Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
L
lxc
Project
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Chen Yisong
lxc
Commits
500ed813
Unverified
Commit
500ed813
authored
Jan 28, 2021
by
Christian Brauner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
attach: move lxc_cmd_get_init_pid() int get_attach_context()
Signed-off-by:
Christian Brauner
<
christian.brauner@ubuntu.com
>
parent
9745eb8a
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
20 additions
and
18 deletions
+20
-18
attach.c
src/lxc/attach.c
+20
-18
No files found.
src/lxc/attach.c
View file @
500ed813
...
@@ -56,6 +56,7 @@ lxc_log_define(attach, lxc);
...
@@ -56,6 +56,7 @@ lxc_log_define(attach, lxc);
static
lxc_attach_options_t
attach_static_default_options
=
LXC_ATTACH_OPTIONS_DEFAULT
;
static
lxc_attach_options_t
attach_static_default_options
=
LXC_ATTACH_OPTIONS_DEFAULT
;
struct
attach_context
{
struct
attach_context
{
int
init_pid
;
char
*
lsm_label
;
char
*
lsm_label
;
struct
lxc_container
*
container
;
struct
lxc_container
*
container
;
signed
long
personality
;
signed
long
personality
;
...
@@ -70,7 +71,8 @@ static struct attach_context *alloc_attach_context(void)
...
@@ -70,7 +71,8 @@ static struct attach_context *alloc_attach_context(void)
return
zalloc
(
sizeof
(
struct
attach_context
));
return
zalloc
(
sizeof
(
struct
attach_context
));
}
}
static
int
get_attach_context
(
struct
attach_context
*
ctx
,
pid_t
pid
)
static
int
get_attach_context
(
struct
attach_context
*
ctx
,
struct
lxc_container
*
container
)
{
{
__do_free
char
*
line
=
NULL
;
__do_free
char
*
line
=
NULL
;
__do_fclose
FILE
*
proc_file
=
NULL
;
__do_fclose
FILE
*
proc_file
=
NULL
;
...
@@ -79,8 +81,14 @@ static int get_attach_context(struct attach_context *ctx, pid_t pid)
...
@@ -79,8 +81,14 @@ static int get_attach_context(struct attach_context *ctx, pid_t pid)
char
proc_fn
[
LXC_PROC_STATUS_LEN
];
char
proc_fn
[
LXC_PROC_STATUS_LEN
];
size_t
line_bufsz
=
0
;
size_t
line_bufsz
=
0
;
ctx
->
container
=
container
;
ctx
->
init_pid
=
lxc_cmd_get_init_pid
(
container
->
name
,
container
->
config_path
);
if
(
ctx
->
init_pid
<
0
)
return
log_error
(
-
1
,
"Failed to get init pid"
);
/* Read capabilities. */
/* Read capabilities. */
ret
=
snprintf
(
proc_fn
,
LXC_PROC_STATUS_LEN
,
"/proc/%d/status"
,
pid
);
ret
=
snprintf
(
proc_fn
,
LXC_PROC_STATUS_LEN
,
"/proc/%d/status"
,
ctx
->
init_
pid
);
if
(
ret
<
0
||
ret
>=
LXC_PROC_STATUS_LEN
)
if
(
ret
<
0
||
ret
>=
LXC_PROC_STATUS_LEN
)
return
-
EIO
;
return
-
EIO
;
...
@@ -103,7 +111,7 @@ static int get_attach_context(struct attach_context *ctx, pid_t pid)
...
@@ -103,7 +111,7 @@ static int get_attach_context(struct attach_context *ctx, pid_t pid)
ctx
->
lsm_ops
=
lsm_init
();
ctx
->
lsm_ops
=
lsm_init
();
ctx
->
lsm_label
=
ctx
->
lsm_ops
->
process_label_get
(
ctx
->
lsm_ops
,
pid
);
ctx
->
lsm_label
=
ctx
->
lsm_ops
->
process_label_get
(
ctx
->
lsm_ops
,
ctx
->
init_
pid
);
ctx
->
ns_inherited
=
0
;
ctx
->
ns_inherited
=
0
;
for
(
int
i
=
0
;
i
<
LXC_NS_MAX
;
i
++
)
for
(
int
i
=
0
;
i
<
LXC_NS_MAX
;
i
++
)
ctx
->
ns_fd
[
i
]
=
-
EBADF
;
ctx
->
ns_fd
[
i
]
=
-
EBADF
;
...
@@ -969,7 +977,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
...
@@ -969,7 +977,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
char
*
name
,
*
lxcpath
,
*
new_cwd
;
char
*
name
,
*
lxcpath
,
*
new_cwd
;
int
ipc_sockets
[
2
];
int
ipc_sockets
[
2
];
signed
long
personality
;
signed
long
personality
;
pid_t
attached_pid
,
init_pid
,
pid
,
to_cleanup_pid
;
pid_t
attached_pid
,
pid
,
to_cleanup_pid
;
struct
attach_context
*
ctx
;
struct
attach_context
*
ctx
;
struct
lxc_terminal
terminal
;
struct
lxc_terminal
terminal
;
struct
lxc_conf
*
conf
;
struct
lxc_conf
*
conf
;
...
@@ -990,27 +998,19 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
...
@@ -990,27 +998,19 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
if
(
!
options
)
if
(
!
options
)
options
=
&
attach_static_default_options
;
options
=
&
attach_static_default_options
;
init_pid
=
lxc_cmd_get_init_pid
(
name
,
lxcpath
);
if
(
init_pid
<
0
)
{
lxc_container_put
(
container
);
return
log_error
(
-
1
,
"Failed to get init pid"
);
}
ctx
=
alloc_attach_context
();
ctx
=
alloc_attach_context
();
if
(
!
ctx
)
{
if
(
!
ctx
)
{
lxc_container_put
(
container
);
lxc_container_put
(
container
);
return
log_error_errno
(
-
ENOMEM
,
ENOMEM
,
"Failed to allocate attach context"
);
return
log_error_errno
(
-
ENOMEM
,
ENOMEM
,
"Failed to allocate attach context"
);
}
}
ret
=
get_attach_context
(
ctx
,
init_pid
);
ret
=
get_attach_context
(
ctx
,
container
);
if
(
ret
)
{
if
(
ret
)
{
ERROR
(
"Failed to get
context of init process: %ld"
,
(
long
)
init_pid
);
ERROR
(
"Failed to get
attach context"
);
lxc_container_put
(
container
);
lxc_container_put
(
container
);
return
-
1
;
return
-
1
;
}
}
ctx
->
container
=
container
;
personality
=
get_personality
(
name
,
lxcpath
);
personality
=
get_personality
(
name
,
lxcpath
);
if
(
ctx
->
personality
<
0
)
{
if
(
ctx
->
personality
<
0
)
{
ERROR
(
"Failed to get personality of the container"
);
ERROR
(
"Failed to get personality of the container"
);
...
@@ -1027,8 +1027,10 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
...
@@ -1027,8 +1027,10 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
}
}
}
}
conf
=
ctx
->
container
->
lxc_conf
;
conf
=
ctx
->
container
->
lxc_conf
;
if
(
!
conf
)
if
(
!
conf
)
{
put_attach_context
(
ctx
);
return
log_error_errno
(
-
EINVAL
,
EINVAL
,
"Missing container confifg"
);
return
log_error_errno
(
-
EINVAL
,
EINVAL
,
"Missing container confifg"
);
}
if
(
!
fetch_seccomp
(
ctx
->
container
,
options
))
if
(
!
fetch_seccomp
(
ctx
->
container
,
options
))
WARN
(
"Failed to get seccomp policy"
);
WARN
(
"Failed to get seccomp policy"
);
...
@@ -1070,9 +1072,9 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
...
@@ -1070,9 +1072,9 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
int
j
;
int
j
;
if
(
options
->
namespaces
&
ns_info
[
i
].
clone_flag
)
if
(
options
->
namespaces
&
ns_info
[
i
].
clone_flag
)
ctx
->
ns_fd
[
i
]
=
lxc_preserve_ns
(
init_pid
,
ns_info
[
i
].
proc_name
);
ctx
->
ns_fd
[
i
]
=
lxc_preserve_ns
(
ctx
->
init_pid
,
ns_info
[
i
].
proc_name
);
else
if
(
ctx
->
ns_inherited
&
ns_info
[
i
].
clone_flag
)
else
if
(
ctx
->
ns_inherited
&
ns_info
[
i
].
clone_flag
)
ctx
->
ns_fd
[
i
]
=
in_same_namespace
(
pid
,
init_pid
,
ns_info
[
i
].
proc_name
);
ctx
->
ns_fd
[
i
]
=
in_same_namespace
(
pid
,
ctx
->
init_pid
,
ns_info
[
i
].
proc_name
);
else
else
continue
;
continue
;
...
@@ -1190,7 +1192,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
...
@@ -1190,7 +1192,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
/* Attach now, create another subprocess later, since pid namespaces
/* Attach now, create another subprocess later, since pid namespaces
* only really affect the children of the current process.
* only really affect the children of the current process.
*/
*/
ret
=
lxc_attach_to_ns
(
init_pid
,
ctx
);
ret
=
lxc_attach_to_ns
(
ctx
->
init_pid
,
ctx
);
if
(
ret
<
0
)
{
if
(
ret
<
0
)
{
ERROR
(
"Failed to enter namespaces"
);
ERROR
(
"Failed to enter namespaces"
);
shutdown
(
ipc_sockets
[
1
],
SHUT_RDWR
);
shutdown
(
ipc_sockets
[
1
],
SHUT_RDWR
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment