Merge pull request #1761 from brauner/2017-08-10/further_lxc_2.1_preparations

src/lxc/cgroups/cgfsng.c

@@ -1199,6 +1199,7 @@ out_free:
 
 static int cgroup_rmdir(char *dirname)
 {
+	int ret;
 	struct dirent *direntp;
 	DIR *dir;
 	int r = 0;
@@ -1208,8 +1209,8 @@ static int cgroup_rmdir(char *dirname)
 		return -1;
 
 	while ((direntp = readdir(dir))) {
-		struct stat mystat;
 		char *pathname;
+		struct stat mystat;
 
 		if (!direntp)
 			break;
@@ -1220,32 +1221,40 @@ static int cgroup_rmdir(char *dirname)
 
 		pathname = must_make_path(dirname, direntp->d_name, NULL);
 
-		if (lstat(pathname, &mystat)) {
+		ret = lstat(pathname, &mystat);
+		if (ret < 0) {
 			if (!r)
-				WARN("failed to stat %s", pathname);
+				WARN("Failed to stat %s", pathname);
 			r = -1;
 			goto next;
 		}
 
 		if (!S_ISDIR(mystat.st_mode))
 			goto next;
-		if (cgroup_rmdir(pathname) < 0)
+
+		ret = cgroup_rmdir(pathname);
+		if (ret < 0)
 			r = -1;
 next:
 		free(pathname);
 	}
 
-	if (rmdir(dirname) < 0) {
+	ret = rmdir(dirname);
+	if (ret < 0) {
 		if (!r)
-			WARN("failed to delete %s: %s", dirname, strerror(errno));
+			WARN("Failed to delete \"%s\": %s", dirname,
+			     strerror(errno));
 		r = -1;
 	}
 
-	if (closedir(dir) < 0) {
+	ret = closedir(dir);
+	if (ret < 0) {
 		if (!r)
-			WARN("failed to delete %s: %s", dirname, strerror(errno));
+			WARN("Failed to delete \"%s\": %s", dirname,
+			     strerror(errno));
 		r = -1;
 	}
+
 	return r;
 }
 
@@ -1263,36 +1272,92 @@ static int rmdir_wrapper(void *data)
 	return cgroup_rmdir(path);
 }
 
-void recursive_destroy(char *path, struct lxc_conf *conf)
+int recursive_destroy(char *path, struct lxc_conf *conf)
 {
 	int r;
+
 	if (conf && !lxc_list_empty(&conf->id_map))
 		r = userns_exec_1(conf, rmdir_wrapper, path, "rmdir_wrapper");
 	else
 		r = cgroup_rmdir(path);
-
 	if (r < 0)
 		ERROR("Error destroying %s", path);
+
+	return r;
 }
 
 static void cgfsng_destroy(void *hdata, struct lxc_conf *conf)
 {
+	int i;
+	char *clean_parent, *clean_fullcgpath;
+	char **fields;
+	size_t recurse_upwards = 0;
 	struct cgfsng_handler_data *d = hdata;
 
 	if (!d)
 		return;
 
-	if (d->container_cgroup && hierarchies) {
-		int i;
+	if (!d->container_cgroup || !hierarchies)
+		return;
+
+	if (d->cgroup_meta.dir)
+		clean_parent = d->cgroup_meta.dir;
+	else
+		clean_parent = d->cgroup_pattern;
+	fields = lxc_normalize_path(clean_parent);
+	if (fields) {
+		recurse_upwards = lxc_array_len((void **)fields);
+		if (recurse_upwards > 0 && clean_parent == d->cgroup_pattern)
+			recurse_upwards--;
+		lxc_free_array((void **)fields, free);
+	}
+
 	for (i = 0; hierarchies[i]; i++) {
+		int ret;
+		size_t j;
 		struct hierarchy *h = hierarchies[i];
-			if (h->fullcgpath) {
-				recursive_destroy(h->fullcgpath, conf);
+
+		if (!h->fullcgpath)
+			continue;
+
+		clean_fullcgpath = lxc_deslashify(h->fullcgpath);
+		if (!clean_fullcgpath)
+			clean_fullcgpath = h->fullcgpath;
+
+		/* Delete the container's cgroup */
+		ret = recursive_destroy(clean_fullcgpath, conf);
+		if (ret < 0)
+			goto next;
+
+		if (h->fullcgpath == clean_fullcgpath)
+			goto next;
+
+		/* Delete parent cgroups as specified in the containers config
+		 * file. This takes care of not having useless empty cgroups
+		 * around.
+		 */
+		for (j = 0; j < recurse_upwards; j++) {
+			char *s = clean_fullcgpath;
+
+			s = strrchr(s, '/');
+			if (!s)
+				break;
+			*s = '\0';
+
+			/* If we fail to delete a cgroup we know that any parent
+			 * cgroup also cannot be removed.
+			 */
+			ret = recursive_destroy(clean_fullcgpath, conf);
+			if (ret < 0)
+				break;
+		}
+
+next:
+		if (h->fullcgpath != clean_fullcgpath)
+			free(clean_fullcgpath);
 		free(h->fullcgpath);
 		h->fullcgpath = NULL;
 	}
-		}
-	}
 
 	free_handler_data(d);
 }
@@ -1336,11 +1401,11 @@ static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname)
  */
 static inline bool cgfsng_create(void *hdata)
 {
-	struct cgfsng_handler_data *d = hdata;
-	char *tmp, *cgname, *offset;
 	int i;
-	int idx = 0;
 	size_t len;
+	char *cgname, *offset, *tmp;
+	int idx = 0;
+	struct cgfsng_handler_data *d = hdata;
 
 	if (!d)
 		return false;
@@ -1351,7 +1416,7 @@ static inline bool cgfsng_create(void *hdata)
 	}
 
 	if (d->cgroup_meta.dir)
-		tmp = strdup(d->cgroup_meta.dir);
+		tmp = lxc_string_join("/", (const char *[]){d->cgroup_meta.dir, d->name, NULL}, false);
 	else
 		tmp = lxc_string_replace("%n", d->name, d->cgroup_pattern);
 	if (!tmp) {

src/lxc/conf.h

@@ -46,103 +46,6 @@ typedef void * scmp_filter_ctx;
 #define subuidfile "/etc/subuid"
 #define subgidfile "/etc/subgid"
 
-enum {
-	LXC_NET_EMPTY,
-	LXC_NET_VETH,
-	LXC_NET_MACVLAN,
-	LXC_NET_PHYS,
-	LXC_NET_VLAN,
-	LXC_NET_NONE,
-	LXC_NET_MAXCONFTYPE,
-};
-
-/*
- * Defines the structure to configure an ipv4 address
- * @address   : ipv4 address
- * @broadcast : ipv4 broadcast address
- * @mask      : network mask
- */
-struct lxc_inetdev {
-	struct in_addr addr;
-	struct in_addr bcast;
-	unsigned int prefix;
-};
-
-struct lxc_route {
-	struct in_addr addr;
-};
-
-/*
- * Defines the structure to configure an ipv6 address
- * @flags     : set the address up
- * @address   : ipv6 address
- * @broadcast : ipv6 broadcast address
- * @mask      : network mask
- */
-struct lxc_inet6dev {
-	struct in6_addr addr;
-	struct in6_addr mcast;
-	struct in6_addr acast;
-	unsigned int prefix;
-};
-
-struct lxc_route6 {
-	struct in6_addr addr;
-};
-
-struct ifla_veth {
-	char *pair; /* pair name */
-	char veth1[IFNAMSIZ]; /* needed for deconf */
-};
-
-struct ifla_vlan {
-	unsigned int   flags;
-	unsigned int   fmask;
-	unsigned short   vid;
-	unsigned short   pad;
-};
-
-struct ifla_macvlan {
-	int mode; /* private, vepa, bridge, passthru */
-};
-
-union netdev_p {
-	struct ifla_veth veth_attr;
-	struct ifla_vlan vlan_attr;
-	struct ifla_macvlan macvlan_attr;
-};
-
-/*
- * Defines a structure to configure a network device
- * @link       : lxc.net.[i].link, name of bridge or host iface to attach if any
- * @name       : lxc.net.[i].name, name of iface on the container side
- * @flags      : flag of the network device (IFF_UP, ... )
- * @ipv4       : a list of ipv4 addresses to be set on the network device
- * @ipv6       : a list of ipv6 addresses to be set on the network device
- * @upscript   : a script filename to be executed during interface configuration
- * @downscript : a script filename to be executed during interface destruction
- * @idx        : network counter
- */
-struct lxc_netdev {
-	ssize_t idx;
-	int type;
-	int flags;
-	int ifindex;
-	char *link;
-	char *name;
-	char *hwaddr;
-	char *mtu;
-	union netdev_p priv;
-	struct lxc_list ipv4;
-	struct lxc_list ipv6;
-	struct in_addr *ipv4_gateway;
-	bool ipv4_gateway_auto;
-	struct in6_addr *ipv6_gateway;
-	bool ipv6_gateway_auto;
-	char *upscript;
-	char *downscript;
-};
-
 /*
  * Defines a generic struct to configure the control group. It is up to the
  * programmer to specify the right subsystem.
@@ -327,12 +230,8 @@ enum lxchooks {
 	LXCHOOK_DESTROY,
 	NUM_LXC_HOOKS
 };
-extern char *lxchook_names[NUM_LXC_HOOKS];
 
-struct saved_nic {
-	int ifindex;
-	char *orig_name;
-};
+extern char *lxchook_names[NUM_LXC_HOOKS];
 
 struct lxc_conf {
 	int is_execute;
@@ -458,13 +357,7 @@ extern int detect_shared_rootfs(void);
 extern struct lxc_conf *lxc_conf_init(void);
 extern void lxc_conf_free(struct lxc_conf *conf);
 extern int pin_rootfs(const char *rootfs);
-extern int lxc_requests_empty_network(struct lxc_handler *handler);
-extern int lxc_setup_networks_in_parent_namespaces(struct lxc_handler *handler);
-extern bool lxc_delete_network(struct lxc_handler *handler);
-extern int lxc_assign_network(const char *lxcpath, char *lxcname,
-			      struct lxc_list *networks, pid_t pid);
 extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
-extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
 extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
 extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
 extern int lxc_clear_config_caps(struct lxc_conf *c);
@@ -483,7 +376,6 @@ extern int do_rootfs_setup(struct lxc_conf *conf, const char *name,
 			   const char *lxcpath);
 extern int lxc_setup(struct lxc_handler *handler);
 extern int setup_resource_limits(struct lxc_list *limits, pid_t pid);
-extern void lxc_restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf);
 extern int find_unmapped_nsid(struct lxc_conf *conf, enum idtype idtype);
 extern int mapped_hostid(unsigned id, struct lxc_conf *conf,
 			 enum idtype idtype);
@@ -500,5 +392,7 @@ extern FILE *make_anonymous_mount_file(struct lxc_list *mount);
 extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
 extern unsigned long add_required_remount_flags(const char *s, const char *d,
 						unsigned long flags);
+extern int run_script(const char *name, const char *section, const char *script,
+		      ...);
 
 #endif /* __LXC_CONF_H */

src/lxc/confile.c

@@ -1431,9 +1431,6 @@ static int set_config_cgroup_dir(const char *key, const char *value,
 	if (lxc_config_value_empty(value))
 		return clr_config_cgroup_dir(key, lxc_conf, NULL);
 
-	if (lxc_conf->cgroup_meta.dir)
-		clr_config_cgroup_dir(key, lxc_conf, NULL);
-
 	return set_config_string_item(&lxc_conf->cgroup_meta.dir, value);
 }
 

src/lxc/confile_utils.c

@@ -31,6 +31,7 @@
 #include "error.h"
 #include "log.h"
 #include "list.h"
+#include "network.h"
 #include "parse.h"
 #include "utils.h"
 
@@ -253,6 +254,7 @@ void lxc_log_configured_netdevs(const struct lxc_conf *conf)
 		netdev = it->elem;
 
 		TRACE("index: %zd", netdev->idx);
+		TRACE("ifindex: %d", netdev->ifindex);
 		switch (netdev->type) {
 		case LXC_NET_VETH:
 			TRACE("type: veth");

src/lxc/network.h

@@ -23,11 +23,120 @@
 #ifndef __LXC_NETWORK_H
 #define __LXC_NETWORK_H
 
+#include <stdbool.h>
 #include <stdio.h>
 #include <unistd.h>
 #include <arpa/inet.h>
 #include <sys/socket.h>
 
+#include "list.h"
+
+struct lxc_conf;
+struct lxc_handler;
+struct lxc_netdev;
+
+enum {
+	LXC_NET_EMPTY,
+	LXC_NET_VETH,
+	LXC_NET_MACVLAN,
+	LXC_NET_PHYS,
+	LXC_NET_VLAN,
+	LXC_NET_NONE,
+	LXC_NET_MAXCONFTYPE,
+};
+
+/*
+ * Defines the structure to configure an ipv4 address
+ * @address   : ipv4 address
+ * @broadcast : ipv4 broadcast address
+ * @mask      : network mask
+ */
+struct lxc_inetdev {
+	struct in_addr addr;
+	struct in_addr bcast;
+	unsigned int prefix;
+};
+
+struct lxc_route {
+	struct in_addr addr;
+};
+
+/*
+ * Defines the structure to configure an ipv6 address
+ * @flags     : set the address up
+ * @address   : ipv6 address
+ * @broadcast : ipv6 broadcast address
+ * @mask      : network mask
+ */
+struct lxc_inet6dev {
+	struct in6_addr addr;
+	struct in6_addr mcast;
+	struct in6_addr acast;
+	unsigned int prefix;
+};
+
+struct lxc_route6 {
+	struct in6_addr addr;
+};
+
+struct ifla_veth {
+	char *pair; /* pair name */
+	char veth1[IFNAMSIZ]; /* needed for deconf */
+};
+
+struct ifla_vlan {
+	unsigned int   flags;
+	unsigned int   fmask;
+	unsigned short   vid;
+	unsigned short   pad;
+};
+
+struct ifla_macvlan {
+	int mode; /* private, vepa, bridge, passthru */
+};
+
+union netdev_p {
+	struct ifla_veth veth_attr;
+	struct ifla_vlan vlan_attr;
+	struct ifla_macvlan macvlan_attr;
+};
+
+/*
+ * Defines a structure to configure a network device
+ * @link       : lxc.net.[i].link, name of bridge or host iface to attach if any
+ * @name       : lxc.net.[i].name, name of iface on the container side
+ * @flags      : flag of the network device (IFF_UP, ... )
+ * @ipv4       : a list of ipv4 addresses to be set on the network device
+ * @ipv6       : a list of ipv6 addresses to be set on the network device
+ * @upscript   : a script filename to be executed during interface configuration
+ * @downscript : a script filename to be executed during interface destruction
+ * @idx        : network counter
+ */
+struct lxc_netdev {
+	ssize_t idx;
+	int type;
+	int flags;
+	int ifindex;
+	char *link;
+	char *name;
+	char *hwaddr;
+	char *mtu;
+	union netdev_p priv;
+	struct lxc_list ipv4;
+	struct lxc_list ipv6;
+	struct in_addr *ipv4_gateway;
+	bool ipv4_gateway_auto;
+	struct in6_addr *ipv6_gateway;
+	bool ipv6_gateway_auto;
+	char *upscript;
+	char *downscript;
+};
+
+struct saved_nic {
+	int ifindex;
+	char *orig_name;
+};
+
 /* Convert a string mac address to a socket structure. */
 extern int lxc_convert_mac(char *macaddr, struct sockaddr *sockaddr);
 
@@ -106,11 +215,22 @@ extern int lxc_neigh_proxy_on(const char *name, int family);
 /* Disable neighbor proxying. */
 extern int lxc_neigh_proxy_off(const char *name, int family);
 
-/* Generate a new unique network interface name. */
-extern char *lxc_mkifname(char *template);
+/* Generate a new unique network interface name.
+ * Allocated memory must be freed by caller.
+ */
+extern char *lxc_mkifname(const char *template);
 
 extern const char *lxc_net_type_to_str(int type);
 extern int setup_private_host_hw_addr(char *veth1);
 extern int netdev_get_mtu(int ifindex);
+extern int lxc_create_network_priv(struct lxc_handler *handler);
+extern bool lxc_delete_network(struct lxc_handler *handler);
+extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
+extern int lxc_create_network(const char *lxcpath, char *lxcname,
+			      struct lxc_list *network, pid_t pid);
+extern int lxc_requests_empty_network(struct lxc_handler *handler);
+extern void lxc_restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf);
+extern int lxc_setup_network_in_child_namespaces(const struct lxc_conf *conf,
+						 struct lxc_list *network);
 
 #endif /* __LXC_NETWORK_H */

src/lxc/start.c

@@ -77,6 +77,7 @@
 #include "mainloop.h"
 #include "monitor.h"
 #include "namespace.h"
+#include "network.h"
 #include "start.h"
 #include "storage.h"
 #include "storage_utils.h"
@@ -1246,7 +1247,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 			/* That should be done before the clone because we will
 			 * fill the netdev index and use them in the child.
 			 */
-			if (lxc_setup_networks_in_parent_namespaces(handler)) {
+			if (lxc_create_network_priv(handler)) {
 				ERROR("Failed to create the network.");
 				lxc_sync_fini(handler);
 				return -1;
@@ -1364,7 +1365,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 
 	/* Create the network configuration. */
 	if (handler->clone_flags & CLONE_NEWNET) {
-		if (lxc_assign_network(handler->lxcpath, handler->name,
+		if (lxc_create_network(handler->lxcpath, handler->name,
 				       &handler->conf->network, handler->pid)) {
 			ERROR("Failed to create the configured network.");
 			goto out_delete_net;

src/tests/lxc-test-usernic.in

@@ -153,7 +153,7 @@ lxcpath=/home/usernic-user/.local/share/lxc
 lxcname=b1
 
 # Assign one veth, should fail as no allowed entries yet
-if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx1"; then
+if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx1"; then
 	echo "FAIL: able to create nic with no entries"
 	exit 1
 fi
@@ -164,24 +164,24 @@ sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
 echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet
 
 # Assign one veth to second bridge, should fail
-if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br1 xx1"; then
+if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br1 xx1"; then
 	echo "FAIL: able to create nic with no entries"
 	exit 1
 fi
 
 # Assign two veths, should succeed
-if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx2"; then
+if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx2"; then
 	echo "FAIL: unable to create first nic"
 	exit 1
 fi
 
-if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx3"; then
+if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx3"; then
 	echo "FAIL: unable to create second nic"
 	exit 1
 fi
 
 # Assign one more veth, should fail.
-if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx4"; then
+if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx4"; then
 	echo "FAIL: able to create third nic"
 	exit 1
 fi
@@ -191,7 +191,7 @@ run_cmd "lxc-stop -n b1 -k"
 run_cmd "lxc-start -n b1 -d"
 p1=$(run_cmd "lxc-info -n b1 -p -H")
 
-if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx5"; then
+if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx5"; then
 	echo "FAIL: unable to create nic after destroying the old"
 	cleanup 1
 fi
@@ -204,7 +204,7 @@ lxc-start -n usernic-c1 -d
 p2=$(lxc-info -n usernic-c1 -p -H)
 
 # assign veth to it - should fail
-if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p2 veth usernic-br0 xx6"; then
+if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p2 veth usernic-br0 xx6"; then
 	echo "FAIL: able to attach nic to root-owned container"
 	cleanup 1
 fi