Merge pull request #1750 from brauner/2017-08-10/further_lxc_2.1_preparations

.gitignore

@@ -37,6 +37,7 @@ src/lxc/lxc-attach
 src/lxc/lxc-autostart
 src/lxc/lxc-cgroup
 src/lxc/tools/lxc-checkconfig
+src/lxc/tools/lxc-update-config
 src/lxc/lxc-checkpoint
 src/lxc/lxc-clone
 src/lxc/lxc-console

configure.ac

@@ -914,6 +914,7 @@ AC_CONFIG_FILES([
 	src/lxc/lxc.functions
 	src/lxc/tools/lxc-checkconfig
 	src/lxc/tools/lxc-start-ephemeral
+	src/lxc/tools/lxc-update-config
 	src/lxc/version.h
 	src/python-lxc/Makefile
 

src/lxc/Makefile.am

@@ -208,7 +208,8 @@ liblxc_la_LIBADD += $(CGMANAGER_LIBS) $(DBUS_LIBS) $(NIH_LIBS) $(NIH_DBUS_LIBS)
 liblxc_la_CFLAGS += $(CGMANAGER_CFLAGS) $(DBUS_CFLAGS) $(NIH_CFLAGS) $(NIH_DBUS_CFLAGS)
 endif
 
-bin_SCRIPTS = tools/lxc-checkconfig
+bin_SCRIPTS = tools/lxc-checkconfig \
+	      tools/lxc-update-config
 
 EXTRA_DIST = \
 	tools/lxc-top.lua

src/lxc/commands.c

@@ -516,7 +516,7 @@ static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
 	struct lxc_config_t *item;
 
 	memset(&rsp, 0, sizeof(rsp));
-	item = lxc_getconfig(req->data);
+	item = lxc_get_config(req->data);
 	if (!item)
 		goto err1;
 	cilen = item->get(req->data, NULL, 0, handler->conf, NULL);

src/lxc/conf.h

@@ -408,6 +408,12 @@ struct lxc_conf {
 
 	/* RLIMIT_* limits */
 	struct lxc_list limits;
+
+	/* REMOVE IN LXC 3.0
+	 * Indicator whether the current config file we're using contained any
+	 * legacy configuration keys.
+	 */
+	bool contains_legacy_key;
 };
 
 #ifdef HAVE_TLS

src/lxc/confile.h

@@ -33,21 +33,44 @@
 struct lxc_conf;
 struct lxc_list;
 
+/* Callback prototype to set a configuration item.
+ * Must be implemented when adding a new configuration key.
+ */
 typedef int (*config_set_cb)(const char *key, const char *value,
 			     struct lxc_conf *conf, void *data);
+
+/* Callback prototype to get a configuration item.
+ * Must be implemented when adding a new configuration key.
+ */
 typedef int (*config_get_cb)(const char *key, char *value, int inlen,
 			     struct lxc_conf *conf, void *data);
+
+/* Callback prototype to clear a configuration item.
+ * Must be implemented when adding a new configuration key.
+ */
 typedef int (*config_clr_cb)(const char *key, struct lxc_conf *conf,
 			     void *data);
 
 struct lxc_config_t {
 	char *name;
+	bool is_legacy_key; /* REMOVE in LXC 3.0 */
 	config_set_cb set;
 	config_get_cb get;
 	config_clr_cb clr;
 };
 
-extern struct lxc_config_t *lxc_getconfig(const char *key);
+/* Get the jump table entry for the given configuration key. */
+extern struct lxc_config_t *lxc_get_config(const char *key);
+
+/* List all available config items. */
+extern int lxc_list_config_items(char *retv, int inlen);
+
+/* Given a configuration key namespace (e.g. lxc.apparmor) list all associated
+ * subkeys for that namespace.
+ * Must be implemented when adding a new configuration key.
+ */
+extern int lxc_list_subkeys(struct lxc_conf *conf, const char *key, char *retv,
+			    int inlen);
 
 /* List all configuration items associated with a given network. For example
  * pass "lxc.net.[i]" to retrieve all configuration items associated with
@@ -55,29 +78,41 @@ extern struct lxc_config_t *lxc_getconfig(const char *key);
  */
 extern int lxc_list_net(struct lxc_conf *c, const char *key, char *retv,
 			int inlen);
-extern int lxc_list_config_items(char *retv, int inlen);
-extern int lxc_config_read(const char *file, struct lxc_conf *conf, bool from_include);
+
+extern int lxc_config_read(const char *file, struct lxc_conf *conf,
+			   bool from_include);
+
 extern int append_unexp_config_line(const char *line, struct lxc_conf *conf);
 
 extern int lxc_config_define_add(struct lxc_list *defines, char* arg);
+
 extern int lxc_config_define_load(struct lxc_list *defines,
 				  struct lxc_conf *conf);
 
 /* needed for lxc-attach */
 extern signed long lxc_config_parse_arch(const char *arch);
+
 extern int lxc_fill_elevated_privileges(char *flaglist, int *flags);
 
 extern int lxc_clear_config_item(struct lxc_conf *c, const char *key);
+
 extern void write_config(FILE *fout, struct lxc_conf *c);
 
-extern bool do_append_unexp_config_line(struct lxc_conf *conf, const char *key, const char *v);
+extern bool do_append_unexp_config_line(struct lxc_conf *conf, const char *key,
+					const char *v);
 
 /* These are used when cloning a container */
-extern void clear_unexp_config_line(struct lxc_conf *conf, const char *key, bool rm_subkeys);
+extern void clear_unexp_config_line(struct lxc_conf *conf, const char *key,
+				    bool rm_subkeys);
+
 extern bool clone_update_unexp_hooks(struct lxc_conf *conf, const char *oldpath,
-	const char *newpath, const char *oldname, const char *newmame);
+				     const char *newpath, const char *oldname,
+				     const char *newmame);
+
 bool clone_update_unexp_ovl_paths(struct lxc_conf *conf, const char *oldpath,
 				  const char *newpath, const char *oldname,
 				  const char *newname, const char *ovldir);
+
 extern bool network_new_hwaddrs(struct lxc_conf *conf);
-#endif
+
+#endif /* __LXC_CONFILE_H */

src/lxc/confile_legacy.c

@@ -91,7 +91,7 @@ int set_config_network_legacy_nic(const char *key, const char *value,
 		goto out;
 
 	strcpy(copy + 12, p + 1);
-	config = lxc_getconfig(copy);
+	config = lxc_get_config(copy);
 	if (!config) {
 		ERROR("unknown key %s", key);
 		goto out;

src/lxc/lxccontainer.c

@@ -1902,7 +1902,7 @@ static bool do_lxcapi_clear_config_item(struct lxc_container *c,
 	if (container_mem_lock(c))
 		return false;
 
-	config = lxc_getconfig(key);
+	config = lxc_get_config(key);
 	/* Verify that the config key exists and that it has a callback
 	 * implemented.
 	 */
@@ -2218,7 +2218,7 @@ static int do_lxcapi_get_config_item(struct lxc_container *c, const char *key, c
 	if (container_mem_lock(c))
 		return -1;
 
-	config = lxc_getconfig(key);
+	config = lxc_get_config(key);
 	/* Verify that the config key exists and that it has a callback
 	 * implemented.
 	 */
@@ -2248,22 +2248,29 @@ WRAP_API_1(char *, lxcapi_get_running_config_item, const char *)
 
 static int do_lxcapi_get_keys(struct lxc_container *c, const char *key, char *retv, int inlen)
 {
+	int ret = -1;
+
+	/* List all config items. */
 	if (!key)
 		return lxc_list_config_items(retv, inlen);
-	/*
-	 * Support 'lxc.net.<idx>', i.e. 'lxc.net.0'
-	 * This is an intelligent result to show which keys are valid given
-	 * the type of nic it is
-	 */
+
 	if (!c || !c->lxc_conf)
 		return -1;
+
 	if (container_mem_lock(c))
 		return -1;
-	int ret = -1;
+
+	/* Support 'lxc.net.<idx>', i.e. 'lxc.net.0'
+	 * This is an intelligent result to show which keys are valid given the
+	 * type of nic it is.
+	 */
 	if (!strncmp(key, "lxc.net.", 8))
 		ret = lxc_list_net(c->lxc_conf, key, retv, inlen);
 	else if (strncmp(key, "lxc.network.", 12) == 0)
 		ret = lxc_list_nicconfigs_legacy(c->lxc_conf, key, retv, inlen);
+	else
+		ret = lxc_list_subkeys(c->lxc_conf, key, retv, inlen);
+
 	container_mem_unlock(c);
 	return ret;
 }
@@ -2755,7 +2762,7 @@ static bool set_config_item_locked(struct lxc_container *c, const char *key, con
 	if (!c->lxc_conf)
 		return false;
 
-	config = lxc_getconfig(key);
+	config = lxc_get_config(key);
 	if (!config)
 		return false;
 
@@ -4867,5 +4874,5 @@ free_ct_name:
 
 bool lxc_config_item_is_supported(const char *key)
 {
-	return !!lxc_getconfig(key);
+	return !!lxc_get_config(key);
 }

src/lxc/tools/lxc-checkconfig.in

@@ -105,16 +105,16 @@ echo
 echo -n "User namespace: " && is_enabled CONFIG_USER_NS
 echo
 if is_set CONFIG_USER_NS; then
-	if type newuidmap > /dev/null 2>&1; then
-		f=`type -P newuidmap`
+	if which newuidmap > /dev/null 2>&1; then
+		f=`which newuidmap`
 		if [ ! -u "${f}" ]; then
 			echo "Warning: newuidmap is not setuid-root"
 		fi
 	else
 		echo "newuidmap is not installed"
 	fi
-	if type newgidmap > /dev/null 2>&1; then
-		f=`type -P newgidmap`
+	if which newgidmap > /dev/null 2>&1; then
+		f=`which newgidmap`
 		if [ ! -u "${f}" ]; then
 			echo "Warning: newgidmap is not setuid-root"
 		fi

src/lxc/tools/lxc-update-config.in

+#!/bin/sh
+
+# Make sure the usual locations are in PATH
+export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
+
+set -e
+
+usage()
+{
+cat <<EOF
+$1 -h|--help [-c|--config]
+config: the container configuration to update
+EOF
+    return 0
+}
+
+OPTIONS=`getopt -o c:h --long config:,help -- "${@}"`
+eval set -- "${OPTIONS}"
+
+while true; do
+	case "${1}" in
+		-h|--help)
+			usage "${0}"
+			exit 0
+			;;
+		-c|--config)
+			CONFIGPATH="${2}"
+			shift 2
+			;;
+		--)
+			shift 1
+			break
+			;;
+		*)
+			break
+			;;
+	esac
+done
+
+echo "${CONFIGPATH}"
+sed -i".backup" \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.rootfs\)\([[:blank:]*]\|=\)/\1lxc\.rootfs\.path\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.id_map\)\([[:blank:]*]\|=\)/\1lxc\.idmap\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.pts\)\([[:blank:]*]\|=\)/\1lxc\.pty\.max\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.tty\)\([[:blank:]*]\|=\)/\1lxc\.tty\.max\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.devttydir\)\([[:blank:]*]\|=\)/\1lxc\.tty\.dir\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.aa_profile\)\([[:blank:]*]\|=\)/\1lxc\.apparmor\.profile\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.aa_allow_incomplete\)\([[:blank:]*]\|=\)/\1lxc\.apparmor\.allow_incomplete\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.se_context\)\([[:blank:]*]\|=\)/\1lxc\.selinux\.context\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.mount\)\([[:blank:]*]\|=\)/\1lxc\.mount\.fstab\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.utsname\)\([[:blank:]*]\|=\)/\1lxc\.uts\.name\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.rootfs\)\([[:blank:]*]\|=\)/\1lxc\.rootfs\.path\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.seccomp\)\([[:blank:]*]\|=\)/\1lxc\.seccomp\.profile\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.console\)\([[:blank:]*]\|=\)/\1lxc\.console\.path\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.haltsignal\)\([[:blank:]*]\|=\)/\1lxc\.signal\.halt\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.rebootsignal\)\([[:blank:]*]\|=\)/\1lxc\.signal\.reboot\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.stopsignal\)\([[:blank:]*]\|=\)/\1lxc\.signal\.stop\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.syslog\)\([[:blank:]*]\|=\)/\1lxc\.log\.syslog\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.loglevel\)\([[:blank:]*]\|=\)/\1lxc\.log\.level\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.logfile\)\([[:blank:]*]\|=\)/1lxc\.log\.file\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.init_cmd\)\([[:blank:]*]\|=\)/\1lxc\.init\.cmd\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.init_uid\)\([[:blank:]*]\|=\)/\1lxc\.init\.uid\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.init_gid\)\([[:blank:]*]\|=\)/\1lxc\.init\.gid\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.limit\)\([[:blank:]*]\|=\)/\1lxc\.prlimit\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.network\)\.\([^[:digit:]*]\)/\1lxc\.net\.0\.\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.network\)\(\.[[:digit:]*]\)/\1lxc\.net\3/g' \
+-e 's/\([[:blank:]*]\|#*\)\(lxc\.network\)\([[:blank:]*]\|=\)/\1lxc\.net\3/g' \
+	"${CONFIGPATH}"

src/tests/config_jump_table.c

@@ -54,7 +54,7 @@ int main(int argc, char *argv[])
 	for (key = strtok_r(keys, "\n", &saveptr); key != NULL;
 	     key = strtok_r(NULL, "\n", &saveptr)) {
 		struct lxc_config_t *config;
-		config = lxc_getconfig(key);
+		config = lxc_get_config(key);
 		if (!config) {
 			lxc_error("configuration key \"%s\" not implemented in "
 				  "jump table",

src/tests/getkeys.c

@@ -16,15 +16,17 @@
  * with this program; if not, write to the Free Software Foundation, Inc.,
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#include <lxc/lxccontainer.h>
 
-#include <unistd.h>
+#include <errno.h>
 #include <signal.h>
 #include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
 #include <sys/types.h>
 #include <sys/wait.h>
-#include <stdlib.h>
-#include <errno.h>
+#include <lxc/lxccontainer.h>
+
 #include "lxc/state.h"
 
 #define MYNAME "lxctest1"
@@ -64,6 +66,103 @@ int main(int argc, char *argv[])
 		goto out;
 	}
 	printf("get_keys for nic 1 returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.apparmor", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.selinux", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.mount", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.rootfs", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.uts", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.hook", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.cap", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.console", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.seccomp", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.signal", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.start", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
+	ret = c->get_keys(c, "lxc.monitor", v3, 2000);
+	if (ret < 0) {
+		fprintf(stderr, "%d: failed to get keys(%d)\n", __LINE__, ret);
+		ret = 1;
+		goto out;
+	}
+	printf("get_keys returned %d\n%s", ret, v3);
+
 	ret = 0;
 
 out: