packages/lxc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
lxc/0007-refactor-patches-on-terminal.c-start.c-and-so-on.patch
zhangxiaoyu d9cd0481fa fix compile error 
Signed-off-by: zhangxiaoyu <zhangxiaoyu58@huawei.com>
2022-07-21 20:37:36 +08:00

2727 lines
76 KiB
Diff
Raw Blame History

From 06b071d6bc7683023d3131d4e428210005333c8c Mon Sep 17 00:00:00 2001
From: chengzrz <czrzrichard@gmail.com>
Date: Wed, 20 Jul 2022 15:03:45 +0800
Subject: [PATCH] refactor patches on terminal.c, start.c and so on
Signed-off-by: chengzrz <czrzrichard@gmail.com>
---
hooks/Makefile.am | 3 +
src/lxc/attach.h | 6 +
src/lxc/cgroups/cgroup.c | 4 +
src/lxc/commands_utils.h | 6 +
src/lxc/initutils.c | 4 +
src/lxc/lsm/lsm.h | 8 +
src/lxc/lxclock.h | 4 +
src/lxc/mainloop.h | 4 +
src/lxc/start.c | 958 ++++++++++++++++++++++++++++++++++++
src/lxc/storage/btrfs.c | 11 +
src/lxc/storage/overlay.c | 8 +
src/lxc/sync.h | 4 +
src/lxc/terminal.c | 990 ++++++++++++++++++++++++++++++++++++++
src/tests/Makefile.am | 4 +
src/tests/attach.c | 11 +
15 files changed, 2025 insertions(+)
diff --git a/hooks/Makefile.am b/hooks/Makefile.am
index 5ae73d7..ddfd4bc 100644
--- a/hooks/Makefile.am
+++ b/hooks/Makefile.am
@@ -10,6 +10,8 @@ hooks_SCRIPTS = \
squid-deb-proxy-client \
nvidia
+
+if !HAVE_ISULAD
binhooks_PROGRAMS = \
unmount-namespace
@@ -20,5 +22,6 @@ if IS_BIONIC
unmount_namespace_SOURCES += \
../src/include/lxcmntent.c ../src/include/lxcmntent.h
endif
+endif
EXTRA_DIST=$(hooks_SCRIPTS)
diff --git a/src/lxc/attach.h b/src/lxc/attach.h
index ef5a6c1..8316344 100644
--- a/src/lxc/attach.h
+++ b/src/lxc/attach.h
@@ -20,9 +20,15 @@ struct lxc_proc_context_info {
int ns_fd[LXC_NS_MAX];
};
+#ifdef HAVE_ISULAD
+extern int lxc_attach(struct lxc_container *container,
+ lxc_attach_exec_t exec_function, void *exec_payload,
+ lxc_attach_options_t *options, pid_t *attached_process, char **err_msg);
+#else
extern int lxc_attach(struct lxc_container *container,
lxc_attach_exec_t exec_function, void *exec_payload,
lxc_attach_options_t *options, pid_t *attached_process);
+#endif
extern int lxc_attach_remount_sys_proc(void);
diff --git a/src/lxc/cgroups/cgroup.c b/src/lxc/cgroups/cgroup.c
index 7c94fd8..5aa2c3c 100644
--- a/src/lxc/cgroups/cgroup.c
+++ b/src/lxc/cgroups/cgroup.c
@@ -31,7 +31,11 @@ struct cgroup_ops *cgroup_init(struct lxc_conf *conf)
if (!cgroup_ops)
return log_error_errno(NULL, errno, "Failed to initialize cgroup driver");
+#ifdef HAVE_ISULAD
+ if (cgroup_ops->data_init(cgroup_ops, conf)) {
+#else
if (cgroup_ops->data_init(cgroup_ops)) {
+#endif
cgroup_exit(cgroup_ops);
return log_error_errno(NULL, errno,
"Failed to initialize cgroup data");
diff --git a/src/lxc/commands_utils.h b/src/lxc/commands_utils.h
index 3ef7920..c836ead 100644
--- a/src/lxc/commands_utils.h
+++ b/src/lxc/commands_utils.h
@@ -65,4 +65,10 @@ extern int lxc_add_state_client(int state_client_fd,
extern int lxc_cmd_connect(const char *name, const char *lxcpath,
const char *hashed_sock_name, const char *suffix);
+#ifdef HAVE_ISULAD
+extern char *generate_named_unix_sock_dir(const char *name);
+extern int generate_named_unix_sock_path(const char *container_name,
+ const char *sock_name, char *out_path, size_t len);
+#endif
+
#endif /* __LXC_COMMANDS_UTILS_H */
diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
index 5549c2e..76f0048 100644
--- a/src/lxc/initutils.c
+++ b/src/lxc/initutils.c
@@ -54,11 +54,15 @@ const char *lxc_global_config_value(const char *option_name)
{ NULL, NULL },
};
+#ifdef HAVE_ISULAD
+ static const char *values[sizeof(options) / sizeof(options[0])] = {0};
+#else
/* placed in the thread local storage pool for non-bionic targets */
#ifdef HAVE_TLS
static thread_local const char *values[sizeof(options) / sizeof(options[0])] = {0};
#else
static const char *values[sizeof(options) / sizeof(options[0])] = {0};
+#endif
#endif
/* user_config_path is freed as soon as it is used */
diff --git a/src/lxc/lsm/lsm.h b/src/lxc/lsm/lsm.h
index ee578bb..4872f55 100644
--- a/src/lxc/lsm/lsm.h
+++ b/src/lxc/lsm/lsm.h
@@ -17,6 +17,10 @@ struct lsm_drv {
char *(*process_label_get)(pid_t pid);
int (*process_label_set)(const char *label, struct lxc_conf *conf,
bool on_exec);
+#ifdef HAVE_ISULAD
+ int (*file_label_set)(const char *path, const char *label);
+ int (*relabel)(const char *path, const char *label, bool share);
+#endif
int (*keyring_label_set)(char* label);
int (*prepare)(struct lxc_conf *conf, const char *lxcpath);
void (*cleanup)(struct lxc_conf *conf, const char *lxcpath);
@@ -32,6 +36,10 @@ extern int lsm_process_label_set(const char *label, struct lxc_conf *conf,
extern int lsm_process_label_fd_get(pid_t pid, bool on_exec);
extern int lsm_process_label_set_at(int label_fd, const char *label,
bool on_exec);
+#ifdef HAVE_ISULAD
+extern int lsm_file_label_set(const char *path, const char *label);
+extern int lsm_relabel(const char *path, const char *label, bool share);
+#endif
extern void lsm_process_cleanup(struct lxc_conf *conf, const char *lxcpath);
extern int lsm_keyring_label_set(char *label);
diff --git a/src/lxc/lxclock.h b/src/lxc/lxclock.h
index 9f9bc3b..6a71d7c 100644
--- a/src/lxc/lxclock.h
+++ b/src/lxc/lxclock.h
@@ -154,4 +154,8 @@ extern int container_disk_lock(struct lxc_container *c);
*/
extern void container_disk_unlock(struct lxc_container *c);
+#ifdef HAVE_ISULAD
+int container_disk_removelock(struct lxc_container *c);
+#endif
+
#endif
diff --git a/src/lxc/mainloop.h b/src/lxc/mainloop.h
index e6ab9a6..aa41a93 100644
--- a/src/lxc/mainloop.h
+++ b/src/lxc/mainloop.h
@@ -38,4 +38,8 @@ extern void lxc_mainloop_close(struct lxc_epoll_descr *descr);
define_cleanup_function(struct lxc_epoll_descr *, lxc_mainloop_close);
+#ifdef HAVE_ISULAD
+extern int isulad_safe_mainloop(struct lxc_epoll_descr *descr, int timeout_ms);
+#endif
+
#endif
diff --git a/src/lxc/start.c b/src/lxc/start.c
index fd969c4..f82df34 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -304,7 +304,11 @@ static int setup_signal_fd(sigset_t *oldmask)
{
int ret;
sigset_t mask;
+#ifdef HAVE_ISULAD
+ const int signals[] = {SIGBUS, SIGILL, SIGSEGV, SIGWINCH, SIGTERM};
+#else
const int signals[] = {SIGBUS, SIGILL, SIGSEGV, SIGWINCH};
+#endif
/* Block everything except serious error signals. */
ret = sigfillset(&mask);
@@ -590,13 +594,27 @@ int lxc_poll(const char *name, struct lxc_handler *handler)
TRACE("Mainloop is ready");
+#ifdef HAVE_ISULAD
+ // iSulad: close stdin pipe if we do not want open_stdin with container stdin
+ if (!handler->conf->console.open_stdin) {
+ if (handler->conf->console.pipes[0][1] > 0) {
+ close(handler->conf->console.pipes[0][1]);
+ handler->conf->console.pipes[0][1] = -1;
+ }
+ }
+#endif
+
ret = lxc_mainloop(&descr, -1);
close_prot_errno_disarm(descr.epfd);
if (ret < 0 || !handler->init_died)
goto out_mainloop_console;
if (has_console)
+#ifdef HAVE_ISULAD
+ ret = isulad_safe_mainloop(&descr_console, 100);
+#else
ret = lxc_mainloop(&descr_console, 0);
+#endif
out_mainloop_console:
if (has_console) {
@@ -637,7 +655,9 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
const char *name, struct lxc_conf *conf,
const char *lxcpath, bool daemonize)
{
+#ifndef HAVE_ISULAD
int nr_keep_fds = 0;
+#endif
int ret;
struct lxc_handler *handler;
@@ -671,6 +691,12 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
handler->nsfd[i] = -EBADF;
handler->name = name;
+
+#ifdef HAVE_ISULAD
+ handler->exit_code = -1; /* isulad: record exit code of container */
+ handler->image_type_oci = false;
+#endif
+
if (daemonize)
handler->transient_pid = lxc_raw_getpid();
else
@@ -691,8 +717,10 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
TRACE("Created anonymous pair {%d,%d} of unix sockets",
handler->state_socket_pair[0],
handler->state_socket_pair[1]);
+#ifndef HAVE_ISULAD
handler->keep_fds[nr_keep_fds++] = handler->state_socket_pair[0];
handler->keep_fds[nr_keep_fds++] = handler->state_socket_pair[1];
+#endif
}
if (handler->conf->reboot == REBOOT_NONE) {
@@ -701,7 +729,9 @@ struct lxc_handler *lxc_init_handler(struct lxc_handler *old,
ERROR("Failed to set up command socket");
goto on_error;
}
+#ifndef HAVE_ISULAD
handler->keep_fds[nr_keep_fds++] = handler->conf->maincmd_fd;
+#endif
}
TRACE("Unix domain socket %d for command server is ready",
@@ -721,6 +751,10 @@ int lxc_init(const char *name, struct lxc_handler *handler)
int ret;
const char *loglevel;
struct lxc_conf *conf = handler->conf;
+#ifdef HAVE_ISULAD
+ conf->console.disable_pty = handler->disable_pty;
+ conf->console.open_stdin = handler->open_stdin;
+#endif
handler->monitor_pid = lxc_raw_getpid();
status_fd = open("/proc/self/status", O_RDONLY | O_CLOEXEC);
@@ -810,6 +844,9 @@ int lxc_init(const char *name, struct lxc_handler *handler)
ret = lxc_terminal_setup(conf);
if (ret < 0) {
ERROR("Failed to create console");
+#ifdef HAVE_ISULAD
+ lxc_write_error_message(conf->errpipe[1], "Failed to create console for container \"%s\".", name);
+#endif
goto out_restore_sigmask;
}
TRACE("Created console");
@@ -853,6 +890,185 @@ out_restore_sigmask:
return -1;
}
+#ifdef HAVE_ISULAD
+/* isulad: start timeout thread */
+typedef enum {
+ START_INIT,
+ START_TIMEOUT,
+ START_MAX,
+} start_timeout_t;
+
+static start_timeout_t global_timeout_state = START_INIT;
+static sem_t global_timeout_sem;
+
+struct start_timeout_conf {
+ unsigned int timeout;
+ int errfd;
+};
+
+void trim_line(char *s)
+{
+ size_t len;
+
+ len = strlen(s);
+ while ((len > 1) && (s[len - 1] == '\n'))
+ s[--len] = '\0';
+}
+
+static int _read_procs_file(const char *path, pid_t **pids, size_t *len)
+{
+ FILE *f;
+ char *line = NULL;
+ size_t sz = 0;
+ pid_t *tmp_pids = NULL;
+
+ f = fopen_cloexec(path, "r");
+ if (!f)
+ return -1;
+
+ while (getline(&line, &sz, f) != -1) {
+ pid_t pid;
+ trim_line(line);
+ pid = (pid_t)atoll(line);
+ if (lxc_mem_realloc((void **)&tmp_pids, sizeof(pid_t) * (*len + 1), *pids, sizeof(pid_t) * (*len)) != 0) {
+ free(*pids);
+ *pids = NULL;
+ ERROR("out of memory");
+ free(line);
+ fclose(f);
+ return -1;
+ }
+ *pids = tmp_pids;
+
+ (*pids)[*len] = pid;
+ (*len)++;
+ }
+
+ free(line);
+ fclose(f);
+ return 0;
+}
+
+static int _recursive_read_cgroup_procs(const char *dirpath, pid_t **pids, size_t *len)
+{
+ struct dirent *direntp = NULL;
+ DIR *dir = NULL;
+ int ret, failed = 0;
+ char pathname[PATH_MAX];
+
+ dir = opendir(dirpath);
+ if (dir == NULL) {
+ WARN("Failed to open \"%s\"", dirpath);
+ return 0;
+ }
+
+ while ((direntp = readdir(dir))) {
+ struct stat mystat;
+ int rc;
+
+ if (!strcmp(direntp->d_name, ".") ||
+ !strcmp(direntp->d_name, ".."))
+ continue;
+
+ rc = snprintf(pathname, PATH_MAX, "%s/%s", dirpath, direntp->d_name);
+ if (rc < 0 || rc >= PATH_MAX) {
+ failed = 1;
+ continue;
+ }
+
+ if (strcmp(direntp->d_name, "cgroup.procs") == 0) {
+ if (_read_procs_file(pathname, pids, len)) {
+ failed = 1;
+
+ }
+ continue;
+ }
+
+ ret = lstat(pathname, &mystat);
+ if (ret) {
+ failed = 1;
+ continue;
+ }
+
+ if (S_ISDIR(mystat.st_mode)) {
+ if (_recursive_read_cgroup_procs(pathname, pids, len) < 0)
+ failed = 1;
+ }
+ }
+
+ ret = closedir(dir);
+ if (ret) {
+ WARN("Failed to close directory \"%s\"", dirpath);
+ failed = 1;
+ }
+
+ return failed ? -1 : 0;
+}
+
+int get_all_pids(struct cgroup_ops *cg_ops, pid_t **pids, size_t *len)
+{
+ const char *devices_path = NULL;
+
+ devices_path = cg_ops->get_cgroup_full_path(cg_ops, "devices");
+ if (!file_exists(devices_path)) {
+ return 0;
+ }
+
+ return _recursive_read_cgroup_procs(devices_path, pids, len);
+}
+
+static int set_cgroup_freezer(struct cgroup_ops *cg_ops, const char *value)
+{
+ char *fullpath;
+ int ret;
+
+ fullpath = must_make_path(cg_ops->get_cgroup_full_path(cg_ops, "freezer"), "freezer.state", NULL);
+ ret = lxc_write_to_file(fullpath, value, strlen(value), false, 0666);
+ free(fullpath);
+ return ret;
+}
+
+/* isulad: kill all process in container cgroup path */
+static void signal_all_processes(struct lxc_handler *handler)
+{
+ int ret;
+ struct cgroup_ops *cg_ops = handler->cgroup_ops;
+ pid_t *pids = NULL;
+ size_t len = 0, i;
+
+ ret = set_cgroup_freezer(cg_ops, "FROZEN");
+ if (ret < 0 && errno != ENOENT) {
+ WARN("cgroup_set frozen failed");
+ }
+
+ ret = get_all_pids(cg_ops, &pids, &len);
+ if (ret < 0) {
+ WARN("failed to get all pids");
+ }
+
+ for (i = 0; i < len; i++) {
+ ret = kill(pids[i], SIGKILL);
+ if (ret < 0 && errno != ESRCH) {
+ WARN("Can not kill process (pid=%d) with SIGKILL for container %s", pids[i], handler->name);
+ }
+ }
+
+ ret = set_cgroup_freezer(cg_ops, "THAWED");
+ if (ret < 0 && errno != ENOENT) {
+ WARN("cgroup_set thawed failed");
+ }
+
+ for (i = 0; i < len; i++) {
+ ret = lxc_wait_for_pid_status(pids[i]);
+ if (ret < 0 && errno != ECHILD) {
+ WARN("Failed to wait pid %d for container %s: %s", pids[i], handler->name, strerror(errno));
+ }
+ }
+
+ free(pids);
+}
+#endif
+
void lxc_end(struct lxc_handler *handler)
{
int ret;
@@ -926,6 +1142,33 @@ void lxc_end(struct lxc_handler *handler)
lsm_process_cleanup(handler->conf, handler->lxcpath);
+#ifdef HAVE_ISULAD
+ // close maincmd fd before destroy cgroup for isulad
+ if (handler->conf->reboot == REBOOT_NONE) {
+ /* For all new state clients simply close the command socket.
+ * This will inform all state clients that the container is
+ * STOPPED and also prevents a race between a open()/close() on
+ * the command socket causing a new process to get ECONNREFUSED
+ * because we haven't yet closed the command socket.
+ */
+ close_prot_errno_disarm(handler->conf->maincmd_fd);
+ TRACE("Closed command socket");
+ }
+ int retry_count = 0;
+ int max_retry = 10;
+retry:
+ if (cgroup_ops != NULL && !cgroup_ops->payload_destroy(cgroup_ops, handler)) {
+ TRACE("Trying to kill all subprocess");
+ signal_all_processes(handler);
+ TRACE("Finished kill all subprocess");
+ if (retry_count < max_retry) {
+ usleep(100 * 1000); /* 100 millisecond */
+ retry_count++;
+ goto retry;
+ }
+ SYSERROR("Failed to destroy cgroup path for container: \"%s\"", handler->name);
+ }
+#else
if (cgroup_ops) {
cgroup_ops->payload_destroy(cgroup_ops, handler);
cgroup_ops->monitor_destroy(cgroup_ops, handler);
@@ -940,12 +1183,25 @@ void lxc_end(struct lxc_handler *handler)
*/
close_prot_errno_disarm(handler->conf->maincmd_fd);
TRACE("Closed command socket");
+ }
+#endif
+ if (handler->conf->reboot == REBOOT_NONE) {
/* This function will try to connect to the legacy lxc-monitord
* state server and only exists for backwards compatibility.
*/
lxc_monitor_send_state(name, STOPPED, handler->lxcpath);
+#ifdef HAVE_ISULAD
+ /* isuald: write exit code to exit fifo */
+ if (handler->conf->exit_fd >= 0) {
+ ret = write(handler->conf->exit_fd, &handler->exit_code, sizeof(int));
+ if (ret != sizeof(int)) {
+ SYSERROR("Failed to write to exit code to exit fifo.");
+ }
+ }
+#endif
+
/* The command socket is closed so no one can acces the command
* socket anymore so there's no need to lock it.
*/
@@ -1042,6 +1298,25 @@ static int do_start(void *data)
lxc_sync_fini_parent(handler);
+#ifdef HAVE_ISULAD
+ sigset_t mask;
+
+ /*isulad: restore default signal handlers and unblock all signals*/
+ for (int i = 1; i < NSIG; i++)
+ signal(i, SIG_DFL);
+
+ ret = sigfillset(&mask);
+ if (ret < 0) {
+ SYSERROR("Failed to fill signal mask");
+ goto out_warn_father;
+ }
+ ret = sigprocmask(SIG_UNBLOCK, &mask, NULL);
+ if (ret < 0) {
+ SYSERROR("Failed to set signal mask");
+ goto out_warn_father;
+ }
+#endif
+
if (lxc_abstract_unix_recv_fds(data_sock1, &status_fd, 1, NULL, 0) < 0) {
ERROR("Failed to receive status file descriptor to child process");
goto out_warn_father;
@@ -1155,7 +1430,11 @@ static int do_start(void *data)
* means that migration won't work, but at least we won't spew output
* where it isn't wanted.
*/
+#ifdef HAVE_ISULAD
+ if (!handler->disable_pty && handler->daemonize && !handler->conf->autodev) {
+#else
if (handler->daemonize && !handler->conf->autodev) {
+#endif
char path[PATH_MAX];
ret = snprintf(path, sizeof(path), "%s/dev/null",
@@ -1221,6 +1500,9 @@ static int do_start(void *data)
/* Setup the container, ip, names, utsname, ... */
ret = lxc_setup(handler);
if (ret < 0) {
+#ifdef HAVE_ISULAD
+ lxc_write_error_message(handler->conf->errpipe[1], "Failed to setup lxc, please check the config file.");
+#endif
ERROR("Failed to setup container \"%s\"", handler->name);
goto out_warn_father;
}
@@ -1243,12 +1525,70 @@ static int do_start(void *data)
DEBUG("Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges");
}
+#ifdef HAVE_ISULAD
+ /* isulad: dup2 pipe[0][0] to container stdin, pipe[1][1] to container stdout, pipe[2][1] to container stderr */
+ if (handler->disable_pty) {
+ if (handler->conf->console.pipes[0][1] >= 0) {
+ close(handler->conf->console.pipes[0][1]);
+ handler->conf->console.pipes[0][1] = -1;
+ }
+
+ if (handler->conf->console.pipes[0][0] >= 0) {
+ ret = dup2(handler->conf->console.pipes[0][0], STDIN_FILENO);
+ if (ret < 0)
+ goto out_warn_father;
+ }
+
+ if (handler->conf->console.pipes[1][0] >= 0) {
+ close(handler->conf->console.pipes[1][0]);
+ handler->conf->console.pipes[1][0] = -1;
+ }
+
+ if (handler->conf->console.pipes[1][1] >= 0) {
+ ret = dup2(handler->conf->console.pipes[1][1], STDOUT_FILENO);
+ if (ret < 0)
+ goto out_warn_father;
+ }
+ if (handler->conf->console.pipes[2][0] >= 0) {
+ close(handler->conf->console.pipes[2][0]);
+ handler->conf->console.pipes[2][0] = -1;
+ }
+
+ if (handler->conf->console.pipes[2][1] >= 0) {
+ ret = dup2(handler->conf->console.pipes[2][1], STDERR_FILENO);
+ if (ret < 0)
+ goto out_warn_father;
+ }
+ }
+#endif
+
/* Some init's such as busybox will set sane tty settings on stdin,
* stdout, stderr which it thinks is the console. We already set them
* the way we wanted on the real terminal, and we want init to do its
* setup on its console ie. the pty allocated in lxc_terminal_setup() so
* make sure that that pty is stdin,stdout,stderr.
*/
+#ifdef HAVE_ISULAD
+ setsid();
+ if (!handler->disable_pty && handler->conf->console.pts >= 0) {
+ /* isulad:make the given terminal as controlling terminal to avoid warning
+ * sh: cannot set terminal process group (-1): Inappropriate ioctl for device
+ * sh: no job control in this shell */
+ if (ioctl(handler->conf->console.pts, TIOCSCTTY, NULL) < 0) {
+ ERROR("Faild to make the given terminal the controlling terminal of the calling process");
+ goto out_warn_father;
+ }
+ if (handler->daemonize || !handler->conf->is_execute)
+ ret = set_stdfds(handler->conf->console.pts);
+ else
+ ret = lxc_terminal_set_stdfds(handler->conf->console.pts);
+ if (ret < 0) {
+ ERROR("Failed to redirect std{in,out,err} to pty file "
+ "descriptor %d", handler->conf->console.pts);
+ goto out_warn_father;
+ }
+ }
+#else
if (handler->conf->console.pts >= 0) {
if (handler->daemonize || !handler->conf->is_execute)
ret = set_stdfds(handler->conf->console.pts);
@@ -1260,6 +1600,7 @@ static int do_start(void *data)
goto out_warn_father;
}
}
+#endif
/* If we mounted a temporary proc, then unmount it now. */
tmp_proc_unmount(handler->conf);
@@ -1283,6 +1624,21 @@ static int do_start(void *data)
close_prot_errno_disarm(handler->sigfd);
+#ifdef HAVE_ISULAD
+ if (!handler->disable_pty && handler->conf->console.pts < 0 && handler->daemonize) {
+ if (devnull_fd < 0) {
+ devnull_fd = open_devnull();
+ if (devnull_fd < 0)
+ goto out_warn_father;
+ }
+
+ ret = set_stdfds(devnull_fd);
+ if (ret < 0) {
+ ERROR("Failed to redirect std{in,out,err} to \"/dev/null\"");
+ goto out_warn_father;
+ }
+ }
+#else
if (handler->conf->console.pts < 0 && handler->daemonize) {
if (devnull_fd < 0) {
devnull_fd = open_devnull();
@@ -1296,12 +1652,25 @@ static int do_start(void *data)
goto out_warn_father;
}
}
+#endif
close_prot_errno_disarm(devnull_fd);
+#ifndef HAVE_ISULAD
setsid();
+#endif
if (handler->conf->init_cwd) {
+#ifdef HAVE_ISULAD
+ /* try to craete workdir if not exist */
+ struct stat st;
+ if (stat(handler->conf->init_cwd, &st) < 0 && mkdir_p(handler->conf->init_cwd, 0755) < 0) {
+ SYSERROR("Try to create directory \"%s\" as workdir failed", handler->conf->init_cwd);
+ lxc_write_error_message(handler->conf->errpipe[1], "%s:%d: Failed to create workdir: %s.",
+ __FILE__, __LINE__, strerror(errno));
+ goto out_warn_father;
+ }
+#endif
ret = chdir(handler->conf->init_cwd);
if (ret < 0) {
SYSERROR("Could not change directory to \"%s\"",
@@ -1345,6 +1714,13 @@ static int do_start(void *data)
}
}
+#ifdef HAVE_ISULAD
+ if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
+ SYSERROR("Failed to keep permitted capabilities");
+ goto out_warn_father;
+ }
+#endif
+
/* The container has been setup. We can now switch to an unprivileged
* uid/gid.
*/
@@ -1358,6 +1734,13 @@ static int do_start(void *data)
if (new_gid == nsgid)
new_gid = LXC_INVALID_GID;
+#ifdef HAVE_ISULAD
+ // isulad: set env home in container
+ if (lxc_setup_env_home(new_uid) < 0) {
+ goto out_warn_father;
+ }
+#endif
+
/* Make sure that the processes STDIO is correctly owned by the user that we are switching to */
ret = fix_stdio_permissions(new_uid);
if (ret)
@@ -1371,8 +1754,16 @@ static int do_start(void *data)
#if HAVE_LIBCAP
if (lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE))
#endif
+#ifdef HAVE_ISULAD
+ /* isulad: set groups for init process, and before we set uid and gid */
+ if (!lxc_setgroups(handler->conf->init_groups_len, handler->conf->init_groups)) {
+ ERROR("Can not set groups");
+ goto out_warn_father;
+ }
+#else
if (!lxc_setgroups(0, NULL))
goto out_warn_father;
+#endif
if (!lxc_switch_uid_gid(new_uid, new_gid))
goto out_warn_father;
@@ -1383,6 +1774,19 @@ static int do_start(void *data)
goto out_warn_father;
}
+#ifdef HAVE_ISULAD
+ /* isulad: drop the cap of current process */
+ if (prctl(PR_SET_KEEPCAPS, 0) < 0) {
+ SYSERROR("Failed to clear permitted capabilities");
+ goto out_warn_father;
+ }
+
+ if (lxc_drop_caps(handler->conf)) {
+ SYSERROR("Failed to drop caps");
+ goto out_warn_father;
+ }
+#endif
+
if (handler->conf->monitor_signal_pdeath != SIGKILL) {
ret = lxc_set_death_signal(handler->conf->monitor_signal_pdeath,
handler->monitor_pid, status_fd);
@@ -1397,7 +1801,12 @@ static int do_start(void *data)
* After this call, we are in error because this ops should not return
* as it execs.
*/
+#ifdef HAVE_ISULAD
+ close_prot_errno_disarm(status_fd);
+ handler->ops->start(handler, handler->data, handler->daemonize ? handler->conf->errpipe[1] : -1);
+#else
handler->ops->start(handler, handler->data);
+#endif
out_warn_father:
/*
@@ -1529,6 +1938,94 @@ static inline int do_share_ns(void *arg)
return 0;
}
+#ifdef HAVE_ISULAD
+static int lxc_write_container_info(char *filename, pid_t pid, pid_t p_pid,
+ unsigned long long start_at, unsigned long long p_start_at)
+{
+ FILE *pid_fp = NULL;
+ int ret = 0;
+
+ pid_fp = lxc_fopen(filename, "w");
+ if (pid_fp == NULL) {
+ SYSERROR("Failed to create pidfile '%s'",filename);
+ ret = -1;
+ goto out;
+ }
+
+ if (fprintf(pid_fp, "%d %llu %d %llu\n", pid, start_at, p_pid, p_start_at) < 0) {
+ SYSERROR("Failed to write '%s'", filename);
+ ret = -1;
+ goto out;
+ }
+out:
+ if (pid_fp)
+ fclose(pid_fp);
+ pid_fp = NULL;
+ return ret;
+}
+
+static int lxc_check_container_info(char *filename, pid_t pid, pid_t p_pid,
+ unsigned long long start_at, unsigned long long p_start_at)
+{
+ int ret = 0;
+ int num;
+ char sbuf[1024] = {0}; /* bufs for stat */
+ int saved_pid; /* process id */
+ int saved_ppid; /* pid of parent process */
+ unsigned long long saved_start_time; /* start time of process -- seconds since 1-1-70 */
+ unsigned long long saved_pstart_time; /* start time of parent process -- seconds since 1-1-70 */
+
+ if ((lxc_file2str(filename, sbuf, sizeof(sbuf))) == -1) {
+ SYSERROR("Failed to read pidfile %s", filename);
+ ret = -1;
+ goto out;
+ }
+
+ num = sscanf(sbuf, "%d %Lu %d %Lu", &saved_pid, &saved_start_time, &saved_ppid, &saved_pstart_time);
+ if (num != 4) {
+ SYSERROR("Call sscanf error");
+ ret = -1;
+ goto out;
+ }
+
+ if (pid != saved_pid || p_pid != saved_ppid
+ || start_at != saved_start_time || p_start_at != saved_pstart_time) {
+ ERROR("Check container info failed");
+ ret = -1;
+ goto out;
+ }
+
+out:
+ return ret;
+}
+
+/* isuald: save pid/ppid info */
+static int lxc_save_container_info(char *filename, pid_t pid)
+{
+ int ret = 0;
+ pid_t p_pid = 0;
+ unsigned long long start_at = 0;
+ unsigned long long p_start_at = 0;
+
+ start_at = lxc_get_process_startat(pid);
+ p_pid = getpid();
+ p_start_at = lxc_get_process_startat(p_pid);
+
+ ret = lxc_write_container_info(filename, pid, p_pid, start_at, p_start_at);
+ if (ret != 0) {
+ goto out;
+ }
+
+ ret = lxc_check_container_info(filename, pid, p_pid, start_at, p_start_at);
+ if (ret != 0) {
+ goto out;
+ }
+
+out:
+ return ret;
+}
+#endif
+
/* lxc_spawn() performs crucial setup tasks and clone()s the new process which
* exec()s the requested container binary.
* Note that lxc_spawn() runs in the parent namespaces. Any operations performed
@@ -1595,7 +2092,11 @@ static int lxc_spawn(struct lxc_handler *handler)
* it readonly.
* If the container is unprivileged then skip rootfs pinning.
*/
+#ifdef HAVE_ISULAD
+ if (!wants_to_map_ids && !handler->image_type_oci) {
+#else
if (!wants_to_map_ids) {
+#endif
handler->pinfd = pin_rootfs(conf->rootfs.path);
if (handler->pinfd == -EBADF)
INFO("Failed to pin the rootfs for container \"%s\"", handler->name);
@@ -1640,6 +2141,32 @@ static int lxc_spawn(struct lxc_handler *handler)
}
TRACE("Cloned child process %d", handler->pid);
+#ifdef HAVE_ISULAD
+ /* isulad: close pipe after clone */
+ if (handler->conf->console.pipes[0][0] >= 0) {
+ close(handler->conf->console.pipes[0][0]);
+ handler->conf->console.pipes[0][0] = -1;
+ }
+
+ if (handler->conf->console.pipes[1][1] >= 0) {
+ close(handler->conf->console.pipes[1][1]);
+ handler->conf->console.pipes[1][1] = -1;
+ }
+
+ if (handler->conf->console.pipes[2][1] >= 0) {
+ close(handler->conf->console.pipes[2][1]);
+ handler->conf->console.pipes[2][1] = -1;
+ }
+
+ /* isulad: save pid/ppid info into file*/
+ if (handler->conf->container_info_file) {
+ if (lxc_save_container_info(handler->conf->container_info_file, handler->pid)) {
+ ERROR("Failed to save cloned container pid");
+ goto out_delete_net;
+ }
+ }
+#endif
+
/* Verify that we can actually make use of pidfds. */
if (!lxc_can_use_pidfd(handler->pidfd))
close_prot_errno_disarm(handler->pidfd);
@@ -1652,6 +2179,13 @@ static int lxc_spawn(struct lxc_handler *handler)
if (ret < 0)
SYSERROR("Failed to set environment variable: LXC_PID=%s", pidstr);
+#ifdef HAVE_ISULAD
+ if (handler->cgroup_ops->container_cgroup) {
+ if (setenv("LXC_CGROUP_PATH", handler->cgroup_ops->container_cgroup, 1))
+ SYSERROR("Failed to set environment variable: LXC_CGROUP_PATH=%s.", handler->cgroup_ops->container_cgroup);
+ }
+#endif
+
for (i = 0; i < LXC_NS_MAX; i++)
if (handler->ns_on_clone_flags & ns_info[i].clone_flag)
INFO("Cloned %s", ns_info[i].flag_name);
@@ -1765,7 +2299,11 @@ static int lxc_spawn(struct lxc_handler *handler)
goto out_delete_net;
if (!lxc_list_empty(&conf->limits)) {
+#ifdef HAVE_ISULAD
+ ret = setup_resource_limits(&conf->limits, handler->pid, conf->errpipe[1]);
+#else
ret = setup_resource_limits(&conf->limits, handler->pid);
+#endif
if (ret < 0) {
ERROR("Failed to setup resource limits");
goto out_delete_net;
@@ -1816,6 +2354,26 @@ static int lxc_spawn(struct lxc_handler *handler)
ERROR("Failed to run lxc.hook.start-host");
goto out_delete_net;
}
+#ifdef HAVE_ISULAD
+ /* isulad: Run oci prestart hook at here */
+ ret = run_oci_hooks(name, "oci-prestart", conf, lxcpath);
+ if (ret < 0) {
+ ERROR("Failed to run oci prestart hooks");
+ goto out_delete_net;
+ }
+
+ if (START_TIMEOUT == global_timeout_state) {
+ lxc_write_error_message(conf->errpipe[1], "Starting the container \"%s\" timeout.", name);
+ ERROR("Starting the container \"%s\" timeout.", name);
+ goto out_delete_net;
+ }
+
+ /* Tell the child to continue its initialization. We'll get
+ * LXC_SYNC_POST_OCI_PRESTART_HOOK when it is ready for us to run oci prestart hooks.
+ */
+ if (lxc_sync_barrier_child(handler, LXC_SYNC_POST_OCI_PRESTART_HOOK))
+ goto out_delete_net;
+#endif
/* Tell the child to complete its initialization and wait for it to exec
* or return an error. (The child will never return
@@ -1859,6 +2417,22 @@ static int lxc_spawn(struct lxc_handler *handler)
if (ret < 0)
goto out_abort;
+#ifdef HAVE_ISULAD
+ /* isulad: Run oci prestart hook at here */
+ ret = run_oci_hooks(name, "oci-poststart", conf, lxcpath);
+ if (ret < 0) {
+ ERROR("Failed to run oci poststart hooks");
+ goto out_abort;
+ }
+
+ if (START_TIMEOUT == global_timeout_state) {
+ lxc_write_error_message(conf->errpipe[1], "Starting the container \"%s\" timeout.", name);
+ ERROR("Starting the container \"%s\" timeout.", name);
+ goto out_abort;
+ }
+
+#endif
+
ret = lxc_set_state(name, handler, RUNNING);
if (ret < 0) {
ERROR("Failed to set state to \"%s\"", lxc_state2str(RUNNING));
@@ -1883,9 +2457,83 @@ out_sync_fini:
return -1;
}
+#ifdef HAVE_ISULAD
+/* isulad: start timeout thread function */
+static void* wait_start_timeout(void *arg)
+{
+ struct start_timeout_conf *conf = (struct start_timeout_conf *)arg;
+
+ sem_post(&global_timeout_sem);
+
+ if (!conf || conf->timeout < 1)
+ goto out;
+
+ sleep(conf->timeout);
+
+ global_timeout_state = START_TIMEOUT;
+
+out:
+ free(conf);
+ return ((void *)0);
+}
+
+/* isulad: create start timeout thread */
+static int create_start_timeout_thread(struct lxc_conf *conf, unsigned int start_timeout)
+{
+ int ret = 0;
+ pthread_t ptid;
+ pthread_attr_t attr;
+ struct start_timeout_conf *timeout_conf = NULL;
+
+ if (sem_init(&global_timeout_sem, 0, 0)) {
+ ERROR("Failed to init start timeout semaphore");/*lint !e613*/
+ ret = -1;
+ return ret;
+ }
+
+ timeout_conf = malloc(sizeof(struct start_timeout_conf));
+ if (timeout_conf == NULL) {
+ ERROR("Failed to malloc start timeout conf");
+ ret = -1;
+ goto out;
+ }
+
+ memset(timeout_conf, 0, sizeof(struct start_timeout_conf));
+ timeout_conf->errfd = conf->errpipe[1];
+ timeout_conf->timeout = start_timeout;
+
+ pthread_attr_init(&attr);
+ pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
+ ret = pthread_create(&ptid, &attr, wait_start_timeout, timeout_conf);
+ pthread_attr_destroy(&attr);
+ if (ret != 0) {
+ ERROR("Create start wait timeout thread failed");
+ free(timeout_conf);
+ goto out;
+ }
+
+ sem_wait(&global_timeout_sem);
+out:
+ sem_destroy(&global_timeout_sem);
+ return ret;
+}
+
+// isulad: send '128 + signal' if container is killed by signal.
+#define EXIT_SIGNAL_OFFSET 128
+#endif
+
+
+#ifdef HAVE_ISULAD
+int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
+ void *data, const char *lxcpath, bool daemonize, int *error_num,
+ unsigned int start_timeout)
+{
+ int exit_code;
+#else
int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
void *data, const char *lxcpath, bool daemonize, int *error_num)
{
+#endif
int ret, status;
const char *name = handler->name;
struct lxc_conf *conf = handler->conf;
@@ -1901,6 +2549,16 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
handler->daemonize = daemonize;
cgroup_ops = handler->cgroup_ops;
+#ifdef HAVE_ISULAD
+ /* isulad: add start timeout limit */
+ if (start_timeout > 0) {
+ ret = create_start_timeout_thread(conf, start_timeout);
+ if (ret) {
+ ERROR("Failed to create start timeout thread for container \"%s\".", name);
+ goto out_abort;
+ }
+ }
+#endif
if (!attach_block_device(handler->conf)) {
ERROR("Failed to attach block device");
ret = -1;
@@ -1959,11 +2617,13 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
goto out_delete_network;
}
+#ifndef HAVE_ISULAD
if (!handler->init_died && handler->pid > 0) {
ERROR("Child process is not killed");
ret = -1;
goto out_delete_network;
}
+#endif
status = lxc_wait_for_pid_status(handler->pid);
if (status < 0)
@@ -1973,6 +2633,21 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
* reboot. This should mean it was an lxc-execute which simply exited.
* In any case, treat it as a 'halt'.
*/
+#ifdef HAVE_ISULAD
+ // isulad: recored log for container init exit
+ if (WIFSIGNALED(status)) {
+ int signal = WTERMSIG(status);
+ signal = WTERMSIG(status);
+ exit_code = EXIT_SIGNAL_OFFSET + signal;
+ ERROR("Container \"%s\" init exited with signal %d", name, signal);
+ } else if (WIFEXITED(status)) {
+ exit_code = WEXITSTATUS(status);
+ ERROR("Container \"%s\" init exited with status %d", name, exit_code);
+ } else {
+ exit_code = -1;
+ ERROR("Container \"%s\" init exited with unknown status", name);
+ }
+#else
if (WIFSIGNALED(status)) {
switch(WTERMSIG(status)) {
case SIGINT: /* halt */
@@ -1990,6 +2665,7 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
break;
}
}
+#endif
ret = lxc_restore_phys_nics_to_netns(handler);
if (ret < 0)
@@ -1997,11 +2673,20 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
close_prot_errno_disarm(handler->pinfd);
+#ifdef HAVE_ISULAD
+ lxc_monitor_send_exit_code(name, exit_code, handler->lxcpath);
+#else
lxc_monitor_send_exit_code(name, status, handler->lxcpath);
+#endif
+
lxc_error_set_and_log(handler->pid, status);
if (error_num)
*error_num = handler->exit_status;
+#ifdef HAVE_ISULAD
+ handler->exit_code = exit_code; /* record exit code */
+#endif
+
/* These are not the droids you are looking for. */
__private_goto1:
lxc_delete_network(handler);
@@ -2032,7 +2717,11 @@ struct start_args {
char *const *argv;
};
+#ifdef HAVE_ISULAD
+static int start(struct lxc_handler *handler, void* data, int fd)
+#else
static int start(struct lxc_handler *handler, void* data)
+#endif
{
struct start_args *arg = data;
@@ -2040,6 +2729,9 @@ static int start(struct lxc_handler *handler, void* data)
execvp(arg->argv[0], arg->argv);
SYSERROR("Failed to exec \"%s\"", arg->argv[0]);
+#ifdef HAVE_ISULAD
+ lxc_write_error_message(fd, "exec: \"%s\": %s.", arg->argv[0], strerror(errno));
+#endif
return 0;
}
@@ -2057,14 +2749,22 @@ static struct lxc_operations start_ops = {
};
int lxc_start(char *const argv[], struct lxc_handler *handler,
+#ifdef HAVE_ISULAD
+ const char *lxcpath, bool daemonize, int *error_num, unsigned int start_timeout)
+#else
const char *lxcpath, bool daemonize, int *error_num)
+#endif
{
struct start_args start_arg = {
.argv = argv,
};
TRACE("Doing lxc_start");
+#ifdef HAVE_ISULAD
+ return __lxc_start(handler, &start_ops, &start_arg, lxcpath, daemonize, error_num, start_timeout);
+#else
return __lxc_start(handler, &start_ops, &start_arg, lxcpath, daemonize, error_num);
+#endif
}
static void lxc_destroy_container_on_signal(struct lxc_handler *handler,
@@ -2136,3 +2836,261 @@ static bool do_destroy_container(struct lxc_handler *handler)
return storage_destroy(handler->conf);
}
+
+#ifdef HAVE_ISULAD
+/*isulad: set env for clean resources */
+static int clean_resource_set_env(struct lxc_handler *handler)
+{
+ const char *name = handler->name;
+ struct lxc_conf *conf = handler->conf;
+ char bufstr[PATH_MAX + 1];
+ int i = 0;
+ int j = 0;
+ int len = 2; //set "LXC_PID" and "LXC_CGNS_AWARE"
+
+ if (conf == NULL || conf->ocihooks == NULL || conf->ocihooks->poststop_len == 0) {
+ return 0;
+ }
+
+ if (name) {
+ len++;
+ }
+ if (conf->rcfile) {
+ len++;
+ }
+ if (conf->rootfs.mount) {
+ len++;
+ }
+ if (conf->rootfs.path) {
+ len++;
+ }
+ if (conf->console.path) {
+ len++;
+ }
+ if (conf->console.log_path) {
+ len++;
+ }
+ if (handler->cgroup_ops->container_cgroup) {
+ len++;
+ }
+
+ for (; i < conf->ocihooks->poststop_len; i++) {
+ size_t cap = conf->ocihooks->poststop[i]->env_len;
+ size_t newcap = cap + len + 1;
+ if (lxc_grow_array((void ***)&(conf->ocihooks->poststop[i]->env), &cap, newcap, 1) != 0) {
+ return -1;
+ }
+ j = conf->ocihooks->poststop[i]->env_len;
+ /* Start of environment variable setup for hooks. */
+ if (name) {
+ snprintf(bufstr, PATH_MAX + 1, "LXC_NAME=%s", name);
+ conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ }
+ if (conf->rcfile) {
+ snprintf(bufstr, PATH_MAX + 1, "LXC_CONFIG_FILE=%s", conf->rcfile);
+ conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ }
+ if (conf->rootfs.mount) {
+ snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_MOUNT=%s", conf->rootfs.mount);
+ conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ }
+ if (conf->rootfs.path) {
+ snprintf(bufstr, PATH_MAX + 1, "LXC_ROOTFS_PATH=%s", conf->rootfs.path);
+ conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ }
+ if (conf->console.path) {
+ snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE=%s", conf->console.path);
+ conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ }
+ if (conf->console.log_path) {
+ snprintf(bufstr, PATH_MAX + 1, "LXC_CONSOLE_LOGPATH=%s", conf->console.log_path);
+ conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ }
+ conf->ocihooks->poststop[i]->env[j++] = safe_strdup("LXC_CGNS_AWARE=1");
+
+ snprintf(bufstr, PATH_MAX + 1, "LXC_PID=%d", handler->pid);
+ conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ if (handler->cgroup_ops->container_cgroup) {
+ snprintf(bufstr, PATH_MAX + 1, "LXC_CGROUP_PATH=%s", handler->cgroup_ops->container_cgroup);
+ conf->ocihooks->poststop[i]->env[j++] = safe_strdup(bufstr);
+ }
+ conf->ocihooks->poststop[i]->env_len = j;
+ /* End of environment variable setup for hooks. */
+ }
+ return 0;
+}
+
+/*isulad: init handler for clean */
+static struct lxc_handler *lxc_init_clean_handler(char *name, char *lxcpath, struct lxc_conf *conf, pid_t pid)
+{
+ int i;
+ struct lxc_handler *handler;
+
+ handler = malloc(sizeof(*handler));
+ if (handler == NULL)
+ return NULL;
+
+ memset(handler, 0, sizeof(*handler));
+
+ /* Note that am_guest_unpriv() checks the effective uid. We
+ * probably don't care if we are real root only if we are running
+ * as root so this should be fine.
+ */
+ handler->am_root = !am_guest_unpriv();
+ handler->data_sock[0] = handler->data_sock[1] = -1;
+ handler->conf = conf;
+ handler->lxcpath = lxcpath;
+ handler->pinfd = -1;
+ handler->sigfd = -EBADF;
+ handler->pidfd = -EBADF;
+ handler->init_died = false;
+ handler->monitor_status_fd = -EBADF;
+ handler->pid = pid;
+ handler->state_socket_pair[0] = handler->state_socket_pair[1] = -1;
+ if (handler->conf->reboot == REBOOT_NONE)
+ lxc_list_init(&handler->conf->state_clients);
+
+ for (i = 0; i < LXC_NS_MAX; i++)
+ handler->nsfd[i] = -1;
+
+ handler->name = name;
+ handler->exit_code = -1; /* isulad: record exit code of container */
+
+ handler->cgroup_ops = cgroup_init(conf);
+ if (!handler->cgroup_ops) {
+ ERROR("Failed to initialize cgroup driver");
+ goto on_error;
+ }
+
+ INFO("Container \"%s\" 's clean handler is initialized.", name);
+
+ return handler;
+
+on_error:
+ lxc_put_handler(handler);
+
+ return NULL;
+}
+
+/*isulad: init handler for clean */
+static struct lxc_handler *lxc_init_pids_handler(char *name, char *lxcpath, struct lxc_conf *conf)
+{
+ int i;
+ struct lxc_handler *handler;
+
+ handler = malloc(sizeof(*handler));
+ if (handler == NULL)
+ return NULL;
+
+ memset(handler, 0, sizeof(*handler));
+
+ /* Note that am_guest_unpriv() checks the effective uid. We
+ * probably don't care if we are real root only if we are running
+ * as root so this should be fine.
+ */
+ handler->am_root = !am_guest_unpriv();
+ handler->data_sock[0] = handler->data_sock[1] = -1;
+ handler->conf = conf;
+ handler->lxcpath = lxcpath;
+ handler->pinfd = -1;
+ handler->sigfd = -EBADF;
+ handler->init_died = false;
+ handler->state_socket_pair[0] = handler->state_socket_pair[1] = -1;
+ handler->monitor_status_fd = -EBADF;
+ handler->pidfd = -EBADF;
+ if (handler->conf->reboot == REBOOT_NONE)
+ lxc_list_init(&handler->conf->state_clients);
+
+ for (i = 0; i < LXC_NS_MAX; i++)
+ handler->nsfd[i] = -1;
+
+ handler->name = name;
+ handler->exit_code = -1; /* isulad: record exit code of container */
+
+ handler->cgroup_ops = cgroup_init(conf);
+ if (!handler->cgroup_ops) {
+ ERROR("Failed to initialize cgroup driver");
+ goto on_error;
+ }
+
+ INFO("Container \"%s\" 's clean handler is initialized.", name);
+
+ return handler;
+
+on_error:
+ lxc_put_handler(handler);
+
+ return NULL;
+}
+
+/*isulad: do_lxcapi_clean_resource */
+int do_lxcapi_clean_resource(char *name, char *lxcpath, struct lxc_conf *conf, pid_t pid)
+{
+ int ret = 0;
+ struct lxc_handler *handler = NULL;
+ int retry_count = 0;
+ int max_retry = 10;
+
+ handler = lxc_init_clean_handler(name, lxcpath, conf, pid);
+ if (!handler) {
+ ERROR("Failed to init container %s clean handler", name);
+ ret = -1;
+ goto out;
+ }
+
+ if (clean_resource_set_env(handler) != 0) {
+ ERROR("Failed to set env for poststop hooks");
+ ret = -1;
+ goto out;
+ }
+
+ if (run_oci_hooks(handler->name, "oci-poststop", handler->conf, handler->lxcpath)) {
+ ERROR("Failed to run lxc.hook.post-stop for container \"%s\".", handler->name);
+ ret = -1;
+ }
+
+retry:
+ if (!handler->cgroup_ops->payload_destroy(handler->cgroup_ops, handler)) {
+ TRACE("Trying to kill all subprocess");
+ signal_all_processes(handler);
+ TRACE("Finished kill all subprocess");
+ if (retry_count < max_retry) {
+ usleep(100 * 1000); /* 100 millisecond */
+ retry_count++;
+ goto retry;
+ }
+ SYSERROR("Failed to destroy cgroup path for container: \"%s\"", handler->name);
+ ret = -1;
+ }
+
+out:
+ lxc_put_handler(handler);
+ return ret;
+}
+
+/*isulad: do_lxcapi_get_pids */
+int do_lxcapi_get_pids(char *name, char *lxcpath, struct lxc_conf *conf, pid_t **pids,size_t *pids_len)
+{
+ int ret = 0;
+ struct lxc_handler *handler = NULL;
+ struct cgroup_ops *cg_ops = NULL;
+
+ handler = lxc_init_pids_handler(name, lxcpath, conf);
+ if (!handler) {
+ ERROR("Failed to init container %s clean handler", name);
+ ret = -1;
+ goto out;
+ }
+
+ cg_ops = handler->cgroup_ops;
+ ret = get_all_pids(cg_ops, pids, pids_len);
+ if (ret < 0) {
+ WARN("failed to get all pids");
+ }
+
+out:
+ lxc_put_handler(handler);
+ return ret;
+}
+
+#endif
diff --git a/src/lxc/storage/btrfs.c b/src/lxc/storage/btrfs.c
index 92a4a6d..069a9dd 100644
--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -197,16 +197,27 @@ int btrfs_mount(struct lxc_storage *bdev)
const char *src;
int ret;
+#ifdef HAVE_ISULAD
+ unsigned long pflags = 0;
+#endif
+
if (strcmp(bdev->type, "btrfs"))
return -22;
if (!bdev->src || !bdev->dest)
return -22;
+#ifdef HAVE_ISULAD
+ if (parse_mntopts(bdev->mntopts, &mntflags, &pflags, &mntdata) < 0) {
+ free(mntdata);
+ return -22;
+ }
+#else
if (parse_mntopts(bdev->mntopts, &mntflags, &mntdata) < 0) {
free(mntdata);
return -22;
}
+#endif
src = lxc_storage_get_path(bdev->src, "btrfs");
diff --git a/src/lxc/storage/overlay.c b/src/lxc/storage/overlay.c
index 770785c..75a81de 100644
--- a/src/lxc/storage/overlay.c
+++ b/src/lxc/storage/overlay.c
@@ -349,6 +349,9 @@ int ovl_mount(struct lxc_storage *bdev)
char *work, *lastslash;
size_t len, len2;
int ret, ret2;
+#ifdef HAVE_ISULAD
+ unsigned long pflags = 0;
+#endif
if (strcmp(bdev->type, "overlay") && strcmp(bdev->type, "overlayfs"))
return -22;
@@ -414,7 +417,12 @@ int ovl_mount(struct lxc_storage *bdev)
work = must_make_path(upper, LXC_OVERLAY_WORK_DIR, NULL);
upper[lastslash - upper] = '/';
+#ifdef HAVE_ISULAD
+ ret = parse_mntopts(bdev->mntopts, &mntflags, &pflags, &mntdata);
+#else
ret = parse_mntopts(bdev->mntopts, &mntflags, &mntdata);
+#endif
+
if (ret < 0) {
ERROR("Failed to parse mount options");
free(mntdata);
diff --git a/src/lxc/sync.h b/src/lxc/sync.h
index ff7a1eb..56c1dfc 100644
--- a/src/lxc/sync.h
+++ b/src/lxc/sync.h
@@ -11,6 +11,10 @@ enum {
LXC_SYNC_POST_CONFIGURE,
LXC_SYNC_CGROUP,
LXC_SYNC_CGROUP_UNSHARE,
+#ifdef HAVE_ISULAD
+ LXC_SYNC_OCI_PRESTART_HOOK,
+ LXC_SYNC_POST_OCI_PRESTART_HOOK,
+#endif
LXC_SYNC_CGROUP_LIMITS,
LXC_SYNC_READY_START,
LXC_SYNC_RESTART,
diff --git a/src/lxc/terminal.c b/src/lxc/terminal.c
index e58db5c..0539eca 100644
--- a/src/lxc/terminal.c
+++ b/src/lxc/terminal.c
@@ -28,6 +28,10 @@
#include "syscall_wrappers.h"
#include "terminal.h"
#include "utils.h"
+#ifdef HAVE_ISULAD
+#include "logger_json_file.h"
+#include "include/strlcpy.h"
+#endif
#if HAVE_PTY_H
#include <pty.h>
@@ -183,6 +187,69 @@ static int lxc_terminal_truncate_log_file(struct lxc_terminal *terminal)
return lxc_unpriv(ftruncate(terminal->log_fd, 0));
}
+#ifdef HAVE_ISULAD
+
+int lxc_set_terminal_winsz(struct lxc_terminal *terminal, unsigned int height, unsigned int width)
+{
+ int ret = 0;
+ struct winsize wsz;
+
+ if (terminal->ptmx < 0) {
+ return 0;
+ }
+
+ ret = ioctl(terminal->ptmx, TIOCGWINSZ, &wsz);
+ if (ret < 0) {
+ WARN("Failed to get window size");
+ return -1;
+ }
+ wsz.ws_col = width;
+ wsz.ws_row = height;
+
+ ret = ioctl(terminal->ptmx, TIOCSWINSZ, &wsz);
+ if (ret < 0)
+ WARN("Failed to set window size");
+ else
+ DEBUG("Set window size to %d columns and %d rows", wsz.ws_col,
+ wsz.ws_row);
+ return ret;
+}
+
+/*
+ * isulad: support mult-logfiles
+ * */
+static int lxc_terminal_rename_old_log_file(struct lxc_terminal *terminal)
+{
+ int ret;
+ unsigned int i;
+ char tmp[PATH_MAX] = {0};
+ char *rename_fname = NULL;
+
+ for (i = terminal->log_rotate - 1; i > 1; i--) {
+ ret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, i);
+ if (ret < 0 || ret >= PATH_MAX) {
+ free(rename_fname);
+ return -EFBIG;
+ }
+ free(rename_fname);
+ rename_fname = safe_strdup(tmp);
+ ret = snprintf(tmp, PATH_MAX, "%s.%u", terminal->log_path, (i - 1));
+ if (ret < 0 || ret >= PATH_MAX) {
+ free(rename_fname);
+ return -EFBIG;
+ }
+ ret = lxc_unpriv(rename(tmp, rename_fname));
+ if (ret < 0 && errno != ENOENT) {
+ free(rename_fname);
+ return ret;
+ }
+ }
+
+ free(rename_fname);
+ return 0;
+}
+#endif
+
static int lxc_terminal_rotate_log_file(struct lxc_terminal *terminal)
{
__do_free char *tmp = NULL;
@@ -196,6 +263,15 @@ static int lxc_terminal_rotate_log_file(struct lxc_terminal *terminal)
if (terminal->log_fd < 0)
return -EBADF;
+#ifdef HAVE_ISULAD
+ /* isuald: rotate old log file first */
+ ret = lxc_terminal_rename_old_log_file(terminal);
+ if(ret != 0) {
+ ERROR("Rename old log file failed");
+ return ret;
+ }
+#endif
+
len = strlen(terminal->log_path) + sizeof(".1");
tmp = must_realloc(NULL, len);
@@ -212,6 +288,7 @@ static int lxc_terminal_rotate_log_file(struct lxc_terminal *terminal)
return lxc_terminal_create_log_file(terminal);
}
+#ifndef HAVE_ISULAD
static int lxc_terminal_write_log_file(struct lxc_terminal *terminal, char *buf,
int bytes_read)
{
@@ -317,7 +394,465 @@ static int lxc_terminal_write_log_file(struct lxc_terminal *terminal, char *buf,
bytes_read -= ret;
return bytes_read;
}
+#endif
+
+#ifdef HAVE_ISULAD
+/* get time buffer */
+static bool get_time_buffer(struct timespec *timestamp, char *timebuffer,
+ size_t maxsize)
+{
+ struct tm tm_utc = { 0 };
+ int32_t nanos = 0;
+ time_t seconds;
+ size_t len = 0;
+ int ret = 0;
+
+ if (!timebuffer || !maxsize) {
+ return false;
+ }
+
+ seconds = (time_t)timestamp->tv_sec;
+ gmtime_r(&seconds, &tm_utc);
+ strftime(timebuffer, maxsize, "%Y-%m-%dT%H:%M:%S", &tm_utc);
+
+ nanos = (int32_t)timestamp->tv_nsec;
+ len = strlen(timebuffer);
+ ret = snprintf(timebuffer + len, (maxsize - len), ".%09dZ", nanos);
+ if (ret < 0 || ret >= (maxsize - len)) {
+ return false;
+ }
+
+ return true;
+}
+
+/* get now time buffer */
+static bool get_now_time_buffer(char *timebuffer, size_t maxsize)
+{
+ int err = 0;
+ struct timespec ts;
+
+ err = clock_gettime(CLOCK_REALTIME, &ts);
+ if (err != 0) {
+ ERROR("failed to get time");
+ return false;
+ }
+
+ return get_time_buffer(&ts, timebuffer, maxsize);
+}
+
+static int isulad_lxc_terminal_rotate_write_data(struct lxc_terminal *terminal, const char *buf,
+ int bytes_read)
+{
+ int ret;
+ struct stat st;
+ int64_t space_left = -1;
+
+ if (terminal->log_fd < 0)
+ return 0;
+
+ /* A log size <= 0 means that there's no limit on the size of the log
+ * file at which point we simply ignore whether the log is supposed to
+ * be rotated or not.
+ */
+ if (terminal->log_size <= 0)
+ return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
+
+ /* Get current size of the log file. */
+ ret = fstat(terminal->log_fd, &st);
+ if (ret < 0) {
+ SYSERROR("Failed to stat the terminal log file descriptor");
+ return -1;
+ }
+
+ /* handle non-regular files */
+ if ((st.st_mode & S_IFMT) != S_IFREG) {
+ /* This isn't a regular file. so rotating the file seems a
+ * dangerous thing to do, size limits are also very
+ * questionable. Let's not risk anything and tell the user that
+ * he's requesting us to do weird stuff.
+ */
+ if (terminal->log_rotate > 0 || terminal->log_size > 0)
+ return -EINVAL;
+
+ /* I mean, sure log wherever you want to. */
+ return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
+ }
+
+ space_left = terminal->log_size - st.st_size;
+
+ /* User doesn't want to rotate the log file and there's no more space
+ * left so simply truncate it.
+ */
+ if (space_left <= 0 && terminal->log_rotate <= 0) {
+ ret = lxc_terminal_truncate_log_file(terminal);
+ if (ret < 0)
+ return ret;
+
+ if (bytes_read <= terminal->log_size)
+ return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
+
+ /* Write as much as we can into the buffer and loose the rest. */
+ return lxc_write_nointr(terminal->log_fd, buf, terminal->log_size);
+ }
+
+ /* There's enough space left. */
+ if (bytes_read <= space_left)
+ return lxc_write_nointr(terminal->log_fd, buf, bytes_read);
+
+ /* There'd be more to write but we aren't instructed to rotate the log
+ * file so simply return. There's no error on our side here.
+ */
+ if (terminal->log_rotate > 0)
+ ret = lxc_terminal_rotate_log_file(terminal);
+ else
+ ret = lxc_terminal_truncate_log_file(terminal);
+ if (ret < 0)
+ return ret;
+
+ if (terminal->log_size < bytes_read) {
+ /* Well, this is unfortunate because it means that there is more
+ * to write than the user has granted us space. There are
+ * multiple ways to handle this but let's use the simplest one:
+ * write as much as we can, tell the user that there was more
+ * stuff to write and move on.
+ * Note that this scenario shouldn't actually happen with the
+ * standard pty-based terminal that LXC allocates since it will
+ * be switched into raw mode. In raw mode only 1 byte at a time
+ * should be read and written.
+ */
+ WARN("Size of terminal log file is smaller than the bytes to write");
+ ret = lxc_write_nointr(terminal->log_fd, buf, terminal->log_size);
+ if (ret < 0)
+ return -1;
+ bytes_read -= ret;
+ return bytes_read;
+ }
+
+ /* Yay, we made it. */
+ ret = lxc_write_nointr(terminal->log_fd, buf, bytes_read);
+ if (ret < 0)
+ return -1;
+ bytes_read -= ret;
+ return bytes_read;
+}
+
+static ssize_t isulad_logger_json_write(struct lxc_terminal *terminal, const char *type, const char *buf,
+ int bytes_read)
+{
+ logger_json_file *msg = NULL;
+ ssize_t ret = -1;
+ size_t len;
+ char *json = NULL;
+ char timebuffer[64] = { 0 };
+ parser_error err = NULL;
+ struct parser_context ctx = { GEN_OPTIONS_SIMPLIFY | GEN_OPTIONS_NOT_VALIDATE_UTF8, stderr };
+
+ if (bytes_read < 0 || bytes_read >= INT_MAX) {
+ return -1;
+ }
+ msg = calloc(sizeof(logger_json_file), 1);
+ if (msg == NULL) {
+ return -errno;
+ }
+ msg->log = calloc(bytes_read, 1);
+ if (!msg->log) {
+ goto cleanup;
+ }
+ memcpy(msg->log, buf, bytes_read);
+ msg->log_len = bytes_read;
+ msg->stream = type ? safe_strdup(type) : safe_strdup("stdout");
+
+ get_now_time_buffer(timebuffer, sizeof(timebuffer));
+ msg->time = safe_strdup(timebuffer);
+
+ json = logger_json_file_generate_json(msg, &ctx, &err);
+ if (!json) {
+ ERROR("Failed to generate json: %s", err);
+ goto cleanup;
+ }
+ len = strlen(json);
+ json[len] = '\n';
+ ret = isulad_lxc_terminal_rotate_write_data(terminal, json, len + 1);
+cleanup:
+ free(json);
+ free_logger_json_file(msg);
+ free(err);
+ return ret;
+}
+
+static ssize_t isulad_logger_syslog_write(struct lxc_terminal *terminal, const char *buf)
+{
+ syslog(LOG_INFO, "%s", buf);
+ return 0;
+}
+
+static inline bool is_syslog(const char *driver)
+{
+ if (driver == NULL) {
+ return false;
+ }
+
+ return (strcmp("syslog", driver) == 0);
+}
+
+static inline ssize_t isulad_logger_write(struct lxc_terminal *terminal, const char *type, const char *buf,
+ int bytes_read)
+{
+ if (is_syslog(terminal->log_driver)) {
+ return isulad_logger_syslog_write(terminal, buf);
+ }
+
+ return isulad_logger_json_write(terminal, type, buf, bytes_read);
+}
+
+static int isulad_lxc_terminal_write_log_file(struct lxc_terminal *terminal, const char *type, char *buf,
+ int bytes_read)
+{
+#define __BUF_CACHE_SIZE (16 * LXC_TERMINAL_BUFFER_SIZE)
+ static char cache[__BUF_CACHE_SIZE];
+ static int size = 0;
+ int upto, index;
+ int begin = 0, buf_readed = 0, buf_left = 0;
+ int ret;
+
+ if (buf != NULL && bytes_read > 0) {
+ /* Work out how much more data we are okay with reading this time. */
+ upto = size + bytes_read;
+ if (upto > __BUF_CACHE_SIZE) {
+ upto = __BUF_CACHE_SIZE;
+ }
+
+ if (upto > size) {
+ buf_readed = upto - size;
+ memcpy(cache + size, buf, buf_readed);
+ buf_left = bytes_read - buf_readed;
+ size += buf_readed;
+ }
+ }
+
+ // If we have no data to log, and there's no more coming, we're done.
+ if (size == 0)
+ return 0;
+
+ // Break up the data that we've buffered up into lines, and log each in turn.
+ for (index = 0; index < size; index++) {
+ if (cache[index] == '\n') {
+ ret = isulad_logger_write(terminal, type, cache + begin, index - begin + 1);
+ if (ret < 0) {
+ WARN("Failed to log msg");
+ }
+ begin = index + 1;
+ }
+ }
+ /* If there's no more coming, or the buffer is full but
+ * has no newlines, log whatever we haven't logged yet,
+ * noting that it's a partial log line. */
+ if (buf == NULL || (begin == 0 && size == __BUF_CACHE_SIZE)) {
+ if (begin < size) {
+ ret = isulad_logger_write(terminal, type, cache + begin, size - begin);
+ if (ret < 0) {
+ WARN("Failed to log msg");
+ }
+ begin = 0;
+ size = 0;
+ }
+ if (buf == NULL) {
+ return 0;
+ }
+ }
+ /* Move any unlogged data to the front of the buffer in preparation for another read. */
+ if (begin > 0) {
+ memcpy(cache, cache + begin, size - begin);
+ size -= begin;
+ }
+ /* Move left data to cache buffer */
+ if (buf_left > 0) {
+ memcpy(cache + size, buf + buf_readed, buf_left);
+ size += buf_left;
+ }
+ return 0;
+}
+
+/* isulad: forward data to all fifos */
+static void lxc_forward_data_to_fifo(struct lxc_list *list, bool is_err, const char *buf, int r)
+{
+ struct lxc_list *it = NULL;
+ struct lxc_list *next = NULL;
+ struct lxc_fifos_fd *elem = NULL;
+ ssize_t w = 0;
+
+ lxc_list_for_each_safe(it, list, next) {
+ elem = it->elem;
+ if (is_err) {
+ if (elem->err_fd >= 0) {
+ w = lxc_write_nointr_for_fifo(elem->err_fd, buf, r);
+ if (w != r) {
+ WARN("Failed to write to fifo fd %d with error: %s", elem->err_fd, strerror(errno));
+ }
+ }
+ } else {
+ if (elem->out_fd >= 0) {
+ w = lxc_write_nointr_for_fifo(elem->out_fd, buf, r);
+ if (w != r) {
+ WARN("Failed to write to fifo fd %d with error: %s", elem->out_fd, strerror(errno));
+ }
+ }
+ }
+ }
+
+ return;
+}
+
+/* isulad: judge the fd whether is fifo */
+static bool lxc_terminal_is_fifo(int fd, struct lxc_list *list)
+{
+ struct lxc_list *it = NULL;
+ struct lxc_list *next = NULL;
+ struct lxc_fifos_fd *elem = NULL;
+
+ lxc_list_for_each_safe(it, list, next) {
+ elem = it->elem;
+ if (elem->in_fd == fd)
+ return true;
+ }
+
+ return false;
+}
+
+/* isulad: if fd == -1, means delete all the fifos*/
+int lxc_terminal_delete_fifo(int fd, struct lxc_list *list)
+{
+ struct lxc_list *it = NULL;
+ struct lxc_list *next = NULL;
+ struct lxc_fifos_fd *elem = NULL;
+
+ lxc_list_for_each_safe(it, list, next) {
+ elem = it->elem;
+ if (elem->in_fd == fd || -1 == fd) {
+ INFO("Delete fifo fd %d", fd);
+ lxc_list_del(it);
+ if (elem->in_fifo)
+ free(elem->in_fifo);
+ if (elem->out_fifo)
+ free(elem->out_fifo);
+ if (elem->err_fifo)
+ free(elem->err_fifo);
+ if (elem->in_fd >= 0)
+ close(elem->in_fd);
+ if (elem->out_fd >= 0)
+ close(elem->out_fd);
+ if (elem->err_fd >= 0)
+ close(elem->err_fd);
+ free(elem);
+ }
+ }
+
+ return 0;
+}
+
+int lxc_terminal_io_cb(int fd, uint32_t events, void *data,
+ struct lxc_epoll_descr *descr)
+{
+ struct lxc_terminal *terminal = data;
+ char buf[2 * LXC_TERMINAL_BUFFER_SIZE];
+ int r, w, w_log, w_rbuf;
+
+ w = r = lxc_read_nointr(fd, buf, sizeof(buf));
+ if (r <= 0) {
+ INFO("Terminal client on fd %d has exited", fd);
+ lxc_mainloop_del_handler(descr, fd);
+
+ if (fd == terminal->ptmx) {
+ terminal->ptmx = -EBADF;
+ /* write remained buffer to terminal log */
+ if (terminal->log_fd >= 0) {
+ w_log = isulad_lxc_terminal_write_log_file(terminal, "stdout", NULL, 0);
+ if (w_log < 0)
+ TRACE("Failed to write %d bytes to terminal log", r);
+ }
+ /* notes: do not close the ptmx fd due to if we close the fd, the process may
+ * recive SIGHUP and the exit code will be 129 (128 + 1)
+ */
+ return LXC_MAINLOOP_CLOSE;
+ } else if (fd == terminal->peer) {
+ lxc_terminal_signal_fini(terminal);
+ terminal->peer = -EBADF;
+ close(fd);
+ return LXC_MAINLOOP_CONTINUE; /* isulad: do not close mainloop when peer close*/
+ } else if (lxc_terminal_is_fifo(fd, &terminal->fifos)) {
+ /* isulad: delete fifos when the client close */
+ lxc_terminal_delete_fifo(fd, &terminal->fifos);
+ return LXC_MAINLOOP_CONTINUE;
+ } else if (fd == terminal->pipes[1][0] || fd == terminal->pipes[2][0]) {
+ if (fd == terminal->pipes[1][0]) {
+ if (terminal->log_fd >= 0) {
+ w_log = isulad_lxc_terminal_write_log_file(terminal, "stdout", NULL, 0);
+ }
+ terminal->pipes[1][0] = -EBADF;
+ } else if (fd == terminal->pipes[2][0]) {
+ if (terminal->log_fd >= 0) {
+ w_log = isulad_lxc_terminal_write_log_file(terminal, "stderr", NULL, 0);
+ }
+ terminal->pipes[2][0] = -EBADF;
+ }
+ /* notes: do not close the ptmx fd due to if we close the fd, the process may
+ * recive SIGHUP and the exit code will be 141 (128 + 13)
+ */
+ return LXC_MAINLOOP_CONTINUE;
+ } else if (fd == terminal->pipes[0][1]) {
+ TRACE("closed stdin pipe of container stdin");
+ terminal->pipes[0][1] = -EBADF;
+ return LXC_MAINLOOP_CONTINUE;
+ } else {
+ WARN("Handler received unexpected file descriptor");
+ }
+ close(fd);
+ return LXC_MAINLOOP_CLOSE;
+ }
+
+ if (fd == terminal->peer || lxc_terminal_is_fifo(fd, &terminal->fifos)) {
+ if (terminal->ptmx > 0)
+ w = lxc_write_nointr(terminal->ptmx, buf, r);
+ if (terminal->pipes[0][1] > 0)
+ w = lxc_write_nointr(terminal->pipes[0][1], buf, r);
+ }
+
+ w_rbuf = w_log = 0;
+ if (fd == terminal->ptmx || fd == terminal->pipes[1][0] || fd == terminal->pipes[2][0]) {
+ /* write to peer first */
+ if (terminal->peer >= 0)
+ w = lxc_write_nointr(terminal->peer, buf, r);
+
+ /* isulad: forward data to fifos */
+ lxc_forward_data_to_fifo(&terminal->fifos, fd == terminal->pipes[2][0], buf, r);
+
+ /* write to terminal ringbuffer */
+ if (terminal->buffer_size > 0)
+ w_rbuf = lxc_ringbuf_write(&terminal->ringbuf, buf, r);
+
+ /* write to terminal log */
+ if (terminal->log_fd >= 0) {
+ if (fd == terminal->ptmx || fd == terminal->pipes[1][0])
+ w_log = isulad_lxc_terminal_write_log_file(terminal, "stdout", buf, r);
+ else if (fd == terminal->pipes[2][0])
+ w_log = isulad_lxc_terminal_write_log_file(terminal, "stderr", buf, r);
+ }
+ }
+
+ if (w != r)
+ WARN("Short write on terminal r:%d != w:%d", r, w);
+
+ if (w_rbuf < 0) {
+ errno = -w_rbuf;
+ SYSTRACE("Failed to write %d bytes to terminal ringbuffer", r);
+ }
+
+ if (w_log < 0)
+ TRACE("Failed to write %d bytes to terminal log", r);
+ return LXC_MAINLOOP_CONTINUE;
+}
+#else
int lxc_terminal_io_cb(int fd, uint32_t events, void *data,
struct lxc_epoll_descr *descr)
{
@@ -374,6 +909,7 @@ int lxc_terminal_io_cb(int fd, uint32_t events, void *data,
return LXC_MAINLOOP_CONTINUE;
}
+#endif
static int lxc_terminal_mainloop_add_peer(struct lxc_terminal *terminal)
{
@@ -401,6 +937,110 @@ static int lxc_terminal_mainloop_add_peer(struct lxc_terminal *terminal)
return 0;
}
+#ifdef HAVE_ISULAD
+/* isulad add pipes to mainloop */
+static int lxc_terminal_mainloop_add_pipes(struct lxc_terminal *terminal)
+{
+ int ret = 0;
+
+ // parent read data from fifo, and send to stdin of container
+ if (terminal->pipes[0][1] > 0) {
+ ret = lxc_mainloop_add_handler(terminal->descr, terminal->pipes[0][1],
+ lxc_terminal_io_cb, terminal);
+ if (ret) {
+ ERROR("pipe fd %d not added to mainloop", terminal->pipes[0][1]);
+ return -1;
+ }
+ }
+ // parent read data from stdout of container, and send to fifo
+ if (terminal->pipes[1][0] > 0) {
+ ret = lxc_mainloop_add_handler(terminal->descr, terminal->pipes[1][0],
+ lxc_terminal_io_cb, terminal);
+ if (ret) {
+ ERROR("pipe fd %d not added to mainloop", terminal->pipes[1][0]);
+ return -1;
+ }
+ }
+ // parent read data from stderr of container, and send to fifo
+ if (terminal->pipes[2][0] > 0) {
+ ret = lxc_mainloop_add_handler(terminal->descr, terminal->pipes[2][0],
+ lxc_terminal_io_cb, terminal);
+ if (ret) {
+ ERROR("pipe fd %d not added to mainloop", terminal->pipes[2][0]);
+ return -1;
+ }
+ }
+ return ret;
+}
+
+/* isulad add fifo to mainloop */
+static int lxc_terminal_mainloop_add_fifo(struct lxc_terminal *terminal)
+{
+ int ret = 0;
+ struct lxc_list *it = NULL;
+ struct lxc_list *next = NULL;
+ struct lxc_fifos_fd *elem = NULL;
+
+ lxc_list_for_each_safe(it, &terminal->fifos, next) {
+ elem = it->elem;
+ if (elem->in_fd >= 0) {
+ ret = lxc_mainloop_add_handler(terminal->descr, elem->in_fd,
+ lxc_terminal_io_cb, terminal);
+ if (ret) {
+ ERROR("console fifo %s not added to mainloop", elem->in_fifo);
+ return -1;
+ }
+ }
+ }
+ return ret;
+}
+
+int lxc_terminal_mainloop_add(struct lxc_epoll_descr *descr,
+ struct lxc_terminal *terminal)
+{
+ int ret;
+
+ /* We cache the descr so that we can add an fd to it when someone
+ * does attach to it in lxc_terminal_allocate().
+ */
+ terminal->descr = descr;
+
+ ret = lxc_terminal_mainloop_add_peer(terminal);
+ if (ret < 0) {
+ ERROR("Failed to add handler for terminal peer to mainloop");
+ return -1;
+ }
+
+ /* isulad add pipes to mainloop */
+ ret = lxc_terminal_mainloop_add_pipes(terminal);
+ if (ret < 0) {
+ ERROR("Failed to add handler for terminal fifos to mainloop");
+ return -1;
+ }
+
+ /* isulad add fifo to mainloop */
+ ret = lxc_terminal_mainloop_add_fifo(terminal);
+ if (ret < 0) {
+ ERROR("Failed to add handler for terminal fifos to mainloop");
+ return -1;
+ }
+
+ if (terminal->ptmx < 0) {
+ INFO("Terminal is not initialized");
+ return 0;
+ }
+
+ ret = lxc_mainloop_add_handler(descr, terminal->ptmx,
+ lxc_terminal_io_cb, terminal);
+ if (ret < 0) {
+ ERROR("Failed to add handler for terminal ptmx fd %d to "
+ "mainloop", terminal->ptmx);
+ return -1;
+ }
+
+ return 0;
+}
+#else
int lxc_terminal_mainloop_add(struct lxc_epoll_descr *descr,
struct lxc_terminal *terminal)
{
@@ -426,6 +1066,7 @@ int lxc_terminal_mainloop_add(struct lxc_epoll_descr *descr,
return lxc_terminal_mainloop_add_peer(terminal);
}
+#endif
int lxc_setup_tios(int fd, struct termios *oldtios)
{
@@ -639,14 +1280,39 @@ void lxc_terminal_free(struct lxc_conf *conf, int fd)
static int lxc_terminal_peer_default(struct lxc_terminal *terminal)
{
+#ifdef HAVE_ISULAD
+ struct lxc_terminal_state *ts = NULL;
+ const char *path = NULL;
+#else
struct lxc_terminal_state *ts;
const char *path;
+#endif
int ret = 0;
if (terminal->path)
path = terminal->path;
+
+#ifdef HAVE_ISULAD
+ /* isulad: if no console was given, try current controlling terminal, there
+ * won't be one if we were started as a daemon (-d)
+ */
+ if (!path && !access("/dev/tty", F_OK)) {
+ int fd;
+ fd = open("/dev/tty", O_RDWR);
+ if (fd >= 0) {
+ close(fd);
+ path = "/dev/tty";
+ }
+ }
+
+ if (!path) {
+ DEBUG("Not have a controlling terminal");
+ return 0;
+ }
+#else
else
path = "/dev/tty";
+#endif
terminal->peer = lxc_unpriv(open(path, O_RDWR | O_CLOEXEC));
if (terminal->peer < 0) {
@@ -760,6 +1426,35 @@ void lxc_terminal_delete(struct lxc_terminal *terminal)
if (terminal->log_fd >= 0)
close(terminal->log_fd);
terminal->log_fd = -1;
+
+#ifdef HAVE_ISULAD
+ if (is_syslog(terminal->log_driver)) {
+ closelog();
+ free(terminal->log_driver);
+ }
+ /* isulad: close all pipes */
+ if (terminal->pipes[0][0] >= 0)
+ close(terminal->pipes[0][0]);
+ terminal->pipes[0][0] = -1;
+ if (terminal->pipes[0][1] >= 0)
+ close(terminal->pipes[0][1]);
+ terminal->pipes[0][1] = -1;
+ if (terminal->pipes[1][0] >= 0)
+ close(terminal->pipes[1][0]);
+ terminal->pipes[1][0] = -1;
+ if (terminal->pipes[1][1] >= 0)
+ close(terminal->pipes[1][1]);
+ terminal->pipes[1][1] = -1;
+ if (terminal->pipes[2][0] >= 0)
+ close(terminal->pipes[2][0]);
+ terminal->pipes[2][0] = -1;
+ if (terminal->pipes[2][1] >= 0)
+ close(terminal->pipes[2][1]);
+ terminal->pipes[2][1] = -1;
+
+ /* isulad: delete all fifos */
+ lxc_terminal_delete_fifo(-1, &terminal->fifos);
+#endif
}
/**
@@ -828,6 +1523,251 @@ int lxc_terminal_create_log_file(struct lxc_terminal *terminal)
return 0;
}
+#ifdef HAVE_ISULAD
+/* isulad: fd_nonblock */
+static int fd_nonblock(int fd)
+{
+ int flags;
+
+ flags = fcntl(fd, F_GETFL);
+
+ return fcntl(fd, F_SETFL, (int)((unsigned int)flags | O_NONBLOCK));
+}
+
+static int terminal_fifo_open(const char *fifo_path, int flags)
+{
+ int fd = -1;
+
+ fd = lxc_open(fifo_path, flags, 0);
+ if (fd < 0) {
+ WARN("Failed to open fifo %s to send message: %s.", fifo_path,
+ strerror(errno));
+ return -1;
+ }
+
+ return fd;
+}
+
+bool fifo_exists(const char *path)
+{
+ struct stat sb;
+ int ret;
+
+ ret = stat(path, &sb);
+ if (ret < 0)
+ // could be something other than eexist, just say no
+ return false;
+ return S_ISFIFO(sb.st_mode);
+}
+
+/* isulad: set terminal fifos */
+static int lxc_terminal_set_fifo(struct lxc_terminal *console, const char *in, const char *out, const char *err, int *input_fd)
+{
+ int fifofd_in = -1, fifofd_out = -1, fifofd_err = -1;
+ struct lxc_fifos_fd *fifo_elem = NULL;
+
+ if ((in && !fifo_exists(in)) || (out && !fifo_exists(out)) || (err && !fifo_exists(err))) {
+ ERROR("File %s or %s or %s does not refer to a FIFO", in, out, err);
+ return -1;
+ }
+
+ if (in) {
+ fifofd_in = terminal_fifo_open(in, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
+ if (fifofd_in < 0) {
+ SYSERROR("Failed to open FIFO: %s", in);
+ return -1;
+ }
+ }
+
+ if (out) {
+ fifofd_out = terminal_fifo_open(out, O_WRONLY | O_NONBLOCK | O_CLOEXEC);
+ if (fifofd_out < 0) {
+ SYSERROR("Failed to open FIFO: %s", out);
+ if (fifofd_in >= 0)
+ close(fifofd_in);
+ return -1;
+ }
+ }
+
+ if (err) {
+ fifofd_err = terminal_fifo_open(err, O_WRONLY | O_NONBLOCK | O_CLOEXEC);
+ if (fifofd_err < 0) {
+ SYSERROR("Failed to open FIFO: %s", err);
+ if (fifofd_in >= 0)
+ close(fifofd_in);
+ if (fifofd_out >= 0)
+ close(fifofd_out);
+ return -1;
+ }
+ }
+
+ fifo_elem = malloc(sizeof(*fifo_elem));
+ if (fifo_elem == NULL) {
+ if (fifofd_in >= 0)
+ close(fifofd_in);
+ if (fifofd_out >= 0)
+ close(fifofd_out);
+ if (fifofd_err >= 0)
+ close(fifofd_err);
+ return -1;
+ }
+ memset(fifo_elem, 0, sizeof(*fifo_elem));
+
+ fifo_elem->in_fifo = safe_strdup(in ? in : "");
+ fifo_elem->out_fifo = safe_strdup(out ? out : "");
+ fifo_elem->err_fifo = safe_strdup(err ? err : "");
+ fifo_elem->in_fd = fifofd_in;
+ fifo_elem->out_fd = fifofd_out;
+ fifo_elem->err_fd = fifofd_err;
+ lxc_list_add_elem(&fifo_elem->node, fifo_elem);
+ lxc_list_add_tail(&console->fifos, &fifo_elem->node);
+
+ if (input_fd)
+ *input_fd = fifofd_in;
+
+ return 0;
+}
+
+/* isulad: add default fifos */
+static int lxc_terminal_fifo_default(struct lxc_terminal *terminal)
+{
+ if (terminal->init_fifo[0] || terminal->init_fifo[1] || terminal->init_fifo[2])
+ return lxc_terminal_set_fifo(terminal, terminal->init_fifo[0], terminal->init_fifo[1], terminal->init_fifo[2], NULL);
+ return 0;
+}
+
+int lxc_terminal_create(struct lxc_terminal *terminal)
+{
+ int ret;
+
+ if (!terminal->disable_pty) {
+ ret = openpty(&terminal->ptmx, &terminal->pts, NULL, NULL, NULL);
+ if (ret < 0) {
+ SYSERROR("Failed to open terminal");
+ return -1;
+ }
+
+ ret = ttyname_r(terminal->pts, terminal->name, sizeof(terminal->name));
+ if (ret < 0) {
+ SYSERROR("Failed to retrieve name of terminal pts");
+ goto err;
+ }
+
+ ret = fd_cloexec(terminal->ptmx, true);
+ if (ret < 0) {
+ SYSERROR("Failed to set FD_CLOEXEC flag on terminal ptmx");
+ goto err;
+ }
+
+ /* isulad: make ptmx NONBLOCK */
+ ret = fd_nonblock(terminal->ptmx);
+ if (ret < 0) {
+ SYSERROR("Failed to set O_NONBLOCK flag on terminal ptmx");
+ goto err;
+ }
+
+ ret = fd_cloexec(terminal->pts, true);
+ if (ret < 0) {
+ SYSERROR("Failed to set FD_CLOEXEC flag on terminal pts");
+ goto err;
+ }
+
+ ret = lxc_terminal_peer_default(terminal);
+ if (ret < 0) {
+ ERROR("Failed to allocate proxy terminal");
+ goto err;
+ }
+ } else {
+ /* isulad: create 3 pipes */
+ /* for stdin */
+ if (pipe2(terminal->pipes[0], O_CLOEXEC)) {
+ ERROR("Failed to create stdin pipe");
+ goto err;
+ }
+
+ /* for stdout */
+ if (pipe2(terminal->pipes[1], O_CLOEXEC)) {
+ ERROR("Failed to create stdout pipe");
+ goto err;
+ }
+ /* for stderr */
+ if (pipe2(terminal->pipes[2], O_CLOEXEC)) {
+ ERROR("Failed to create stderr pipe");
+ goto err;
+ }
+ }
+
+ /* isulad: open fifos */
+ ret = lxc_terminal_fifo_default(terminal);
+ if (ret < 0) {
+ ERROR("Failed to allocate fifo terminal");
+ goto err;
+ }
+
+ return 0;
+
+err:
+ lxc_terminal_delete(terminal);
+ return -ENODEV;
+}
+
+/* isulad: add fifos dynamic*/
+int lxc_terminal_add_fifos(struct lxc_conf *conf, const char *fifonames)
+{
+ int ret = 0;
+ struct lxc_terminal *terminal = &conf->console;
+ int fifofd_in = -1;
+ char *tmp = NULL, *saveptr = NULL, *in = NULL, *out = NULL, *err = NULL;
+ const char *none_fifo_name = "none";
+
+ tmp = safe_strdup(fifonames);
+
+ in = strtok_r(tmp, "&&&&", &saveptr);
+ if (!in) {
+ ret = -1;
+ goto free_out;
+ }
+ if (strcmp(in, none_fifo_name) == 0)
+ in = NULL;
+
+ out = strtok_r(NULL, "&&&&", &saveptr);
+ if (!out) {
+ ret = -1;
+ goto free_out;
+ }
+ if (strcmp(out, none_fifo_name) == 0)
+ out = NULL;
+
+ err = strtok_r(NULL, "&&&&", &saveptr);
+ if (!err) {
+ ret = -1;
+ goto free_out;
+ }
+ if (strcmp(err, none_fifo_name) == 0)
+ err = NULL;
+
+ ret = lxc_terminal_set_fifo(terminal, in, out, err, &fifofd_in);
+ if (ret < 0) {
+ ERROR("Faild to set fifos to console config");
+ ret = -1;
+ goto free_out;
+ }
+
+ if (lxc_mainloop_add_handler(terminal->descr, fifofd_in,
+ lxc_terminal_io_cb, terminal)) {
+ ERROR("console fifo not added to mainloop");
+ lxc_terminal_delete_fifo(fifofd_in, &terminal->fifos);
+ ret = -1;
+ goto free_out;
+ }
+
+free_out:
+ if (tmp)
+ free(tmp);
+ return ret;
+}
+
+#else
int lxc_terminal_create(struct lxc_terminal *terminal)
{
int ret;
@@ -868,6 +1808,7 @@ err:
lxc_terminal_delete(terminal);
return -ENODEV;
}
+#endif
int lxc_terminal_setup(struct lxc_conf *conf)
{
@@ -883,6 +1824,18 @@ int lxc_terminal_setup(struct lxc_conf *conf)
if (ret < 0)
return -1;
+#ifdef HAVE_ISULAD
+ if (is_syslog(terminal->log_driver)) {
+ if (terminal->log_syslog_tag == NULL) {
+ terminal->log_syslog_tag = malloc(16 * sizeof(char));
+ (void)strlcpy(terminal->log_syslog_tag, conf->name, 16);
+ }
+ if (terminal->log_syslog_facility <= 0) {
+ terminal->log_syslog_facility = LOG_DAEMON;
+ }
+ openlog(terminal->log_syslog_tag, LOG_PID, terminal->log_syslog_facility);
+ }
+#endif
ret = lxc_terminal_create_log_file(terminal);
if (ret < 0)
goto err;
@@ -1120,9 +2073,15 @@ int lxc_terminal_prepare_login(int fd)
if (ret < 0)
return -1;
+#ifdef HAVE_ISULAD
+ ret = set_stdfds(fd);
+ if (ret < 0)
+ return -1;
+#else
ret = lxc_terminal_set_stdfds(fd);
if (ret < 0)
return -1;
+#endif
if (fd > STDERR_FILENO)
close(fd);
@@ -1146,6 +2105,18 @@ void lxc_terminal_init(struct lxc_terminal *terminal)
terminal->peer = -EBADF;
terminal->log_fd = -EBADF;
lxc_terminal_info_init(&terminal->proxy);
+#ifdef HAVE_ISULAD
+ terminal->init_fifo[0] = NULL;
+ terminal->init_fifo[1] = NULL;
+ terminal->init_fifo[2] = NULL;
+ terminal->pipes[0][0] = -1;
+ terminal->pipes[0][1] = -1;
+ terminal->pipes[1][0] = -1;
+ terminal->pipes[1][1] = -1;
+ terminal->pipes[2][0] = -1;
+ terminal->pipes[2][1] = -1;
+ lxc_list_init(&terminal->fifos);
+#endif
}
void lxc_terminal_conf_free(struct lxc_terminal *terminal)
@@ -1155,6 +2126,15 @@ void lxc_terminal_conf_free(struct lxc_terminal *terminal)
if (terminal->buffer_size > 0 && terminal->ringbuf.addr)
lxc_ringbuf_release(&terminal->ringbuf);
lxc_terminal_signal_fini(terminal);
+#ifdef HAVE_ISULAD
+ /*isulad: free console fifos */
+ free(terminal->init_fifo[0]);
+ free(terminal->init_fifo[1]);
+ free(terminal->init_fifo[2]);
+ lxc_terminal_delete_fifo(-1, &terminal->fifos);
+ free(terminal->log_driver);
+ free(terminal->log_syslog_tag);
+#endif
}
int lxc_terminal_map_ids(struct lxc_conf *c, struct lxc_terminal *terminal)
@@ -1167,6 +2147,15 @@ int lxc_terminal_map_ids(struct lxc_conf *c, struct lxc_terminal *terminal)
if (strcmp(terminal->name, "") == 0)
return 0;
+#ifdef HAVE_ISULAD
+ ret = chown_mapped_root(terminal->name, c);
+ if (ret < 0) {
+ ERROR("Failed to chown terminal \"%s\"", terminal->name);
+ return -1;
+ }
+
+ TRACE("Chowned terminal \"%s\"", terminal->name);
+#else
ret = userns_exec_mapped_root(terminal->name, terminal->pts, c);
if (ret < 0) {
return log_error(-1, "Failed to chown terminal %d(%s)",
@@ -1174,6 +2163,7 @@ int lxc_terminal_map_ids(struct lxc_conf *c, struct lxc_terminal *terminal)
}
TRACE("Chowned terminal %d(%s)", terminal->pts, terminal->name);
+#endif
return 0;
}
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index 11bba26..03bf439 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -58,6 +58,10 @@ AM_CFLAGS=-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
-I $(top_srcdir)/src/lxc/tools \
-pthread
+if HAVE_ISULAD
+AM_CFLAGS += -I $(top_srcdir)/src/lxc/json
+endif
+
if ENABLE_APPARMOR
AM_CFLAGS += -DHAVE_APPARMOR
endif
diff --git a/src/tests/attach.c b/src/tests/attach.c
index 07e641d..f36caac 100644
--- a/src/tests/attach.c
+++ b/src/tests/attach.c
@@ -29,6 +29,9 @@
#include "lxctest.h"
#include "utils.h"
#include "lsm/lsm.h"
+#ifdef HAVE_ISULAD
+#include "config.h"
+#endif
#include <lxc/lxccontainer.h>
@@ -76,7 +79,11 @@ static void test_attach_lsm_set_config(struct lxc_container *ct)
ct->save_config(ct, NULL);
}
+#ifdef HAVE_ISULAD
+static int test_attach_lsm_func_func(void* payload, int fd)
+#else
static int test_attach_lsm_func_func(void* payload)
+#endif
{
TSTOUT("%s", lsm_process_label_get(syscall(SYS_getpid)));
return 0;
@@ -187,7 +194,11 @@ static int test_attach_lsm_func(struct lxc_container *ct) { return 0; }
static int test_attach_lsm_cmd(struct lxc_container *ct) { return 0; }
#endif /* HAVE_APPARMOR || HAVE_SELINUX */
+#ifdef HAVE_ISULAD
+static int test_attach_func_func(void* payload, int fd)
+#else
static int test_attach_func_func(void* payload)
+#endif
{
TSTOUT("%d", (int)syscall(SYS_getpid));
return 0;
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink