Merge pull request #1826 from hallyn/2017-09-21.pre-start-host

add a pre-start-host hook

Merge pull request #1826 from hallyn/2017-09-21.pre-start-host
31f460b2 · Serge Hallyn · GitHub · 08dc351a · 08dd2805 · 31f460b2
Commit 31f460b2 authored Sep 30, 2017 by Serge Hallyn Committed by GitHub Sep 30, 2017
6 changed files
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -1522,6 +1522,20 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
      <variablelist>
        <varlistentry>
          <term>
+            <option>lxc.hook.start-host</option>
+          </term>
+          <listitem>
+            <para>
+              A hook to be run in the host's namespace after the
+              container has been setup, and immediately before starting
+	      the container init.
+            </para>
+          </listitem>
+        </varlistentry>
+      </variablelist>
+      <variablelist>
+        <varlistentry>
+          <term>
            <option>lxc.hook.start</option>
          </term>
          <listitem>

--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -236,7 +236,8 @@ extern int memfd_create(const char *name, unsigned int flags);
 char *lxchook_names[NUM_LXC_HOOKS] = {"pre-start", "pre-mount", "mount",
 				      "autodev",   "start",     "stop",
-				      "post-stop", "clone",     "destroy"};
+				      "post-stop", "clone",     "destroy",
+				      "start-host"};
 struct mount_opt {
 	char *name;
@@ -3285,6 +3286,8 @@ int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
 	if (strcmp(hook, "pre-start") == 0)
 		which = LXCHOOK_PRESTART;
+	else if (strcmp(hook, "start-host") == 0)
+		which = LXCHOOK_START_HOST;
 	else if (strcmp(hook, "pre-mount") == 0)
 		which = LXCHOOK_PREMOUNT;
 	else if (strcmp(hook, "mount") == 0)

--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -228,6 +228,7 @@ enum lxchooks {
 	LXCHOOK_POSTSTOP,
 	LXCHOOK_CLONE,
 	LXCHOOK_DESTROY,
+	LXCHOOK_START_HOST,
 	NUM_LXC_HOOKS
 };

--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -155,6 +155,7 @@ static struct lxc_config_t config[] = {
 	{ "lxc.hook.destroy",              false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.mount",                false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.post-stop",            false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
+	{ "lxc.hook.start-host",           false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.pre-start",            false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.pre-mount",            false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
 	{ "lxc.hook.start",                false,                  set_config_hooks,                       get_config_hooks,                       clr_config_hooks,                     },
@@ -980,6 +981,8 @@ static int set_config_hooks(const char *key, const char *value,
 	if (strcmp(key + 9, "pre-start") == 0)
 		return add_hook(lxc_conf, LXCHOOK_PRESTART, copy);
+	else if (strcmp(key + 9, "start-host") == 0)
+		return add_hook(lxc_conf, LXCHOOK_START_HOST, copy);
 	else if (strcmp(key + 9, "pre-mount") == 0)
 		return add_hook(lxc_conf, LXCHOOK_PREMOUNT, copy);
 	else if (strcmp(key + 9, "autodev") == 0)
@@ -4445,6 +4448,7 @@ int lxc_list_subkeys(struct lxc_conf *conf, const char *key, char *retv,
 		strprint(retv, inlen, "post-stop\n");
 		strprint(retv, inlen, "pre-mount\n");
 		strprint(retv, inlen, "pre-start\n");
+		strprint(retv, inlen, "start-host\n");
 		strprint(retv, inlen, "start\n");
 		strprint(retv, inlen, "stop\n");
 	} else if (!strcmp(key, "lxc.cap")) {

--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1165,6 +1165,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 {
 	int i, flags, ret;
 	const char *name = handler->name;
+	char pidstr[20];
 	bool wants_to_map_ids;
 	int saved_ns_fd[LXC_NS_MAX];
 	struct lxc_list *id_map;
@@ -1355,13 +1356,23 @@ static int lxc_spawn(struct lxc_handler *handler)
 	cgroup_disconnect();
 	cgroups_connected = false;
+	snprintf(pidstr, 20, "%d", handler->pid);
+	if (setenv("LXC_PID", pidstr, 1))
+		SYSERROR("Failed to set environment variable: LXC_PID=%s.", pidstr);
+	/* Run any host-side start hooks */
+	if (run_lxc_hooks(name, "start-host", handler->conf, handler->lxcpath, NULL)) {
+		ERROR("Failed to run lxc.hook.start-host for container \"%s\".", name);
+		return -1;
+	}
 	/* Tell the child to complete its initialization and wait for it to exec
 	 * or return an error. (The child will never return
-	 * LXC_SYNC_POST_CGROUP+1. It will either close the sync pipe, causing
+	 * LXC_SYNC_READY_START+1. It will either close the sync pipe, causing
 	 * lxc_sync_barrier_child to return success, or return a different
 	 * value, causing us to error out).
 	 */
-	if (lxc_sync_barrier_child(handler, LXC_SYNC_POST_CGROUP))
+	if (lxc_sync_barrier_child(handler, LXC_SYNC_READY_START))
 		return -1;
 	if (lxc_network_recv_name_and_ifindex_from_child(handler) < 0) {

--- a/src/lxc/sync.h
+++ b/src/lxc/sync.h
@@ -32,7 +32,7 @@ enum {
 	LXC_SYNC_CGROUP,
 	LXC_SYNC_CGROUP_UNSHARE,
 	LXC_SYNC_CGROUP_LIMITS,
-	LXC_SYNC_POST_CGROUP,
+	LXC_SYNC_READY_START,
 	LXC_SYNC_RESTART,
 	LXC_SYNC_POST_RESTART,
 	LXC_SYNC_ERROR = -1 /* Used to report errors from another process */