDomainOpenConsole(virDomainPtr dom, const char *dev_name, virStreamPtr st, unsigned int flags) { virDomainObj *vm = NULL; int ret = -1; virDomainChrDef *chr = NULL; size_t i; virCheckFlags(0, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainOpenConsoleEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto cleanup; if (dev_name) { for (i = 0; i < vm->def->nconsoles; i++) { if (vm->def->consoles[i]->info.alias && STREQ(vm->def->consoles[i]->info.alias, dev_name)) { chr = vm->def->consoles[i]; break; } } } else { if (vm->def->nconsoles) chr = vm->def->consoles[0]; else if (vm->def->nserials) chr = vm->def->serials[0]; } if (!chr) { virReportError(VIR_ERR_INTERNAL_ERROR, _("cannot find console device '%s'"), dev_name ? dev_name : _("default")); goto cleanup; } if (chr->source->type != VIR_DOMAIN_CHR_TYPE_PTY) { virReportError(VIR_ERR_INTERNAL_ERROR, _("character device %s is not using a PTY"), dev_name ? dev_name : NULLSTR(chr->info.alias)); goto cleanup; } if (virFDStreamOpenFile(st, chr->source->data.file.path, 0, 0, O_RDWR) < 0) goto cleanup; ret = 0; cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainSendProcessSignal(virDomainPtr dom, long long pid_value, unsigned int signum, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm = NULL; virLXCDomainObjPrivate *priv; pid_t victim; int ret = -1; virCheckFlags(0, -1); if (signum >= VIR_DOMAIN_PROCESS_SIGNAL_LAST) { virReportError(VIR_ERR_INVALID_ARG, _("signum value %d is out of range"), signum); return -1; } if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainSendProcessSignalEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; /* * XXX if the kernel has /proc/$PID/ns/pid we can * switch into container namespace & that way be * able to kill any PID. Alternatively if there * is a way to find a mapping of guest<->host PIDs * we can kill that way. */ if (pid_value != 1) { virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, "%s", _("Only the init process may be killed")); goto endjob; } if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Init pid is not yet available")); goto endjob; } victim = priv->initpid; /* We're relying on fact libvirt header signal numbers * are taken from Linux, to avoid mapping */ if (kill(victim, signum) < 0) { virReportSystemError(errno, _("Unable to send %d signal to process %d"), signum, victim); goto endjob; } ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcConnectListAllDomains(virConnectPtr conn, virDomainPtr **domains, unsigned int flags) { virLXCDriver *driver = conn->privateData; virCheckFlags(VIR_CONNECT_LIST_DOMAINS_FILTERS_ALL, -1); if (virConnectListAllDomainsEnsureACL(conn) < 0) return -1; return virDomainObjListExport(driver->domains, conn, domains, virConnectListAllDomainsCheckACL, flags); } static int lxcDomainShutdownFlags(virDomainPtr dom, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virLXCDomainObjPrivate *priv; virDomainObj *vm; int ret = -1; int rc = -1; virCheckFlags(VIR_DOMAIN_SHUTDOWN_INITCTL | VIR_DOMAIN_SHUTDOWN_SIGNAL, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; if (priv->initpid == 0) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Init process ID is not yet known")); goto endjob; } if (flags == 0 || (flags & VIR_DOMAIN_SHUTDOWN_INITCTL)) { int command = VIR_INITCTL_RUNLEVEL_POWEROFF; if ((rc = virLXCDomainSetRunlevel(vm, command)) < 0) { if (flags != 0 && (flags & VIR_DOMAIN_SHUTDOWN_INITCTL)) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", _("Container does not provide an initctl pipe")); goto endjob; } } } if (rc < 0 && (flags == 0 || (flags & VIR_DOMAIN_SHUTDOWN_SIGNAL))) { if (kill(priv->initpid, SIGTERM) < 0 && errno != ESRCH) { virReportSystemError(errno, _("Unable to send SIGTERM to init pid %llu"), (long long)priv->initpid); goto endjob; } } ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainShutdown(virDomainPtr dom) { return lxcDomainShutdownFlags(dom, 0); } static int lxcDomainReboot(virDomainPtr dom, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virLXCDomainObjPrivate *priv; virDomainObj *vm; int ret = -1; int rc = -1; virCheckFlags(VIR_DOMAIN_REBOOT_INITCTL | VIR_DOMAIN_REBOOT_SIGNAL, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainRebootEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; if (priv->initpid == 0) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Init process ID is not yet known")); goto endjob; } if (flags == 0 || (flags & VIR_DOMAIN_REBOOT_INITCTL)) { int command = VIR_INITCTL_RUNLEVEL_REBOOT; if ((rc = virLXCDomainSetRunlevel(vm, command)) < 0) { if (flags != 0 && (flags & VIR_DOMAIN_REBOOT_INITCTL)) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", _("Container does not provide an initctl pipe")); goto endjob; } } } if (rc < 0 && (flags == 0 || (flags & VIR_DOMAIN_REBOOT_SIGNAL))) { if (kill(priv->initpid, SIGHUP) < 0 && errno != ESRCH) { virReportSystemError(errno, _("Unable to send SIGTERM to init pid %llu"), (long long)priv->initpid); goto endjob; } } ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainAttachDeviceConfig(virDomainDef *vmdef, virDomainDeviceDef *dev) { int ret = -1; virDomainDiskDef *disk; virDomainNetDef *net; virDomainHostdevDef *hostdev; switch (dev->type) { case VIR_DOMAIN_DEVICE_DISK: disk = dev->data.disk; if (virDomainDiskIndexByName(vmdef, disk->dst, true) >= 0) { virReportError(VIR_ERR_INVALID_ARG, _("target %s already exists."), disk->dst); return -1; } virDomainDiskInsert(vmdef, disk); /* vmdef has the pointer. Generic codes for vmdef will do all jobs */ dev->data.disk = NULL; ret = 0; break; case VIR_DOMAIN_DEVICE_NET: net = dev->data.net; if (virDomainNetInsert(vmdef, net) < 0) return -1; dev->data.net = NULL; ret = 0; break; case VIR_DOMAIN_DEVICE_HOSTDEV: hostdev = dev->data.hostdev; if (virDomainHostdevFind(vmdef, hostdev, NULL) >= 0) { virReportError(VIR_ERR_INVALID_ARG, "%s", _("device is already in the domain configuration")); return -1; } if (virDomainHostdevInsert(vmdef, hostdev) < 0) return -1; dev->data.hostdev = NULL; ret = 0; break; default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("persistent attach of device is not supported")); break; } return ret; } static int lxcDomainUpdateDeviceConfig(virDomainDef *vmdef, virDomainDeviceDef *dev) { int ret = -1; virDomainNetDef *net; virDomainDeviceDef oldDev = { .type = dev->type }; int idx; switch (dev->type) { case VIR_DOMAIN_DEVICE_NET: net = dev->data.net; if ((idx = virDomainNetFindIdx(vmdef, net)) < 0) return -1; oldDev.data.net = vmdef->nets[idx]; if (virDomainDefCompatibleDevice(vmdef, dev, &oldDev, VIR_DOMAIN_DEVICE_ACTION_UPDATE, false) < 0) return -1; if (virDomainNetUpdate(vmdef, idx, net) < 0) return -1; virDomainNetDefFree(oldDev.data.net); dev->data.net = NULL; ret = 0; break; default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("persistent update of device is not supported")); break; } return ret; } static int lxcDomainDetachDeviceConfig(virDomainDef *vmdef, virDomainDeviceDef *dev) { int ret = -1; virDomainDiskDef *disk; virDomainDiskDef *det_disk; virDomainNetDef *net; virDomainHostdevDef *hostdev; virDomainHostdevDef *det_hostdev; int idx; switch (dev->type) { case VIR_DOMAIN_DEVICE_DISK: disk = dev->data.disk; if (!(det_disk = virDomainDiskRemoveByName(vmdef, disk->dst))) { virReportError(VIR_ERR_INVALID_ARG, _("no target device %s"), disk->dst); return -1; } virDomainDiskDefFree(det_disk); ret = 0; break; case VIR_DOMAIN_DEVICE_NET: net = dev->data.net; if ((idx = virDomainNetFindIdx(vmdef, net)) < 0) return -1; /* this is guaranteed to succeed */ virDomainNetDefFree(virDomainNetRemove(vmdef, idx)); ret = 0; break; case VIR_DOMAIN_DEVICE_HOSTDEV: { hostdev = dev->data.hostdev; if ((idx = virDomainHostdevFind(vmdef, hostdev, &det_hostdev)) < 0) { virReportError(VIR_ERR_INVALID_ARG, "%s", _("device not present in domain configuration")); return -1; } virDomainHostdevRemove(vmdef, idx); virDomainHostdevDefFree(det_hostdev); ret = 0; break; } default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("persistent detach of device is not supported")); break; } return ret; } struct lxcDomainAttachDeviceMknodData { virLXCDriver *driver; mode_t mode; dev_t dev; virDomainObj *vm; virDomainDeviceDef *def; char *file; }; static int lxcDomainAttachDeviceMknodHelper(pid_t pid G_GNUC_UNUSED, void *opaque) { struct lxcDomainAttachDeviceMknodData *data = opaque; int ret = -1; virSecurityManagerPostFork(data->driver->securityManager); if (virFileMakeParentPath(data->file) < 0) { virReportSystemError(errno, _("Unable to create %s"), data->file); goto cleanup; } /* Yes, the device name we're creating may not * actually correspond to the major:minor number * we're using, but we've no other option at this * time. Just have to hope that containerized apps * don't get upset that the major:minor is different * to that normally implied by the device name */ VIR_DEBUG("Creating dev %s (%d,%d)", data->file, major(data->dev), minor(data->dev)); if (mknod(data->file, data->mode, data->dev) < 0) { virReportSystemError(errno, _("Unable to create device %s"), data->file); goto cleanup; } if (lxcContainerChown(data->vm->def, data->file) < 0) goto cleanup; /* Labelling normally operates on src, but we need * to actually label the dst here, so hack the config */ switch (data->def->type) { case VIR_DOMAIN_DEVICE_DISK: { virDomainDiskDef *def = data->def->data.disk; char *tmpsrc = def->src->path; def->src->path = data->file; if (virSecurityManagerSetImageLabel(data->driver->securityManager, data->vm->def, def->src, VIR_SECURITY_DOMAIN_IMAGE_LABEL_BACKING_CHAIN) < 0) { def->src->path = tmpsrc; goto cleanup; } def->src->path = tmpsrc; } break; case VIR_DOMAIN_DEVICE_HOSTDEV: { virDomainHostdevDef *def = data->def->data.hostdev; if (virSecurityManagerSetHostdevLabel(data->driver->securityManager, data->vm->def, def, NULL) < 0) goto cleanup; } break; default: virReportError(VIR_ERR_INTERNAL_ERROR, _("Unexpected device type %d"), data->def->type); goto cleanup; } ret = 0; cleanup: if (ret < 0) unlink(data->file); return ret; } static int lxcDomainAttachDeviceMknod(virLXCDriver *driver, mode_t mode, dev_t dev, virDomainObj *vm, virDomainDeviceDef *def, char *file) { virLXCDomainObjPrivate *priv = vm->privateData; struct lxcDomainAttachDeviceMknodData data; memset(&data, 0, sizeof(data)); data.driver = driver; data.mode = mode; data.dev = dev; data.vm = vm; data.def = def; data.file = file; if (virSecurityManagerPreFork(driver->securityManager) < 0) return -1; if (virProcessRunInMountNamespace(priv->initpid, lxcDomainAttachDeviceMknodHelper, &data) < 0) { virSecurityManagerPostFork(driver->securityManager); return -1; } virSecurityManagerPostFork(driver->securityManager); return 0; } static int lxcDomainAttachDeviceUnlinkHelper(pid_t pid G_GNUC_UNUSED, void *opaque) { const char *path = opaque; VIR_DEBUG("Unlinking %s", path); if (unlink(path) < 0 && errno != ENOENT) { virReportSystemError(errno, _("Unable to remove device %s"), path); return -1; } return 0; } static int lxcDomainAttachDeviceUnlink(virDomainObj *vm, char *file) { virLXCDomainObjPrivate *priv = vm->privateData; if (virProcessRunInMountNamespace(priv->initpid, lxcDomainAttachDeviceUnlinkHelper, file) < 0) { return -1; } return 0; } static int lxcDomainAttachDeviceDiskLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; virDomainDiskDef *def = dev->data.disk; int ret = -1; struct stat sb; g_autofree char *file = NULL; int perms; const char *src = NULL; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot attach disk until init PID is known")); goto cleanup; } if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("devices cgroup isn't mounted")); goto cleanup; } src = virDomainDiskGetSource(def); if (src == NULL) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Can't setup disk without media")); goto cleanup; } if (!virStorageSourceIsBlockLocal(def->src)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Can't setup disk for non-block device")); goto cleanup; } if (virDomainDiskIndexByName(vm->def, def->dst, true) >= 0) { virReportError(VIR_ERR_OPERATION_FAILED, _("target %s already exists"), def->dst); goto cleanup; } if (stat(src, &sb) < 0) { virReportSystemError(errno, _("Unable to access %s"), src); goto cleanup; } if (!S_ISBLK(sb.st_mode)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Disk source %s must be a block device"), src); goto cleanup; } perms = (def->src->readonly ? VIR_CGROUP_DEVICE_READ : VIR_CGROUP_DEVICE_RW) | VIR_CGROUP_DEVICE_MKNOD; if (virCgroupAllowDevice(priv->cgroup, 'b', major(sb.st_rdev), minor(sb.st_rdev), perms) < 0) goto cleanup; file = g_strdup_printf("/dev/%s", def->dst); if (lxcDomainAttachDeviceMknod(driver, 0700 | S_IFBLK, sb.st_rdev, vm, dev, file) < 0) { if (virCgroupDenyDevice(priv->cgroup, 'b', major(sb.st_rdev), minor(sb.st_rdev), perms) < 0) VIR_WARN("cannot deny device %s for domain %s: %s", src, vm->def->name, virGetLastErrorMessage()); goto cleanup; } virDomainDiskInsert(vm->def, def); ret = 0; cleanup: if (src) virDomainAuditDisk(vm, NULL, def->src, "attach", ret == 0); return ret; } static int lxcDomainAttachDeviceNetLive(virLXCDriver *driver, virDomainObj *vm, virDomainNetDef *net) { virLXCDomainObjPrivate *priv = vm->privateData; int ret = -1; virDomainNetType actualType; const virNetDevBandwidth *actualBandwidth; char *veth = NULL; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot attach disk until init PID is known")); return -1; } if (virLXCProcessValidateInterface(net) < 0) return -1; /* preallocate new slot for device */ vm->def->nets = g_renew(virDomainNetDef *, vm->def->nets, vm->def->nnets + 1); /* If appropriate, grab a physical device from the configured * network's pool of devices, or resolve bridge device name * to the one defined in the network definition. */ if (net->type == VIR_DOMAIN_NET_TYPE_NETWORK) { g_autoptr(virConnect) netconn = virGetConnectNetwork(); if (!netconn || virDomainNetAllocateActualDevice(netconn, vm->def, net) < 0) return -1; } /* final validation now that actual type is known */ if (virDomainActualNetDefValidate(net) < 0) return -1; actualType = virDomainNetGetActualType(net); switch (actualType) { case VIR_DOMAIN_NET_TYPE_BRIDGE: case VIR_DOMAIN_NET_TYPE_NETWORK: { const char *brname = virDomainNetGetActualBridgeName(net); if (!brname) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("No bridge name specified")); goto cleanup; } if (!(veth = virLXCProcessSetupInterfaceTap(vm->def, net, brname))) goto cleanup; } break; case VIR_DOMAIN_NET_TYPE_ETHERNET: if (!(veth = virLXCProcessSetupInterfaceTap(vm->def, net, NULL))) goto cleanup; break; case VIR_DOMAIN_NET_TYPE_DIRECT: { if (!(veth = virLXCProcessSetupInterfaceDirect(driver, vm->def, net))) goto cleanup; } break; case VIR_DOMAIN_NET_TYPE_USER: case VIR_DOMAIN_NET_TYPE_VHOSTUSER: case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_VDPA: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Network device type is not supported")); goto cleanup; case VIR_DOMAIN_NET_TYPE_LAST: default: virReportEnumRangeError(virDomainNetType, actualType); goto cleanup; } /* Set bandwidth or warn if requested and not supported. */ actualBandwidth = virDomainNetGetActualBandwidth(net); if (actualBandwidth) { if (virNetDevSupportsBandwidth(actualType)) { if (virNetDevBandwidthSet(net->ifname, actualBandwidth, false, !virDomainNetTypeSharesHostView(net)) < 0) goto cleanup; } else { VIR_WARN("setting bandwidth on interfaces of " "type '%s' is not implemented yet: %s", virDomainNetTypeToString(actualType), virGetLastErrorMessage()); } } if (virNetDevSetNamespace(veth, priv->initpid) < 0) { virDomainAuditNet(vm, NULL, net, "attach", false); goto cleanup; } virDomainAuditNet(vm, NULL, net, "attach", true); ret = 0; cleanup: if (!ret) { vm->def->nets[vm->def->nnets++] = net; } else if (veth) { switch (actualType) { case VIR_DOMAIN_NET_TYPE_BRIDGE: case VIR_DOMAIN_NET_TYPE_NETWORK: case VIR_DOMAIN_NET_TYPE_ETHERNET: ignore_value(virNetDevVethDelete(veth)); break; case VIR_DOMAIN_NET_TYPE_DIRECT: ignore_value(virNetDevMacVLanDelete(veth)); break; case VIR_DOMAIN_NET_TYPE_USER: case VIR_DOMAIN_NET_TYPE_VHOSTUSER: case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_VDPA: case VIR_DOMAIN_NET_TYPE_LAST: default: /* no-op */ break; } } return ret; } static int lxcDomainAttachDeviceHostdevSubsysUSBLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; virDomainHostdevDef *def = dev->data.hostdev; int ret = -1; g_autofree char *src = NULL; struct stat sb; virUSBDevice *usb = NULL; virDomainHostdevSubsysUSB *usbsrc; if (virDomainHostdevFind(vm->def, def, NULL) >= 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("host USB device already exists")); return -1; } usbsrc = &def->source.subsys.u.usb; src = g_strdup_printf("/dev/bus/usb/%03d/%03d", usbsrc->bus, usbsrc->device); if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, NULL))) goto cleanup; if (stat(src, &sb) < 0) { virReportSystemError(errno, _("Unable to access %s"), src); goto cleanup; } if (!S_ISCHR(sb.st_mode)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("USB source %s was not a character device"), src); goto cleanup; } vm->def->hostdevs = g_renew(virDomainHostdevDef *, vm->def->hostdevs, vm->def->nhostdevs + 1); if (virUSBDeviceFileIterate(usb, virLXCSetupHostUSBDeviceCgroup, priv->cgroup) < 0) goto cleanup; if (lxcDomainAttachDeviceMknod(driver, 0700 | S_IFCHR, sb.st_rdev, vm, dev, src) < 0) { if (virUSBDeviceFileIterate(usb, virLXCTeardownHostUSBDeviceCgroup, priv->cgroup) < 0) VIR_WARN("cannot deny device %s for domain %s: %s", src, vm->def->name, virGetLastErrorMessage()); goto cleanup; } vm->def->hostdevs[vm->def->nhostdevs++] = def; ret = 0; cleanup: virDomainAuditHostdev(vm, def, "attach", ret == 0); virUSBDeviceFree(usb); return ret; } static int lxcDomainAttachDeviceHostdevStorageLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; virDomainHostdevDef *def = dev->data.hostdev; int ret = -1; struct stat sb; if (!def->source.caps.u.storage.block) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Missing storage block path")); goto cleanup; } if (virDomainHostdevFind(vm->def, def, NULL) >= 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("host device already exists")); return -1; } if (stat(def->source.caps.u.storage.block, &sb) < 0) { virReportSystemError(errno, _("Unable to access %s"), def->source.caps.u.storage.block); goto cleanup; } if (!S_ISBLK(sb.st_mode)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Hostdev source %s must be a block device"), def->source.caps.u.storage.block); goto cleanup; } vm->def->hostdevs = g_renew(virDomainHostdevDef *, vm->def->hostdevs, vm->def->nhostdevs + 1); if (virCgroupAllowDevice(priv->cgroup, 'b', major(sb.st_rdev), minor(sb.st_rdev), VIR_CGROUP_DEVICE_RWM) < 0) goto cleanup; if (lxcDomainAttachDeviceMknod(driver, 0700 | S_IFBLK, sb.st_rdev, vm, dev, def->source.caps.u.storage.block) < 0) { if (virCgroupDenyDevice(priv->cgroup, 'b', major(sb.st_rdev), minor(sb.st_rdev), VIR_CGROUP_DEVICE_RWM) < 0) VIR_WARN("cannot deny device %s for domain %s: %s", def->source.caps.u.storage.block, vm->def->name, virGetLastErrorMessage()); goto cleanup; } vm->def->hostdevs[vm->def->nhostdevs++] = def; ret = 0; cleanup: virDomainAuditHostdev(vm, def, "attach", ret == 0); return ret; } static int lxcDomainAttachDeviceHostdevMiscLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; virDomainHostdevDef *def = dev->data.hostdev; int ret = -1; struct stat sb; if (!def->source.caps.u.misc.chardev) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Missing storage block path")); goto cleanup; } if (virDomainHostdevFind(vm->def, def, NULL) >= 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("host device already exists")); return -1; } if (stat(def->source.caps.u.misc.chardev, &sb) < 0) { virReportSystemError(errno, _("Unable to access %s"), def->source.caps.u.misc.chardev); goto cleanup; } if (!S_ISCHR(sb.st_mode)) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Hostdev source %s must be a block device"), def->source.caps.u.misc.chardev); goto cleanup; } if (virCgroupAllowDevice(priv->cgroup, 'c', major(sb.st_rdev), minor(sb.st_rdev), VIR_CGROUP_DEVICE_RWM) < 0) goto cleanup; vm->def->hostdevs = g_renew(virDomainHostdevDef *, vm->def->hostdevs, vm->def->nhostdevs + 1); if (lxcDomainAttachDeviceMknod(driver, 0700 | S_IFBLK, sb.st_rdev, vm, dev, def->source.caps.u.misc.chardev) < 0) { if (virCgroupDenyDevice(priv->cgroup, 'c', major(sb.st_rdev), minor(sb.st_rdev), VIR_CGROUP_DEVICE_RWM) < 0) VIR_WARN("cannot deny device %s for domain %s: %s", def->source.caps.u.storage.block, vm->def->name, virGetLastErrorMessage()); goto cleanup; } vm->def->hostdevs[vm->def->nhostdevs++] = def; ret = 0; cleanup: virDomainAuditHostdev(vm, def, "attach", ret == 0); return ret; } static int lxcDomainAttachDeviceHostdevSubsysLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { switch (dev->data.hostdev->source.subsys.type) { case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: return lxcDomainAttachDeviceHostdevSubsysUSBLive(driver, vm, dev); default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Unsupported host device type %s"), virDomainHostdevSubsysTypeToString(dev->data.hostdev->source.subsys.type)); return -1; } } static int lxcDomainAttachDeviceHostdevCapsLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { switch (dev->data.hostdev->source.caps.type) { case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_STORAGE: return lxcDomainAttachDeviceHostdevStorageLive(driver, vm, dev); case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_MISC: return lxcDomainAttachDeviceHostdevMiscLive(driver, vm, dev); default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Unsupported host device type %s"), virDomainHostdevCapsTypeToString(dev->data.hostdev->source.caps.type)); return -1; } } static int lxcDomainAttachDeviceHostdevLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot attach hostdev until init PID is known")); return -1; } if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("devices cgroup isn't mounted")); return -1; } switch (dev->data.hostdev->mode) { case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS: return lxcDomainAttachDeviceHostdevSubsysLive(driver, vm, dev); case VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES: return lxcDomainAttachDeviceHostdevCapsLive(driver, vm, dev); default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Unsupported host device mode %s"), virDomainHostdevModeTypeToString(dev->data.hostdev->mode)); return -1; } } static int lxcDomainAttachDeviceLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { int ret = -1; switch (dev->type) { case VIR_DOMAIN_DEVICE_DISK: ret = lxcDomainAttachDeviceDiskLive(driver, vm, dev); if (!ret) dev->data.disk = NULL; break; case VIR_DOMAIN_DEVICE_NET: ret = lxcDomainAttachDeviceNetLive(driver, vm, dev->data.net); if (!ret) dev->data.net = NULL; break; case VIR_DOMAIN_DEVICE_HOSTDEV: ret = lxcDomainAttachDeviceHostdevLive(driver, vm, dev); if (!ret) dev->data.hostdev = NULL; break; default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("device type '%s' cannot be attached"), virDomainDeviceTypeToString(dev->type)); break; } return ret; } static int lxcDomainDetachDeviceDiskLive(virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; virDomainDiskDef *def = NULL; int idx; g_autofree char *dst = NULL; const char *src; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot attach disk until init PID is known")); return -1; } if ((idx = virDomainDiskIndexByName(vm->def, dev->data.disk->dst, false)) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, _("disk %s not found"), dev->data.disk->dst); return -1; } def = vm->def->disks[idx]; src = virDomainDiskGetSource(def); dst = g_strdup_printf("/dev/%s", def->dst); if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("devices cgroup isn't mounted")); return -1; } if (lxcDomainAttachDeviceUnlink(vm, dst) < 0) { virDomainAuditDisk(vm, def->src, NULL, "detach", false); return -1; } virDomainAuditDisk(vm, def->src, NULL, "detach", true); if (virCgroupDenyDevicePath(priv->cgroup, src, VIR_CGROUP_DEVICE_RWM, false) != 0) VIR_WARN("cannot deny device %s for domain %s: %s", src, vm->def->name, virGetLastErrorMessage()); virDomainDiskRemove(vm->def, idx); virDomainDiskDefFree(def); return 0; } static int lxcDomainDetachDeviceNetLive(virDomainObj *vm, virDomainDeviceDef *dev) { int detachidx, ret = -1; virDomainNetType actualType; virDomainNetDef *detach = NULL; const virNetDevVPortProfile *vport = NULL; virErrorPtr save_err = NULL; if ((detachidx = virDomainNetFindIdx(vm->def, dev->data.net)) < 0) goto cleanup; detach = vm->def->nets[detachidx]; actualType = virDomainNetGetActualType(detach); /* clear network bandwidth */ if (virDomainNetGetActualBandwidth(detach) && virNetDevSupportsBandwidth(actualType) && virNetDevBandwidthClear(detach->ifname)) goto cleanup; switch (actualType) { case VIR_DOMAIN_NET_TYPE_BRIDGE: case VIR_DOMAIN_NET_TYPE_NETWORK: case VIR_DOMAIN_NET_TYPE_ETHERNET: if (virNetDevVethDelete(detach->ifname) < 0) { virDomainAuditNet(vm, detach, NULL, "detach", false); goto cleanup; } break; /* It'd be nice to support this, but with macvlan * once assigned to a container nothing exists on * the host side. Further the container can change * the mac address of NIC name, so we can't easily * find out which guest NIC it maps to */ case VIR_DOMAIN_NET_TYPE_DIRECT: case VIR_DOMAIN_NET_TYPE_USER: case VIR_DOMAIN_NET_TYPE_VHOSTUSER: case VIR_DOMAIN_NET_TYPE_SERVER: case VIR_DOMAIN_NET_TYPE_CLIENT: case VIR_DOMAIN_NET_TYPE_MCAST: case VIR_DOMAIN_NET_TYPE_INTERNAL: case VIR_DOMAIN_NET_TYPE_HOSTDEV: case VIR_DOMAIN_NET_TYPE_UDP: case VIR_DOMAIN_NET_TYPE_VDPA: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Only bridged veth devices can be detached")); goto cleanup; case VIR_DOMAIN_NET_TYPE_LAST: default: virReportEnumRangeError(virDomainNetType, actualType); goto cleanup; } virDomainAuditNet(vm, detach, NULL, "detach", true); virDomainConfNWFilterTeardown(detach); vport = virDomainNetGetActualVirtPortProfile(detach); if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) ignore_value(virNetDevOpenvswitchRemovePort( virDomainNetGetActualBridgeName(detach), detach->ifname)); ret = 0; cleanup: if (!ret) { virErrorPreserveLast(&save_err); if (detach->type == VIR_DOMAIN_NET_TYPE_NETWORK) { g_autoptr(virConnect) conn = virGetConnectNetwork(); if (conn) virDomainNetReleaseActualDevice(conn, vm->def, detach); else VIR_WARN("Unable to release network device '%s'", NULLSTR(detach->ifname)); } virDomainNetRemove(vm->def, detachidx); virDomainNetDefFree(detach); virErrorRestore(&save_err); } return ret; } static int lxcDomainDetachDeviceHostdevUSBLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; virDomainHostdevDef *def = NULL; int idx, ret = -1; g_autofree char *dst = NULL; virUSBDevice *usb = NULL; virHostdevManager *hostdev_mgr = driver->hostdevMgr; virDomainHostdevSubsysUSB *usbsrc; if ((idx = virDomainHostdevFind(vm->def, dev->data.hostdev, &def)) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, "%s", _("usb device not found")); goto cleanup; } usbsrc = &def->source.subsys.u.usb; dst = g_strdup_printf("/dev/bus/usb/%03d/%03d", usbsrc->bus, usbsrc->device); if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("devices cgroup isn't mounted")); goto cleanup; } if (!(usb = virUSBDeviceNew(usbsrc->bus, usbsrc->device, NULL))) goto cleanup; if (lxcDomainAttachDeviceUnlink(vm, dst) < 0) { virDomainAuditHostdev(vm, def, "detach", false); goto cleanup; } virDomainAuditHostdev(vm, def, "detach", true); if (virUSBDeviceFileIterate(usb, virLXCTeardownHostUSBDeviceCgroup, priv->cgroup) < 0) VIR_WARN("cannot deny device %s for domain %s: %s", dst, vm->def->name, virGetLastErrorMessage()); virObjectLock(hostdev_mgr->activeUSBHostdevs); virUSBDeviceListDel(hostdev_mgr->activeUSBHostdevs, usb); virObjectUnlock(hostdev_mgr->activeUSBHostdevs); virDomainHostdevRemove(vm->def, idx); virDomainHostdevDefFree(def); ret = 0; cleanup: virUSBDeviceFree(usb); return ret; } static int lxcDomainDetachDeviceHostdevStorageLive(virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; virDomainHostdevDef *def = NULL; int idx; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot attach disk until init PID is known")); return -1; } if ((idx = virDomainHostdevFind(vm->def, dev->data.hostdev, &def)) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, _("hostdev %s not found"), dev->data.hostdev->source.caps.u.storage.block); return -1; } if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("devices cgroup isn't mounted")); return -1; } if (lxcDomainAttachDeviceUnlink(vm, def->source.caps.u.storage.block) < 0) { virDomainAuditHostdev(vm, def, "detach", false); return -1; } virDomainAuditHostdev(vm, def, "detach", true); if (virCgroupDenyDevicePath(priv->cgroup, def->source.caps.u.storage.block, VIR_CGROUP_DEVICE_RWM, false) != 0) VIR_WARN("cannot deny device %s for domain %s: %s", def->source.caps.u.storage.block, vm->def->name, virGetLastErrorMessage()); virDomainHostdevRemove(vm->def, idx); virDomainHostdevDefFree(def); return 0; } static int lxcDomainDetachDeviceHostdevMiscLive(virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; virDomainHostdevDef *def = NULL; int idx; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot attach disk until init PID is known")); return -1; } if ((idx = virDomainHostdevFind(vm->def, dev->data.hostdev, &def)) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, _("hostdev %s not found"), dev->data.hostdev->source.caps.u.misc.chardev); return -1; } if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("devices cgroup isn't mounted")); return -1; } if (lxcDomainAttachDeviceUnlink(vm, def->source.caps.u.misc.chardev) < 0) { virDomainAuditHostdev(vm, def, "detach", false); return -1; } virDomainAuditHostdev(vm, def, "detach", true); if (virCgroupDenyDevicePath(priv->cgroup, def->source.caps.u.misc.chardev, VIR_CGROUP_DEVICE_RWM, false) != 0) VIR_WARN("cannot deny device %s for domain %s: %s", def->source.caps.u.misc.chardev, vm->def->name, virGetLastErrorMessage()); virDomainHostdevRemove(vm->def, idx); virDomainHostdevDefFree(def); return 0; } static int lxcDomainDetachDeviceHostdevSubsysLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { switch (dev->data.hostdev->source.subsys.type) { case VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB: return lxcDomainDetachDeviceHostdevUSBLive(driver, vm, dev); default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Unsupported host device type %s"), virDomainHostdevSubsysTypeToString(dev->data.hostdev->source.subsys.type)); return -1; } } static int lxcDomainDetachDeviceHostdevCapsLive(virDomainObj *vm, virDomainDeviceDef *dev) { switch (dev->data.hostdev->source.caps.type) { case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_STORAGE: return lxcDomainDetachDeviceHostdevStorageLive(vm, dev); case VIR_DOMAIN_HOSTDEV_CAPS_TYPE_MISC: return lxcDomainDetachDeviceHostdevMiscLive(vm, dev); default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Unsupported host device type %s"), virDomainHostdevCapsTypeToString(dev->data.hostdev->source.caps.type)); return -1; } } static int lxcDomainDetachDeviceHostdevLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { virLXCDomainObjPrivate *priv = vm->privateData; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot attach hostdev until init PID is known")); return -1; } switch (dev->data.hostdev->mode) { case VIR_DOMAIN_HOSTDEV_MODE_SUBSYS: return lxcDomainDetachDeviceHostdevSubsysLive(driver, vm, dev); case VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES: return lxcDomainDetachDeviceHostdevCapsLive(vm, dev); default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("Unsupported host device mode %s"), virDomainHostdevModeTypeToString(dev->data.hostdev->mode)); return -1; } } static int lxcDomainDetachDeviceLive(virLXCDriver *driver, virDomainObj *vm, virDomainDeviceDef *dev) { int ret = -1; switch (dev->type) { case VIR_DOMAIN_DEVICE_DISK: ret = lxcDomainDetachDeviceDiskLive(vm, dev); break; case VIR_DOMAIN_DEVICE_NET: ret = lxcDomainDetachDeviceNetLive(vm, dev); break; case VIR_DOMAIN_DEVICE_HOSTDEV: ret = lxcDomainDetachDeviceHostdevLive(driver, vm, dev); break; default: virReportError(VIR_ERR_CONFIG_UNSUPPORTED, _("device type '%s' cannot be detached"), virDomainDeviceTypeToString(dev->type)); break; } return ret; } static int lxcDomainAttachDeviceFlags(virDomainPtr dom, const char *xml, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm = NULL; virDomainDef *vmdef = NULL; virDomainDeviceDef *dev = NULL; virDomainDeviceDef *dev_copy = NULL; int ret = -1; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainAttachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjUpdateModificationImpact(vm, &flags) < 0) goto endjob; dev = dev_copy = virDomainDeviceDefParse(xml, vm->def, driver->xmlopt, NULL, VIR_DOMAIN_DEF_PARSE_INACTIVE); if (dev == NULL) goto endjob; if (flags & VIR_DOMAIN_AFFECT_CONFIG && flags & VIR_DOMAIN_AFFECT_LIVE) { /* If we are affecting both CONFIG and LIVE * create a deep copy of device as adding * to CONFIG takes one instance. */ dev_copy = virDomainDeviceDefCopy(dev, vm->def, driver->xmlopt, NULL); if (!dev_copy) goto endjob; } if (flags & VIR_DOMAIN_AFFECT_CONFIG) { /* Make a copy for updated domain. */ vmdef = virDomainObjCopyPersistentDef(vm, driver->xmlopt, NULL); if (!vmdef) goto endjob; if (virDomainDefCompatibleDevice(vmdef, dev, NULL, VIR_DOMAIN_DEVICE_ACTION_ATTACH, false) < 0) goto endjob; if ((ret = lxcDomainAttachDeviceConfig(vmdef, dev)) < 0) goto endjob; } if (flags & VIR_DOMAIN_AFFECT_LIVE) { if (virDomainDefCompatibleDevice(vm->def, dev_copy, NULL, VIR_DOMAIN_DEVICE_ACTION_ATTACH, true) < 0) goto endjob; if ((ret = lxcDomainAttachDeviceLive(driver, vm, dev_copy)) < 0) goto endjob; /* * update domain status forcibly because the domain status may be * changed even if we failed to attach the device. For example, * a new controller may be created. */ if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) { ret = -1; goto endjob; } } /* Finally, if no error until here, we can save config. */ if (flags & VIR_DOMAIN_AFFECT_CONFIG) { ret = virDomainDefSave(vmdef, driver->xmlopt, cfg->configDir); if (!ret) { virDomainObjAssignDef(vm, vmdef, false, NULL); vmdef = NULL; } } endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainDefFree(vmdef); if (dev != dev_copy) virDomainDeviceDefFree(dev_copy); virDomainDeviceDefFree(dev); virDomainObjEndAPI(&vm); virObjectUnref(cfg); return ret; } static int lxcDomainAttachDevice(virDomainPtr dom, const char *xml) { return lxcDomainAttachDeviceFlags(dom, xml, VIR_DOMAIN_AFFECT_LIVE); } static int lxcDomainUpdateDeviceFlags(virDomainPtr dom, const char *xml, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm = NULL; virDomainDef *vmdef = NULL; virDomainDeviceDef *dev = NULL; int ret = -1; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainUpdateDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjUpdateModificationImpact(vm, &flags) < 0) goto endjob; if (flags & VIR_DOMAIN_AFFECT_LIVE) { virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", _("Unable to modify live devices")); goto endjob; } if (!(dev = virDomainDeviceDefParse(xml, vm->def, driver->xmlopt, NULL, VIR_DOMAIN_DEF_PARSE_INACTIVE))) goto endjob; /* Make a copy for updated domain. */ if (!(vmdef = virDomainObjCopyPersistentDef(vm, driver->xmlopt, NULL))) goto endjob; /* virDomainDefCompatibleDevice call is delayed until we know the * device we're going to update. */ if (lxcDomainUpdateDeviceConfig(vmdef, dev) < 0) goto endjob; if (virDomainDefSave(vmdef, driver->xmlopt, cfg->configDir) < 0) goto endjob; virDomainObjAssignDef(vm, vmdef, false, NULL); vmdef = NULL; ret = 0; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainDefFree(vmdef); virDomainDeviceDefFree(dev); virDomainObjEndAPI(&vm); virObjectUnref(cfg); return ret; } static int lxcDomainDetachDeviceFlags(virDomainPtr dom, const char *xml, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virCaps *caps = NULL; virDomainObj *vm = NULL; virDomainDef *vmdef = NULL; virDomainDeviceDef *dev = NULL; virDomainDeviceDef *dev_copy = NULL; int ret = -1; virLXCDriverConfig *cfg = virLXCDriverGetConfig(driver); virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; if (virDomainDetachDeviceFlagsEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; if (virDomainObjUpdateModificationImpact(vm, &flags) < 0) goto endjob; if (!(caps = virLXCDriverGetCapabilities(driver, false))) goto endjob; dev = dev_copy = virDomainDeviceDefParse(xml, vm->def, driver->xmlopt, NULL, VIR_DOMAIN_DEF_PARSE_INACTIVE | VIR_DOMAIN_DEF_PARSE_SKIP_VALIDATE); if (dev == NULL) goto endjob; if (flags & VIR_DOMAIN_AFFECT_CONFIG && flags & VIR_DOMAIN_AFFECT_LIVE) { /* If we are affecting both CONFIG and LIVE * create a deep copy of device as adding * to CONFIG takes one instance. */ dev_copy = virDomainDeviceDefCopy(dev, vm->def, driver->xmlopt, NULL); if (!dev_copy) goto endjob; } if (flags & VIR_DOMAIN_AFFECT_CONFIG) { /* Make a copy for updated domain. */ vmdef = virDomainObjCopyPersistentDef(vm, driver->xmlopt, NULL); if (!vmdef) goto endjob; if ((ret = lxcDomainDetachDeviceConfig(vmdef, dev)) < 0) goto endjob; } if (flags & VIR_DOMAIN_AFFECT_LIVE) { if ((ret = lxcDomainDetachDeviceLive(driver, vm, dev_copy)) < 0) goto endjob; /* * update domain status forcibly because the domain status may be * changed even if we failed to attach the device. For example, * a new controller may be created. */ if (virDomainObjSave(vm, driver->xmlopt, cfg->stateDir) < 0) { ret = -1; goto endjob; } } /* Finally, if no error until here, we can save config. */ if (flags & VIR_DOMAIN_AFFECT_CONFIG) { ret = virDomainDefSave(vmdef, driver->xmlopt, cfg->configDir); if (!ret) { virDomainObjAssignDef(vm, vmdef, false, NULL); vmdef = NULL; } } endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainDefFree(vmdef); if (dev != dev_copy) virDomainDeviceDefFree(dev_copy); virDomainDeviceDefFree(dev); virDomainObjEndAPI(&vm); virObjectUnref(caps); virObjectUnref(cfg); return ret; } static int lxcDomainDetachDevice(virDomainPtr dom, const char *xml) { return lxcDomainDetachDeviceFlags(dom, xml, VIR_DOMAIN_AFFECT_LIVE); } static int lxcDomainLxcOpenNamespace(virDomainPtr dom, int **fdlist, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; virLXCDomainObjPrivate *priv; int ret = -1; size_t nfds = 0; *fdlist = NULL; virCheckFlags(0, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainLxcOpenNamespaceEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_QUERY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Init pid is not yet available")); goto endjob; } if (virProcessGetNamespaces(priv->initpid, &nfds, fdlist) < 0) goto endjob; ret = nfds; endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); return ret; } static char * lxcConnectGetSysinfo(virConnectPtr conn, unsigned int flags) { virLXCDriver *driver = conn->privateData; g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; virCheckFlags(0, NULL); if (virConnectGetSysinfoEnsureACL(conn) < 0) return NULL; if (!driver->hostsysinfo) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Host SMBIOS information is not available")); return NULL; } if (virSysinfoFormat(&buf, driver->hostsysinfo) < 0) return NULL; return virBufferContentAndReset(&buf); } static int lxcNodeGetInfo(virConnectPtr conn, virNodeInfoPtr nodeinfo) { if (virNodeGetInfoEnsureACL(conn) < 0) return -1; return virCapabilitiesGetNodeInfo(nodeinfo); } static int lxcDomainMemoryStats(virDomainPtr dom, virDomainMemoryStatPtr stats, unsigned int nr_stats, unsigned int flags) { virDomainObj *vm; int ret = -1; virLXCDomainObjPrivate *priv; unsigned long long swap_usage; unsigned long mem_usage; virLXCDriver *driver = dom->conn->privateData; virCheckFlags(0, -1); if (!(vm = lxcDomObjFromDomain(dom))) goto cleanup; priv = vm->privateData; if (virDomainMemoryStatsEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_QUERY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; if (virCgroupGetMemSwapUsage(priv->cgroup, &swap_usage) < 0) goto endjob; if (virCgroupGetMemoryUsage(priv->cgroup, &mem_usage) < 0) goto endjob; ret = 0; if (ret < nr_stats) { stats[ret].tag = VIR_DOMAIN_MEMORY_STAT_ACTUAL_BALLOON; stats[ret].val = vm->def->mem.cur_balloon; ret++; } if (ret < nr_stats) { stats[ret].tag = VIR_DOMAIN_MEMORY_STAT_SWAP_IN; stats[ret].val = swap_usage; ret++; } if (ret < nr_stats) { stats[ret].tag = VIR_DOMAIN_MEMORY_STAT_RSS; stats[ret].val = mem_usage; ret++; } endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcNodeGetCPUStats(virConnectPtr conn, int cpuNum, virNodeCPUStatsPtr params, int *nparams, unsigned int flags) { if (virNodeGetCPUStatsEnsureACL(conn) < 0) return -1; return virHostCPUGetStats(cpuNum, params, nparams, flags); } static int lxcNodeGetMemoryStats(virConnectPtr conn, int cellNum, virNodeMemoryStatsPtr params, int *nparams, unsigned int flags) { if (virNodeGetMemoryStatsEnsureACL(conn) < 0) return -1; return virHostMemGetStats(cellNum, params, nparams, flags); } static int lxcNodeGetCellsFreeMemory(virConnectPtr conn, unsigned long long *freeMems, int startCell, int maxCells) { if (virNodeGetCellsFreeMemoryEnsureACL(conn) < 0) return -1; return virHostMemGetCellsFree(freeMems, startCell, maxCells); } static unsigned long long lxcNodeGetFreeMemory(virConnectPtr conn) { unsigned long long freeMem; if (virNodeGetFreeMemoryEnsureACL(conn) < 0) return 0; if (virHostMemGetInfo(NULL, &freeMem) < 0) return 0; return freeMem; } static int lxcNodeGetMemoryParameters(virConnectPtr conn, virTypedParameterPtr params, int *nparams, unsigned int flags) { if (virNodeGetMemoryParametersEnsureACL(conn) < 0) return -1; return virHostMemGetParameters(params, nparams, flags); } static int lxcNodeSetMemoryParameters(virConnectPtr conn, virTypedParameterPtr params, int nparams, unsigned int flags) { if (virNodeSetMemoryParametersEnsureACL(conn) < 0) return -1; return virHostMemSetParameters(params, nparams, flags); } static int lxcNodeGetCPUMap(virConnectPtr conn, unsigned char **cpumap, unsigned int *online, unsigned int flags) { if (virNodeGetCPUMapEnsureACL(conn) < 0) return -1; return virHostCPUGetMap(cpumap, online, flags); } static int lxcNodeSuspendForDuration(virConnectPtr conn, unsigned int target, unsigned long long duration, unsigned int flags) { if (virNodeSuspendForDurationEnsureACL(conn) < 0) return -1; return virNodeSuspend(target, duration, flags); } static int lxcDomainSetMetadata(virDomainPtr dom, int type, const char *metadata, const char *key, const char *uri, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm; virLXCDriverConfig *cfg = NULL; int ret = -1; virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | VIR_DOMAIN_AFFECT_CONFIG, -1); if (!(vm = lxcDomObjFromDomain(dom))) return -1; cfg = virLXCDriverGetConfig(driver); if (virDomainSetMetadataEnsureACL(dom->conn, vm->def, flags) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_MODIFY) < 0) goto cleanup; ret = virDomainObjSetMetadata(vm, type, metadata, key, uri, driver->xmlopt, cfg->stateDir, cfg->configDir, flags); if (ret == 0) { virObjectEvent *ev = NULL; ev = virDomainEventMetadataChangeNewFromObj(vm, type, uri); virObjectEventStateQueue(driver->domainEventState, ev); } virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); virObjectUnref(cfg); return ret; } static char * lxcDomainGetMetadata(virDomainPtr dom, int type, const char *uri, unsigned int flags) { virDomainObj *vm; char *ret = NULL; if (!(vm = lxcDomObjFromDomain(dom))) return NULL; if (virDomainGetMetadataEnsureACL(dom->conn, vm->def) < 0) goto cleanup; ret = virDomainObjGetMetadata(vm, type, uri, flags); cleanup: virDomainObjEndAPI(&vm); return ret; } static int lxcDomainGetCPUStats(virDomainPtr dom, virTypedParameterPtr params, unsigned int nparams, int start_cpu, unsigned int ncpus, unsigned int flags) { virDomainObj *vm = NULL; int ret = -1; virLXCDomainObjPrivate *priv; virCheckFlags(VIR_TYPED_PARAM_STRING_OKAY, -1); if (!(vm = lxcDomObjFromDomain(dom))) return ret; priv = vm->privateData; if (virDomainGetCPUStatsEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto cleanup; if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUACCT)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("cgroup CPUACCT controller is not mounted")); goto cleanup; } if (start_cpu == -1) ret = virCgroupGetDomainTotalCpuStats(priv->cgroup, params, nparams); else ret = virCgroupGetPercpuStats(priv->cgroup, params, nparams, start_cpu, ncpus, NULL); cleanup: virDomainObjEndAPI(&vm); return ret; } static char * lxcDomainGetHostname(virDomainPtr dom, unsigned int flags) { virLXCDriver *driver = dom->conn->privateData; virDomainObj *vm = NULL; char macaddr[VIR_MAC_STRING_BUFLEN]; g_autoptr(virConnect) conn = NULL; size_t i, j; char *hostname = NULL; virCheckFlags(VIR_DOMAIN_GET_HOSTNAME_LEASE, NULL); if (!(vm = lxcDomObjFromDomain(dom))) return NULL; if (virDomainGetHostnameEnsureACL(dom->conn, vm->def) < 0) goto cleanup; if (virLXCDomainObjBeginJob(driver, vm, LXC_JOB_QUERY) < 0) goto cleanup; if (virDomainObjCheckActive(vm) < 0) goto endjob; if (!(conn = virGetConnectNetwork())) goto endjob; for (i = 0; i < vm->def->nnets; i++) { g_autoptr(virNetwork) network = NULL; virDomainNetDef *net = vm->def->nets[i]; g_autofree virNetworkDHCPLeasePtr *leases = NULL; int n_leases; if (net->type != VIR_DOMAIN_NET_TYPE_NETWORK) continue; virMacAddrFormat(&net->mac, macaddr); network = virNetworkLookupByName(conn, net->data.network.name); if (!network) goto endjob; if ((n_leases = virNetworkGetDHCPLeases(network, macaddr, &leases, 0)) < 0) goto endjob; for (j = 0; j < n_leases; j++) { virNetworkDHCPLeasePtr lease = leases[j]; if (lease->hostname && !hostname) hostname = g_strdup(lease->hostname); virNetworkDHCPLeaseFree(lease); } if (hostname) goto endjob; } if (!hostname) { virReportError(VIR_ERR_NO_HOSTNAME, _("no hostname found for domain %s"), vm->def->name); goto endjob; } endjob: virLXCDomainObjEndJob(driver, vm); cleanup: virDomainObjEndAPI(&vm); return hostname; } static int lxcNodeGetFreePages(virConnectPtr conn, unsigned int npages, unsigned int *pages, int startCell, unsigned int cellCount, unsigned long long *counts, unsigned int flags) { virCheckFlags(0, -1); if (virNodeGetFreePagesEnsureACL(conn) < 0) return -1; return virHostMemGetFreePages(npages, pages, startCell, cellCount, counts); } static int lxcNodeAllocPages(virConnectPtr conn, unsigned int npages, unsigned int *pageSizes, unsigned long long *pageCounts, int startCell, unsigned int cellCount, unsigned int flags) { bool add = !(flags & VIR_NODE_ALLOC_PAGES_SET); virCheckFlags(VIR_NODE_ALLOC_PAGES_SET, -1); if (virNodeAllocPagesEnsureACL(conn) < 0) return -1; return virHostMemAllocPages(npages, pageSizes, pageCounts, startCell, cellCount, add); } static int lxcDomainHasManagedSaveImage(virDomainPtr dom, unsigned int flags) { virDomainObj *vm = NULL; int ret = -1; virCheckFlags(0, -1); if (!(vm = lxcDomObjFromDomain(dom))) return ret; if (virDomainHasManagedSaveImageEnsureACL(dom->conn, vm->def) < 0) goto cleanup; ret = 0; cleanup: virDomainObjEndAPI(&vm); return ret; } /* Function Tables */ static virHypervisorDriver lxcHypervisorDriver = { .name = LXC_DRIVER_NAME, .connectURIProbe = lxcConnectURIProbe, .connectOpen = lxcConnectOpen, /* 0.4.2 */ .connectClose = lxcConnectClose, /* 0.4.2 */ .connectSupportsFeature = lxcConnectSupportsFeature, /* 1.2.2 */ .connectGetVersion = lxcConnectGetVersion, /* 0.4.6 */ .connectGetHostname = lxcConnectGetHostname, /* 0.6.3 */ .connectGetSysinfo = lxcConnectGetSysinfo, /* 1.0.5 */ .nodeGetInfo = lxcNodeGetInfo, /* 0.6.5 */ .connectGetCapabilities = lxcConnectGetCapabilities, /* 0.6.5 */ .connectListDomains = lxcConnectListDomains, /* 0.4.2 */ .connectNumOfDomains = lxcConnectNumOfDomains, /* 0.4.2 */ .connectListAllDomains = lxcConnectListAllDomains, /* 0.9.13 */ .domainCreateXML = lxcDomainCreateXML, /* 0.4.4 */ .domainCreateXMLWithFiles = lxcDomainCreateXMLWithFiles, /* 1.1.1 */ .domainLookupByID = lxcDomainLookupByID, /* 0.4.2 */ .domainLookupByUUID = lxcDomainLookupByUUID, /* 0.4.2 */ .domainLookupByName = lxcDomainLookupByName, /* 0.4.2 */ .domainSuspend = lxcDomainSuspend, /* 0.7.2 */ .domainResume = lxcDomainResume, /* 0.7.2 */ .domainDestroy = lxcDomainDestroy, /* 0.4.4 */ .domainDestroyFlags = lxcDomainDestroyFlags, /* 0.9.4 */ .domainGetOSType = lxcDomainGetOSType, /* 0.4.2 */ .domainGetMaxMemory = lxcDomainGetMaxMemory, /* 0.7.2 */ .domainSetMaxMemory = lxcDomainSetMaxMemory, /* 0.7.2 */ .domainSetMemory = lxcDomainSetMemory, /* 0.7.2 */ .domainSetMemoryFlags = lxcDomainSetMemoryFlags, /* 1.2.7 */ .domainSetMemoryParameters = lxcDomainSetMemoryParameters, /* 0.8.5 */ .domainGetMemoryParameters = lxcDomainGetMemoryParameters, /* 0.8.5 */ .domainSetBlkioParameters = lxcDomainSetBlkioParameters, /* 0.9.8 */ .domainGetBlkioParameters = lxcDomainGetBlkioParameters, /* 0.9.8 */ .domainGetInfo = lxcDomainGetInfo, /* 0.4.2 */ .domainGetState = lxcDomainGetState, /* 0.9.2 */ .domainGetSecurityLabel = lxcDomainGetSecurityLabel, /* 0.9.10 */ .nodeGetSecurityModel = lxcNodeGetSecurityModel, /* 0.9.10 */ .domainGetXMLDesc = lxcDomainGetXMLDesc, /* 0.4.2 */ .connectDomainXMLFromNative = lxcConnectDomainXMLFromNative, /* 1.2.2 */ .connectListDefinedDomains = lxcConnectListDefinedDomains, /* 0.4.2 */ .connectNumOfDefinedDomains = lxcConnectNumOfDefinedDomains, /* 0.4.2 */ .domainCreate = lxcDomainCreate, /* 0.4.4 */ .domainCreateWithFlags = lxcDomainCreateWithFlags, /* 0.8.2 */ .domainCreateWithFiles = lxcDomainCreateWithFiles, /* 1.1.1 */ .domainDefineXML = lxcDomainDefineXML, /* 0.4.2 */ .domainDefineXMLFlags = lxcDomainDefineXMLFlags, /* 1.2.12 */ .domainUndefine = lxcDomainUndefine, /* 0.4.2 */ .domainUndefineFlags = lxcDomainUndefineFlags, /* 0.9.4 */ .domainAttachDevice = lxcDomainAttachDevice, /* 1.0.1 */ .domainAttachDeviceFlags = lxcDomainAttachDeviceFlags, /* 1.0.1 */ .domainDetachDevice = lxcDomainDetachDevice, /* 1.0.1 */ .domainDetachDeviceFlags = lxcDomainDetachDeviceFlags, /* 1.0.1 */ .domainUpdateDeviceFlags = lxcDomainUpdateDeviceFlags, /* 1.0.1 */ .domainGetAutostart = lxcDomainGetAutostart, /* 0.7.0 */ .domainSetAutostart = lxcDomainSetAutostart, /* 0.7.0 */ .domainGetSchedulerType = lxcDomainGetSchedulerType, /* 0.5.0 */ .domainGetSchedulerParameters = lxcDomainGetSchedulerParameters, /* 0.5.0 */ .domainGetSchedulerParametersFlags = lxcDomainGetSchedulerParametersFlags, /* 0.9.2 */ .domainSetSchedulerParameters = lxcDomainSetSchedulerParameters, /* 0.5.0 */ .domainSetSchedulerParametersFlags = lxcDomainSetSchedulerParametersFlags, /* 0.9.2 */ .domainBlockStats = lxcDomainBlockStats, /* 1.2.2 */ .domainBlockStatsFlags = lxcDomainBlockStatsFlags, /* 1.2.2 */ .domainInterfaceStats = lxcDomainInterfaceStats, /* 0.7.3 */ .domainMemoryStats = lxcDomainMemoryStats, /* 1.2.2 */ .nodeGetCPUStats = lxcNodeGetCPUStats, /* 0.9.3 */ .nodeGetMemoryStats = lxcNodeGetMemoryStats, /* 0.9.3 */ .nodeGetCellsFreeMemory = lxcNodeGetCellsFreeMemory, /* 0.6.5 */ .nodeGetFreeMemory = lxcNodeGetFreeMemory, /* 0.6.5 */ .nodeGetCPUMap = lxcNodeGetCPUMap, /* 1.0.0 */ .connectDomainEventRegister = lxcConnectDomainEventRegister, /* 0.7.0 */ .connectDomainEventDeregister = lxcConnectDomainEventDeregister, /* 0.7.0 */ .connectIsEncrypted = lxcConnectIsEncrypted, /* 0.7.3 */ .connectIsSecure = lxcConnectIsSecure, /* 0.7.3 */ .domainIsActive = lxcDomainIsActive, /* 0.7.3 */ .domainIsPersistent = lxcDomainIsPersistent, /* 0.7.3 */ .domainIsUpdated = lxcDomainIsUpdated, /* 0.8.6 */ .connectDomainEventRegisterAny = lxcConnectDomainEventRegisterAny, /* 0.8.0 */ .connectDomainEventDeregisterAny = lxcConnectDomainEventDeregisterAny, /* 0.8.0 */ .domainOpenConsole = lxcDomainOpenConsole, /* 0.8.6 */ .connectIsAlive = lxcConnectIsAlive, /* 0.9.8 */ .nodeSuspendForDuration = lxcNodeSuspendForDuration, /* 0.9.8 */ .domainSetMetadata = lxcDomainSetMetadata, /* 1.1.3 */ .domainGetMetadata = lxcDomainGetMetadata, /* 1.1.3 */ .domainGetCPUStats = lxcDomainGetCPUStats, /* 1.2.2 */ .domainGetHostname = lxcDomainGetHostname, /* 6.0.0 */ .domainInterfaceAddresses = lxcDomainInterfaceAddresses, /* 6.1.0 */ .nodeGetMemoryParameters = lxcNodeGetMemoryParameters, /* 0.10.2 */ .nodeSetMemoryParameters = lxcNodeSetMemoryParameters, /* 0.10.2 */ .domainSendProcessSignal = lxcDomainSendProcessSignal, /* 1.0.1 */ .domainShutdown = lxcDomainShutdown, /* 1.0.1 */ .domainShutdownFlags = lxcDomainShutdownFlags, /* 1.0.1 */ .domainReboot = lxcDomainReboot, /* 1.0.1 */ .domainLxcOpenNamespace = lxcDomainLxcOpenNamespace, /* 1.0.2 */ .nodeGetFreePages = lxcNodeGetFreePages, /* 1.2.6 */ .nodeAllocPages = lxcNodeAllocPages, /* 1.2.9 */ .domainHasManagedSaveImage = lxcDomainHasManagedSaveImage, /* 1.2.13 */ }; static virConnectDriver lxcConnectDriver = { .localOnly = true, .uriSchemes = (const char *[]){ "lxc", NULL }, .hypervisorDriver = &lxcHypervisorDriver, }; static virStateDriver lxcStateDriver = { .name = LXC_DRIVER_NAME, .stateInitialize = lxcStateInitialize, .stateCleanup = lxcStateCleanup, .stateReload = lxcStateReload, }; int lxcRegister(void) { if (virRegisterConnectDriver(&lxcConnectDriver, true) < 0) return -1; if (virRegisterStateDriver(&lxcStateDriver) < 0) return -1; return 0; }