From: 2xsec Date: Thu, 28 Jun 2018 13:49:38 +0000 (+0900) Subject: tools: lxc-start: share internal API symbols X-Git-Tag: lxc-3.1.0~225^2~36 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eb0c9382b47e774a76235252cd6f3e834c778a33;p=thirdparty%2Flxc.git tools: lxc-start: share internal API symbols Signed-off-by: 2xsec --- diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 313475824..852db6ee1 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -278,7 +278,7 @@ lxc_info_SOURCES = tools/lxc_info.c tools/arguments.c tools/tool_utils.c lxc_monitor_SOURCES = tools/lxc_monitor.c tools/arguments.c tools/tool_utils.c lxc_ls_SOURCES = tools/lxc_ls.c tools/arguments.c tools/tool_utils.c lxc_copy_SOURCES = tools/lxc_copy.c tools/arguments.c tools/tool_utils.c -lxc_start_SOURCES = tools/lxc_start.c tools/arguments.c tools/tool_utils.c +lxc_start_SOURCES = tools/lxc_start.c tools/arguments.c lxc_stop_SOURCES = tools/lxc_stop.c tools/arguments.c tools/tool_utils.c lxc_top_SOURCES = tools/lxc_top.c tools/arguments.c tools/tool_utils.c lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c tools/arguments.c tools/tool_utils.c diff --git a/src/lxc/confile.c b/src/lxc/confile.c index f0041770a..65409aa88 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -2388,16 +2388,6 @@ on_error: return ret; } -static int lxc_config_readline(char *buffer, struct lxc_conf *conf) -{ - struct parse_line_conf c; - - c.conf = conf; - c.from_include = false; - - return parse_line(buffer, &c); -} - int lxc_config_read(const char *file, struct lxc_conf *conf, bool from_include) { int ret; @@ -2430,23 +2420,33 @@ int lxc_config_define_add(struct lxc_list *defines, char *arg) return 0; } -int lxc_config_define_load(struct lxc_list *defines, struct lxc_conf *conf) +bool lxc_config_define_load(struct lxc_list *defines, struct lxc_container *c) { - struct lxc_list *it, *next; - int ret = 0; + struct lxc_list *it; + bool bret = true; lxc_list_for_each(it, defines) { - ret = lxc_config_readline(it->elem, conf); - if (ret) + struct new_config_item *new_item = it->elem; + bret = c->set_config_item(c, new_item->key, new_item->val); + if (!bret) break; } + lxc_config_define_free(defines); + return bret; +} + +void lxc_config_define_free(struct lxc_list *defines) +{ + struct lxc_list *it, *next; + lxc_list_for_each_safe(it, defines, next) { + struct new_config_item *new_item = it->elem; + free(new_item->key); + free(new_item->val); lxc_list_del(it); free(it); } - - return ret; } signed long lxc_config_parse_arch(const char *arch) @@ -2494,6 +2494,49 @@ signed long lxc_config_parse_arch(const char *arch) return -1; } +int lxc_fill_elevated_privileges(char *flaglist, int *flags) +{ + char *token, *saveptr = NULL; + int i, aflag; + struct { + const char *token; + int flag; + } all_privs[] = { + { "CGROUP", LXC_ATTACH_MOVE_TO_CGROUP }, + { "CAP", LXC_ATTACH_DROP_CAPABILITIES }, + { "LSM", LXC_ATTACH_LSM_EXEC }, + { NULL, 0 } + }; + + if (!flaglist) { + /* For the sake of backward compatibility, drop all privileges + * if none is specified. + */ + for (i = 0; all_privs[i].token; i++) + *flags |= all_privs[i].flag; + + return 0; + } + + token = strtok_r(flaglist, "|", &saveptr); + while (token) { + aflag = -1; + + for (i = 0; all_privs[i].token; i++) + if (!strcmp(all_privs[i].token, token)) + aflag = all_privs[i].flag; + + if (aflag < 0) + return -1; + + *flags |= aflag; + + token = strtok_r(NULL, "|", &saveptr); + } + + return 0; +} + /* Write out a configuration file. */ int write_config(int fd, const struct lxc_conf *conf) { diff --git a/src/lxc/confile.h b/src/lxc/confile.h index 0d877c898..4e05db16e 100644 --- a/src/lxc/confile.h +++ b/src/lxc/confile.h @@ -58,6 +58,11 @@ struct lxc_config_t { config_clr_cb clr; }; +struct new_config_item { + char *key; + char *val; +}; + /* Get the jump table entry for the given configuration key. */ extern struct lxc_config_t *lxc_get_config(const char *key); @@ -85,12 +90,16 @@ extern int append_unexp_config_line(const char *line, struct lxc_conf *conf); extern int lxc_config_define_add(struct lxc_list *defines, char* arg); -extern int lxc_config_define_load(struct lxc_list *defines, - struct lxc_conf *conf); +extern bool lxc_config_define_load(struct lxc_list *defines, + struct lxc_container *c); + +extern void lxc_config_define_free(struct lxc_list *defines); /* needed for lxc-attach */ extern signed long lxc_config_parse_arch(const char *arch); +extern int lxc_fill_elevated_privileges(char *flaglist, int *flags); + extern int lxc_clear_config_item(struct lxc_conf *c, const char *key); extern int write_config(int fd, const struct lxc_conf *conf); diff --git a/src/lxc/tools/arguments.h b/src/lxc/tools/arguments.h index 04cf3278b..8acebc55c 100644 --- a/src/lxc/tools/arguments.h +++ b/src/lxc/tools/arguments.h @@ -174,25 +174,6 @@ extern int lxc_arguments_str_to_int(struct lxc_arguments *args, extern bool lxc_setup_shared_ns(struct lxc_arguments *args, struct lxc_container *c); -/* Helper macro to define errno string. */ -#if (_POSIX_C_SOURCE >= 200112L || _XOPEN_SOURCE >= 600) && !defined(_GNU_SOURCE) || IS_BIONIC -#define lxc_log_strerror_r \ - char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \ - char *ptr = errno_buf; \ - { \ - (void)strerror_r(errno, errno_buf, sizeof(errno_buf)); \ - } -#else -#define lxc_log_strerror_r \ - char errno_buf[MAXPATHLEN / 2] = {"Failed to get errno string"}; \ - char *ptr; \ - { \ - ptr = strerror_r(errno, errno_buf, sizeof(errno_buf)); \ - if (!ptr) \ - ptr = errno_buf; \ - } -#endif - #define lxc_info(arg, fmt, args...) \ do { \ if (!(arg)->quiet) { \ @@ -210,8 +191,7 @@ extern bool lxc_setup_shared_ns(struct lxc_arguments *args, struct lxc_container #define lxc_sys_error(arg, fmt, args...) \ do { \ if (!(arg)->quiet) { \ - lxc_log_strerror_r \ - fprintf(stderr, "%s: %s - " fmt "\n", (arg)->progname, ptr, ##args); \ + fprintf(stderr, "%s: " fmt "\n", (arg)->progname, ##args); \ } \ } while (0) diff --git a/src/lxc/tools/lxc_start.c b/src/lxc/tools/lxc_start.c index 57af91bb5..95e287775 100644 --- a/src/lxc/tools/lxc_start.c +++ b/src/lxc/tools/lxc_start.c @@ -42,11 +42,14 @@ #include #include "arguments.h" -#include "tool_list.h" -#include "tool_utils.h" +#include "caps.h" +#include "confile.h" +#include "log.h" static struct lxc_list defines; +lxc_log_define(lxc_start, lxc); + static int ensure_path(struct lxc_arguments *args, char **confpath, const char *path) { int err = -1, fd; @@ -56,7 +59,7 @@ static int ensure_path(struct lxc_arguments *args, char **confpath, const char * if (access(path, W_OK)) { fd = creat(path, 0600); if (fd < 0 && errno != EEXIST) { - lxc_error(args, "Failed to create '%s'", path); + ERROR("Failed to create '%s'", path); goto err; } @@ -66,7 +69,7 @@ static int ensure_path(struct lxc_arguments *args, char **confpath, const char * fullpath = realpath(path, NULL); if (!fullpath) { - lxc_error(args, "Failed to get the real path of '%s'", path); + ERROR("Failed to get the real path of '%s'", path); goto err; } @@ -206,7 +209,7 @@ int main(int argc, char *argv[]) lxcpath = my_args.lxcpath[0]; if (access(lxcpath, O_RDONLY) < 0) { - lxc_error(&my_args, "You lack access to %s", lxcpath); + ERROR("You lack access to %s", lxcpath); exit(err); } @@ -222,21 +225,21 @@ int main(int argc, char *argv[]) c = lxc_container_new(my_args.name, lxcpath); if (!c) { - lxc_error(&my_args, "Failed to create lxc_container"); + ERROR("Failed to create lxc_container"); exit(err); } c->clear_config(c); if (!c->load_config(c, rcfile)) { - lxc_error(&my_args, "Failed to load rcfile"); + ERROR("Failed to load rcfile"); lxc_container_put(c); exit(err); } c->configfile = strdup(my_args.rcfile); if (!c->configfile) { - lxc_error(&my_args, "Out of memory setting new config filename"); + ERROR("Out of memory setting new config filename"); goto out; } } else { @@ -244,7 +247,7 @@ int main(int argc, char *argv[]) rc = asprintf(&rcfile, "%s/%s/config", lxcpath, my_args.name); if (rc == -1) { - lxc_error(&my_args, "Failed to allocate memory"); + ERROR("Failed to allocate memory"); exit(err); } @@ -256,7 +259,7 @@ int main(int argc, char *argv[]) c = lxc_container_new(my_args.name, lxcpath); if (!c) { - lxc_error(&my_args, "Failed to create lxc_container"); + ERROR("Failed to create lxc_container"); exit(err); } } @@ -267,12 +270,12 @@ int main(int argc, char *argv[]) * file as argument and start the container right away. */ if (!c->may_control(c)) { - lxc_error(&my_args, "Insufficent privileges to control %s", c->name); + ERROR("Insufficent privileges to control %s", c->name); goto out; } if (c->is_running(c)) { - lxc_error(&my_args, "Container is already running."); + ERROR("Container is already running."); err = EXIT_SUCCESS; goto out; } @@ -282,7 +285,7 @@ int main(int argc, char *argv[]) * unset c->lxc_conf for us and let us not use lxc_config_define_load() */ if (!c->lxc_conf) { - lxc_error(&my_args, "No container config specified"); + ERROR("No container config specified"); goto out; } @@ -290,13 +293,13 @@ int main(int argc, char *argv[]) goto out; if (!rcfile && !strcmp("/sbin/init", args[0])) { - lxc_error(&my_args, "Executing '/sbin/init' with no configuration file may crash the host"); + ERROR("Executing '/sbin/init' with no configuration file may crash the host"); goto out; } if (my_args.pidfile != NULL) { if (ensure_path(&my_args, &c->pidfile, my_args.pidfile) < 0) { - lxc_error(&my_args, "Failed to ensure pidfile '%s'", my_args.pidfile); + ERROR("Failed to ensure pidfile '%s'", my_args.pidfile); goto out; } } @@ -324,13 +327,13 @@ int main(int argc, char *argv[]) else err = c->start(c, 0, args) ? EXIT_SUCCESS : EXIT_FAILURE; if (err) { - lxc_error(&my_args, "The container failed to start."); + ERROR("The container failed to start."); if (my_args.daemonize) - lxc_error(&my_args, "To get more details, run the container in foreground mode."); + ERROR("To get more details, run the container in foreground mode."); - lxc_error(&my_args, "Additional information can be obtained by setting the " - "--logfile and --logpriority options.\n"); + ERROR("Additional information can be obtained by setting the " + "--logfile and --logpriority options."); err = c->error_num; lxc_container_put(c);